org.nuxeo.ecm.core.api.security.ACE类的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(9.1k)|赞(0)|评价(0)|浏览(229)

本文整理了Java中org.nuxeo.ecm.core.api.security.ACE类的一些代码示例,展示了ACE类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACE类的具体详情如下:
包路径:org.nuxeo.ecm.core.api.security.ACE
类名称:ACE

ACE介绍

[英]Access control entry, assigning a permission to a user.

Optionally, the assignment can be denied instead of being granted.
[中]访问控制项,将权限分配给用户。
或者,可以拒绝分配,而不是授予分配。

代码示例

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public Object clone() {
  return new ACE(username, permission, isGranted, creator, begin, end, contextData);
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

public static Access getAccess(ACE ace, String[] principals, String[] permissions) {
  String acePerm = ace.getPermission();
  String aceUser = ace.getUsername();
  for (String principal : principals) {
    if (principalsMatch(aceUser, principal)) {
      // check permission match only if principal is matching
      for (String permission : permissions) {
        if (permissionsMatch(acePerm, permission)) {
          return ace.isGranted() ? Access.GRANT : Access.DENY;
        } // end permissionMatch
      } // end perm for
    } // end principalMatch
  } // end princ for
  return Access.UNKNOWN;
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public boolean blockInheritance(String username) {
  boolean aclChanged = false;
  List<ACE> aces = Lists.newArrayList(getACEs());
  if (!aces.contains(ACE.BLOCK)) {
    aces.add(ACE.builder(username, SecurityConstants.EVERYTHING).creator(username).build());
    aces.addAll(getAdminEverythingACES());
    aces.add(ACE.BLOCK);
    aclChanged = true;
    setACEs(aces.toArray(new ACE[aces.size()]));
  }
  return aclChanged;
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

/**
 * Constructs an ACE for a given username, permission, specifying whether to grant or deny it, creator user, begin
 * and end date.
 *
 * @since 7.4
 */
ACE(String username, String permission, boolean isGranted, String creator, Calendar begin, Calendar end,
    Map<String, Serializable> contextData) {
  this.username = username;
  this.permission = permission;
  this.isGranted = isGranted;
  this.creator = creator;
  setBegin(begin);
  setEnd(end);
  if (contextData != null) {
    this.contextData = new HashMap<>(contextData);
  }
  if (begin != null && end != null) {
    if (begin.after(end)) {
      throw new IllegalArgumentException("'begin' date cannot be after 'end' date");
    }
  }
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql

/** Key to distinguish ACEs */
protected static String getACEkey(ACE ace) {
  // TODO separate user/group
  return ace.getUsername() + '|' + ace.getPermission();
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-storage-sql

protected static void addACLRow(List<ACLRow> aclrows, String name, ACE ace) {
  // XXX should prefix user/group
  String user = ace.getUsername();
  if (user == null) {
    // JCR implementation logs null and skips it
    return;
  }
  String group = null; // XXX all in user for now
  aclrows.add(new ACLRow(aclrows.size(), name, ace.isGranted(), ace.getPermission(), user, group,
      ace.getCreator(), ace.getBegin(), ace.getEnd(), ace.getLongStatus()));
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-io

@Override
protected void writeEntityBody(ACP acp, JsonGenerator jg) throws IOException {
  jg.writeArrayFieldStart("acl");
  for (ACL acl : acp.getACLs()) {
    jg.writeStartObject();
    jg.writeStringField("name", acl.getName());
    jg.writeArrayFieldStart("ace");
    for (ACE ace : acl.getACEs()) {
      jg.writeStartObject();
      jg.writeStringField("id", ace.getId());
      jg.writeStringField("username", ace.getUsername());
      jg.writeStringField("permission", ace.getPermission());
      jg.writeBooleanField("granted", ace.isGranted());
      jg.writeStringField("creator", ace.getCreator());
      jg.writeStringField("begin",
          ace.getBegin() != null ? DateParser.formatW3CDateTime(ace.getBegin().getTime()) : null);
      jg.writeStringField("end", ace.getEnd() != null ? DateParser.formatW3CDateTime(ace.getEnd().getTime())
          : null);
      jg.writeStringField("status", ace.getStatus().toString().toLowerCase());
      jg.writeEndObject();
    }
    jg.writeEndArray();
    jg.writeEndObject();
  }
  jg.writeEndArray();
}

代码示例来源:origin: org.nuxeo.elasticsearch/nuxeo-elasticsearch-core

outerloop: for (ACL acl : acp.getACLs()) {
  for (ACE ace : acl.getACEs()) {
    if (ace.isGranted() && ace.isEffective() && browsePermissions.contains(ace.getPermission())) {
      jg.writeString(ace.getUsername());
    if (ace.isDenied() && ace.isEffective()) {
      if (!EVERYONE.equals(ace.getUsername())) {
        jg.writeString(UNSUPPORTED_ACL);

代码示例来源:origin: toutatice-services.dafpic/toutatice-dafpic-import-compatibility

ACE currentUserAce = new ACE(principal.getName(),
    SecurityConstants.WRITE, true);
  if(ACE.BLOCK.equals(ace)){
    acesList.add(currentUserAce);
    acesList.add(ACE.BLOCK);
  } else {
    String username = ace.getUsername();
    DocumentModel userModel = getUserManager().getUserModel(username);

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-platform-task-core

if (currentActors.contains(ace.getUsername()) || taskInitator.equals(ace.getUsername())) {
  toRemove.add(ace);
acl.add(new ACE(actorId, SecurityConstants.EVERYTHING, true));

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

private static boolean principalsMatch(ACE ace, String principal) {
  String acePrincipal = ace.getUsername();
  return principalsMatch(acePrincipal, principal);
}

代码示例来源:origin: org.nuxeo.ecm.platform/nuxeo-admin-center-core

for (ACL acl : acp.getACLs()) {
  for (ACE ace : acl) {
    if (username.equals(ace.getUsername())) {
      Calendar now = new GregorianCalendar();
      ace.setEnd(now);
      changed = true;

代码示例来源:origin: acaren-nuxeo-base/acaren-nuxeo-base-core

for (ACL acl : acpParent.getACLs()) {
  for (ACE ace : acl.getACEs()) {
    if (ace.isGranted() && !lstPerm.contains(ace.getPermission())) {

代码示例来源:origin: toutatice-services.carto-nat/toutatice-carto-nat-ecm

/**
 * @param docCtx
 * @param sourceDocument
 */
public void removePublicAce(CoreSession session, DocumentModel sourceDocument) {
  // Get proxy
  DocumentModel proxy = ToutaticeDocumentHelper.getProxy(session, sourceDocument, SecurityConstants.READ);
  // Get local ACL
  ACP acp = session.getACP(sourceDocument.getRef());
  ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL);
  // Remove public ACE (iteraot for dirty doublon case)
  ACE publicAce = new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ);
  Iterator<ACE> iterator = acl.iterator();
  while (iterator.hasNext()) {
    ACE ace = iterator.next();
    if (publicAce.equals(ace)) {
      iterator.remove();
    }
  }
  UnrestrictedAcpSetter setter = new UnrestrictedAcpSetter(session, proxy, acp);
  setter.runUnrestricted();
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

private static boolean permissionsMatch(ACE ace, String permission) {
  String acePerm = ace.getPermission();
  // RESTRICTED_READ needs special handling, is not implied by EVERYTHING.
  if (!SecurityConstants.RESTRICTED_READ.equals(permission)) {
    if (SecurityConstants.EVERYTHING.equals(acePerm)) {
      return true;
    }
  }
  return StringUtils.equals(acePerm, permission);
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public Access getAccess(String principal, String permission) {
  // check first the cache
  String key = principal + ':' + permission;
  Access access = cache.get(key);
  if (access == null) {
    access = Access.UNKNOWN;
    FOUND_ACE: for (ACL acl : acls) {
      for (ACE ace : acl) {
        if (permissionsMatch(ace, permission) && principalsMatch(ace, principal)) {
          access = ace.isGranted() ? Access.GRANT : Access.DENY;
          break FOUND_ACE;
        }
      }
    }
    cache.put(key, access);
  }
  return access;
}

代码示例来源:origin: org.nuxeo.ecm.automation/nuxeo-automation-core

protected void replacePermission(DocumentModel doc) {
  Map<String, Serializable> contextData = new HashMap<>();
  contextData.put(NOTIFY_KEY, notify);
  contextData.put(COMMENT_KEY, comment);
  ACE oldACE = ACE.fromId(id);
  ACE newACE = ACE.builder(user, permission)
          .creator(session.getPrincipal().getName())
          .begin(begin)
          .end(end)
          .contextData(contextData)
          .build();
  session.replaceACE(doc.getRef(), aclName, oldACE, newACE);
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-io

protected static void readACP(Element element, ACP acp) {
  ACL[] acls = acp.getACLs();
  for (ACL acl : acls) {
    Element aclElement = element.addElement(ExportConstants.ACL_TAG);
    aclElement.addAttribute(ExportConstants.NAME_ATTR, acl.getName());
    ACE[] aces = acl.getACEs();
    for (ACE ace : aces) {
      Element aceElement = aclElement.addElement(ExportConstants.ACE_TAG);
      aceElement.addAttribute(ExportConstants.PRINCIPAL_ATTR, ace.getUsername());
      aceElement.addAttribute(ExportConstants.PERMISSION_ATTR, ace.getPermission());
      aceElement.addAttribute(ExportConstants.GRANT_ATTR, String.valueOf(ace.isGranted()));
      aceElement.addAttribute(ExportConstants.CREATOR_ATTR, ace.getCreator());
      Calendar begin = ace.getBegin();
      if (begin != null) {
        aceElement.addAttribute(ExportConstants.BEGIN_ATTR,
            DateParser.formatW3CDateTime((begin).getTime()));
      }
      Calendar end = ace.getEnd();
      if (end != null) {
        aceElement.addAttribute(ExportConstants.END_ATTR, DateParser.formatW3CDateTime((end).getTime()));
      }
    }
  }
}

代码示例来源:origin: toutatice-services.carto-nat/toutatice-carto-nat-ecm

/**
 * Gets IANs of given activity.
 *
 * @param session
 * @param doc
 * @return login and groups of IANs of activity
 */
public List<String> getIans(CoreSession session, DocumentModel doc){
  List<String> ians = new ArrayList<String>(0);
  ACP acp = doc.getACP();
  for(ACL acl : acp.getACLs()){
    for(ACE ace : acl.getACEs()){
      String permission = ace.getPermission();
      if(CartoSecurityConstants.MANAGE_DUN.equals(permission)){
        ians.add(ace.getUsername());
      }
    }
  }
  return ians;
}

代码示例来源:origin: org.nuxeo.ecm.core/nuxeo-core-api

@Override
public boolean removeByUsername(String username) {
  boolean aclChanged = false;
  List<ACE> aces = Lists.newArrayList(getACEs());
  for (Iterator<ACE> it = aces.iterator(); it.hasNext();) {
    ACE ace = it.next();
    if (ace.getUsername().equals(username)) {
      it.remove();
      aclChanged = true;
    }
  }
  setACEs(aces.toArray(new ACE[aces.size()]));
  return aclChanged;
}

相关文章