Commit 0e5c09ce authored by Matija Obreza's avatar Matija Obreza
Browse files

List ACL object identities for clazz,user and permission

parent 250ce887
...@@ -64,6 +64,20 @@ public interface AclEntryPersistence extends JpaRepository<AclEntry, Long> { ...@@ -64,6 +64,20 @@ public interface AclEntryPersistence extends JpaRepository<AclEntry, Long> {
@Query("select count(ae) from AclEntry ae join ae.aclObjectIdentity aoi join aoi.aclClass ac join ae.aclSid sid where sid.sid=?1 and aoi.objectIdIdentity=?2 and ae.mask=?3 and ac.aclClass=?4") @Query("select count(ae) from AclEntry ae join ae.aclObjectIdentity aoi join aoi.aclClass ac join ae.aclSid sid where sid.sid=?1 and aoi.objectIdIdentity=?2 and ae.mask=?3 and ac.aclClass=?4")
Long findBySidAndObjectIdentityAndMask(String sid, long objectIdIdentity, long mask, String className); Long findBySidAndObjectIdentityAndMask(String sid, long objectIdIdentity, long mask, String className);
/**
* @param sid
* - user's email
* @param aclClass
* - class of domain object
* @param mask
* - mask for permissions
* @return - returns lists of user's permissions on domain class
*/
@Query("select aoi.objectIdIdentity from AclEntry ae join ae.aclObjectIdentity aoi join aoi.aclClass ac join ae.aclSid sid where sid.sid=?1 and ac.aclClass=?2 and ae.mask=?3")
List<Long> findObjectIdentitiesBySidAndAclClassAndMask(String sid, String aclClass, long mask);
/** /**
* Calculates max. ace_order for acl_object_identity to avoid DuplicateIndex * Calculates max. ace_order for acl_object_identity to avoid DuplicateIndex
* exception (acl_object_identity + ace_order is unique index) * exception (acl_object_identity + ace_order is unique index)
......
...@@ -16,10 +16,24 @@ ...@@ -16,10 +16,24 @@
package org.genesys2.server.service; package org.genesys2.server.service;
import java.util.List;
import org.genesys2.server.model.AclAwareModel; import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.security.AuthUserDetails;
import org.springframework.security.acls.model.Permission;
public interface AclAssignerService { public interface AclAssignerService {
void addCreatorPermissions(AclAwareModel target); void addCreatorPermissions(AclAwareModel target);
/**
* List ObjectIdentities of specified class for user with specified permission
*
* @param clazz
* @param authUser
* @return
*/
List<Long> listIdentitiesForSid(Class<Metadata> clazz, AuthUserDetails authUser, Permission permission);
} }
...@@ -24,6 +24,7 @@ import org.genesys2.server.model.acl.AclClass; ...@@ -24,6 +24,7 @@ import org.genesys2.server.model.acl.AclClass;
import org.genesys2.server.model.acl.AclEntry; import org.genesys2.server.model.acl.AclEntry;
import org.genesys2.server.model.acl.AclObjectIdentity; import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid; import org.genesys2.server.model.acl.AclSid;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.persistence.acl.AclClassPersistence; import org.genesys2.server.persistence.acl.AclClassPersistence;
import org.genesys2.server.persistence.acl.AclEntryPersistence; import org.genesys2.server.persistence.acl.AclEntryPersistence;
import org.genesys2.server.persistence.acl.AclObjectIdentityPersistence; import org.genesys2.server.persistence.acl.AclObjectIdentityPersistence;
...@@ -64,7 +65,6 @@ public class AclAssignerServiceImpl implements AclAssignerService { ...@@ -64,7 +65,6 @@ public class AclAssignerServiceImpl implements AclAssignerService {
@Autowired @Autowired
private AclSidPersistence aclSidPersistence; private AclSidPersistence aclSidPersistence;
@Override @Override
public void addCreatorPermissions(AclAwareModel target) { public void addCreatorPermissions(AclAwareModel target) {
if (target == null) { if (target == null) {
...@@ -142,6 +142,12 @@ public class AclAssignerServiceImpl implements AclAssignerService { ...@@ -142,6 +142,12 @@ public class AclAssignerServiceImpl implements AclAssignerService {
} }
} }
@Override
@Transactional(readOnly = true)
public List<Long> listIdentitiesForSid(Class<Metadata> clazz, AuthUserDetails authUser, Permission permission) {
return aclEntryPersistence.findObjectIdentitiesBySidAndAclClassAndMask(authUser.getUsername(), clazz.getName(), permission.getMask());
}
/** /**
* Generates next ace_order value (to avoid DuplicateIndex exception : * Generates next ace_order value (to avoid DuplicateIndex exception :
* acl_object_identity + ace_order is unique index) * acl_object_identity + ace_order is unique index)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment