Commit 0163e53a authored by Matija Obreza's avatar Matija Obreza
Browse files

Remove all ACL data when AclAwareModel is deleted

parent eb231064
...@@ -111,15 +111,15 @@ public class AclAssignerAspect { ...@@ -111,15 +111,15 @@ public class AclAssignerAspect {
// Remove permissions owned by SID // Remove permissions owned by SID
aclService.removePermissionsFor(aclSid); aclService.removePermissionsFor(aclSid);
// Remove permissions on SID // Remove permissions on SID
maybeRemovePermissions(aclSid); maybeRemoveAclAwareModel(aclSid);
} else if (arg0 instanceof AclAwareModel) { } else if (arg0 instanceof AclAwareModel) {
final AclAwareModel aclModel = (AclAwareModel) arg0; final AclAwareModel aclModel = (AclAwareModel) arg0;
maybeRemovePermissions(aclModel); maybeRemoveAclAwareModel(aclModel);
} else if (arg0 instanceof Iterable) { } else if (arg0 instanceof Iterable) {
// Handle collections of AclAwareModel // Handle collections of AclAwareModel
final Iterable<?> i = (Iterable<?>) arg0; final Iterable<?> i = (Iterable<?>) arg0;
for (final Object o : i) { for (final Object o : i) {
maybeRemovePermissions(o); maybeRemoveAclAwareModel(o);
} }
} else { } else {
LOG.trace("{} is not instance of AclAwareModel", arg0); LOG.trace("{} is not instance of AclAwareModel", arg0);
...@@ -134,10 +134,10 @@ public class AclAssignerAspect { ...@@ -134,10 +134,10 @@ public class AclAssignerAspect {
* *
* @param obj the obj * @param obj the obj
*/ */
private void maybeRemovePermissions(final Object obj) { private void maybeRemoveAclAwareModel(final Object obj) {
if (obj instanceof AclAwareModel) { if (obj instanceof AclAwareModel) {
LOG.debug("Removing ACL entries for model={}", obj); LOG.debug("Removing ACL entries for model={}", obj);
aclService.removePermissions((AclAwareModel) obj); aclService.removeAclAwareModel((AclAwareModel) obj);
} else { } else {
LOG.trace("{} is not instance of AclAwareModel", obj); LOG.trace("{} is not instance of AclAwareModel", obj);
} }
......
...@@ -73,7 +73,7 @@ public interface CustomAclService { ...@@ -73,7 +73,7 @@ public interface CustomAclService {
* *
* @param target the target * @param target the target
*/ */
void removePermissions(AclAwareModel target); void removeAclAwareModel(AclAwareModel target);
/** /**
* Removes the all permissions of SID. * Removes the all permissions of SID.
......
...@@ -156,17 +156,25 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -156,17 +156,25 @@ public class CustomAclServiceImpl implements CustomAclService {
} }
} }
/**
* Remove ACL data for AclAwareModel: deletes {@link AclObjectIdentity} and
* associated {@link AclEntry} list. If target happens to be {@link AclSid},
* permissions granted to the SID are removed.
*/
@Override @Override
@Transactional(propagation = Propagation.REQUIRED) @Transactional(propagation = Propagation.REQUIRED)
public void removePermissions(final AclAwareModel target) { public void removeAclAwareModel(final AclAwareModel target) {
LOG.debug("Deleting all ACL entries for {}", target); LOG.debug("Deleting ACL data for {}", target);
final AclObjectIdentity savedAclObjectIdentity = getObjectIdentity(target);
if (savedAclObjectIdentity != null) { if (target instanceof AclSid) {
final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(savedAclObjectIdentity); LOG.info("Deleting permissions for {}", target);
if (aclEntries != null) { removePermissionsFor((AclSid) target);
aclEntryPersistence.delete(aclEntries); }
aclObjectIdentityPersistence.delete(savedAclObjectIdentity.getId());
} final AclObjectIdentity aclObjectIdentity = getObjectIdentity(target);
if (aclObjectIdentity != null) {
LOG.info("Deleting ACL data of {}", target);
aclObjectIdentityPersistence.delete(aclObjectIdentity.getId());
clearAclCache(); clearAclCache();
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment