Class PermissionServiceImpl
java.lang.Object
org.springframework.extensions.surf.util.AbstractLifecycleBean
org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
- All Implemented Interfaces:
EventListener,PermissionServiceSPI,PermissionService,Extensible,org.springframework.beans.factory.Aware,org.springframework.context.ApplicationContextAware,org.springframework.context.ApplicationListener
- Direct Known Subclasses:
AllowPermissionServiceImpl
public class PermissionServiceImpl
extends org.springframework.extensions.surf.util.AbstractLifecycleBean
implements PermissionServiceSPI, Extensible
The Alfresco implementation of a permissions service against our APIs for the permissions model and permissions
persistence.
- Author:
- andyh
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected classTest a permission in the context of the new ACL implementation.protected static classprotected classSupport class to test the permission on a node.protected classIgnores type and aspect requirements on the nodeprotected classIgnores type and aspect requirements on the node -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected SimpleCache<Serializable,AccessStatus> a transactionally-safe cache to be injectedprotected AclDAOprotected PermissionReferenceprotected booleanprotected AuthorityServiceprotected DictionaryServiceprotected List<DynamicAuthority>protected FixedAclUpdaterprotected ModelDAOprotected NodeServiceprotected OwnableServiceprotected PermissionsDaoComponentprotected PolicyComponentprotected SimpleCache<Serializable,Set<String>> protected SimpleCache<Serializable,Set<String>> protected TenantServiceFields inherited from interface org.alfresco.service.cmr.security.PermissionService
ADD_CHILDREN, ADMIN_SVC_AUTHORITY, ADMINISTRATOR_AUTHORITY, ALL_AUTHORITIES, ALL_PERMISSIONS, ASPECTS, CANCEL_CHECK_OUT, CHANGE_PERMISSIONS, CHECK_IN, CHECK_OUT, COLLABORATOR_SVC_AUTHORITY, CONSUMER, CONTRIBUTOR, COORDINATOR, CREATE_ASSOCIATIONS, CREATE_CHILDREN, DELETE, DELETE_ASSOCIATIONS, DELETE_CHILDREN, DELETE_NODE, EDITOR, EDITOR_SVC_AUTHORITY, EXECUTE, EXECUTE_CONTENT, FULL_CONTROL, GROUP_PREFIX, GUEST_AUTHORITY, LINK_CHILDREN, LOCK, LOCK_OWNER_AUTHORITY, OWNER_AUTHORITY, PROPERTIES, READ, READ_ASSOCIATIONS, READ_CHILDREN, READ_CONTENT, READ_PERMISSIONS, READ_PROPERTIES, ROLE_PREFIX, SET_OWNER, SVC_AUTHORITIES_SET, TAKE_OWNERSHIP, UNLOCK, WRITE, WRITE_CONTENT, WRITE_PROPERTIES -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected AccessStatusvoidbeforeDeleteChildAssociation(ChildAssociationRef childAssocRef) Cache clear on delete of a child association from an authority container.protected AccessStatusvoidclearPermission(NodeRef nodeRef, String authority) voidclearPermission(StoreRef storeRef, String authority) protected NodeRefconvertVersionNodeRefToVersionedNodeRef(NodeRef versionNodeRef) Converts specified version nodeRef (eg. versionStore://...) to versioned nodeRef (eg. workspace://SpacesStore/...)voiddeletePermission(PermissionEntry permissionEntry) Delete a single permission entryvoiddeletePermission(NodeRef nodeRef, String authority, String perm) protected voiddeletePermission(NodeRef nodeRef, String authority, PermissionReference perm) voiddeletePermission(StoreRef storeRef, String authority, String perm) protected voiddeletePermission(StoreRef storeRef, String authority, PermissionReference perm) voiddeletePermissions(String recipient) Delete permissions for the given recipient.voiddeletePermissions(NodePermissionEntry nodePermissionEntry) Delete the permissions defined by the nodePermissionEntryvoiddeletePermissions(NodeRef nodeRef) voiddeletePermissions(StoreRef storeRef) explainPermission(NodeRef nodeRef, PermissionReference perm) Where is the permission set that controls the behaviour for the given permission for the given authentication to access the specified name.Get the All Permissionprotected Set<AccessPermission>getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse) getAllSetPermissions(NodeRef nodeRef) getAllSetPermissions(StoreRef storeRef) booleangetAuthorisations(net.sf.acegisecurity.Authentication auth, NodeRef nodeRef, PermissionReference required) Get the authorisations for the currently authenticated usergetAuthorisations(net.sf.acegisecurity.Authentication auth, PermissionContext context) getCoreAuthorisations(net.sf.acegisecurity.Authentication auth) Get the core authorisations for thisauth.getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, NodeRef nodeRef, PermissionReference required) getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, PermissionContext context, Set<String> auths) booleangetInheritParentPermissions(NodeRef nodeRef) getPermission(PermissionReference permissionReference) Get the string that can be used to identify the given permission reference.getPermissionReference(String permissionName) Get the permission reference by permission name.getPermissionReference(QName qname, String permissionName) Get the permission reference for the given data type and permission name.getPermissions(NodeRef nodeRef) getReaders(Long aclId) getReadersDenied(Long aclId) getSetPermissions(NodeRef nodeRef) Get the permissions that have been set on the given node (it knows nothing of the parent permissions)getSetPermissions(StoreRef storeRef) Get the permissions set for the storegetSettablePermissionReferences(NodeRef nodeRef) Get the permissions that can be set for a given typeGet the permissions that can be set for a given typegetSettablePermissions(NodeRef nodeRef) getSettablePermissions(QName type) <M extends Trait>
ExtendedTrait<M>hasPermission(Long aclID, PermissionContext context, String permission) protected AccessStatushasPermission(Long aclId, PermissionContext context, PermissionReference permission) hasPermission(NodeRef nodeRef, String perm) hasPermission(NodeRef passedNodeRef, PermissionReference permIn) Check that the given authentication has a particular permission for the given node.hasReadPermission(NodeRef nodeRef) Optimised read permission evaluation caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissionsvoidinit()protected booleanisVersionNodeRef(NodeRef nodeRef) This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store)protected voidonBootstrap(org.springframework.context.ApplicationEvent event) voidonCreateChildAssociation(ChildAssociationRef childAssocRef) Cache clear on create of a child association from an authority container.voidonMoveNode(ChildAssociationRef oldChildAssocRef, ChildAssociationRef newChildAssocRef) Cache clear on move nodeprotected voidonShutdown(org.springframework.context.ApplicationEvent event) No-opprotected AccessStatusvoidsetAccessCache(SimpleCache<Serializable, AccessStatus> accessCache) Set the permissions access cache.voidSet the ACL DAO component.voidsetAnyDenyDenies(boolean anyDenyDenies) voidsetAuthorityService(AuthorityService authorityService) Set the authority service.voidsetDictionaryService(DictionaryService dictionaryService) Set the dictionary servicevoidsetDynamicAuthorities(List<DynamicAuthority> dynamicAuthorities) Set the dynamic authoritiesvoidsetFixedAclUpdater(FixedAclUpdater fixedAclUpdater) voidsetInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions) voidsetInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall) voidsetModelDAO(ModelDAO modelDAO) Set the permissions model daovoidsetNodeService(NodeService nodeService) Set the node service.voidsetOwnableService(OwnableService ownableService) Set the ownable service.voidsetPermission(NodePermissionEntry nodePermissionEntry) Set the permissions on a node.voidsetPermission(PermissionEntry permissionEntry) Add or set a permission entry on a node.voidsetPermission(NodeRef nodeRef, String authority, String perm, boolean allow) protected voidsetPermission(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow) voidsetPermission(StoreRef storeRef, String authority, String perm, boolean allow) protected voidsetPermission(StoreRef storeRef, String authority, PermissionReference permission, boolean allow) voidsetPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent) Set the permissions dao componentvoidsetPolicyComponent(PolicyComponent policyComponent) Set the policy componentvoidsetPolicyIgnoreUtil(PolicyIgnoreUtil policyIgnoreUtil) voidsetReadersCache(SimpleCache<Serializable, Set<String>> readersCache) voidsetReadersDeniedCache(SimpleCache<Serializable, Set<String>> readersDeniedCache) voidsetTenantService(TenantService tenantService) Set the tenant service.Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean
getApplicationContext, onApplicationEvent, setApplicationContextMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.context.ApplicationListener
supportsAsyncExecution
-
Field Details
-
accessCache
a transactionally-safe cache to be injected -
readersCache
-
readersDeniedCache
-
modelDAO
-
permissionsDaoComponent
-
nodeService
-
tenantService
-
dictionaryService
-
ownableService
-
authorityService
-
dynamicAuthorities
-
policyComponent
-
aclDaoComponent
-
allPermissionReference
-
fixedAclUpdater
-
anyDenyDenies
protected boolean anyDenyDenies
-
-
Constructor Details
-
PermissionServiceImpl
public PermissionServiceImpl()Standard spring construction.
-
-
Method Details
-
setDictionaryService
Set the dictionary service- Parameters:
dictionaryService- DictionaryService
-
setAnyDenyDenies
public void setAnyDenyDenies(boolean anyDenyDenies) - Parameters:
anyDenyDenies- the anyDenyDenies to set
-
getAnyDenyDenies
public boolean getAnyDenyDenies() -
setModelDAO
Set the permissions model dao- Parameters:
modelDAO- ModelDAO
-
setNodeService
Set the node service.- Parameters:
nodeService- NodeService
-
setOwnableService
Set the ownable service.- Parameters:
ownableService- OwnableService
-
setTenantService
Set the tenant service.- Parameters:
tenantService- TenantService
-
setPermissionsDaoComponent
Set the permissions dao component- Parameters:
permissionsDaoComponent- PermissionsDaoComponent
-
setAuthorityService
Set the authority service.- Parameters:
authorityService- AuthorityService
-
setDynamicAuthorities
Set the dynamic authorities -
setAclDAO
Set the ACL DAO component.- Parameters:
aclDaoComponent- AclDAO
-
setFixedAclUpdater
-
setAccessCache
Set the permissions access cache.- Parameters:
accessCache- a transactionally safe cache
-
setReadersCache
- Parameters:
readersCache- the readersCache to set
-
setReadersDeniedCache
- Parameters:
readersDeniedCache- the readersDeniedCache to set
-
setPolicyComponent
Set the policy component- Parameters:
policyComponent- PolicyComponent
-
setPolicyIgnoreUtil
-
onMoveNode
Cache clear on move node- Parameters:
oldChildAssocRef- ChildAssociationRefnewChildAssocRef- ChildAssociationRef
-
onCreateChildAssociation
Cache clear on create of a child association from an authority container.- Parameters:
childAssocRef- ChildAssociationRef
-
beforeDeleteChildAssociation
Cache clear on delete of a child association from an authority container.- Parameters:
childAssocRef- ChildAssociationRef
-
onBootstrap
protected void onBootstrap(org.springframework.context.ApplicationEvent event) - Specified by:
onBootstrapin classorg.springframework.extensions.surf.util.AbstractLifecycleBean
-
onShutdown
protected void onShutdown(org.springframework.context.ApplicationEvent event) No-op- Specified by:
onShutdownin classorg.springframework.extensions.surf.util.AbstractLifecycleBean
-
init
public void init() -
getOwnerAuthority
- Specified by:
getOwnerAuthorityin interfacePermissionService
-
getAllAuthorities
- Specified by:
getAllAuthoritiesin interfacePermissionService
-
getAllPermission
- Specified by:
getAllPermissionin interfacePermissionService
-
getPermissions
- Specified by:
getPermissionsin interfacePermissionService
-
getAllSetPermissions
- Specified by:
getAllSetPermissionsin interfacePermissionService
-
getAllSetPermissions
- Specified by:
getAllSetPermissionsin interfacePermissionService
-
getAllPermissionsImpl
protected Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse) -
getSettablePermissions
- Specified by:
getSettablePermissionsin interfacePermissionService
-
getSettablePermissions
- Specified by:
getSettablePermissionsin interfacePermissionService
-
getSetPermissions
Description copied from interface:PermissionServiceSPIGet the permissions that have been set on the given node (it knows nothing of the parent permissions)- Specified by:
getSetPermissionsin interfacePermissionServiceSPI- Parameters:
nodeRef- NodeRef- Returns:
- the node permission entry
-
getSetPermissions
Description copied from interface:PermissionServiceSPIGet the permissions set for the store- Specified by:
getSetPermissionsin interfacePermissionServiceSPI- Parameters:
storeRef- StoreRef- Returns:
- - the node permission entry
-
hasPermission
Description copied from interface:PermissionServiceSPICheck that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)- Specified by:
hasPermissionin interfacePermissionServiceSPI- Parameters:
passedNodeRef- NodeRefpermIn- PermissionReference- Returns:
- the access status
-
hasPermission
- Specified by:
hasPermissionin interfacePermissionService
-
hasPermission
protected AccessStatus hasPermission(Long aclId, PermissionContext context, PermissionReference permission) -
getCoreAuthorisations
Get the core authorisations for thisauth. Ifnullthis will be an empty set. Otherwise it will be a Lazy loaded Set of authorities from the authority node structure PLUS any granted authorities. -
getAuthorisations
protected Set<String> getAuthorisations(net.sf.acegisecurity.Authentication auth, NodeRef nodeRef, PermissionReference required) Get the authorisations for the currently authenticated user- Parameters:
auth- AuthenticationnodeRef- NodeRefrequired- PermissionReference- Returns:
- the set of authorisations
-
getDynamicAuthorities
protected Set<String> getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, NodeRef nodeRef, PermissionReference required) -
getAuthorisations
protected Set<String> getAuthorisations(net.sf.acegisecurity.Authentication auth, PermissionContext context) -
getDynamicAuthorities
protected Set<String> getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, PermissionContext context, Set<String> auths) -
explainPermission
Description copied from interface:PermissionServiceSPIWhere is the permission set that controls the behaviour for the given permission for the given authentication to access the specified name.- Specified by:
explainPermissionin interfacePermissionServiceSPI- Parameters:
nodeRef- NodeRefperm- PermissionReference- Returns:
- the node permission entry
-
clearPermission
- Specified by:
clearPermissionin interfacePermissionService
-
deletePermission
- Specified by:
deletePermissionin interfacePermissionService
-
deletePermission
-
deletePermissions
- Specified by:
deletePermissionsin interfacePermissionService
-
setPermission
- Specified by:
setPermissionin interfacePermissionService
-
setPermission
protected void setPermission(StoreRef storeRef, String authority, PermissionReference permission, boolean allow) -
deletePermissions
- Specified by:
deletePermissionsin interfacePermissionService
-
deletePermissions
Description copied from interface:PermissionServiceSPIDelete the permissions defined by the nodePermissionEntry- Specified by:
deletePermissionsin interfacePermissionServiceSPI- Parameters:
nodePermissionEntry- NodePermissionEntry
-
deletePermission
Description copied from interface:PermissionServiceSPIDelete a single permission entry- Specified by:
deletePermissionin interfacePermissionServiceSPI- Parameters:
permissionEntry- PermissionEntry- See Also:
-
deletePermission
-
clearPermission
- Specified by:
clearPermissionin interfacePermissionService
-
setPermission
protected void setPermission(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow) -
setPermission
Description copied from interface:PermissionServiceSPIAdd or set a permission entry on a node.- Specified by:
setPermissionin interfacePermissionServiceSPI- Parameters:
permissionEntry- PermissionEntry
-
setPermission
Description copied from interface:PermissionServiceSPISet the permissions on a node.- Specified by:
setPermissionin interfacePermissionServiceSPI- Parameters:
nodePermissionEntry- NodePermissionEntry
-
setInheritParentPermissions
- Specified by:
setInheritParentPermissionsin interfacePermissionService
-
setInheritParentPermissions
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall) - Specified by:
setInheritParentPermissionsin interfacePermissionService
-
getInheritParentPermissions
- Specified by:
getInheritParentPermissionsin interfacePermissionService- See Also:
-
getPermissionReference
Description copied from interface:PermissionServiceSPIGet the permission reference for the given data type and permission name.- Specified by:
getPermissionReferencein interfacePermissionServiceSPI- Parameters:
qname- - may be null if the permission name is uniquepermissionName- String- Returns:
- the permission reference
-
getAllPermissionReference
Description copied from interface:PermissionServiceSPIGet the All Permission- Specified by:
getAllPermissionReferencein interfacePermissionServiceSPI- Returns:
- the All permission
-
getPermission
Description copied from interface:PermissionServiceSPIGet the string that can be used to identify the given permission reference.- Specified by:
getPermissionin interfacePermissionServiceSPI- Parameters:
permissionReference- PermissionReference- Returns:
- the permission short name
-
getPermissionReference
Description copied from interface:PermissionServiceSPIGet the permission reference by permission name.- Specified by:
getPermissionReferencein interfacePermissionServiceSPI- Parameters:
permissionName- String- Returns:
- the permission reference
-
getSettablePermissionReferences
Description copied from interface:PermissionServiceSPIGet the permissions that can be set for a given type- Specified by:
getSettablePermissionReferencesin interfacePermissionServiceSPI- Parameters:
type- QName- Returns:
- the set of permissions
-
getSettablePermissionReferences
Description copied from interface:PermissionServiceSPIGet the permissions that can be set for a given type- Specified by:
getSettablePermissionReferencesin interfacePermissionServiceSPI- Parameters:
nodeRef- NodeRef- Returns:
- the set of permissions
-
deletePermission
- Specified by:
deletePermissionin interfacePermissionService
-
hasPermission
- Specified by:
hasPermissionin interfacePermissionService
-
setPermission
- Specified by:
setPermissionin interfacePermissionService
-
deletePermissions
Description copied from interface:PermissionServiceSPIDelete permissions for the given recipient.- Specified by:
deletePermissionsin interfacePermissionServiceSPI- Parameters:
recipient- String
-
hasReadPermission
Optimised read permission evaluation caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions- Specified by:
hasReadPermissionin interfacePermissionService
-
adminRead
-
ownerRead
-
getReaders
- Specified by:
getReadersin interfacePermissionService
-
getReadersDenied
- Specified by:
getReadersDeniedin interfacePermissionService- Parameters:
aclId- Long- Returns:
- set of authorities denied permission on the ACL
-
canRead
-
isVersionNodeRef
This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store)- Parameters:
nodeRef- - version nodeRef- Returns:
- true if version nodeRef false otherwise
-
convertVersionNodeRefToVersionedNodeRef
Converts specified version nodeRef (eg. versionStore://...) to versioned nodeRef (eg. workspace://SpacesStore/...)- Parameters:
versionNodeRef- - always version nodeRef (ie. in the 'version' store)- Returns:
- versioned nodeRef (ie.in the 'live' store)
-
getAuthorisations
- Specified by:
getAuthorisationsin interfacePermissionService
-
getTrait
- Specified by:
getTraitin interfaceExtensible
-