Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
App Blocks
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Genesys PGR
App Blocks
Commits
9fa54965
Commit
9fa54965
authored
Sep 22, 2018
by
Matija Obreza
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
FIX: Properly handle Hibernate proxy classes
parent
7099be86
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
20 deletions
+31
-20
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
...ys/blocks/security/service/impl/CustomAclServiceImpl.java
+31
-20
No files found.
security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
View file @
9fa54965
...
...
@@ -33,6 +33,7 @@ import org.genesys.blocks.security.persistence.AclSidPersistence;
import
org.genesys.blocks.security.serialization.Permissions
;
import
org.genesys.blocks.security.serialization.SidPermissions
;
import
org.genesys.blocks.security.service.CustomAclService
;
import
org.hibernate.proxy.HibernateProxyHelper
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
...
...
@@ -108,12 +109,12 @@ public class CustomAclServiceImpl implements CustomAclService {
}
final
AclClass
aclClass
=
ensureAclClass
(
target
.
getClass
().
getName
());
// save object identity
AclObjectIdentity
objectIdentity
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
target
.
getId
(),
aclClass
.
getAclClass
());
if
(
objectIdentity
==
null
)
{
objectIdentity
=
new
AclObjectIdentity
();
final
AclSid
ownerSid
=
SecurityContextUtil
.
getCurrentUser
();
if
(
ownerSid
==
null
)
{
LOG
.
warn
(
"No SID in security context, not assigning creator permissions"
);
...
...
@@ -133,7 +134,7 @@ public class CustomAclServiceImpl implements CustomAclService {
objectIdentity
.
setParentObject
(
parentObject
);
objectIdentity
.
setEntriesInheriting
(
true
);
}
else
{
objectIdentity
.
setEntriesInheriting
(
fals
e
);
objectIdentity
.
setEntriesInheriting
(
tru
e
);
}
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
...
...
@@ -154,11 +155,18 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG
.
debug
(
"Owner SID not persisted or is null."
);
}
}
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
objectIdentity
.
setParentObject
(
parentObject
);
objectIdentity
.
setEntriesInheriting
(
true
);
if
(
target
.
aclParentObject
()
!=
null
)
{
LOG
.
trace
(
"Updating ACL parent to {}"
,
target
.
aclParentObject
());
AclObjectIdentity
parentObject
=
getObjectIdentity
(
target
.
aclParentObject
());
objectIdentity
.
setParentObject
(
parentObject
);
// objectIdentity.setEntriesInheriting(true);
}
else
{
LOG
.
trace
(
"Clearing ACL parent"
);
objectIdentity
.
setParentObject
(
null
);
// objectIdentity.setEntriesInheriting(false);
}
objectIdentity
=
aclObjectIdentityPersistence
.
save
(
objectIdentity
);
}
}
...
...
@@ -177,7 +185,7 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG
.
info
(
"Deleting permissions for {}"
,
target
);
removePermissionsFor
((
AclSid
)
target
);
}
final
AclObjectIdentity
aclObjectIdentity
=
getObjectIdentity
(
target
);
if
(
aclObjectIdentity
!=
null
)
{
LOG
.
info
(
"Deleting ACL data of {}"
,
target
);
...
...
@@ -185,7 +193,7 @@ public class CustomAclServiceImpl implements CustomAclService {
if
(
aclEntries
!=
null
)
{
aclEntryPersistence
.
delete
(
aclEntries
);
}
aclObjectIdentityPersistence
.
delete
(
aclObjectIdentity
);
aclObjectIdentityPersistence
.
delete
(
aclObjectIdentity
);
clearAclCache
();
}
}
...
...
@@ -327,9 +335,10 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG
.
trace
(
"getObjectIdentity: Entity is null"
);
return
null
;
}
final
AclObjectIdentity
oid
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
entity
.
getId
(),
entity
.
getClass
().
getName
());
String
className
=
HibernateProxyHelper
.
getClassWithoutInitializingProxy
(
entity
).
getName
();
final
AclObjectIdentity
oid
=
aclObjectIdentityPersistence
.
findByObjectIdAndClassname
(
entity
.
getId
(),
className
);
if
(
oid
==
null
)
{
LOG
.
warn
(
"ACL object identity not found for class={} id={}"
,
entity
.
getClass
().
getName
()
,
entity
.
getId
());
LOG
.
warn
(
"ACL object identity not found for class={} id={}"
,
className
,
entity
.
getId
());
}
return
oid
;
}
...
...
@@ -423,7 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService {
aclEntryPersistence
.
save
(
aclEntries
);
return
getObjectIdentity
(
objectIdentity
.
getId
());
}
}
else
{
// delete existing
final
List
<
AclEntry
>
aclEntries
=
aclEntryPersistence
.
findBySidAndObjectIdentity
(
sid
,
objectIdentity
);
...
...
@@ -549,23 +558,25 @@ public class CustomAclServiceImpl implements CustomAclService {
return
aclEntryPersistence
.
findObjectIdentitiesForSidAndAclClassAndMask
(
sid
,
clazz
.
getName
(),
permission
.
getMask
());
}
/* (non-Javadoc)
* @see org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org.genesys.blocks.security.model.AclAwareModel, boolean)
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org
* .genesys.blocks.security.model.AclAwareModel, boolean)
*/
@Override
@Transactional
(
propagation
=
Propagation
.
REQUIRED
)
@PreAuthorize
(
"hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')"
)
public
void
makePubliclyReadable
(
AclAwareModel
entity
,
boolean
publiclyReadable
)
{
AclSid
roleEveryone
=
getAuthoritySid
(
"ROLE_EVERYONE"
);
Permissions
readPermissions
=
new
Permissions
().
grantNone
();
readPermissions
.
read
=
publiclyReadable
;
setPermissions
(
entity
,
roleEveryone
,
readPermissions
);
}
@Override
@Transactional
public
void
cleanupAcl
()
{
...
...
@@ -593,7 +604,7 @@ public class CustomAclServiceImpl implements CustomAclService {
aclObjectIdentityPersistence
.
delete
(
OID
);
}
}
List
<
AclClass
>
aclClasses
=
aclClassPersistence
.
findAll
();
for
(
AclClass
aclClass
:
aclClasses
)
{
try
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment