Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
App Blocks
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Genesys PGR
App Blocks
Commits
40f0a90b
Commit
40f0a90b
authored
Oct 29, 2018
by
Matija Obreza
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ACL: Added support for #aclParentObjectIdentity()
parent
6f253335
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
51 additions
and
24 deletions
+51
-24
security/src/main/java/org/genesys/blocks/security/component/AclAssignerAspect.java
.../genesys/blocks/security/component/AclAssignerAspect.java
+5
-5
security/src/main/java/org/genesys/blocks/security/model/AclAwareModel.java
...java/org/genesys/blocks/security/model/AclAwareModel.java
+15
-2
security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
...org/genesys/blocks/security/service/CustomAclService.java
+2
-2
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
...ys/blocks/security/service/impl/CustomAclServiceImpl.java
+29
-15
No files found.
security/src/main/java/org/genesys/blocks/security/component/AclAssignerAspect.java
View file @
40f0a90b
...
...
@@ -55,7 +55,7 @@ public class AclAssignerAspect {
}
/**
*
Create owner permissions on persist.
*
Ensure owner permissions on persist or update
*
* @param result the result
* @return the object
...
...
@@ -66,12 +66,12 @@ public class AclAssignerAspect {
if
(
auth
!=
null
)
{
if
(
result
instanceof
AclAwareModel
)
{
maybe
AddCreator
Permissions
(
result
);
maybe
Update
Permissions
(
result
);
}
else
if
(
result
instanceof
Iterable
)
{
// Handle collections of AclAwareModel
final
Iterable
<?>
i
=
(
Iterable
<?>)
result
;
for
(
final
Object
o
:
i
)
{
maybe
AddCreator
Permissions
(
o
);
maybe
Update
Permissions
(
o
);
}
}
else
{
LOG
.
trace
(
"{} is not instance of AclAwareModel"
,
result
);
...
...
@@ -86,9 +86,9 @@ public class AclAssignerAspect {
*
* @param obj the obj
*/
private
void
maybe
AddCreator
Permissions
(
final
Object
obj
)
{
private
void
maybe
Update
Permissions
(
final
Object
obj
)
{
if
(
obj
instanceof
AclAwareModel
)
{
aclService
.
addCreator
Permissions
((
AclAwareModel
)
obj
);
aclService
.
createOrUpdate
Permissions
((
AclAwareModel
)
obj
);
}
else
{
LOG
.
trace
(
"{} is not instance of AclAwareModel"
,
obj
);
}
...
...
security/src/main/java/org/genesys/blocks/security/model/AclAwareModel.java
View file @
40f0a90b
...
...
@@ -32,11 +32,24 @@ import org.genesys.blocks.util.JsonClassNameWriter;
public
interface
AclAwareModel
extends
Serializable
,
EntityId
{
/**
* Objects belonging to
some parent
can override this method.
* Objects belonging to
a parent entity
can override this method.
*
* @return the parent A
CL object
(null by default)
* @return the parent A
clAwareModel
(null by default)
*/
default
AclAwareModel
aclParentObject
()
{
return
null
;
}
/**
* A custom, persisted parent AclObjectIdentity reference. Takes precedence over
* {@link #aclParentObject()} when configured.
*
* This addresses the ACL inheritance for generic use cases where no business
* entity relationships exist.
*
* @return a custom parent AclObjectIdentity (null by default)
*/
default
AclObjectIdentity
aclParentObjectIdentity
()
{
return
null
;
}
}
security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
View file @
40f0a90b
...
...
@@ -63,11 +63,11 @@ public interface CustomAclService {
List
<
AclSid
>
listAuthoritySids
();
/**
* Adds the creator permissions
.
* Adds the creator permissions
or updates permission inheritance
*
* @param entity the target
*/
void
addCreator
Permissions
(
AclAwareModel
entity
);
void
createOrUpdate
Permissions
(
AclAwareModel
entity
);
/**
* Removes the permissions on ACL model.
...
...
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
View file @
40f0a90b
...
...
@@ -70,7 +70,7 @@ public class CustomAclServiceImpl implements CustomAclService {
private
AclEntryPersistence
aclEntryPersistence
;
/** The cache manager. */
@Autowired
@Autowired
(
required
=
false
)
private
CacheManager
cacheManager
;
/** The acl sid persistence. */
...
...
@@ -102,7 +102,7 @@ public class CustomAclServiceImpl implements CustomAclService {
@Override
@Transactional
(
propagation
=
Propagation
.
REQUIRED
)
public
void
addCreator
Permissions
(
final
AclAwareModel
target
)
{
public
void
createOrUpdate
Permissions
(
final
AclAwareModel
target
)
{
if
((
target
==
null
)
||
(
target
.
getId
()
<=
0
l
))
{
LOG
.
warn
(
"No target specified for ACL permissions, bailing out!"
);
return
;
...
...
@@ -112,6 +112,7 @@ public class CustomAclServiceImpl implements CustomAclService {
// save object identity
AclObjectIdentity
objectIdentity
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
target
.
getId
(),
aclClass
.
getAclClass
());
if
(
objectIdentity
==
null
)
{
objectIdentity
=
new
AclObjectIdentity
();
...
...
@@ -129,38 +130,50 @@ public class CustomAclServiceImpl implements CustomAclService {
objectIdentity
.
setObjectIdIdentity
(
target
.
getId
());
objectIdentity
.
setAclClass
(
aclClass
);
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
AclObjectIdentity
parentObject
=
target
.
aclParentObjectIdentity
();
if
(
parentObject
==
null
&&
target
.
aclParentObject
()
!=
null
)
{
// get OID of parent business entity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
}
if
(
parentObject
!=
null
)
{
objectIdentity
.
setParentObject
(
parentObject
);
objectIdentity
.
setEntriesInheriting
(
true
);
}
else
{
objectIdentity
.
setEntriesInheriting
(
true
);
}
objectIdentity
.
setEntriesInheriting
(
true
);
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
if
(
objectIdentity
.
getOwnerSid
()
!=
null
)
{
// Grant permissions to owner
final
Permissions
permissions
=
new
Permissions
().
grantAll
();
addPermissions
(
objectIdentity
,
objectIdentity
.
getOwnerSid
(),
permissions
);
}
}
else
{
// update p
arent
// update p
ermissions
LOG
.
debug
(
"Updating ACL parent object for class={} id={}"
,
target
.
getClass
().
getName
(),
target
.
getId
());
if
(
objectIdentity
.
getOwnerSid
()
==
null
)
{
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
!=
null
&&
ownerSid
.
isPersisted
())
{
objectIdentity
.
setOwnerSid
(
ownerSid
);
// Grant permissions to owner
final
Permissions
permissions
=
new
Permissions
().
grantAll
();
addPermissions
(
objectIdentity
,
objectIdentity
.
getOwnerSid
(),
permissions
);
}
else
{
LOG
.
debug
(
"Owner SID not persisted or is null."
);
}
}
AclObjectIdentity
parentObject
=
target
.
aclParentObjectIdentity
();
if
(
parentObject
==
null
&&
target
.
aclParentObject
()
!=
null
)
{
// get OID of parent business entity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
}
if
(
target
.
aclParentObject
()
!=
null
)
{
LOG
.
trace
(
"Updating ACL parent to {}"
,
target
.
aclParentObject
());
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
if
(
parentObject
!=
null
)
{
LOG
.
trace
(
"Updating ACL parent to {}"
,
parentObject
);
objectIdentity
.
setParentObject
(
parentObject
);
//
objectIdentity.setEntriesInheriting(true);
objectIdentity
.
setEntriesInheriting
(
true
);
}
else
{
LOG
.
trace
(
"Clearing ACL parent"
);
objectIdentity
.
setParentObject
(
null
);
...
...
@@ -259,9 +272,11 @@ public class CustomAclServiceImpl implements CustomAclService {
}
private
void
clearAclCache
()
{
final
Cache
aclCache
=
cacheManager
.
getCache
(
"aclCache"
);
if
(
aclCache
!=
null
)
aclCache
.
clear
();
if
(
cacheManager
!=
null
)
{
final
Cache
aclCache
=
cacheManager
.
getCache
(
"aclCache"
);
if
(
aclCache
!=
null
)
aclCache
.
clear
();
}
}
/**
...
...
@@ -619,5 +634,4 @@ public class CustomAclServiceImpl implements CustomAclService {
}
LOG
.
warn
(
"Done cleaning ACL for {} ACL classes"
,
aclClasses
.
size
());
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment