Commit 169882e2 authored by Matija Obreza's avatar Matija Obreza
Browse files

ACL: Setting parent ACL object

parent ab6dc88b
...@@ -338,9 +338,6 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple ...@@ -338,9 +338,6 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
authorities.addAll(getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getAuthority())).collect(Collectors.toSet())); authorities.addAll(getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getAuthority())).collect(Collectors.toSet()));
if (runtimeAuthorities != null) { if (runtimeAuthorities != null) {
authorities.addAll(runtimeAuthorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet())); authorities.addAll(runtimeAuthorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
System.err.println("User has extra runtime authorities: " + runtimeAuthorities);
} else {
System.err.println("User has no extra runtime authorities: " + runtimeAuthorities);
} }
return authorities; return authorities;
} }
......
...@@ -104,6 +104,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -104,6 +104,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
*/ */
AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId); AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
/**
* Set ACL parent object for inherited permissions
*
* @param target the target ACL object on which to change ACL
* @param parent the parent ACL object
* @return
*/
AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
/** /**
* Removes the permissions on ACL model. * Removes the permissions on ACL model.
* *
......
...@@ -257,6 +257,15 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -257,6 +257,15 @@ public class CustomAclServiceImpl implements CustomAclService {
} }
} }
@Override
@PreAuthorize("hasRole('ADMINISTRATOR')")
public AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent) {
final AclObjectIdentity objectIdentity = getObjectIdentity(target);
final AclObjectIdentity parentIdentity = parent == null ? null : getObjectIdentity(parent);
return updateAclParentObject(objectIdentity, parentIdentity);
}
@Override @Override
@PreAuthorize("hasRole('ADMINISTRATOR')") @PreAuthorize("hasRole('ADMINISTRATOR')")
public AclObjectIdentity updateParentObject(final long objectIdIdentity, final long parentObjectId) { public AclObjectIdentity updateParentObject(final long objectIdIdentity, final long parentObjectId) {
...@@ -266,15 +275,21 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -266,15 +275,21 @@ public class CustomAclServiceImpl implements CustomAclService {
return null; return null;
} }
final AclObjectIdentity parentObject = aclObjectIdentityPersistence.findOne(parentObjectId); final AclObjectIdentity parentIdentity = aclObjectIdentityPersistence.findOne(parentObjectId);
if (parentObject == null) { if (parentIdentity == null) {
LOG.warn("ACL object identity not found by id={}", objectIdIdentity); LOG.warn("ACL object identity not found by id={}", objectIdIdentity);
return null; return null;
} }
return updateAclParentObject(objectIdentity, parentIdentity);
}
private AclObjectIdentity updateAclParentObject(final AclObjectIdentity objectIdentity, final AclObjectIdentity parentObject) {
try { try {
LOG.trace("Updating ACL parent to {}", parentObject); LOG.trace("Updating ACL parent to {}", parentObject);
objectIdentity.setParentObject(parentObject); objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(parentObject != null);
return aclObjectIdentityPersistence.save(objectIdentity); return aclObjectIdentityPersistence.save(objectIdentity);
} finally { } finally {
clearAclCache(); clearAclCache();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment