Commit 37d4869e authored by Matija Obreza's avatar Matija Obreza

Added method to clean up ACL entries

parent 669962d9
......@@ -17,6 +17,7 @@ package org.genesys.blocks.security.persistence;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.querydsl.QueryDslPredicateExecutor;
import org.springframework.data.repository.query.Param;
......@@ -35,4 +36,13 @@ public interface AclObjectIdentityPersistence extends JpaRepository<AclObjectIde
*/
@Query("select aoi from AclObjectIdentity aoi where aoi.objectIdIdentity = :objectIdIdentity and aoi.aclClass.aclClass = :aclClass")
AclObjectIdentity findByObjectIdAndClassname(@Param("objectIdIdentity") long objectIdIdentity, @Param("aclClass") String aclClass);
/**
* Clear the parentObject of child OID that use this oID as parentObject
*
* @param oID
*/
@Modifying
@Query("update AclObjectIdentity aoi set aoi.parentObject = null where aoi.parentObject = ?1")
void resetChildrenOfOID(AclObjectIdentity oID);
}
/*
* Copyright 2017 Global Crop Diversity Trust
* Copyright 2018 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -18,6 +18,7 @@ package org.genesys.blocks.security.service;
import java.util.List;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.security.model.AclClass;
import org.genesys.blocks.security.model.AclEntry;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
......@@ -205,4 +206,9 @@ public interface CustomAclService {
* @since 1.4
*/
void makePubliclyReadable(AclAwareModel aclAwareModel, boolean publiclyReadable);
/**
* Cleanup ACL: remove {@link AclEntry} and {@link AclObjectIdentity} for missing ACL-aware entities, remove obsolete {@link AclClass}
*/
void cleanupAcl();
}
......@@ -557,4 +557,45 @@ public class CustomAclServiceImpl implements CustomAclService {
setPermissions(entity, roleEveryone, readPermissions);
}
@Override
@Transactional
public void cleanupAcl() {
Iterable<AclObjectIdentity> OIDs = aclObjectIdentityPersistence.findAll();
for (AclObjectIdentity OID : OIDs) {
try {
Class<?> clazz = Class.forName(OID.getAclClass().getAclClass());
Object entity = entityManager.find(clazz, OID.getObjectIdIdentity());
if (entity == null) {
LOG.info("{} with OID={} no longer exists, clearing ACL", clazz.getName(), OID.getObjectIdIdentity());
final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(OID);
if (aclEntries != null) {
aclEntryPersistence.delete(aclEntries);
}
aclObjectIdentityPersistence.resetChildrenOfOID(OID);
aclObjectIdentityPersistence.delete(OID);
}
} catch (ClassNotFoundException e) {
LOG.info("{} for OID={} no longer exists, clearing ACL", OID.getAclClass().getAclClass(), OID.getObjectIdIdentity());
final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(OID);
if (aclEntries != null) {
aclEntryPersistence.delete(aclEntries);
}
aclObjectIdentityPersistence.resetChildrenOfOID(OID);
aclObjectIdentityPersistence.delete(OID);
}
}
List<AclClass> aclClasses = aclClassPersistence.findAll();
for (AclClass aclClass : aclClasses) {
try {
Class.forName(aclClass.getAclClass());
} catch (ClassNotFoundException e) {
LOG.info("{} no longer exists, clearing ACL", aclClass.getAclClass());
aclClassPersistence.delete(aclClass);
}
}
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment