Commit f70eb997 authored by Matija Obreza's avatar Matija Obreza

ACL removePermission for SID

- because we persist noneGranting permissions
- additional isolation READ_UNCOMMITTED in ACL service fixes deletes
parent a3588258
......@@ -15,6 +15,8 @@
*/
package org.genesys.blocks.security.persistence;
import java.util.List;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
......@@ -45,4 +47,6 @@ public interface AclObjectIdentityPersistence extends JpaRepository<AclObjectIde
@Modifying
@Query("update AclObjectIdentity aoi set aoi.parentObject = null where aoi.parentObject = ?1")
void resetChildrenOfOID(AclObjectIdentity oID);
List<AclObjectIdentity> findByParentObject(AclObjectIdentity parentObject);
}
......@@ -170,6 +170,15 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
*/
AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
/**
* Removes the permissions for SID on ACL OID
*
* @param objectIdentity the object identity
* @param aclSid the acl sid
* @return the acl object identity
*/
AclObjectIdentity removePermissions(AclObjectIdentity objectIdentity, AclSid aclSid);
/**
* Gets the acl entries.
*
......@@ -245,4 +254,5 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* @return the sid name
*/
String getSidName(long id);
}
......@@ -261,10 +261,10 @@ public class CustomAclServiceImpl implements CustomAclService {
* permissions granted to the SID are removed.
*/
@Override
@Transactional(propagation = Propagation.REQUIRED)
@Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
public void removeAclAwareModel(final AclAwareModel target) {
LOG.debug("Deleting ACL data for {}", target);
if (target instanceof AclSid) {
LOG.info("Deleting permissions for {}", target);
removePermissionsFor((AclSid) target);
......@@ -272,6 +272,11 @@ public class CustomAclServiceImpl implements CustomAclService {
final AclObjectIdentity aclObjectIdentity = getObjectIdentity(target);
if (aclObjectIdentity != null) {
LOG.debug("OID {}#{} of {}", aclObjectIdentity.getAclClass().getAclClass(), aclObjectIdentity.getObjectIdIdentity(), target);
for (AclObjectIdentity child : aclObjectIdentityPersistence.findByParentObject(aclObjectIdentity)) {
LOG.debug("Has child {}#{}", child.getAclClass().getAclClass(), child.getObjectIdIdentity());
}
LOG.info("Deleting ACL data of {}", target);
final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(aclObjectIdentity);
if (aclEntries != null) {
......@@ -341,7 +346,7 @@ public class CustomAclServiceImpl implements CustomAclService {
clearAclCache();
}
}
private void clearAclCache() {
if (cacheManager!=null) {
final Cache aclCache = cacheManager.getCache("aclCache");
......@@ -487,8 +492,13 @@ public class CustomAclServiceImpl implements CustomAclService {
if (permissions == null) {
throw new NullPointerException("Permissions must be provided, was null.");
}
String className = entity.getClass().getName();
if (entity instanceof ClassAclOid<?>) {
className = ((ClassAclOid<?>) entity).getClassName();
}
final AclObjectIdentity objectIdentity = getObjectIdentity(entity);
final AclObjectIdentity objectIdentity = ensureObjectIdentity(entity.getId(), className);
return setPermissions(objectIdentity, sid, permissions);
}
......@@ -544,6 +554,30 @@ public class CustomAclServiceImpl implements CustomAclService {
}
}
/* (non-Javadoc)
* @see org.genesys.blocks.security.service.CustomAclService#removePermissions(org.genesys.blocks.security.model.AclObjectIdentity, org.genesys.blocks.security.model.AclSid)
*/
@Override
public AclObjectIdentity removePermissions(AclObjectIdentity objectIdentity, AclSid sid) {
if (objectIdentity == null) {
throw new NullPointerException("AclObjectIdentity must be provided, was null.");
}
if (sid == null) {
throw new NullPointerException("AclSid must be provided, was null.");
}
try {
final List<AclEntry> aclEntries = aclEntryPersistence.findBySidAndObjectIdentity(sid, objectIdentity);
// delete ACL entries for sid
aclEntryPersistence.delete(aclEntries);
return getObjectIdentity(objectIdentity.getId());
} finally {
clearAclCache();
}
}
/*
* (non-Javadoc)
* @see org.genesys.blocks.security.service.CustomAclService#getAclEntries(org.
......@@ -627,7 +661,7 @@ public class CustomAclServiceImpl implements CustomAclService {
* java.lang.String, long)
*/
@Override
@Transactional(propagation = Propagation.REQUIRED)
@Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
public AclObjectIdentity ensureObjectIdentity(final long objectIdIdentity, final String className) {
AclObjectIdentity aoi = aclObjectIdentityPersistence.findByObjectIdAndClassname(objectIdIdentity, className);
if (aoi == null) {
......@@ -661,7 +695,7 @@ public class CustomAclServiceImpl implements CustomAclService {
* .genesys.blocks.security.model.AclAwareModel, boolean)
*/
@Override
@Transactional(propagation = Propagation.REQUIRED)
@Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) {
AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment