Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
App Blocks
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Genesys PGR
App Blocks
Commits
7099be86
Commit
7099be86
authored
Sep 21, 2018
by
Matija Obreza
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
FIX: only set ownerSid if it is persisted
parent
9f21c3d2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
19 additions
and
12 deletions
+19
-12
security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
...ocks/security/serialization/CurrentPermissionsWriter.java
+9
-5
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
...ys/blocks/security/service/impl/CustomAclServiceImpl.java
+10
-7
No files found.
security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
View file @
7099be86
...
@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
...
@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
if
(
permissionEvaluator
!=
null
)
{
if
(
permissionEvaluator
!=
null
)
{
if
(
authentication
!=
null
)
{
if
(
authentication
!=
null
)
{
Permissions
perms
=
new
Permissions
();
Permissions
perms
=
new
Permissions
();
perms
.
create
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
CREATE
);
try
{
perms
.
read
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
READ
);
perms
.
create
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
CREATE
);
perms
.
write
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
WRITE
);
perms
.
read
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
READ
);
perms
.
delete
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
DELETE
);
perms
.
write
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
WRITE
);
perms
.
manage
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
ADMINISTRATION
);
perms
.
delete
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
DELETE
);
perms
.
manage
=
permissionEvaluator
.
hasPermission
(
authentication
,
bean
,
BasePermission
.
ADMINISTRATION
);
}
catch
(
Throwable
e
)
{
LOG
.
warn
(
"Could not read current permissions {}"
,
e
.
getMessage
());
}
return
perms
;
return
perms
;
}
}
}
}
...
...
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
View file @
7099be86
...
@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
...
@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
// save object identity
// save object identity
AclObjectIdentity
objectIdentity
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
target
.
getId
(),
aclClass
.
getAclClass
());
AclObjectIdentity
objectIdentity
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
target
.
getId
(),
aclClass
.
getAclClass
());
if
(
objectIdentity
==
null
)
{
if
(
objectIdentity
==
null
)
{
objectIdentity
=
new
AclObjectIdentity
();
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
==
null
)
{
if
(
ownerSid
==
null
)
{
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
}
else
if
(!
ownerSid
.
isPersisted
())
{
}
else
if
(!
ownerSid
.
isPersisted
())
{
LOG
.
warn
(
"Owner SID not persisted, not assigning creator permissions"
);
LOG
.
warn
(
"Owner SID not persisted, not assigning creator permissions"
);
}
else
{
objectIdentity
.
setOwnerSid
(
ownerSid
);
}
}
LOG
.
debug
(
"Inserting owner ACL entries for owner={} class={} id={}"
,
ownerSid
,
target
.
getClass
().
getName
(),
target
.
getId
());
LOG
.
debug
(
"Inserting owner ACL entries for owner={} class={} id={}"
,
ownerSid
,
target
.
getClass
().
getName
(),
target
.
getId
());
objectIdentity
=
new
AclObjectIdentity
();
objectIdentity
.
setObjectIdIdentity
(
target
.
getId
());
objectIdentity
.
setObjectIdIdentity
(
target
.
getId
());
objectIdentity
.
setAclClass
(
aclClass
);
objectIdentity
.
setAclClass
(
aclClass
);
objectIdentity
.
setOwnerSid
(
ownerSid
);
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
if
(
parentObject
!=
null
)
{
if
(
parentObject
!=
null
)
{
...
@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
...
@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
}
}
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
if
(
o
wnerSid
!=
null
)
{
if
(
o
bjectIdentity
.
getOwnerSid
()
!=
null
)
{
final
Permissions
permissions
=
new
Permissions
().
grantAll
();
final
Permissions
permissions
=
new
Permissions
().
grantAll
();
addPermissions
(
objectIdentity
,
o
wnerSid
,
permissions
);
addPermissions
(
objectIdentity
,
o
bjectIdentity
.
getOwnerSid
()
,
permissions
);
}
}
}
else
{
}
else
{
...
@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
...
@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
if
(
objectIdentity
.
getOwnerSid
()
==
null
)
{
if
(
objectIdentity
.
getOwnerSid
()
==
null
)
{
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
==
null
)
{
if
(
ownerSid
!=
null
&&
ownerSid
.
isPersisted
())
{
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
objectIdentity
.
setOwnerSid
(
ownerSid
);
}
else
{
LOG
.
debug
(
"Owner SID not persisted or is null."
);
}
}
objectIdentity
.
setOwnerSid
(
ownerSid
);
}
}
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment