From 37d4869e011a1c584868c9cfc98a23e9373b5a88 Mon Sep 17 00:00:00 2001
From: Matija Obreza <matija.obreza@croptrust.org>
Date: Sat, 21 Jul 2018 14:32:54 +0200
Subject: [PATCH] Added method to clean up ACL entries

---
 .../AclObjectIdentityPersistence.java         | 10 +++++
 .../security/service/CustomAclService.java    |  8 +++-
 .../service/impl/CustomAclServiceImpl.java    | 41 +++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/security/src/main/java/org/genesys/blocks/security/persistence/AclObjectIdentityPersistence.java b/security/src/main/java/org/genesys/blocks/security/persistence/AclObjectIdentityPersistence.java
index f3eedfb..9a53191 100644
--- a/security/src/main/java/org/genesys/blocks/security/persistence/AclObjectIdentityPersistence.java
+++ b/security/src/main/java/org/genesys/blocks/security/persistence/AclObjectIdentityPersistence.java
@@ -17,6 +17,7 @@ package org.genesys.blocks.security.persistence;
 
 import org.genesys.blocks.security.model.AclObjectIdentity;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.querydsl.QueryDslPredicateExecutor;
 import org.springframework.data.repository.query.Param;
@@ -35,4 +36,13 @@ public interface AclObjectIdentityPersistence extends JpaRepository<AclObjectIde
 	 */
 	@Query("select aoi from AclObjectIdentity aoi where aoi.objectIdIdentity = :objectIdIdentity and aoi.aclClass.aclClass = :aclClass")
 	AclObjectIdentity findByObjectIdAndClassname(@Param("objectIdIdentity") long objectIdIdentity, @Param("aclClass") String aclClass);
+
+	/**
+	 * Clear the parentObject of child OID that use this oID as parentObject
+	 *   
+	 * @param oID
+	 */
+	@Modifying
+	@Query("update AclObjectIdentity aoi set aoi.parentObject = null where aoi.parentObject = ?1")
+	void resetChildrenOfOID(AclObjectIdentity oID);
 }
diff --git a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
index d8b3783..6863cb3 100644
--- a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Global Crop Diversity Trust
+ * Copyright 2018 Global Crop Diversity Trust
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.genesys.blocks.security.service;
 import java.util.List;
 
 import org.genesys.blocks.security.model.AclAwareModel;
+import org.genesys.blocks.security.model.AclClass;
 import org.genesys.blocks.security.model.AclEntry;
 import org.genesys.blocks.security.model.AclObjectIdentity;
 import org.genesys.blocks.security.model.AclSid;
@@ -205,4 +206,9 @@ public interface CustomAclService {
 	 * @since 1.4
 	 */
 	void makePubliclyReadable(AclAwareModel aclAwareModel, boolean publiclyReadable);
+
+	/**
+	 * Cleanup ACL: remove {@link AclEntry} and {@link AclObjectIdentity} for missing ACL-aware entities, remove obsolete {@link AclClass}
+	 */
+	void cleanupAcl();
 }
diff --git a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
index 68b420b..833ba7e 100644
--- a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
@@ -557,4 +557,45 @@ public class CustomAclServiceImpl implements CustomAclService {
 		
 		setPermissions(entity, roleEveryone, readPermissions);
 	}
+	
+	
+	@Override
+	@Transactional
+	public void cleanupAcl() {
+		Iterable<AclObjectIdentity> OIDs = aclObjectIdentityPersistence.findAll();
+		for (AclObjectIdentity OID : OIDs) {
+			try {
+				Class<?> clazz = Class.forName(OID.getAclClass().getAclClass());
+				Object entity = entityManager.find(clazz, OID.getObjectIdIdentity());
+				if (entity == null) {
+					LOG.info("{} with OID={} no longer exists, clearing ACL", clazz.getName(), OID.getObjectIdIdentity());
+					final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(OID);
+					if (aclEntries != null) {
+						aclEntryPersistence.delete(aclEntries);
+					}
+					aclObjectIdentityPersistence.resetChildrenOfOID(OID);
+					aclObjectIdentityPersistence.delete(OID);
+				}
+			} catch (ClassNotFoundException e) {
+				LOG.info("{} for OID={} no longer exists, clearing ACL", OID.getAclClass().getAclClass(), OID.getObjectIdIdentity());
+				final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(OID);
+				if (aclEntries != null) {
+					aclEntryPersistence.delete(aclEntries);
+				}
+				aclObjectIdentityPersistence.resetChildrenOfOID(OID);
+				aclObjectIdentityPersistence.delete(OID);
+			}
+		}
+		
+		List<AclClass> aclClasses = aclClassPersistence.findAll();
+		for (AclClass aclClass : aclClasses) {
+			try {
+				Class.forName(aclClass.getAclClass());
+			} catch (ClassNotFoundException e) {
+				LOG.info("{} no longer exists, clearing ACL", aclClass.getAclClass());
+				aclClassPersistence.delete(aclClass);
+			}
+		}
+	}
+
 }
-- 
GitLab