Commit 9fa54965 authored by Matija Obreza's avatar Matija Obreza

FIX: Properly handle Hibernate proxy classes

parent 7099be86
......@@ -33,6 +33,7 @@ import org.genesys.blocks.security.persistence.AclSidPersistence;
import org.genesys.blocks.security.serialization.Permissions;
import org.genesys.blocks.security.serialization.SidPermissions;
import org.genesys.blocks.security.service.CustomAclService;
import org.hibernate.proxy.HibernateProxyHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -108,12 +109,12 @@ public class CustomAclServiceImpl implements CustomAclService {
}
final AclClass aclClass = ensureAclClass(target.getClass().getName());
// save object identity
AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
if (objectIdentity == null) {
objectIdentity = new AclObjectIdentity();
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
......@@ -133,7 +134,7 @@ public class CustomAclServiceImpl implements CustomAclService {
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
} else {
objectIdentity.setEntriesInheriting(false);
objectIdentity.setEntriesInheriting(true);
}
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
......@@ -154,11 +155,18 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG.debug("Owner SID not persisted or is null.");
}
}
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
if (target.aclParentObject() != null) {
LOG.trace("Updating ACL parent to {}", target.aclParentObject());
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
objectIdentity.setParentObject(parentObject);
// objectIdentity.setEntriesInheriting(true);
} else {
LOG.trace("Clearing ACL parent");
objectIdentity.setParentObject(null);
// objectIdentity.setEntriesInheriting(false);
}
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
}
}
......@@ -177,7 +185,7 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG.info("Deleting permissions for {}", target);
removePermissionsFor((AclSid) target);
}
final AclObjectIdentity aclObjectIdentity = getObjectIdentity(target);
if (aclObjectIdentity != null) {
LOG.info("Deleting ACL data of {}", target);
......@@ -185,7 +193,7 @@ public class CustomAclServiceImpl implements CustomAclService {
if (aclEntries != null) {
aclEntryPersistence.delete(aclEntries);
}
aclObjectIdentityPersistence.delete(aclObjectIdentity);
aclObjectIdentityPersistence.delete(aclObjectIdentity);
clearAclCache();
}
}
......@@ -327,9 +335,10 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG.trace("getObjectIdentity: Entity is null");
return null;
}
final AclObjectIdentity oid = aclObjectIdentityPersistence.findByObjectIdAndClassname(entity.getId(), entity.getClass().getName());
String className = HibernateProxyHelper.getClassWithoutInitializingProxy(entity).getName();
final AclObjectIdentity oid = aclObjectIdentityPersistence.findByObjectIdAndClassname(entity.getId(), className);
if (oid == null) {
LOG.warn("ACL object identity not found for class={} id={}", entity.getClass().getName(), entity.getId());
LOG.warn("ACL object identity not found for class={} id={}", className, entity.getId());
}
return oid;
}
......@@ -423,7 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService {
aclEntryPersistence.save(aclEntries);
return getObjectIdentity(objectIdentity.getId());
}
} else {
// delete existing
final List<AclEntry> aclEntries = aclEntryPersistence.findBySidAndObjectIdentity(sid, objectIdentity);
......@@ -549,23 +558,25 @@ public class CustomAclServiceImpl implements CustomAclService {
return aclEntryPersistence.findObjectIdentitiesForSidAndAclClassAndMask(sid, clazz.getName(), permission.getMask());
}
/* (non-Javadoc)
* @see org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org.genesys.blocks.security.model.AclAwareModel, boolean)
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org
* .genesys.blocks.security.model.AclAwareModel, boolean)
*/
@Override
@Transactional(propagation = Propagation.REQUIRED)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) {
AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE");
Permissions readPermissions = new Permissions().grantNone();
readPermissions.read = publiclyReadable;
setPermissions(entity, roleEveryone, readPermissions);
}
@Override
@Transactional
public void cleanupAcl() {
......@@ -593,7 +604,7 @@ public class CustomAclServiceImpl implements CustomAclService {
aclObjectIdentityPersistence.delete(OID);
}
}
List<AclClass> aclClasses = aclClassPersistence.findAll();
for (AclClass aclClass : aclClasses) {
try {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment