List of usage examples for org.springframework.security.acls.model MutableAcl deleteAce
void deleteAce(int aceIndex) throws NotFoundException;
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObject_WRITE(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null; // Prepare the information we'd like in our access control entry // (ACE)// w ww . ja v a 2 s . co m ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.WRITE; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } Integer aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObjectCollection_ADMINISTRATION(Collection<User> users, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null; // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null;//from www . j a va2 s.c om for (User u : users) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } int aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObject_ADMINISTRATION(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null; // Prepare the information we'd like in our access control entry // (ACE)/*from w ww . ja v a 2 s . c om*/ ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } Integer aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); } }
From source file:org.apache.kylin.rest.service.AccessService.java
private MutableAcl deleteAndUpdate(MutableAcl acl, int indexOfAce) { if (indexOfAce != -1) { secureOwner(acl, indexOfAce);/*w w w . jav a 2 s .c om*/ try { acl.deleteAce(indexOfAce); acl = aclService.updateAcl(acl); } catch (NotFoundException e) { throw new RuntimeException("Revoke acl fail." + e.getMessage()); } } return acl; }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * deletePermissions deletes given permission on given object id for given sid * @param oid//from w w w. j av a 2 s . com * @param permission * @param sid */ //non-javadoc NOTE: if sid is null it would remove ACEs for all sid(s) private void deletePermissions(ObjectIdentity oid, Permission permission, Sid sid) /** throws AclDataAccessException */ { int i = 0; MutableAcl acl = getAcl(oid); List<AccessControlEntry> acel = acl.getEntries(); int aces = acel.size(); if (log.isDebugEnabled()) { log.debug("deletePermissions: for acl oid=" + oid.toString() + " found " + aces + " aces"); } ArrayList<Integer> foundAces = new ArrayList<Integer>(); Iterator iter = acel.listIterator(); //not possible to delete while iterating while (iter.hasNext()) { AccessControlEntry ace = (AccessControlEntry) iter.next(); if (sid != null) { if (ace.getSid().equals(sid) && ace.getPermission().equals(permission)) { foundAces.add(i); } } else { if (ace.getPermission().equals(permission)) { foundAces.add(i); } } i++; } for (int j = foundAces.size() - 1; j >= 0; j--) { //the following operation does not work while iterating in the while loop acl.deleteAce(foundAces.get(j)); //autobox } provider.getProviderAclService().updateAcl(acl); if (log.isDebugEnabled()) { log.debug("deletePermissions: for acl oid=" + oid.toString() + " deleted " + i + " aces"); } }
From source file:ubic.gemma.security.authorization.acl.AclAdvice.java
/** * When setting the parent, we check to see if we can delete the ACEs on the 'child', if any. This is because we * want permissions to be managed by the parent. Check that the ACEs on the child are exactly equivalent to the ones * on the parent./* ww w . j av a 2s . c o m*/ * * @param parentAcl -- careful with the order! * @param object * @param acl * @param true if ACEs were cleared. */ private boolean maybeClearACEsOnChild(Securable object, MutableAcl childAcl, Acl parentAcl) { int aceCount = childAcl.getEntries().size(); if (aceCount == 0) { if (parentAcl.getEntries().size() == 0) { throw new IllegalStateException("Either the child or the parent has to have ACEs"); } return false; } if (parentAcl.getEntries().size() == aceCount) { boolean oktoClearACEs = true; // check for exact match of all ACEs for (AccessControlEntry ace : parentAcl.getEntries()) { boolean found = false; for (AccessControlEntry childAce : childAcl.getEntries()) { if (childAce.getPermission().equals(ace.getPermission()) && childAce.getSid().equals(ace.getSid())) { found = true; break; } } if (!found) { oktoClearACEs = false; break; } } if (oktoClearACEs) { if (log.isTraceEnabled()) log.trace("Erasing ACEs from child " + object); while (childAcl.getEntries().size() > 0) { childAcl.deleteAce(0); } return true; } } return false; }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * Method removes just one acl and then informs calling method the number of acls to remove * // ww w .j a va 2 s . co m * @param object The object to remove the permissions from * @param permission The permission to remove * @param authority e.g. "GROUP_JOESLAB" * @return Number of acl records that need removing */ private int removeOneGrantedAuthority(Securable object, Permission permission, String authority) { int numberAclsToRemove = 0; MutableAcl acl = getAcl(object); if (acl == null) { throw new IllegalArgumentException("makePrivate is only valid for objects that have an ACL"); } List<Integer> toremove = new Vector<Integer>(); for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry entry = acl.getEntries().get(i); if (!entry.getPermission().equals(permission)) { continue; } Sid sid = entry.getSid(); if (sid instanceof GrantedAuthoritySid) { if (((GrantedAuthoritySid) sid).getGrantedAuthority().equals(authority)) { toremove.add(i); } } } if (toremove.isEmpty()) { // this can happen commonly, no big deal. if (log.isDebugEnabled()) log.debug("No changes, didn't remove: " + authority); } else if (toremove.size() >= 1) { numberAclsToRemove = toremove.size(); // take the first acl acl.deleteAce(toremove.iterator().next()); aclService.updateAcl(acl); } return numberAclsToRemove; }