org.springframework.security.acls.model.Acl Java Examples

@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 

public List<String> getCubeAdmins(CubeInstance cubeInstance) {
    ProjectInstance prjInstance = cubeInstance.getProjectInstance();
    AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid());
    logger.info("ProjectUUID : " + prjInstance.getUuid());
    Acl acl = accessService.getAcl(ae);

    String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix();
    List<String> cubeAdmins = Lists.newArrayList();
    if (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            if (ace.getPermission().getMask() == 16) {
                PrincipalSid ps = (PrincipalSid) ace.getSid();
                cubeAdmins.add(ps.getPrincipal() + mailSuffix);
            }
        }
    }

    if (cubeAdmins.isEmpty()) {
        throw new BadRequestException("Cube access list is null, please add at least one role in it.");
    }
    return cubeAdmins;
}
 

@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 

@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 

public void init(Acl parentAcl, PermissionFactory aclPermissionFactory,
        PermissionGrantingStrategy permissionGrantingStrategy) {
    this.aclPermissionFactory = aclPermissionFactory;
    this.permissionGrantingStrategy = permissionGrantingStrategy;
    this.parentAcl = parentAcl;

    if (entries == null)
        entries = new ArrayList<>();

    // convert legacy ace
    if (legacyAceInfo != null) {
        for (LegacyAceInfo legacy : legacyAceInfo.values()) {
            entries.add(new AceImpl(legacy));
        }
        Collections.sort(entries, AceImpl.SID_ORDER);
        legacyAceInfo = null;
    }

    for (int i = 0; i < entries.size(); i++) {
        entries.get(i).init(this, i);
    }
}
 

@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 

private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 

@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

public static InheritedPermissionsResult getInheritedPermissionsResult(
    Acl packageAcl, Acl parentPackageAcl, Sid role1, Sid role2, Sid role3) {
  // Permissions on parentpackage
  InheritedUserPermissionsResult parentPackageAclPermissionsRole3 =
      InheritedUserPermissionsResult.create(
          role3, PermissionSet.WRITEMETA, Collections.emptyList());
  InheritedUserPermissionsResult parentPackageAclPermissionsRole1 =
      InheritedUserPermissionsResult.create(
          role1, null, Collections.singletonList(parentPackageAclPermissionsRole3));
  InheritedAclPermissionsResult parentPackageAclPermissions =
      InheritedAclPermissionsResult.create(
          parentPackageAcl,
          null,
          Collections.singletonList(parentPackageAclPermissionsRole1),
          null);
  // Permissions on package
  InheritedAclPermissionsResult packageAclPermissions =
      InheritedAclPermissionsResult.create(
          packageAcl, PermissionSet.READ, Collections.emptyList(), parentPackageAclPermissions);
  // Permissions on entity
  InheritedUserPermissionsResult entityPermissionRole2 =
      InheritedUserPermissionsResult.create(role2, PermissionSet.WRITE, Collections.emptyList());

  return InheritedPermissionsResult.create(
      Collections.singletonList(entityPermissionRole2), packageAclPermissions);
}
 

private void getPermissionResponsesForSingleSid(
    Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (sid.equals(ace.getSid())) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>();
  if (isReturnInheritedPermissions) {
    inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid));
  }
  if (ownPermission != null || !inheritedPermissions.isEmpty()) {
    inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions;
    result.add(
        LabelledPermission.create(
            sid,
            entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()),
            ownPermission,
            inheritedPermissions));
  }
}
 

/**
 * Same as {@link JdbcMutableAclService#createAcl(ObjectIdentity)} except for duplicate key
 * checking which is handled by by the database for performance reasons.
 */
@Transactional
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) {
  Assert.notNull(objectIdentity, "Object Identity required");

  // Need to retrieve the current principal, in order to know who "owns" this ACL
  // (can be changed later on)
  Sid sid = SidUtils.createSecurityContextSid();

  try {
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
  } catch (DuplicateKeyException e) {
    throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
  }
  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  Acl acl = readAclById(objectIdentity);
  Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

  return (MutableAcl) acl;
}
 

private Optional<InheritedAclPermissionsResult> getParentAclPermissions(Acl acl, Sid sid) {
  InheritedAclPermissionsResult parentAclPermissions;
  List<InheritedUserPermissionsResult> parentRolePermissions;
  Acl parentAcl = acl.getParentAcl();
  if (parentAcl != null) {
    PermissionSet ownPermission = getPermissionsForAcl(parentAcl, sid);
    parentRolePermissions = getPermissionsForRoles(parentAcl, sid);
    parentAclPermissions =
        getParentAclPermissions(parentAcl, sid)
            .orElse(null); // Get permissions for parentAcl of the parentAcl - Recursive
    InheritedAclPermissionsResult inheritedAclPermissionsResult =
        InheritedAclPermissionsResult.create(
            parentAcl, ownPermission, parentRolePermissions, parentAclPermissions);
    if (isNotEmpty(inheritedAclPermissionsResult)) {
      return Optional.of(inheritedAclPermissionsResult);
    }
  }
  return Optional.empty();
}
 

public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 

/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 

private Map<ObjectIdentity, Acl> readAcls(Set<Sid> sids, List<ObjectIdentity> objectIdentities) {
  Map<ObjectIdentity, Acl> aclMap = new LinkedHashMap<>();
  if (!objectIdentities.isEmpty()) {
    if (sids.isEmpty()) {
      aclMap = mutableAclService.readAclsById(objectIdentities);
    } else {
      aclMap = mutableAclService.readAclsById(objectIdentities, userRoleTools.sortSids(sids));
    }
  }
  return aclMap;
}
 

@Test
void testGetUserEntityClassPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "writemeta", entityType2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserEntityClassPermissions("Ipsum"));
}
 

private Map<String, Set<LabelledPermission>> getPermissions(
    Map<ObjectIdentity, Acl> acls,
    List<ObjectIdentity> objectIdentities,
    Set<Sid> sids,
    boolean isReturnInheritedPermissions) {
  Map<String, Set<LabelledPermission>> result = new LinkedHashMap<>();
  objectIdentities.forEach(
      objectIdentity ->
          result.put(
              objectIdentity.getIdentifier().toString(),
              getPermissionResponses(
                  acls.get(objectIdentity), isReturnInheritedPermissions, sids)));
  return result;
}
 

@Override
public void setParent(Acl newParent) {
    AclRecord newP = newParent instanceof MutableAclRecord //
            ? ((MutableAclRecord) newParent).getAclRecord()
            : (AclRecord) newParent;
    parentDomainObjectInfo = newP.domainObjectInfo;
    parentAcl = newP;
}
 

public static InheritedAclPermissionsResult create(
    Acl acl,
    PermissionSet ownPermission,
    List<InheritedUserPermissionsResult> parentRolePermissions,
    InheritedAclPermissionsResult parentAclPermissions) {
  return new AutoValue_InheritedAclPermissionsResult(
      acl, ownPermission, parentRolePermissions, parentAclPermissions);
}
 

@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);

    // Check every requested object identity was found (throw NotFoundException if needed)
    for (ObjectIdentity oid : objects) {
        if (!result.containsKey(oid)) {
            throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
        }
    }

    return result;
}
 

/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 

@Override
public Set<LabelledPermission> getPermissionsForObject(
    ObjectIdentity objectIdentity, Set<Sid> sids, boolean isReturnInheritedPermissions) {
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  Acl acl = mutableAclService.readAclById(objectIdentity);
  return getPermissionResponses(acl, isReturnInheritedPermissions, sids);
}
 

/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 

@Override
public Map<String, Set<LabelledPermission>> getPermissionsForType(
    String typeId, Set<Sid> sids, boolean isReturnInherited) {
  entityHelper.checkEntityTypeExists(typeId);
  List<ObjectIdentity> objectIdentities = getObjectIdentities(typeId, sids, isReturnInherited);
  Map<ObjectIdentity, Acl> aclMap = readAcls(sids, objectIdentities);

  return getPermissions(aclMap, objectIdentities, sids, isReturnInherited);
}