Skip to content
GitLab
Commit 7099be86 authored by Matija Obreza's avatar Matija Obreza
Browse files

FIX: only set ownerSid if it is persisted

parent 9f21c3d2
Hide whitespace changes
Inline Side-by-side
security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
View file @ 7099be86
...@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter { ...@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
if (permissionEvaluator != null) { if (permissionEvaluator != null) {
if (authentication != null) { if (authentication != null) {
Permissions perms = new Permissions(); Permissions perms = new Permissions();
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE); try {
perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ); perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE); perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE); perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION); perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
} catch (Throwable e) {
LOG.warn("Could not read current permissions {}", e.getMessage());
}
return perms; return perms;
} }
} }
......
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
View file @ 7099be86
...@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
// save object identity // save object identity
AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass()); AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
if (objectIdentity == null) { if (objectIdentity == null) {
objectIdentity = new AclObjectIdentity();
final AclSid ownerSid = SecurityContextUtil.getCurrentUser(); final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) { if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions"); LOG.warn("No SID in security context, not assigning creator permissions");
} else if (!ownerSid.isPersisted()) { } else if (!ownerSid.isPersisted()) {
LOG.warn("Owner SID not persisted, not assigning creator permissions"); LOG.warn("Owner SID not persisted, not assigning creator permissions");
} else {
objectIdentity.setOwnerSid(ownerSid);
} }
LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId()); LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId());
objectIdentity = new AclObjectIdentity();
objectIdentity.setObjectIdIdentity(target.getId()); objectIdentity.setObjectIdIdentity(target.getId());
objectIdentity.setAclClass(aclClass); objectIdentity.setAclClass(aclClass);
objectIdentity.setOwnerSid(ownerSid);
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject()); AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
if (parentObject != null) { if (parentObject != null) {
...@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
} }
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity); objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
if (ownerSid != null) { if (objectIdentity.getOwnerSid() != null) {
final Permissions permissions = new Permissions().grantAll(); final Permissions permissions = new Permissions().grantAll();
addPermissions(objectIdentity, ownerSid, permissions); addPermissions(objectIdentity, objectIdentity.getOwnerSid(), permissions);
} }
} else { } else {
...@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
if (objectIdentity.getOwnerSid() == null) { if (objectIdentity.getOwnerSid() == null) {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser(); final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) { if (ownerSid != null && ownerSid.isPersisted()) {
LOG.warn("No SID in security context, not assigning creator permissions"); objectIdentity.setOwnerSid(ownerSid);
} else {
LOG.debug("Owner SID not persisted or is null.");
} }
objectIdentity.setOwnerSid(ownerSid);
} }
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject()); AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment