FIX: Properly handle Hibernate proxy classes

security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java

@@ -33,6 +33,7 @@ import org.genesys.blocks.security.persistence.AclSidPersistence;
 import org.genesys.blocks.security.serialization.Permissions;
 import org.genesys.blocks.security.serialization.SidPermissions;
 import org.genesys.blocks.security.service.CustomAclService;
+import org.hibernate.proxy.HibernateProxyHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -108,12 +109,12 @@ public class CustomAclServiceImpl implements CustomAclService {
 		}
 
 		final AclClass aclClass = ensureAclClass(target.getClass().getName());
-		
+
 		// save object identity
 		AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
 		if (objectIdentity == null) {
 			objectIdentity = new AclObjectIdentity();
-			
+
 			final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
 			if (ownerSid == null) {
 				LOG.warn("No SID in security context, not assigning creator permissions");
@@ -133,7 +134,7 @@ public class CustomAclServiceImpl implements CustomAclService {
 				objectIdentity.setParentObject(parentObject);
 				objectIdentity.setEntriesInheriting(true);
 			} else {
-				objectIdentity.setEntriesInheriting(false);
+				objectIdentity.setEntriesInheriting(true);
 			}
 
 			objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
@@ -154,11 +155,18 @@ public class CustomAclServiceImpl implements CustomAclService {
 					LOG.debug("Owner SID not persisted or is null.");
 				}
 			}
-			
-			AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
-			objectIdentity.setParentObject(parentObject);
-			objectIdentity.setEntriesInheriting(true);
-			
+
+			if (target.aclParentObject() != null) {
+				LOG.trace("Updating ACL parent to {}", target.aclParentObject());
+				AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
+				objectIdentity.setParentObject(parentObject);
+				// objectIdentity.setEntriesInheriting(true);
+			} else {
+				LOG.trace("Clearing ACL parent");
+				objectIdentity.setParentObject(null);
+				// objectIdentity.setEntriesInheriting(false);
+			}
+
 			objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
 		}
 	}
@@ -177,7 +185,7 @@ public class CustomAclServiceImpl implements CustomAclService {
 			LOG.info("Deleting permissions for {}", target);
 			removePermissionsFor((AclSid) target);
 		}
-		
+
 		final AclObjectIdentity aclObjectIdentity = getObjectIdentity(target);
 		if (aclObjectIdentity != null) {
 			LOG.info("Deleting ACL data of {}", target);
@@ -185,7 +193,7 @@ public class CustomAclServiceImpl implements CustomAclService {
 			if (aclEntries != null) {
 				aclEntryPersistence.delete(aclEntries);
 			}
-			aclObjectIdentityPersistence.delete(aclObjectIdentity);			
+			aclObjectIdentityPersistence.delete(aclObjectIdentity);
 			clearAclCache();
 		}
 	}
@@ -327,9 +335,10 @@ public class CustomAclServiceImpl implements CustomAclService {
 			LOG.trace("getObjectIdentity: Entity is null");
 			return null;
 		}
-		final AclObjectIdentity oid = aclObjectIdentityPersistence.findByObjectIdAndClassname(entity.getId(), entity.getClass().getName());
+		String className = HibernateProxyHelper.getClassWithoutInitializingProxy(entity).getName();
+		final AclObjectIdentity oid = aclObjectIdentityPersistence.findByObjectIdAndClassname(entity.getId(), className);
 		if (oid == null) {
-			LOG.warn("ACL object identity not found for class={} id={}", entity.getClass().getName(), entity.getId());
+			LOG.warn("ACL object identity not found for class={} id={}", className, entity.getId());
 		}
 		return oid;
 	}
@@ -423,7 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService {
 					aclEntryPersistence.save(aclEntries);
 					return getObjectIdentity(objectIdentity.getId());
 				}
-				
+
 			} else {
 				// delete existing
 				final List<AclEntry> aclEntries = aclEntryPersistence.findBySidAndObjectIdentity(sid, objectIdentity);
@@ -549,23 +558,25 @@ public class CustomAclServiceImpl implements CustomAclService {
 		return aclEntryPersistence.findObjectIdentitiesForSidAndAclClassAndMask(sid, clazz.getName(), permission.getMask());
 	}
 
-	/* (non-Javadoc)
-	 * @see org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org.genesys.blocks.security.model.AclAwareModel, boolean)
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * org.genesys.blocks.security.service.CustomAclService#makePubliclyReadable(org
+	 * .genesys.blocks.security.model.AclAwareModel, boolean)
 	 */
 	@Override
 	@Transactional(propagation = Propagation.REQUIRED)
 	@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
 	public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) {
 		AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE");
-		
+
 		Permissions readPermissions = new Permissions().grantNone();
 
 		readPermissions.read = publiclyReadable;
-		
+
 		setPermissions(entity, roleEveryone, readPermissions);
 	}
-	
-	
+
 	@Override
 	@Transactional
 	public void cleanupAcl() {
@@ -593,7 +604,7 @@ public class CustomAclServiceImpl implements CustomAclService {
 				aclObjectIdentityPersistence.delete(OID);
 			}
 		}
-		
+
 		List<AclClass> aclClasses = aclClassPersistence.findAll();
 		for (AclClass aclClass : aclClasses) {
 			try {