diff --git a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java index 311e75230466277d30f7e18fe71945ac14bff79f..16d5d6bcff0f4b3f03c277adc08d3ee73d0c2f3e 100644 --- a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java +++ b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java @@ -18,7 +18,6 @@ package org.genesys.blocks.security.service; import java.util.ArrayList; import java.util.List; -import org.genesys.blocks.util.JsonSidConverter; import org.genesys.blocks.security.model.AclAwareModel; import org.genesys.blocks.security.model.AclClass; import org.genesys.blocks.security.model.AclEntry; @@ -27,6 +26,7 @@ import org.genesys.blocks.security.model.AclSid; import org.genesys.blocks.security.serialization.AclEntriesToPermissions; import org.genesys.blocks.security.serialization.Permissions; import org.genesys.blocks.security.serialization.SidPermissions; +import org.genesys.blocks.util.JsonSidConverter; import org.springframework.security.acls.model.Permission; import com.fasterxml.jackson.annotation.JsonUnwrapped; @@ -91,6 +91,14 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { */ void createOrUpdatePermissions(AclAwareModel entity); + /** + * Adds the creator permissions or updates permission inheritance. + + * @param target the ACL entity + * @param ownerSid Owner + */ + void createOrUpdatePermissions(AclAwareModel target, AclSid ownerSid); + /** * Updates inheriting status of object identity. * diff --git a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java index 58c55351e3e79e9b5ea68464677fe1b0f1e693b9..d80a713d4228dd7d73f6412ee5418bd3761778c8 100644 --- a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java +++ b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java @@ -143,10 +143,10 @@ public class CustomAclServiceImpl implements CustomAclService { return authoritySid; } - + @Override @Transactional(propagation = Propagation.REQUIRED) - public void createOrUpdatePermissions(final AclAwareModel target) { + public void createOrUpdatePermissions(final AclAwareModel target, AclSid ownerSid) { if (target == null || (target.getId() <= 0l && !(target instanceof ClassAclOid))) { LOG.warn("No target specified for ACL permissions, bailing out!"); return; @@ -165,7 +165,6 @@ public class CustomAclServiceImpl implements CustomAclService { if (objectIdentity == null) { objectIdentity = new AclObjectIdentity(); - final AclSid ownerSid = SecurityContextUtil.getCurrentUser(); if (ownerSid == null) { LOG.warn("No SID in security context, not assigning creator permissions"); } else if (ownerSid.isNew()) { @@ -201,7 +200,6 @@ public class CustomAclServiceImpl implements CustomAclService { LOG.debug("Updating ACL parent object for class={} id={}", target.getClass().getName(), target.getId()); if (objectIdentity.getOwnerSid() == null) { - final AclSid ownerSid = SecurityContextUtil.getCurrentUser(); if (ownerSid != null && ! ownerSid.isNew()) { objectIdentity.setOwnerSid(ownerSid); @@ -235,6 +233,18 @@ public class CustomAclServiceImpl implements CustomAclService { clearAclCache(); } + @Override + @Transactional(propagation = Propagation.REQUIRED) + public void createOrUpdatePermissions(final AclAwareModel target) { + if (target == null || (target.getId() <= 0l && !(target instanceof ClassAclOid))) { + LOG.warn("No target specified for ACL permissions, bailing out!"); + return; + } + + final AclSid ownerSid = SecurityContextUtil.getCurrentUser(); + createOrUpdatePermissions(target, ownerSid); + } + @Override @PreAuthorize("hasRole('ADMINISTRATOR')") public AclObjectIdentity updateInheriting(final long objectIdIdentity, final boolean entriesInheriting) {