mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-07 18:25:23 +00:00
4872eb9909
20678: DAO5 branch: Preparation for merge back to HEAD
20689: Merged DAO4 to DAO5
- Removed all 'dbscripts/create/3.x/SomeDialect' and replaced with 'dbscripts/create/SomeDialect'
DB create scripts are taken from latest DAO4
- TODO: FixAuthoritiesCrcValuesPatch needs query implementation in PatchDAO
Merged DAO3 to DAO4
- Reapplied fixes for ALF-713 (race condition on Usages)
19350: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-2 to BRANCHES/DEV/V3.3-DAO-REFACTOR-3:
18939: SAIL-4 :2nd stage branch for DAO refactor off HEAD rev 18898
18948: Merged V3.3-DAO-REFACTOR to V3.3-DAO-REFACTOR-2
18202: Dev branch for DAO refactor
18252: SAIL-233: QName.hbm.xml
18295: Added missing CREATE TABLE statements for QName-related code
18324: SAIL-234: Node.hbm.xml: Node aspects initial integration
18355: Added 'setValue' method to manually update the cached value
18356: MV property stressing lowered to speed test up
18357: SAIL-234: Node.hbm.xml
18376: Pulled all Alfresco-related create SQL into script
18389: SAIL-234: Permissions DAO refactor - initial checkpoint
18390: Formatting only (line-endings)
18400: SAIL-234: Node.hbm.xml
18418: SAIL-234: Node.hbm.xml: 'alf_node_assoc' CRUD
18429: SAIL-234: Node.hbm.xml: Cleaned out all Hibernate references to NodeAssocImpl
18457: SAIL-234: Permissions DAO refactor
18959: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18479: SAIL-234: Node.hbm.xml - fix updateNode (missing id when saving oldDummyNode)
18482: SAIL-235: remove Permissions.hbm.xml
18517: SAIL-235: Permissions DAO refactor
18523: SAIL-234: Node.hbm.xml
18524: SAIL-235: Permissions DAO refactor
18960: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18533: Flipped back to Windows line endings
18535: Formatting-only (eol)
18540: Formatting-only (eol)
18541: SAIL-235: Permissions DAO refactor
18543: SAIL-234: Node.hbm.xml: Start alf_store changes
18567: SAIL-235: Permissions DAO refactor
18596: SAIL-305: Alfresco DDL - formatted/rationalized and added missing indexes & fk constraints
18603: SAIL-311: Minor cleanup for schema upgrade scripts (V3.3)
18604: SAIL-311: Remove empty dirs
18619: SAIL-274: Locale.hbm.xml
18621: Added method to create default ACL
18622: SAIL-234: Node.hbm.xml: Store, Transaction, Server and some node
18624: Formatting only (eol)
18631: SAIL-235: Permissions DAO refactor
18633: SAIL-235: Permissions DAO refactor - do not expose CRUD for AceContext (or AuthorityAlias) since currently unused
18639: getLocale(Locale) should return null if it doesn't exist
18640: SAIL-234 NodeDAO: More replacement of node queries and updates
18648: SAIL-310: Create SQL script for core repo tables (All DB ports)
18651: SAIL-234 NodeDAO: Moves across stores handle presence of target deleted nodes
18961: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18658: SAIL-274 Locale DAO: Missing getValueKey() method
18662: SAIL-235: Permissions DAO refactor - further cleanup (of DbAccessControlList usage, including copyACLs)
18664: DB scripts porting for PostgreSQL finished.
18668: SAIL-234 Node DAO: Note in case Transaction Change ID is dropped from indexes
18669: SAIL-234 Node DAO: deleteNode and archive (store move) fixes
18672: DB scripts porting for Oracle finished.
18675: SAIL-235: Permissions DAO refactor
18677: DB scripts porting for DB2 finished.
18964: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18687: Execute a callback with retries
18688: SAIL-234 Node DAO: Child association creation
18690: SAIL-234 Node DAO: Comment out raw creation of stores as it breaks subsequent bootstrap checks
18691: SAIL-234 Node DAO: More replacement of alf_child_assoc handling
18713: Commented about needing a more efficient removeChildAssociation method
18714: SAIL-234 Node DAO: Replaced queries on alf_child_assoc
18715: SAIL-234 Node DAO: More alf_child_assoc query replacement
18727: SAIL-234 Node DAO: alf_child_assoc queries complete
18737: SAIL-234 Node DAO: Tweaks to newNode and implemented prependPaths
18741: SAIL-234 and SAIL-334: Moved UsageDelta Hibernate code and queries over to UsageDeltaDAO
18748: SAIL-234 Node DAO: fix NPE (EditionServiceImplTest)
18769: SAIL-234 Node DAO: alf_node_properties ground work
18786: SAIL-234 Node DAO: alf_node_properties and cm:auditable properties
18810: Added EqualsHelper.getMapComparison
18813: TransactionalCache propagates cache clears and removals during rollback
18826: SAIL-234 Node DAO: Moved over sundry references to NodeDaoService to NodeDAO
18849: SAIL-237: UsageDelta.hbm.xml - eol formatting only (including removal of unwanted svn:eol-style=native property)
18869: SAIL-234 NodeDAO: Fixed more references to 'nodeDaoService'
18895: SAIL-234 NodeDAO: Queries for alf_transaction
18899: SAIL-234 Node DAO: Fixed bean fetching for 'nodeDAO'
18909: SAIL-234 NodeDAO: Fixes to getNodeRefStatus and various txn queries
18916: SAIL-234 NodeDAO: Fixed moveNode alf_child_assoc updates
18922: SAIL-235: DAO refactoring: Permission.hbm.xml
18930: SAIL-235: DAO refactoring: Permission.hbm.xml
18932: SAIL-234 NodeDAO: Fixing up gotchas, javadocs and some naming
18933: SAIL-234 NodeDAO: Minor neatening
18935: SAIL-234 Node DAO: Caches for ID to NodeRef and StoreRef
18936: EHCache config files line endings
18938: SAIL-237: Usage DAO refactor - initial checkpoint
18945: SAIL-235: DAO refactoring: Permission.hbm.xml. Move Node.
18975: Fix for move-node ACL jiggery-pokery
19067: SAIL-4: fix VersionHistoryImpl.getSuccessors (causing VersionServiceImplTest.testGetVersionHistorySameWorkspace failure)
19068: SAIL-234: fix VersionMigratorTest.testMigrateOneVersion
19074: SAIL-237: Usage DAO - update to common iBatis mapping pattern(s) to ease DB porting
19076: SAIL-231: Activities DAO - update to common iBatis mapping pattern(s)
19077: SAIL-232: AppliedPatch DAO - minor cleanup (comments & formatting only)
19092: Merging HEAD to DEV/V3.3-DAO-REFACTOR-2
18973: Temporarily comment out AVMTestSuite and run AVM tests individually
19056: AVM unit test improvements
19097: SAIL-235: DAO refactoring: Permission.hbm.xml: Additional index to support queries to find the id and acl id for the primary children of a node.
19185: SAIL-238: Permissions DAO - (minor) update to common iBatis mapping pattern
19289: SAIL-234 NodeDAO: Node cache replaces NodeRef cache
19302: SAIL-234 Node DAO: Added cache for node properties
19318: SAIL-4: AVM DAO - (minor) update to common iBatis mapping pattern
20690: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
20063: (RECORD ONLY) DAO refactor branch V4
20146: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19401: SAIL-234 Node DAO: Fix permission service tests (setPrimaryChildrenSharedAclId needs to invalidate nodesCache)
19428: Fixed TransactionalCache issue with null and NullValueMarker
19429: Took empty cm:content creation out of FileFolderService#createImpl
19430: SAIL-234 Node DAO: Tweaks around caching and cm:auditable
19431: SAIL-4 DAO Refactor: Exception thrown when attempting writes in read-only txn have changed
19436: SAIL-234 Node DAO: Fix NPE during cm:auditable update
19475: Allow debugging of code without stepping into trivial stuff
19476: Follow-up on 19429 by ensuring CIFS/FTP set a mimetype on the ContentWriter
19477: SAIL-234 Node DAO: Leverage DAO better for NodeService.addProperties
19478: SAIL-234 NodeDAO: Added toString() for ParentAssocsInfo (cache value for parent assocs)
19479: SAIL-234 Node DAO: Fixed for parent association and property caches
19480: Made TransactionAwareSingleton bind-key a GUID
19481: SAIL-234 Node DAO: Reinstated 100K collection property tests
19482: SAIL-234 Node DAO: Node and property cache fixes highlighted by unit tests
19483: SAIL-234 Node DAO: Start on NodeBulkLoader implementation
19595: SAIL-234 Node DAO: Fix moveNode to detect cyclic relationship prior to updating ACLs for moved tree FileFolderServiceImplTest.testETHREEOH_3088_MoveIntoSelf)
20147: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19602: (RECORD ONLY) Reintegrated with HEAD up to rev 19433
19621: (RECORD ONLY) SAIL-347
19683: (RECORD ONLY) Reverse-merged 19621 for SAIL-347
19722: (RECORD ONLY) Merged /alfresco/HEAD:r19434-19721
20150: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19741: Merged DEV\V3.3-DAO-REFACTOR-2 to DEV\V3.3-DAO-REFACTOR-3
19739: Extended "move" tests
19743: Fix AuditableAspectTest.testAddAspect (to allow for node modified date tolerance)
19748: Remaining part of merge from HEAD to V3.3-DAO-REFACTOR-3
19367: Merged BRANCHES/V3.2 to HEAD:
19286: Fix for ALF-626 "Using 'null' as an authority argument in clearPermissions() cause a java.lang.NullPointerException"
19755: SAIL-234 Node DAO: Fix RepoAdminServiceImplTest.testConcurrentDynamicModelDelete (handle InvalidNodeRefException after getChildAssocs)
20692: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
- Retired all 1.3 and 1.4 upgrade scripts ... R.I.P.
- Fixed CRC patch for Authorities (only tested on MySQL)
- Fixed SQL patch revision numbers and bumped version schema number up
20158: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19773: SQL mappings and scripts: SAIL-310, SAIL-304, SAIL-303 and SAIL-347
19774: Futher fix for SAIL-310: Sequence patch must take into account sequences created for 3.3
19851: SAIL-371 (SAIL-294) NodeDAO fallout: Fix QName and Namespace read/write handling and bean name in unit test
20183: Merged DAO3 to DAO4
19852: SAIL-370: Remove LinkValidation
19853: SAIL-239 (SAIL-294) Attributes.hbm.xml: Added ability to attach arbitrary property to unique context
19857: SAIL-373 Fallout from Permissions DAO refactor (SAIL-235)
19864: SAIL-239 (SAIL-294): Removed AttributeService RMI API
19865: More SAIL-239 (SAIL-294): Removed AttributeService RMI API
20208: DAO-refactor implementation of ALF-2712 query improvements
20209: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20060: Removal of AttributeService for SAIL-239 (SAIL-294)
20348: SAIL-371 (SAIL-294): Protect collection properties during map insert and retrieval
20547: SAIL-371 (SAIL-294) Attributes.hbm.xml: implement getAttributes + fixes
20573: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests and other fallout
20597: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip)
20598: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip) - fix AssetServiceImplTest.testSimpleLockFile NPE
20600: Fix PropertyValueDAOTest.testPropertyValue_Enum (follow-on to r20060 for SAIL-239 - which introduces ENUM prop vals)
20601: Fix UsageDAOTest.testCreateAndDeleteUsageDeltas NPE (would also affect ContentStoreCleanerScalabilityRunner)
20603: Fix CMISPropertyServiceTest.* (fallout from r20146 <- r19429 <- Took empty cm:content creation out of FileFolderService#createImpl)
20604: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - TransferServiceImplTest.*
20618: SAIL-371 (SAIL-294): NodeDAO: AuditableAspectTest (fix testCreateNodeWithAuditableProperties_ALF_2565 + add remove aspect test)
20624: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - UserUsageTest.*
20626: Fixed random keys for RuleTrigger NodeRef tracking
20635: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - PersonTest.testSplitDuplicates
20642: SAIL-371 (SAIL-294) DAO: Fixed CacheTest
20643: Removed must of the 'distribute' target's dependencies. Not for HEAD
20645: Follow-on to r20643 (Removed most of the 'distribute' target's dependencies. Not for HEAD)
20654: SAIL-371 (SAIL-294): NodeDAO: DMDeploymentTargetTest.* (do not try to remove mandatory aspects)
20655: SAIL-371 (SAIL-294): NodeDAO: Initial fix for TaggingServiceImplTest.testTagScopeUpdateViaNodePolicies (+ minor test cleanup)
20657: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - VersionMigratorTest.testMigrateOneVersion (cm:accessed not returned if null)
20658: Merged (back merge only - no merge info) BRANCHES/V3.3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20090: Dynamic models: minor improvements to DictionaryModelType
20554: Improvement to model delete validation (investigating intermittent failure of RepoAdminServiceImplTest.testSimpleDynamicModelViaNodeService)
20662: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - RecordsManagementAuditServiceImplTest.* (we now ignore attempt to update 'cm:modifier' prop so update 'cm:title' prop instead)
20666: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - ADMLuceneTest.*
20668: SAIL-239 (SAIL-294) - delete WCM locks + tests (follow-on to r20060)
20674: SAIL-371 (SAIL-294) NodeDAO fallout: Cleaner and additional checks for ContentStoreCleaner
20675: SAIL-371 (SAIL-294) NodeDAO fallout: Fixed handling of ContentData
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20693 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
696 lines
24 KiB
Java
696 lines
24 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
* As a special exception to the terms and conditions of version 2.0 of
|
|
* the GPL, you may redistribute this Program in connection with Free/Libre
|
|
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
|
* FLOSS exception. You should have recieved a copy of the text describing
|
|
* the FLOSS exception, and it is also available here:
|
|
* http://www.alfresco.com/legal/licensing"
|
|
*/
|
|
package org.alfresco.repo.domain.permissions;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.alfresco.repo.domain.AccessControlListDAO;
|
|
import org.alfresco.repo.domain.DbAccessControlList;
|
|
import org.alfresco.repo.security.permissions.ACEType;
|
|
import org.alfresco.repo.security.permissions.ACLType;
|
|
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
|
import org.alfresco.repo.security.permissions.AccessControlList;
|
|
import org.alfresco.repo.security.permissions.AccessControlListProperties;
|
|
import org.alfresco.repo.security.permissions.NodePermissionEntry;
|
|
import org.alfresco.repo.security.permissions.PermissionEntry;
|
|
import org.alfresco.repo.security.permissions.PermissionReference;
|
|
import org.alfresco.repo.security.permissions.SimpleAccessControlEntry;
|
|
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
|
|
import org.alfresco.repo.security.permissions.impl.AclChange;
|
|
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
|
|
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
|
|
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
|
|
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.security.AccessPermission;
|
|
import org.alfresco.service.cmr.security.AccessStatus;
|
|
import org.alfresco.util.GUID;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
/**
|
|
* Common support for permisisons dao
|
|
*
|
|
* Sub classes determine how ACLs are cascaded to children and how changes may COW/version children as ACLs are pushed down.
|
|
*
|
|
* TODO: remove the protocol to dao mapping
|
|
*
|
|
* @author andyh
|
|
*
|
|
*/
|
|
public abstract class AbstractPermissionsDaoComponentImpl implements PermissionsDaoComponent
|
|
{
|
|
private static Log logger = LogFactory.getLog(AbstractPermissionsDaoComponentImpl.class);
|
|
|
|
protected static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
|
|
|
|
protected AclDAO aclDaoComponent;
|
|
|
|
private Map<String, AccessControlListDAO> fProtocolToACLDAO;
|
|
|
|
private AccessControlListDAO fDefaultACLDAO;
|
|
|
|
/** a uuid identifying this unique instance */
|
|
private String uuid;
|
|
|
|
AbstractPermissionsDaoComponentImpl()
|
|
{
|
|
this.uuid = GUID.generate();
|
|
}
|
|
|
|
/**
|
|
* Set the ACL DAO component
|
|
* @param aclDaoComponent
|
|
*/
|
|
public void setAclDAO(AclDAO aclDaoComponent)
|
|
{
|
|
this.aclDaoComponent = aclDaoComponent;
|
|
}
|
|
|
|
/**
|
|
* Checks equality by type and uuid
|
|
*/
|
|
public boolean equals(Object obj)
|
|
{
|
|
if (obj == null)
|
|
{
|
|
return false;
|
|
}
|
|
else if (!(obj instanceof AbstractPermissionsDaoComponentImpl))
|
|
{
|
|
return false;
|
|
}
|
|
AbstractPermissionsDaoComponentImpl that = (AbstractPermissionsDaoComponentImpl) obj;
|
|
return this.uuid.equals(that.uuid);
|
|
}
|
|
|
|
/**
|
|
* @see #uuid
|
|
*/
|
|
public int hashCode()
|
|
{
|
|
return uuid.hashCode();
|
|
}
|
|
|
|
/**
|
|
* Set the mapping of protocol to DAO
|
|
* @param map
|
|
*/
|
|
public void setProtocolToACLDAO(Map<String, AccessControlListDAO> map)
|
|
{
|
|
fProtocolToACLDAO = map;
|
|
}
|
|
|
|
/**
|
|
* Set the default DAO
|
|
* @param defaultACLDAO
|
|
*/
|
|
public void setDefaultACLDAO(AccessControlListDAO defaultACLDAO)
|
|
{
|
|
fDefaultACLDAO = defaultACLDAO;
|
|
}
|
|
|
|
/**
|
|
* Helper to choose appropriate NodeService for the given NodeRef
|
|
*
|
|
* @param nodeRef
|
|
* The NodeRef to dispatch from.
|
|
* @return The appropriate NodeService.
|
|
*/
|
|
protected AccessControlListDAO getACLDAO(NodeRef nodeRef)
|
|
{
|
|
AccessControlListDAO ret = fProtocolToACLDAO.get(nodeRef.getStoreRef().getProtocol());
|
|
if (ret == null)
|
|
{
|
|
return fDefaultACLDAO;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
protected DbAccessControlList getAccessControlList(NodeRef nodeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
|
|
return acl;
|
|
}
|
|
|
|
protected CreationReport getMutableAccessControlList(NodeRef nodeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
|
|
if (acl == null)
|
|
{
|
|
return createAccessControlList(nodeRef, INHERIT_PERMISSIONS_DEFAULT, null);
|
|
}
|
|
else
|
|
{
|
|
switch (acl.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
case SHARED:
|
|
case LAYERED:
|
|
// We can not set an ACL on node that has one of these types so we need to make a new one ....
|
|
return createAccessControlList(nodeRef, INHERIT_PERMISSIONS_DEFAULT, acl);
|
|
case DEFINING:
|
|
case OLD:
|
|
default:
|
|
// Force a copy on write if one is required
|
|
getACLDAO(nodeRef).forceCopy(nodeRef);
|
|
acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
|
|
return new CreationReport(acl, Collections.<AclChange> emptyList());
|
|
}
|
|
}
|
|
}
|
|
|
|
public NodePermissionEntry getPermissions(NodeRef nodeRef)
|
|
{
|
|
// Create the object if it is not found.
|
|
// Null objects are not cached in hibernate
|
|
// If the object does not exist it will repeatedly query to check its
|
|
// non existence.
|
|
NodePermissionEntry npe = null;
|
|
DbAccessControlList acl = null;
|
|
try
|
|
{
|
|
acl = getAccessControlList(nodeRef);
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
// Do nothing.
|
|
}
|
|
|
|
if (acl == null)
|
|
{
|
|
// there isn't an access control list for the node - spoof a null one
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry> emptyList());
|
|
npe = snpe;
|
|
}
|
|
else
|
|
{
|
|
npe = createSimpleNodePermissionEntry(nodeRef);
|
|
}
|
|
// done
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Got NodePermissionEntry for node: \n" + " node: " + nodeRef + "\n" + " acl: " + npe);
|
|
}
|
|
return npe;
|
|
}
|
|
|
|
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(final String authority)
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
public Set<NodeRef> findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow)
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
// Utility methods to create simple detached objects for the outside world
|
|
// We do not pass out the hibernate objects
|
|
|
|
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
|
|
if (acl == null)
|
|
{
|
|
// there isn't an access control list for the node - spoof a null one
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry> emptyList());
|
|
return snpe;
|
|
}
|
|
else
|
|
{
|
|
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
|
|
|
|
SimpleNodePermissionEntry cached = info.getCachedSimpleNodePermissionEntry();
|
|
if(cached != null)
|
|
{
|
|
return cached;
|
|
}
|
|
|
|
ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
|
|
for (AccessControlEntry entry : info.getEntries())
|
|
{
|
|
SimplePermissionEntry spe = new SimplePermissionEntry(nodeRef, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
|
|
spes.add(spe);
|
|
}
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(), spes);
|
|
|
|
info.setCachedSimpleNodePermissionEntry(snpe);
|
|
return snpe;
|
|
}
|
|
}
|
|
|
|
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(storeRef).getAccessControlList(storeRef);
|
|
if (acl == null)
|
|
{
|
|
// there isn't an access control list for the node - spoof a null one
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry> emptyList());
|
|
return snpe;
|
|
}
|
|
else
|
|
{
|
|
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
|
|
|
|
ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
|
|
for (AccessControlEntry entry : info.getEntries())
|
|
{
|
|
SimplePermissionEntry spe = new SimplePermissionEntry(null, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
|
|
spes.add(spe);
|
|
}
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, acl.getInherits(), spes);
|
|
return snpe;
|
|
}
|
|
}
|
|
|
|
public boolean getInheritParentPermissions(NodeRef nodeRef)
|
|
{
|
|
DbAccessControlList acl = null;
|
|
try
|
|
{
|
|
acl = getAccessControlList(nodeRef);
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
return INHERIT_PERMISSIONS_DEFAULT;
|
|
}
|
|
if (acl == null)
|
|
{
|
|
return INHERIT_PERMISSIONS_DEFAULT;
|
|
}
|
|
else
|
|
{
|
|
return aclDaoComponent.getAccessControlListProperties(acl.getId()).getInherits();
|
|
}
|
|
}
|
|
|
|
public void deletePermissions(String authority)
|
|
{
|
|
@SuppressWarnings("unused")
|
|
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(authority);
|
|
// ignore changes - deleting an authority does not cause all acls to version
|
|
}
|
|
|
|
public void deletePermissions(NodeRef nodeRef, final String authority)
|
|
{
|
|
DbAccessControlList acl = null;
|
|
try
|
|
{
|
|
AccessControlListDAO aclDAO = getACLDAO(nodeRef);
|
|
if (aclDAO == null)
|
|
{
|
|
return;
|
|
}
|
|
acl = aclDAO.getAccessControlList(nodeRef);
|
|
if (acl == null)
|
|
{
|
|
return;
|
|
}
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
return;
|
|
}
|
|
switch (acl.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
|
|
case SHARED:
|
|
// Nothing to do
|
|
break;
|
|
case DEFINING:
|
|
case LAYERED:
|
|
case OLD:
|
|
default:
|
|
CreationReport report = getMutableAccessControlList(nodeRef);
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setAuthority(authority);
|
|
pattern.setPosition(Integer.valueOf(0));
|
|
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(report.getCreated().getId(), pattern);
|
|
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
|
|
break;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Deletes all permission entries (access control list entries) that match the given criteria. Note that the access
|
|
* control list for the node is not deleted.
|
|
*/
|
|
public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission)
|
|
{
|
|
DbAccessControlList acl = null;
|
|
try
|
|
{
|
|
AccessControlListDAO aclDAO = getACLDAO(nodeRef);
|
|
if (aclDAO == null)
|
|
{
|
|
return;
|
|
}
|
|
acl = aclDAO.getAccessControlList(nodeRef);
|
|
if (acl == null)
|
|
{
|
|
return;
|
|
}
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
return;
|
|
}
|
|
|
|
// avoid NullPointerException if it was not created
|
|
if (acl == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
switch (acl.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
case SHARED:
|
|
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
|
|
case DEFINING:
|
|
case LAYERED:
|
|
case OLD:
|
|
default:
|
|
CreationReport report = getMutableAccessControlList(nodeRef);
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setAuthority(authority);
|
|
pattern.setPermission(permission);
|
|
pattern.setPosition(Integer.valueOf(0));
|
|
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(report.getCreated().getId(), pattern);
|
|
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
public void setPermission(NodeRef nodeRef, String authority, PermissionReference permission, boolean allow)
|
|
{
|
|
CreationReport report = null;
|
|
try
|
|
{
|
|
report = getMutableAccessControlList(nodeRef);
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
return;
|
|
}
|
|
if (report.getCreated() != null)
|
|
{
|
|
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
|
|
entry.setAuthority(authority);
|
|
entry.setPermission(permission);
|
|
entry.setAccessStatus(allow ? AccessStatus.ALLOWED : AccessStatus.DENIED);
|
|
entry.setAceType(ACEType.ALL);
|
|
entry.setPosition(Integer.valueOf(0));
|
|
List<AclChange> changes = aclDaoComponent.setAccessControlEntry(report.getCreated().getId(), entry);
|
|
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
|
|
all.addAll(report.getChanges());
|
|
all.addAll(changes);
|
|
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
|
|
}
|
|
}
|
|
|
|
public void setPermission(PermissionEntry permissionEntry)
|
|
{
|
|
setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry.getPermissionReference(), permissionEntry.isAllowed());
|
|
}
|
|
|
|
public void setPermission(NodePermissionEntry nodePermissionEntry)
|
|
{
|
|
NodeRef nodeRef = nodePermissionEntry.getNodeRef();
|
|
|
|
// Get the access control list
|
|
// Note the logic here requires to know whether it was created or not
|
|
DbAccessControlList existing = getAccessControlList(nodeRef);
|
|
if (existing != null)
|
|
{
|
|
deletePermissions(nodeRef);
|
|
}
|
|
// create the access control list
|
|
|
|
existing = getAccessControlList(nodeRef);
|
|
CreationReport report = createAccessControlList(nodeRef, nodePermissionEntry.inheritPermissions(), existing);
|
|
|
|
// add all entries
|
|
for (PermissionEntry pe : nodePermissionEntry.getPermissionEntries())
|
|
{
|
|
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
|
|
entry.setAuthority(pe.getAuthority());
|
|
entry.setPermission(pe.getPermissionReference());
|
|
entry.setAccessStatus(pe.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
|
|
entry.setAceType(ACEType.ALL);
|
|
entry.setPosition(Integer.valueOf(0));
|
|
List<AclChange> changes = aclDaoComponent.setAccessControlEntry(report.getCreated().getId(), entry);
|
|
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
|
|
all.addAll(report.getChanges());
|
|
all.addAll(changes);
|
|
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
|
|
}
|
|
}
|
|
|
|
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
|
|
{
|
|
|
|
DbAccessControlList acl = getAccessControlList(nodeRef);
|
|
if ((acl == null) && (inheritParentPermissions == INHERIT_PERMISSIONS_DEFAULT))
|
|
{
|
|
return;
|
|
}
|
|
if ((acl != null) && (acl.getInherits() == inheritParentPermissions))
|
|
{
|
|
return;
|
|
}
|
|
|
|
CreationReport report = getMutableAccessControlList(nodeRef);
|
|
|
|
List<AclChange> changes;
|
|
if (!inheritParentPermissions)
|
|
{
|
|
changes = aclDaoComponent.disableInheritance(report.getCreated().getId(), false);
|
|
}
|
|
else
|
|
{
|
|
Long parentAcl = getACLDAO(nodeRef).getInheritedAcl(nodeRef);
|
|
changes = aclDaoComponent.enableInheritance(report.getCreated().getId(), parentAcl);
|
|
}
|
|
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
|
|
all.addAll(report.getChanges());
|
|
all.addAll(changes);
|
|
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
|
|
}
|
|
|
|
|
|
|
|
public void deletePermission(StoreRef storeRef, String authority, PermissionReference permission)
|
|
{
|
|
DbAccessControlList acl = getAccessControlList(storeRef);
|
|
if(acl == null)
|
|
{
|
|
return;
|
|
}
|
|
acl = getMutableAccessControlList(storeRef);
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setAuthority(authority);
|
|
pattern.setPermission(permission);
|
|
pattern.setPosition(Integer.valueOf(0));
|
|
aclDaoComponent.deleteAccessControlEntries(acl.getId(), pattern);
|
|
}
|
|
|
|
private DbAccessControlList getMutableAccessControlList(StoreRef storeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(storeRef).getAccessControlList(storeRef);
|
|
if(acl == null)
|
|
{
|
|
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
|
properties.setAclType(ACLType.DEFINING);
|
|
properties.setInherits(false);
|
|
properties.setVersioned(false);
|
|
|
|
acl = aclDaoComponent.createDbAccessControlList(properties);
|
|
getACLDAO(storeRef).setAccessControlList(storeRef, acl);
|
|
}
|
|
return acl;
|
|
}
|
|
|
|
private AccessControlListDAO getACLDAO(StoreRef storeRef)
|
|
{
|
|
AccessControlListDAO ret = fProtocolToACLDAO.get(storeRef.getProtocol());
|
|
if (ret == null)
|
|
{
|
|
return fDefaultACLDAO;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
private DbAccessControlList getAccessControlList(StoreRef storeRef)
|
|
{
|
|
return getACLDAO(storeRef).getAccessControlList(storeRef);
|
|
}
|
|
|
|
public void deletePermissions(StoreRef storeRef, String authority)
|
|
{
|
|
DbAccessControlList acl = getAccessControlList(storeRef);
|
|
if(acl == null)
|
|
{
|
|
return;
|
|
}
|
|
acl = getMutableAccessControlList(storeRef);
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setAuthority(authority);
|
|
pattern.setPosition(Integer.valueOf(0));
|
|
aclDaoComponent.deleteAccessControlEntries(acl.getId(), pattern);
|
|
}
|
|
|
|
public void deletePermissions(StoreRef storeRef)
|
|
{
|
|
getACLDAO(storeRef).setAccessControlList(storeRef, null);
|
|
}
|
|
|
|
public void setPermission(StoreRef storeRef, String authority, PermissionReference permission, boolean allow)
|
|
{
|
|
DbAccessControlList acl = getMutableAccessControlList(storeRef);
|
|
|
|
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
|
|
entry.setAuthority(authority);
|
|
entry.setPermission(permission);
|
|
entry.setAccessStatus(allow ? AccessStatus.ALLOWED : AccessStatus.DENIED);
|
|
entry.setAceType(ACEType.ALL);
|
|
entry.setPosition(Integer.valueOf(0));
|
|
aclDaoComponent.setAccessControlEntry(acl.getId(), entry);
|
|
}
|
|
|
|
|
|
|
|
public NodePermissionEntry getPermissions(StoreRef storeRef)
|
|
{
|
|
// Create the object if it is not found.
|
|
// Null objects are not cached in hibernate
|
|
// If the object does not exist it will repeatedly query to check its
|
|
// non existence.
|
|
NodePermissionEntry npe = null;
|
|
DbAccessControlList acl = null;
|
|
try
|
|
{
|
|
acl = getAccessControlList(storeRef);
|
|
}
|
|
catch (InvalidNodeRefException e)
|
|
{
|
|
// Do nothing.
|
|
}
|
|
|
|
if (acl == null)
|
|
{
|
|
// there isn't an access control list for the node - spoof a null one
|
|
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry> emptyList());
|
|
npe = snpe;
|
|
}
|
|
else
|
|
{
|
|
npe = createSimpleNodePermissionEntry(storeRef);
|
|
}
|
|
|
|
return npe;
|
|
}
|
|
|
|
public AccessControlListProperties getAccessControlListProperties(NodeRef nodeRef)
|
|
{
|
|
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
|
|
if(acl == null)
|
|
{
|
|
return null;
|
|
}
|
|
return aclDaoComponent.getAccessControlListProperties(acl.getId());
|
|
}
|
|
|
|
protected abstract CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, DbAccessControlList existing);
|
|
|
|
|
|
/**
|
|
* Internal class used for reporting the collateral damage when creating an new ACL entry
|
|
* @author andyh
|
|
*
|
|
*/
|
|
static class CreationReport
|
|
{
|
|
DbAccessControlList created;
|
|
|
|
List<AclChange> changes;
|
|
|
|
CreationReport(DbAccessControlList created, List<AclChange> changes)
|
|
{
|
|
this.created = created;
|
|
this.changes = changes;
|
|
}
|
|
|
|
/**
|
|
* Set the change list
|
|
*
|
|
* @param changes
|
|
*/
|
|
public void setChanges(List<AclChange> changes)
|
|
{
|
|
this.changes = changes;
|
|
}
|
|
|
|
/**
|
|
* Set the ACL that was created
|
|
* @param created
|
|
*/
|
|
public void setCreated(DbAccessControlList created)
|
|
{
|
|
this.created = created;
|
|
}
|
|
|
|
/**
|
|
* Get the change list
|
|
* @return - the change list
|
|
*/
|
|
public List<AclChange> getChanges()
|
|
{
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* Get the created ACL
|
|
* @return - the acl
|
|
*/
|
|
public DbAccessControlList getCreated()
|
|
{
|
|
return created;
|
|
}
|
|
|
|
}
|
|
}
|