本文整理了Java中org.nuxeo.ecm.core.api.security.ACL
类的一些代码示例,展示了ACL
类的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACL
类的具体详情如下:
包路径:org.nuxeo.ecm.core.api.security.ACL
类名称:ACL
[英]An ACL (Access Control List) is a list of ACEs (Access Control Entry).
An ACP may contain several ACL identified by a name. This is to let external modules add security rules. There are 2 default ACLs:
local
ACL - this is the default type of ACL that may be defined by an user locally to a document (using a security UI).inherited
- this is a special ACL generated by merging all document parents ACL. This ACL is read only (cannot be modified locally on the document since it is inherited.local
ACL-这是默认类型的ACL,可由用户在文档本地定义(使用安全UI)。inherited
-这是通过合并所有文档父ACL生成的特殊ACL。此ACL为只读(无法在文档上本地修改,因为它是继承的)。代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
@Override
public boolean addACE(String aclName, ACE ace) {
if (aclName == null) {
throw new NullPointerException("'aclName' cannot be null");
}
ACL acl = getOrCreateACL(aclName);
boolean aclChanged = acl.add(ace);
if (aclChanged) {
addACL(acl);
}
return aclChanged;
}
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
@Override
public String[] listUsernamesForAnyPermission(Set<String> perms) {
List<String> usernames = new ArrayList<>();
ACL merged = getMergedACLs("merged");
for (ACE ace : merged.getACEs()) {
if (perms.contains(ace.getPermission()) && ace.isGranted()) {
String username = ace.getUsername();
if (!usernames.contains(username)) {
usernames.add(username);
}
}
}
return usernames.toArray(new String[usernames.size()]);
}
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
public void addACL(ACL acl) {
assert acl != null;
ACL oldACL = getACL(acl.getName());
if (!acl.equals(oldACL)) {
oldACL.clear();
oldACL.addAll(acl);
} else {
String name = acl.getName();
switch (name) {
case ACL.INHERITED_ACL:
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
@Override
public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) {
ACL acl = getACL(aclName);
if (acl == null) { // create the loca ACL
acl = new ACLImpl(aclName);
addACL(acl);
} else if (overwrite) {
// :XXX: Should not overwrite entries not given as parameters here.
acl.clear();
}
for (UserEntry entry : userEntries) {
String username = entry.getUserName();
for (String permission : entry.getGrantedPermissions()) {
acl.add(new ACE(username, permission, true));
}
for (String permission : entry.getDeniedPermissions()) {
acl.add(new ACE(username, permission, false));
}
}
cache.clear();
}
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql
protected static ACLRow[] acpToAclRows(ACP acp) {
List<ACLRow> aclrows = new LinkedList<>();
for (ACL acl : acp.getACLs()) {
String name = acl.getName();
if (name.equals(ACL.INHERITED_ACL)) {
continue;
}
for (ACE ace : acl.getACEs()) {
addACLRow(aclrows, name, ace);
}
}
ACLRow[] array = new ACLRow[aclrows.size()];
return aclrows.toArray(array);
}
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation
/**
* Blocks inheritance and set default rule.
*
* @param session
* @param document
* @return acl
*/
protected ACL blockLocalACLIfNecessary(CoreSession session, DocumentModel document, ACL localAcl) {
// Block ACL
ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe();
if (!localAcl.contains(blockInhACe)) {
// Add default rule
ACL defaultLocalACL = ACEsOperationHelper.buildDefaultLocalACL(session, document);
for(ACE ace : defaultLocalACL){
if(!localAcl.contains(ace)){
localAcl.add(ace);
}
}
// Blocks
localAcl.add(blockInhACe);
}
return localAcl;
}
代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-task-core
List<ACE> toRemove = new ArrayList<>();
for (ACE ace : acl.getACEs()) {
if (currentActors.contains(ace.getUsername()) || taskInitator.equals(ace.getUsername())) {
toRemove.add(ace);
acl.removeAll(toRemove);
acl.add(new ACE(actorId, SecurityConstants.EVERYTHING, true));
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-core
for (ACE ace : acl.getACEs()) {
if (filter == null || filter.accept(ace)) {
res.add(ace);
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation
/**
* Add ACEs on ACL.
*
* @param acl
* @param aces
* @return modifed ACL
*/
@Override
protected ACL modifyACEs(ACL acl, List<ACE> aces) {
// Add:
// If inheritance id blocked, add before block
ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe();
int blockInhPos = acl.indexOf(blockInhACe);
for (ACE aceToAdd : aces) {
if (!acl.contains(aceToAdd)) {
if (blockInhPos != -1) {
acl.add(blockInhPos, aceToAdd);
} else {
acl.add(aceToAdd);
}
}
}
return acl;
}
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation
/**
* Gets default local ACL, i.e. when inheritance
* is blocked.
*
* @return default local ACL
*/
public static ACL buildDefaultLocalACL(CoreSession session, DocumentModel document) {
ACL acl = new ACLImpl();
String currentUser = session.getPrincipal().getName();
acl.add(new ACE(currentUser, SecurityConstants.EVERYTHING));
// acl.addAll(ACEsOperationHelper.getAdminEverythingACEs());
acl.addAll(getMasterOwnerACEs(session, document));
return acl;
}
代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-userworkspace-core
@Override
protected DocumentModel initCreateUserWorkspacesRoot(CoreSession unrestrictedSession, DocumentModel doc) {
ACP acp = new ACPImpl();
ACE denyEverything = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false);
ACL acl = new ACLImpl();
acl.setACEs(new ACE[] { denyEverything });
acp.addACL(acl);
doc.setACP(acp, true);
return doc;
}
代码示例来源:origin: toutatice-services.dafpic/toutatice-dafpic-import-compatibility
ACE[] aces = acl.getACEs();
acl.setACEs(acesList.toArray(new ACE[acesList.size()]));
acp.addACL(acl);
this.session.setACP(createDocument.getRef(), acp,
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
@Override
public ACL getACL(String name) {
String localName = name == null ? ACL.LOCAL_ACL : name;
return acls.stream().filter(acl -> acl.getName().equals(localName)).findFirst().orElse(null);
}
代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-ws
@Override
@WebMethod
public WsACE[] getDocumentLocalACL(@WebParam(name = "sessionId") String sid, @WebParam(name = "uuid") String uuid)
{
logDeprecation();
WSRemotingSession rs = initSession(sid);
ACP acp = rs.getDocumentManager().getACP(new IdRef(uuid));
if (acp != null) {
ACL mergedAcl = new ACLImpl("MergedACL", true);
for (ACL acl : acp.getACLs()) {
if (!ACL.INHERITED_ACL.equals(acl.getName())) {
mergedAcl.addAll(acl);
}
}
return WsACE.wrap(mergedAcl.toArray(new ACE[mergedAcl.size()]));
} else {
return null;
}
}
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation
/**
* Restore inheritance.
*
* @param session
* @param document
* @return acp
*/
protected ACP restoreInheritanceIfNecessary(CoreSession session, DocumentModel document, ACL localAcl) {
// ACP
ACP acp = document.getACP();
// Remove default rule
ACL defaultLocalACL = ACEsOperationHelper.buildDefaultLocalACL(session, document);
if (localAcl.containsAll(defaultLocalACL)) {
localAcl.removeAll(defaultLocalACL);
}
// Remove block to restore inheritance
ACE blockInACe = ACEsOperationHelper.getBlockInheritanceACe();
if (localAcl.contains(blockInACe)) {
localAcl.remove(blockInACe);
}
// To clear cache
acp.addACL(localAcl);
return acp;
}
//
代码示例来源:origin: opentoutatice-ecm.platform/opentoutatice-ecm-platform-automation
ACL treatAcl = (ACL) acl.clone();
for (ACE ace : acl) {
if (ace.getUsername().equals(userName)) {
treatAcl.remove(ace);
if (acl.contains(ace)) {
acl.remove(ace);
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api
@Override
public ACL getMergedACLs(String name) {
ACL mergedAcl = new ACLImpl(name, true);
for (ACL acl : acls) {
mergedAcl.addAll(acl);
}
return mergedAcl;
}
代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql
protected void checkNegativeAcl(ACP acp) {
if (negativeAclAllowed) {
return;
}
if (acp == null) {
return;
}
for (ACL acl : acp.getACLs()) {
if (acl.getName().equals(ACL.INHERITED_ACL)) {
continue;
}
for (ACE ace : acl.getACEs()) {
if (ace.isGranted()) {
continue;
}
String permission = ace.getPermission();
if (permission.equals(SecurityConstants.EVERYTHING)
&& ace.getUsername().equals(SecurityConstants.EVERYONE)) {
continue;
}
// allow Write, as we're sure it doesn't include Read/Browse
if (permission.equals(SecurityConstants.WRITE)) {
continue;
}
throw new IllegalArgumentException("Negative ACL not allowed: " + ace);
}
}
}
代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-task-core
if (!acl.contains(ace)) {
acl.add(ace);
代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-publisher-task
@Override
public void run() {
ACP acp = session.getACP(ref);
ACL acl = acp.getOrCreateACL(aclName);
acl.clear();
for (String validator : validators) {
acl.add(new ACE(validator, SecurityConstants.READ));
acl.add(new ACE(validator, SecurityConstants.WRITE));
}
// Give View permission to the user who submitted for publishing.
acl.add(new ACE(principal.getName(), SecurityConstants.READ));
// Allow administrators too.
UserManager userManager = Framework.getService(UserManager.class);
for (String group : userManager.getAdministratorsGroups()) {
acl.add(new ACE(group, SecurityConstants.EVERYTHING));
}
// Deny everyone else.
acl.add(ACE.BLOCK);
session.setACP(ref, acp, true);
session.save();
}
内容来源于网络,如有侵权,请联系作者删除!