Commit 9f21c3d2 authored by Matija Obreza's avatar Matija Obreza

FIX: creatorPermission ensures objectIdentity entry even if owner is null

parent ffa655be
......@@ -115,10 +115,8 @@ public class CustomAclServiceImpl implements CustomAclService {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
return;
} else if (!ownerSid.isPersisted()) {
LOG.warn("Owner SID not persisted, not assigning creator permissions");
return;
}
LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId());
......@@ -137,22 +135,28 @@ public class CustomAclServiceImpl implements CustomAclService {
}
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
final Permissions permissions = new Permissions().grantAll();
addPermissions(objectIdentity, ownerSid, permissions);
if (ownerSid != null) {
final Permissions permissions = new Permissions().grantAll();
addPermissions(objectIdentity, ownerSid, permissions);
}
} else {
// update parent
LOG.debug("Updating ACL parent object for class={} id={}", target.getClass().getName(), target.getId());
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
if (parentObject != null && ! parentObject.getId().equals(objectIdentity.getParentObject())) {
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
} else {
objectIdentity.setParentObject(null);
objectIdentity.setEntriesInheriting(false);
if (objectIdentity.getOwnerSid() == null) {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
}
objectIdentity.setOwnerSid(ownerSid);
}
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment