Commit 0e5c09ce authored by Matija Obreza's avatar Matija Obreza
Browse files

List ACL object identities for clazz,user and permission

parent 250ce887
......@@ -64,6 +64,20 @@ public interface AclEntryPersistence extends JpaRepository<AclEntry, Long> {
@Query("select count(ae) from AclEntry ae join ae.aclObjectIdentity aoi join aoi.aclClass ac join ae.aclSid sid where sid.sid=?1 and aoi.objectIdIdentity=?2 and ae.mask=?3 and ac.aclClass=?4")
Long findBySidAndObjectIdentityAndMask(String sid, long objectIdIdentity, long mask, String className);
/**
* @param sid
* - user's email
* @param aclClass
* - class of domain object
* @param mask
* - mask for permissions
* @return - returns lists of user's permissions on domain class
*/
@Query("select aoi.objectIdIdentity from AclEntry ae join ae.aclObjectIdentity aoi join aoi.aclClass ac join ae.aclSid sid where sid.sid=?1 and ac.aclClass=?2 and ae.mask=?3")
List<Long> findObjectIdentitiesBySidAndAclClassAndMask(String sid, String aclClass, long mask);
/**
* Calculates max. ace_order for acl_object_identity to avoid DuplicateIndex
* exception (acl_object_identity + ace_order is unique index)
......
......@@ -16,10 +16,24 @@
package org.genesys2.server.service;
import java.util.List;
import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.security.AuthUserDetails;
import org.springframework.security.acls.model.Permission;
public interface AclAssignerService {
void addCreatorPermissions(AclAwareModel target);
/**
* List ObjectIdentities of specified class for user with specified permission
*
* @param clazz
* @param authUser
* @return
*/
List<Long> listIdentitiesForSid(Class<Metadata> clazz, AuthUserDetails authUser, Permission permission);
}
......@@ -24,6 +24,7 @@ import org.genesys2.server.model.acl.AclClass;
import org.genesys2.server.model.acl.AclEntry;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.persistence.acl.AclClassPersistence;
import org.genesys2.server.persistence.acl.AclEntryPersistence;
import org.genesys2.server.persistence.acl.AclObjectIdentityPersistence;
......@@ -64,7 +65,6 @@ public class AclAssignerServiceImpl implements AclAssignerService {
@Autowired
private AclSidPersistence aclSidPersistence;
@Override
public void addCreatorPermissions(AclAwareModel target) {
if (target == null) {
......@@ -142,6 +142,12 @@ public class AclAssignerServiceImpl implements AclAssignerService {
}
}
@Override
@Transactional(readOnly = true)
public List<Long> listIdentitiesForSid(Class<Metadata> clazz, AuthUserDetails authUser, Permission permission) {
return aclEntryPersistence.findObjectIdentitiesBySidAndAclClassAndMask(authUser.getUsername(), clazz.getName(), permission.getMask());
}
/**
* Generates next ace_order value (to avoid DuplicateIndex exception :
* acl_object_identity + ace_order is unique index)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment