org.nuxeo.ecm.core.api.security.ACL类的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(8.9k)|赞(0)|评价(0)|浏览(223)

本文整理了Java中org.nuxeo.ecm.core.api.security.ACL类的一些代码示例,展示了ACL类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACL类的具体详情如下:
包路径:org.nuxeo.ecm.core.api.security.ACL
类名称:ACL

ACL介绍

[英]An ACL (Access Control List) is a list of ACEs (Access Control Entry).

An ACP may contain several ACL identified by a name. This is to let external modules add security rules. There are 2 default ACLs:

  • the local ACL - this is the default type of ACL that may be defined by an user locally to a document (using a security UI).
    This is the only ACL an user can change
  • the inherited - this is a special ACL generated by merging all document parents ACL. This ACL is read only (cannot be modified locally on the document since it is inherited.
    ACLs that are used by external modules cannot be modified by the user through the security UI. These ACLs should be modified only programmatically by the tool that added them.
    [中]ACL(访问控制列表)是ACE(访问控制条目)的列表。
    一个ACP可以包含几个由名称标识的ACL。这是为了让外部模块添加安全规则。有两个默认ACL:
    *localACL-这是默认类型的ACL,可由用户在文档本地定义(使用安全UI)。
    这是用户可以更改的唯一ACL
    *inherited-这是通过合并所有文档父ACL生成的特殊ACL。此ACL为只读(无法在文档上本地修改,因为它是继承的)。
    用户不能通过安全UI修改外部模块使用的ACL。这些ACL只能由添加它们的工具以编程方式修改。

代码示例

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public boolean addACE(String aclName, ACE ace) {
  if (aclName == null) {
    throw new NullPointerException("'aclName' cannot be null");
  }
  ACL acl = getOrCreateACL(aclName);
  boolean aclChanged = acl.add(ace);
  if (aclChanged) {
    addACL(acl);
  }
  return aclChanged;
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public String[] listUsernamesForAnyPermission(Set<String> perms) {
  List<String> usernames = new ArrayList<>();
  ACL merged = getMergedACLs("merged");
  for (ACE ace : merged.getACEs()) {
    if (perms.contains(ace.getPermission()) && ace.isGranted()) {
      String username = ace.getUsername();
      if (!usernames.contains(username)) {
        usernames.add(username);
      }
    }
  }
  return usernames.toArray(new String[usernames.size()]);
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

public void addACL(ACL acl) {
  assert acl != null;
  ACL oldACL = getACL(acl.getName());
  if (!acl.equals(oldACL)) {
      oldACL.clear();
      oldACL.addAll(acl);
    } else {
      String name = acl.getName();
      switch (name) {
      case ACL.INHERITED_ACL:

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) {
  ACL acl = getACL(aclName);
  if (acl == null) { // create the loca ACL
    acl = new ACLImpl(aclName);
    addACL(acl);
  } else if (overwrite) {
    // :XXX: Should not overwrite entries not given as parameters here.
    acl.clear();
  }
  for (UserEntry entry : userEntries) {
    String username = entry.getUserName();
    for (String permission : entry.getGrantedPermissions()) {
      acl.add(new ACE(username, permission, true));
    }
    for (String permission : entry.getDeniedPermissions()) {
      acl.add(new ACE(username, permission, false));
    }
  }
  cache.clear();
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql

protected static ACLRow[] acpToAclRows(ACP acp) {
  List<ACLRow> aclrows = new LinkedList<>();
  for (ACL acl : acp.getACLs()) {
    String name = acl.getName();
    if (name.equals(ACL.INHERITED_ACL)) {
      continue;
    }
    for (ACE ace : acl.getACEs()) {
      addACLRow(aclrows, name, ace);
    }
  }
  ACLRow[] array = new ACLRow[aclrows.size()];
  return aclrows.toArray(array);
}

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation

/**
 * Blocks inheritance and set default rule.
 * 
 * @param session
 * @param document
 * @return acl
 */
protected ACL blockLocalACLIfNecessary(CoreSession session, DocumentModel document, ACL localAcl) {
  // Block ACL
  ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe();
  if (!localAcl.contains(blockInhACe)) {
    // Add default rule
    ACL defaultLocalACL = ACEsOperationHelper.buildDefaultLocalACL(session, document);
    for(ACE ace : defaultLocalACL){
      if(!localAcl.contains(ace)){
        localAcl.add(ace);
      }
    }
    // Blocks
    localAcl.add(blockInhACe);
  }
  return localAcl;
}

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-task-core

List<ACE> toRemove = new ArrayList<>();
for (ACE ace : acl.getACEs()) {
  if (currentActors.contains(ace.getUsername()) || taskInitator.equals(ace.getUsername())) {
    toRemove.add(ace);
acl.removeAll(toRemove);
  acl.add(new ACE(actorId, SecurityConstants.EVERYTHING, true));

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-core

for (ACE ace : acl.getACEs()) {
  if (filter == null || filter.accept(ace)) {
    res.add(ace);

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation

/**
 * Add ACEs on ACL.
 * 
 * @param acl
 * @param aces
 * @return modifed ACL
 */
@Override
protected ACL modifyACEs(ACL acl, List<ACE> aces) {
  // Add:
  // If inheritance id blocked, add before block
  ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe();
  int blockInhPos = acl.indexOf(blockInhACe);
  for (ACE aceToAdd : aces) {
    if (!acl.contains(aceToAdd)) {
      if (blockInhPos != -1) {
        acl.add(blockInhPos, aceToAdd);
      } else {
        acl.add(aceToAdd);
      }
    }
  }
  return acl;
}

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation

/**
 * Gets default local ACL, i.e. when inheritance
 * is blocked.
 * 
 * @return default local ACL
 */
public static ACL buildDefaultLocalACL(CoreSession session, DocumentModel document) {
  ACL acl = new ACLImpl();
  String currentUser = session.getPrincipal().getName();
  acl.add(new ACE(currentUser, SecurityConstants.EVERYTHING));
  // acl.addAll(ACEsOperationHelper.getAdminEverythingACEs());
  acl.addAll(getMasterOwnerACEs(session, document));
  return acl;
}

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-userworkspace-core

@Override
protected DocumentModel initCreateUserWorkspacesRoot(CoreSession unrestrictedSession, DocumentModel doc) {
  ACP acp = new ACPImpl();
  ACE denyEverything = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false);
  ACL acl = new ACLImpl();
  acl.setACEs(new ACE[] { denyEverything });
  acp.addACL(acl);
  doc.setACP(acp, true);
  return doc;
}

代码示例来源:origin: toutatice-services.dafpic/toutatice-dafpic-import-compatibility

ACE[] aces = acl.getACEs();
  acl.setACEs(acesList.toArray(new ACE[acesList.size()]));
  acp.addACL(acl);
  this.session.setACP(createDocument.getRef(), acp,

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public ACL getACL(String name) {
  String localName = name == null ? ACL.LOCAL_ACL : name;
  return acls.stream().filter(acl -> acl.getName().equals(localName)).findFirst().orElse(null);
}

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-ws

@Override
@WebMethod
public WsACE[] getDocumentLocalACL(@WebParam(name = "sessionId") String sid, @WebParam(name = "uuid") String uuid)
    {
  logDeprecation();
  WSRemotingSession rs = initSession(sid);
  ACP acp = rs.getDocumentManager().getACP(new IdRef(uuid));
  if (acp != null) {
    ACL mergedAcl = new ACLImpl("MergedACL", true);
    for (ACL acl : acp.getACLs()) {
      if (!ACL.INHERITED_ACL.equals(acl.getName())) {
        mergedAcl.addAll(acl);
      }
    }
    return WsACE.wrap(mergedAcl.toArray(new ACE[mergedAcl.size()]));
  } else {
    return null;
  }
}

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation

/**
   * Restore inheritance.
   * 
   * @param session
   * @param document
   * @return acp
   */
  protected ACP restoreInheritanceIfNecessary(CoreSession session, DocumentModel document, ACL localAcl) {
    // ACP
    ACP acp = document.getACP();

    // Remove default rule
    ACL defaultLocalACL = ACEsOperationHelper.buildDefaultLocalACL(session, document);
    if (localAcl.containsAll(defaultLocalACL)) {
      localAcl.removeAll(defaultLocalACL);
    }

    // Remove block to restore inheritance
    ACE blockInACe = ACEsOperationHelper.getBlockInheritanceACe();
    if (localAcl.contains(blockInACe)) {
      localAcl.remove(blockInACe);
    }

    // To clear cache
    acp.addACL(localAcl);

    return acp;
  }
//

代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation

ACL treatAcl = (ACL) acl.clone();
    for (ACE ace : acl) {
      if (ace.getUsername().equals(userName)) {
        treatAcl.remove(ace);
  if (acl.contains(ace)) {
    acl.remove(ace);

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public ACL getMergedACLs(String name) {
  ACL mergedAcl = new ACLImpl(name, true);
  for (ACL acl : acls) {
    mergedAcl.addAll(acl);
  }
  return mergedAcl;
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql

protected void checkNegativeAcl(ACP acp) {
  if (negativeAclAllowed) {
    return;
  }
  if (acp == null) {
    return;
  }
  for (ACL acl : acp.getACLs()) {
    if (acl.getName().equals(ACL.INHERITED_ACL)) {
      continue;
    }
    for (ACE ace : acl.getACEs()) {
      if (ace.isGranted()) {
        continue;
      }
      String permission = ace.getPermission();
      if (permission.equals(SecurityConstants.EVERYTHING)
          && ace.getUsername().equals(SecurityConstants.EVERYONE)) {
        continue;
      }
      // allow Write, as we're sure it doesn't include Read/Browse
      if (permission.equals(SecurityConstants.WRITE)) {
        continue;
      }
      throw new IllegalArgumentException("Negative ACL not allowed: " + ace);
    }
  }
}

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-task-core

if (!acl.contains(ace)) {
  acl.add(ace);

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-publisher-task

@Override
public void run() {
  ACP acp = session.getACP(ref);
  ACL acl = acp.getOrCreateACL(aclName);
  acl.clear();
  for (String validator : validators) {
    acl.add(new ACE(validator, SecurityConstants.READ));
    acl.add(new ACE(validator, SecurityConstants.WRITE));
  }
  // Give View permission to the user who submitted for publishing.
  acl.add(new ACE(principal.getName(), SecurityConstants.READ));
  // Allow administrators too.
  UserManager userManager = Framework.getService(UserManager.class);
  for (String group : userManager.getAdministratorsGroups()) {
    acl.add(new ACE(group, SecurityConstants.EVERYTHING));
  }
  // Deny everyone else.
  acl.add(ACE.BLOCK);
  session.setACP(ref, acp, true);
  session.save();
}

相关文章