Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
App Blocks
Commits
7099be86
Commit
7099be86
authored
Sep 21, 2018
by
Matija Obreza
Browse files
FIX: only set ownerSid if it is persisted
parent
9f21c3d2
Changes
2
Show whitespace changes
Inline
Side-by-side
security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
View file @
7099be86
...
...
@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
if
(
permissionEvaluator
!=
null
)
{
if
(
authentication
!=
null
)
{
Permissions
perms
=
new
Permissions
();
try
{
perms
.
create
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
CREATE
);
perms
.
read
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
READ
);
perms
.
write
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
WRITE
);
perms
.
delete
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
DELETE
);
perms
.
manage
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
ADMINISTRATION
);
}
catch
(
Throwable
e
)
{
LOG
.
warn
(
"Could not read current permissions {}"
,
e
.
getMessage
());
}
return
perms
;
}
}
...
...
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
View file @
7099be86
...
...
@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
// save object identity
AclObjectIdentity
objectIdentity
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
target
.
getId
(),
aclClass
.
getAclClass
());
if
(
objectIdentity
==
null
)
{
objectIdentity
=
new
AclObjectIdentity
();
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
==
null
)
{
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
}
else
if
(!
ownerSid
.
isPersisted
())
{
LOG
.
warn
(
"Owner SID not persisted, not assigning creator permissions"
);
}
else
{
objectIdentity
.
setOwnerSid
(
ownerSid
);
}
LOG
.
debug
(
"Inserting owner ACL entries for owner={} class={} id={}"
,
ownerSid
,
target
.
getClass
().
getName
(),
target
.
getId
());
objectIdentity
=
new
AclObjectIdentity
();
objectIdentity
.
setObjectIdIdentity
(
target
.
getId
());
objectIdentity
.
setAclClass
(
aclClass
);
objectIdentity
.
setOwnerSid
(
ownerSid
);
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
if
(
parentObject
!=
null
)
{
...
...
@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
}
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
if
(
ownerSid
!=
null
)
{
if
(
o
bjectIdentity
.
getO
wnerSid
()
!=
null
)
{
final
Permissions
permissions
=
new
Permissions
().
grantAll
();
addPermissions
(
objectIdentity
,
ownerSid
,
permissions
);
addPermissions
(
objectIdentity
,
o
bjectIdentity
.
getO
wnerSid
()
,
permissions
);
}
}
else
{
...
...
@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
if
(
objectIdentity
.
getOwnerSid
()
==
null
)
{
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
==
null
)
{
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
}
if
(
ownerSid
!=
null
&&
ownerSid
.
isPersisted
())
{
objectIdentity
.
setOwnerSid
(
ownerSid
);
}
else
{
LOG
.
debug
(
"Owner SID not persisted or is null."
);
}
}
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment