Examples of org.pentaho.platform.engine.security.acls.PentahoAclEntry

• org.pentaho.platform.engine.security.acls.PentahoAclEntry
  Base Pentaho Access Control entry. Subclassed AbstractBasicAclEntry from Spring Security project. Provides known access controls. @author mbatchel

    if ( object == null || !( object instanceof IAclHolder ) ) {
      // i would argue that the "object" parameter should be IAclHolder!
      return;
    }
    IAclHolder aclHolder = (IAclHolder) object;
    PentahoAclEntry entry = new PentahoAclEntry();
    // TODO mlowery instanceof is undesirable as it doesn't allow new concrete classes.
    if ( permissionRecipient instanceof SimpleRole ) {
      entry.setRecipient( new GrantedAuthorityImpl( permissionRecipient.getName() ) );
    } else {
      entry.setRecipient( permissionRecipient.getName() );
    }
    entry.addPermission( permission.getMask() );
    // HibernateUtil.beginTransaction(); - This is now handled by the RepositoryFile
    aclHolder.getAccessControls().add( entry );
    // HibernateUtil.commitTransaction(); - This should be covered by the exitPoint call
  }

    }
    IAclHolder aclHolder = (IAclHolder) object;
    Set<Map.Entry<IPermissionRecipient, IPermissionMask>> mapEntrySet = permissionsMap.entrySet();
    ArrayList<IPentahoAclEntry> aclList = new ArrayList<IPentahoAclEntry>();
    for ( Entry<IPermissionRecipient, IPermissionMask> mapEntry : mapEntrySet ) {
      PentahoAclEntry pentahoAclEntry = new PentahoAclEntry();
      IPermissionRecipient permissionRecipient = mapEntry.getKey();
      if ( permissionRecipient instanceof SimpleRole ) {
        pentahoAclEntry.setRecipient( new GrantedAuthorityImpl( permissionRecipient.getName() ) );
      } else {
        pentahoAclEntry.setRecipient( permissionRecipient.getName() );
      }
      pentahoAclEntry.addPermission( mapEntry.getValue().getMask() );
      aclList.add( pentahoAclEntry );
    }
    // HibernateUtil.beginTransaction(); - This is now handled in the RepositoryFile
    aclHolder.resetAccessControls( aclList );
    // HibernateUtil.commitTransaction(); - This is covered by the exitPoint

        PentahoBasicAclVoter voter = new PentahoBasicAclVoter();
        assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile, IPentahoAclEntry.PERM_EXECUTE ) );
        assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile, IPentahoAclEntry.PERM_SUBSCRIBE ) );
        assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile,
          IPentahoAclEntry.PERM_ADMINISTRATION ) );
        PentahoAclEntry entry = voter.getEffectiveAcl( PentahoSessionHolder.getSession(), testFile );
        assertNotNull( entry );
        assertEquals( entry.printPermissionsBlock(), "XSCUDP" ); //$NON-NLS-1$
        return null;
      }

    } );

    List<IPentahoAclEntry> legacyAcls = new ArrayList<IPentahoAclEntry>();
    for ( RepositoryFileAce fileAce : acl.getAces() ) {
      if ( fileAce != null && fileAce.getSid() != null && fileAce.getPermissions() != null ) {
        for ( RepositoryFilePermission filePermission : fileAce.getPermissions() ) {

          PentahoAclEntry fileAcl = new PentahoAclEntry();

          if ( RepositoryFileSid.Type.USER == fileAce.getSid().getType() ) {
            // user
            fileAcl.setRecipient( fileAce.getSid().getName() );
          } else {
            // role
            fileAcl.setRecipient( new GrantedAuthorityImpl( fileAce.getSid().getName() ) );
          }
          fileAcl.setMask( mask( filePermission ) );
          legacyAcls.add( fileAcl );
        }
      }
    }

        for ( Map.Entry<SecurityOwner, Integer> entry : securityMap.entrySet() ) {
          // We now have the SecurityOwner and the Rights in there.
          secOwn = entry.getKey();
          int rights = entry.getValue().intValue();
          if ( secOwn.getOwnerType() == SecurityOwner.OwnerType.USER ) {
            accessControls.add( new PentahoAclEntry( secOwn.getOwnerName(), rights ) );
          } else {
            accessControls.add( new PentahoAclEntry( new GrantedAuthorityImpl( secOwn.getOwnerName() ), rights ) );
          }
        }
      }
    } catch ( Throwable th ) {
      // Just being paranoid here in case something doesn't support it.

    acls = (AclEntry[]) allAcls.toArray( acls );
    return acls;
  }

  public IPentahoAclEntry getEffectiveAcl( final IPentahoSession session, final IAclHolder holder ) {
    IPentahoAclEntry rtn = new PentahoAclEntry();
    rtn.setMask( IPentahoAclEntry.PERM_FULL_CONTROL );
    return rtn;
  }

  }

  public PentahoAclEntry getEffectiveAcl( final IPentahoSession session, final IAclHolder holder ) {
    // First, get all the ACLs on the object that apply to the user.
    AclEntry[] effectiveAcls = getEffectiveAcls( session, holder );
    PentahoAclEntry entry = new PentahoAclEntry();
    entry.setMask( IPentahoAclEntry.PERM_NOTHING );
    // By default, we'll OR together all the acls to create the whole mask
    // which
    // indicates their access.
    if ( ( effectiveAcls != null ) && ( effectiveAcls.length > 0 ) ) {
      int[] allAcls = new int[effectiveAcls.length];
      for ( int i = 0; i < effectiveAcls.length; i++ ) {
        allAcls[i] = ( (IPentahoAclEntry) effectiveAcls[i] ).getMask();
      }
      entry.addPermissions( allAcls );
      return entry;
    } else {
      return entry;
    }
  }

    System.exit( 0 );
  }

  @SuppressWarnings( "deprecation" )
  public void testAcls() {
    PentahoAclEntry aclEntry = null;

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_NOTHING ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "------" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_EXECUTE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "X-----" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_SUBSCRIBE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "-S----" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_CREATE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "--C---" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_UPDATE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "---U--" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_DELETE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "----D-" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_UPDATE_PERMS ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "-----P" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_ADMINISTRATION ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "--CUDP" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_EXECUTE_SUBSCRIBE ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "XS----" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_ADMIN_ALL ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "XSCUD-" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_SUBSCRIBE_ADMINISTRATION ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "-SCUDP" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_EXECUTE_ADMINISTRATION ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "X-CUDP" ); //$NON-NLS-1$

    aclEntry = new PentahoAclEntry( "admin", IPentahoAclEntry.PERM_FULL_CONTROL ); //$NON-NLS-1$
    assertEquals( aclEntry.printPermissionsBlock(), "XSCUDP" ); //$NON-NLS-1$

    aclEntry.setRecipient( new GrantedAuthorityImpl( "ROLE_ADMIN" ) ); //$NON-NLS-1$
    Object recip = aclEntry.getRecipient();
    if ( !( recip instanceof GrantedAuthority ) ) {
      fail( "setRecipientString failed - GrantedAuthority." ); //$NON-NLS-1$
    }
    aclEntry.setRecipient( "suzy" ); //$NON-NLS-1$
    recip = aclEntry.getRecipient();
    if ( !( recip instanceof String ) ) {
      fail( "setRecipientString failed - User." ); //$NON-NLS-1$
    }

  }