Commit 169882e2 authored by Matija Obreza's avatar Matija Obreza
Browse files

ACL: Setting parent ACL object

parent ab6dc88b
...@@ -338,9 +338,6 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple ...@@ -338,9 +338,6 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
authorities.addAll(getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getAuthority())).collect(Collectors.toSet())); authorities.addAll(getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getAuthority())).collect(Collectors.toSet()));
if (runtimeAuthorities != null) { if (runtimeAuthorities != null) {
authorities.addAll(runtimeAuthorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet())); authorities.addAll(runtimeAuthorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
System.err.println("User has extra runtime authorities: " + runtimeAuthorities);
} else {
System.err.println("User has no extra runtime authorities: " + runtimeAuthorities);
} }
return authorities; return authorities;
} }
......
...@@ -68,7 +68,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -68,7 +68,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* @return the authority sid * @return the authority sid
*/ */
AclSid ensureAuthoritySid(String authority); AclSid ensureAuthoritySid(String authority);
/** /**
* Removes the sid of the specified authority * Removes the sid of the specified authority
*/ */
...@@ -104,6 +104,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -104,6 +104,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
*/ */
AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId); AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
/**
* Set ACL parent object for inherited permissions
*
* @param target the target ACL object on which to change ACL
* @param parent the parent ACL object
* @return
*/
AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
/** /**
* Removes the permissions on ACL model. * Removes the permissions on ACL model.
* *
...@@ -196,7 +205,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -196,7 +205,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* @return the acl object identity * @return the acl object identity
*/ */
AclObjectIdentity removePermissions(AclObjectIdentity objectIdentity, AclSid aclSid); AclObjectIdentity removePermissions(AclObjectIdentity objectIdentity, AclSid aclSid);
/** /**
* Gets the acl entries. * Gets the acl entries.
* *
...@@ -285,7 +294,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -285,7 +294,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* Wraps {@link AclObjectIdentity} and adds list of inherited permissions. * Wraps {@link AclObjectIdentity} and adds list of inherited permissions.
*/ */
public static class AclObjectIdentityExt { public static class AclObjectIdentityExt {
@JsonUnwrapped @JsonUnwrapped
public AclObjectIdentity original; public AclObjectIdentity original;
@JsonSerialize(converter = AclEntriesToPermissions.class) @JsonSerialize(converter = AclEntriesToPermissions.class)
public List<AclEntry> inherited = new ArrayList<>(); public List<AclEntry> inherited = new ArrayList<>();
......
...@@ -256,6 +256,15 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -256,6 +256,15 @@ public class CustomAclServiceImpl implements CustomAclService {
} }
} }
} }
@Override
@PreAuthorize("hasRole('ADMINISTRATOR')")
public AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent) {
final AclObjectIdentity objectIdentity = getObjectIdentity(target);
final AclObjectIdentity parentIdentity = parent == null ? null : getObjectIdentity(parent);
return updateAclParentObject(objectIdentity, parentIdentity);
}
@Override @Override
@PreAuthorize("hasRole('ADMINISTRATOR')") @PreAuthorize("hasRole('ADMINISTRATOR')")
...@@ -266,15 +275,21 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -266,15 +275,21 @@ public class CustomAclServiceImpl implements CustomAclService {
return null; return null;
} }
final AclObjectIdentity parentObject = aclObjectIdentityPersistence.findOne(parentObjectId); final AclObjectIdentity parentIdentity = aclObjectIdentityPersistence.findOne(parentObjectId);
if (parentObject == null) { if (parentIdentity == null) {
LOG.warn("ACL object identity not found by id={}", objectIdIdentity); LOG.warn("ACL object identity not found by id={}", objectIdIdentity);
return null; return null;
} }
return updateAclParentObject(objectIdentity, parentIdentity);
}
private AclObjectIdentity updateAclParentObject(final AclObjectIdentity objectIdentity, final AclObjectIdentity parentObject) {
try { try {
LOG.trace("Updating ACL parent to {}", parentObject); LOG.trace("Updating ACL parent to {}", parentObject);
objectIdentity.setParentObject(parentObject); objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(parentObject != null);
return aclObjectIdentityPersistence.save(objectIdentity); return aclObjectIdentityPersistence.save(objectIdentity);
} finally { } finally {
clearAclCache(); clearAclCache();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment