Commit 7099be86 authored by Matija Obreza's avatar Matija Obreza

FIX: only set ownerSid if it is persisted

parent 9f21c3d2
......@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
if (permissionEvaluator != null) {
if (authentication != null) {
Permissions perms = new Permissions();
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
try {
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
} catch (Throwable e) {
LOG.warn("Could not read current permissions {}", e.getMessage());
}
return perms;
}
}
......
......@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
// save object identity
AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
if (objectIdentity == null) {
objectIdentity = new AclObjectIdentity();
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
} else if (!ownerSid.isPersisted()) {
LOG.warn("Owner SID not persisted, not assigning creator permissions");
} else {
objectIdentity.setOwnerSid(ownerSid);
}
LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId());
objectIdentity = new AclObjectIdentity();
objectIdentity.setObjectIdIdentity(target.getId());
objectIdentity.setAclClass(aclClass);
objectIdentity.setOwnerSid(ownerSid);
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
if (parentObject != null) {
......@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
}
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
if (ownerSid != null) {
if (objectIdentity.getOwnerSid() != null) {
final Permissions permissions = new Permissions().grantAll();
addPermissions(objectIdentity, ownerSid, permissions);
addPermissions(objectIdentity, objectIdentity.getOwnerSid(), permissions);
}
} else {
......@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
if (objectIdentity.getOwnerSid() == null) {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
if (ownerSid != null && ownerSid.isPersisted()) {
objectIdentity.setOwnerSid(ownerSid);
} else {
LOG.debug("Owner SID not persisted or is null.");
}
objectIdentity.setOwnerSid(ownerSid);
}
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment