Commit eb231064 authored by Matija Obreza's avatar Matija Obreza
Browse files

AclAwareModel exposes #aclParentObject for inheriting permissions

parent 4817a4cd
......@@ -30,4 +30,11 @@ import org.genesys.blocks.util.JsonClassNameWriter;
@JsonAppend(props = { @JsonAppend.Prop(name = "_class", value = JsonClassNameWriter.class, type = String.class),
@JsonAppend.Prop(name = "_permissions", value = CurrentPermissionsWriter.class, type = Permissions.class) })
public interface AclAwareModel extends Serializable, EntityId {
/**
* Objects belonging to some parent can override this method
*/
default AclAwareModel aclParentObject() {
return null;
}
}
......@@ -28,10 +28,12 @@ import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import org.genesys.blocks.model.BasicModel;
import org.genesys.blocks.model.JsonViews;
import org.genesys.blocks.security.serialization.AclEntriesToPermissions;
import com.fasterxml.jackson.annotation.JsonIdentityInfo;
import com.fasterxml.jackson.annotation.JsonIdentityReference;
import com.fasterxml.jackson.annotation.JsonView;
import com.fasterxml.jackson.annotation.ObjectIdGenerators;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
......@@ -64,6 +66,7 @@ public class AclObjectIdentity extends BasicModel {
@ManyToOne(fetch = FetchType.EAGER, cascade = {})
@JoinColumn(name = "owner_sid", nullable = true)
@JsonIdentityReference(alwaysAsId = false)
@JsonView(JsonViews.Minimal.class)
private AclSid ownerSid;
/** The object id identity. */
......
......@@ -18,12 +18,13 @@ package org.genesys.blocks.security.persistence;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.querydsl.QueryDslPredicateExecutor;
import org.springframework.data.repository.query.Param;
/**
* The Interface AclObjectIdentityPersistence.
*/
public interface AclObjectIdentityPersistence extends JpaRepository<AclObjectIdentity, Long> {
public interface AclObjectIdentityPersistence extends JpaRepository<AclObjectIdentity, Long>, QueryDslPredicateExecutor<AclObjectIdentity> {
/**
* Find by object id identity and class name.
......
......@@ -107,6 +107,11 @@ public class CustomAclServiceImpl implements CustomAclService {
return;
}
final AclClass aclClass = ensureAclClass(target.getClass().getName());
// save object identity
AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
if (objectIdentity == null) {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not assigning creator permissions");
......@@ -118,23 +123,36 @@ public class CustomAclServiceImpl implements CustomAclService {
LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId());
final AclClass aclClass = ensureAclClass(target.getClass().getName());
// create object identity
final AclObjectIdentity objectIdentity = new AclObjectIdentity();
objectIdentity = new AclObjectIdentity();
objectIdentity.setObjectIdIdentity(target.getId());
objectIdentity.setAclClass(aclClass);
objectIdentity.setOwnerSid(ownerSid);
objectIdentity.setParentObject(null);
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
if (parentObject != null) {
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
} else {
objectIdentity.setEntriesInheriting(false);
}
// save object identity
AclObjectIdentity savedAclObjectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(objectIdentity.getObjectIdIdentity(), objectIdentity.getAclClass()
.getAclClass());
if (savedAclObjectIdentity == null) {
savedAclObjectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
final Permissions permissions = new Permissions().grantAll();
addPermissions(savedAclObjectIdentity, ownerSid, permissions);
addPermissions(objectIdentity, ownerSid, permissions);
} else {
// update parent
LOG.debug("Updating ACL parent object for class={} id={}", target.getClass().getName(), target.getId());
AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
if (parentObject != null && ! parentObject.getId().equals(objectIdentity.getParentObject())) {
objectIdentity.setParentObject(parentObject);
objectIdentity.setEntriesInheriting(true);
} else {
objectIdentity.setParentObject(null);
objectIdentity.setEntriesInheriting(false);
}
}
}
......@@ -287,7 +305,8 @@ public class CustomAclServiceImpl implements CustomAclService {
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public AclObjectIdentity getObjectIdentity(final AclAwareModel entity) {
if (entity == null) {
LOG.error("getObjectIdentity: Entity is null");
LOG.trace("getObjectIdentity: Entity is null");
return null;
}
final AclObjectIdentity oid = aclObjectIdentityPersistence.findByObjectIdAndClassname(entity.getId(), entity.getClass().getName());
if (oid == null) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment