ACL: Setting parent ACL object

security/src/main/java/org/genesys/blocks/security/model/BasicUser.java

@@ -338,9 +338,6 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
 		authorities.addAll(getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getAuthority())).collect(Collectors.toSet()));
 		if (runtimeAuthorities != null) {
 			authorities.addAll(runtimeAuthorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
-			System.err.println("User has extra runtime authorities: " + runtimeAuthorities);
-		} else {
-			System.err.println("User has no extra runtime authorities: " + runtimeAuthorities);
 		}
 		return authorities;
 	}

security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java

@@ -104,6 +104,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	 */
 	AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
 
+	/**
+	 * Set ACL parent object for inherited permissions
+	 * 
+	 * @param target the target ACL object on which to change ACL
+	 * @param parent the parent ACL object
+	 * @return
+	 */
+	AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
+
 	/**
 	 * Removes the permissions on ACL model.
 	 *

security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java

@@ -257,6 +257,15 @@ public class CustomAclServiceImpl implements CustomAclService {
 		}
 	}
 	
+	@Override
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	public AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent) {
+		final AclObjectIdentity objectIdentity = getObjectIdentity(target);
+		final AclObjectIdentity parentIdentity = parent == null ? null : getObjectIdentity(parent);
+
+		return updateAclParentObject(objectIdentity, parentIdentity);
+	}
+
 	@Override
 	@PreAuthorize("hasRole('ADMINISTRATOR')")
 	public AclObjectIdentity updateParentObject(final long objectIdIdentity, final long parentObjectId) {
@@ -266,15 +275,21 @@ public class CustomAclServiceImpl implements CustomAclService {
 			return null;
 		}
 
-		final AclObjectIdentity parentObject = aclObjectIdentityPersistence.findOne(parentObjectId);
-		if (parentObject == null) {
+		final AclObjectIdentity parentIdentity = aclObjectIdentityPersistence.findOne(parentObjectId);
+		if (parentIdentity == null) {
 			LOG.warn("ACL object identity not found by id={}", objectIdIdentity);
 			return null;
 		}
 
+		return updateAclParentObject(objectIdentity, parentIdentity);
+	}
+
+
+	private AclObjectIdentity updateAclParentObject(final AclObjectIdentity objectIdentity, final AclObjectIdentity parentObject) {
 		try {
 			LOG.trace("Updating ACL parent to {}", parentObject);
 			objectIdentity.setParentObject(parentObject);
+			objectIdentity.setEntriesInheriting(parentObject != null);
 			return aclObjectIdentityPersistence.save(objectIdentity);
 		} finally {
 			clearAclCache();