Package lumis.util.security.acl
Class AclManager
- java.lang.Object
-
- lumis.util.security.acl.AclManager
-
- All Implemented Interfaces:
IConfigKeyChecker,IAclManager
- Direct Known Subclasses:
ChannelAclManager,GenericAclManager,GroupAclManager,PageAclManager,PageTemplateAclManager,PortalAclManager,ServiceAclManager,ServiceInstanceAclManager
public abstract class AclManager extends Object implements IAclManager
Base AclManager implementation. This is an abstract implementation, that contains the logic that all acls should have. Specific acl managers should extend this class.- Since:
- 4.0.0
- Version:
- $Revision: 23228 $ $Date: 2019-10-02 18:21:58 -0300 (Wed, 02 Oct 2019) $
-
-
Field Summary
Fields Modifier and Type Field Description protected static PortalCache<AccessControlList>aclCacheprotected static ThreadLocal<Boolean>checkRequiredPermissionsInternalFlag
-
Constructor Summary
Constructors Constructor Description AclManager()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected Stringadd(AccessControlList parentAcl, HashMap<Integer,Integer> permissionsMap, int[] implies, ITransaction transaction)voidadd(AccessControlList acl, ITransaction transaction)voidaddOrUpdate(AccessControlList acl, ITransaction transaction)booleancheckPermission(SessionConfig sessionConfig, String userId, String itemId, IPermission permission, ITransaction transaction)For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.booleancheckPermission(SessionConfig sessionConfig, String itemId, IPermission permission, ITransaction transaction)Verify if the permission is valid for the sessionConfig's user.protected voidcheckRequiredPermissionsInternal(AccessControlList acl)Checks if the required permissions were given for someone.protected voidcleanupInvalidData(AccessControlList acl)voidclearCache(ITransaction transaction)Clears all ACL cache.voiddelete(String aclId, ITransaction transaction)Deletes an acl.voiddeleteAclEntryByPrincipalId(String principalId, ITransaction transaction)Delete ACL entries in all ACLs for the specified principal.Stringdeserialize(SessionConfig sessionConfig, DeserializationConfig deserializationConfig, Node accessControlListNode, boolean onlyAddSimpleAcls, ITransaction transaction)booleanexists(String aclId, ITransaction transaction)abstract AccessControlListget(SessionConfig sessionConfig, String id, ITransaction transaction)protected abstract AccessControlListgetAclInternal(SessionConfig sessionConfig, String itemId, ITransaction transaction)protected abstract intgetRequiredPermissions()booleankeyExists(SessionConfig sessionConfig, Object configKey, Object config, ITransaction transaction)Checks if configId matches an already persisted objectvoidremoveFromCache(String aclId, ITransaction transaction)Allows removal of cached itemsvoidserialize(SessionConfig sessionConfig, String securableId, OutputStream outputStream, ITransaction transaction)protected voidupdate(AccessControlList acl, ITransaction transaction)
-
-
-
Field Detail
-
aclCache
protected static PortalCache<AccessControlList> aclCache
-
checkRequiredPermissionsInternalFlag
protected static final ThreadLocal<Boolean> checkRequiredPermissionsInternalFlag
-
-
Method Detail
-
get
public abstract AccessControlList get(SessionConfig sessionConfig, String id, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerExceptionPortalException
-
getAclInternal
protected abstract AccessControlList getAclInternal(SessionConfig sessionConfig, String itemId, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerExceptionPortalException
-
getRequiredPermissions
protected abstract int getRequiredPermissions() throws PortalException- Throws:
PortalException
-
checkRequiredPermissionsInternal
protected void checkRequiredPermissionsInternal(AccessControlList acl) throws PortalException
Checks if the required permissions were given for someone. If not an exception is thrown.- Parameters:
acl- the acl to be checked.- Throws:
PortalException- if the required permissions were not given.
-
add
protected String add(AccessControlList parentAcl, HashMap<Integer,Integer> permissionsMap, int[] implies, ITransaction transaction) throws PortalException
- Throws:
PortalException
-
add
public void add(AccessControlList acl, ITransaction transaction) throws PortalException
- Specified by:
addin interfaceIAclManager- Throws:
PortalException
-
exists
public boolean exists(String aclId, ITransaction transaction) throws DaoException, PortalException
- Specified by:
existsin interfaceIAclManager- Throws:
DaoExceptionPortalException
-
update
protected void update(AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerExceptionPortalException
-
addOrUpdate
public void addOrUpdate(AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
addOrUpdatein interfaceIAclManager- Throws:
ManagerExceptionPortalException
-
cleanupInvalidData
protected void cleanupInvalidData(AccessControlList acl) throws PortalException
- Throws:
PortalException
-
delete
public void delete(String aclId, ITransaction transaction) throws PortalException
Description copied from interface:IAclManagerDeletes an acl.This method does not delete the acl's children. They must have been deleted or the foreign key constraints will not allow their parent to be deleted.
- Specified by:
deletein interfaceIAclManager- Parameters:
aclId- the id of the acl to be deleted from persistence.transaction- the transaction for persistence access.- Throws:
PortalException
-
deleteAclEntryByPrincipalId
public void deleteAclEntryByPrincipalId(String principalId, ITransaction transaction) throws PortalException
Description copied from interface:IAclManagerDelete ACL entries in all ACLs for the specified principal.- Specified by:
deleteAclEntryByPrincipalIdin interfaceIAclManager- Throws:
DaoExceptionPortalException
-
removeFromCache
public void removeFromCache(String aclId, ITransaction transaction) throws DaoException, PortalException
Description copied from interface:IAclManagerAllows removal of cached items- Specified by:
removeFromCachein interfaceIAclManager- Throws:
DaoExceptionPortalException
-
clearCache
public void clearCache(ITransaction transaction) throws PortalException
Description copied from interface:IAclManagerClears all ACL cache.- Specified by:
clearCachein interfaceIAclManager- Parameters:
transaction- the transaction for persistence access. If null, the cache is just cleared, else it is cleared as a transactional operation as specified inPortalCache.clear(ITransaction).- Throws:
PortalException
-
checkPermission
public boolean checkPermission(SessionConfig sessionConfig, String itemId, IPermission permission, ITransaction transaction) throws ManagerException, PortalException
Description copied from interface:IAclManagerVerify if the permission is valid for the sessionConfig's user.- Specified by:
checkPermissionin interfaceIAclManager- Returns:
- Returns the true or false value.
- Throws:
ManagerExceptionPortalException
-
checkPermission
public boolean checkPermission(SessionConfig sessionConfig, String userId, String itemId, IPermission permission, ITransaction transaction) throws ManagerException, PortalException
For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.- Specified by:
checkPermissionin interfaceIAclManager- Returns:
- Throws:
ManagerExceptionPortalException
-
serialize
public void serialize(SessionConfig sessionConfig, String securableId, OutputStream outputStream, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
serializein interfaceIAclManager- Throws:
ManagerExceptionPortalException
-
deserialize
public String deserialize(SessionConfig sessionConfig, DeserializationConfig deserializationConfig, Node accessControlListNode, boolean onlyAddSimpleAcls, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
deserializein interfaceIAclManager- Throws:
ManagerExceptionPortalException
-
keyExists
public boolean keyExists(SessionConfig sessionConfig, Object configKey, Object config, ITransaction transaction)
Description copied from interface:IConfigKeyCheckerChecks if configId matches an already persisted object- Specified by:
keyExistsin interfaceIConfigKeyCheckerconfig- Optional, allows a checker to read aditional fields to check composed keys- Returns:
- true if configId matches an already persisted object
-
-