Java Code Examples for org.alfresco.service.cmr.security.AuthorityType#getAuthorityType()

The following examples show how to use org.alfresco.service.cmr.security.AuthorityType#getAuthorityType() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserNameConstraint.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected void evaluateSingleValue(Object value)
{
    // ensure that the value can be converted to a String
    String checkValue = null;
    try
    {
        checkValue = DefaultTypeConverter.INSTANCE.convert(String.class, value);
    }
    catch (TypeConversionException e)
    {
        throw new ConstraintException(ERR_NON_STRING, value);
    }
    
    AuthorityType type = AuthorityType.getAuthorityType(checkValue);
    if((type != AuthorityType.USER) && (type != AuthorityType.GUEST))
    {
        throw new ConstraintException(ERR_INVALID_USERNAME, value, type);
    }
}
 
Example 2
Source File: AuthorityDAOImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public void addAuthorityToZones(String authorityName, Set<String> zones)
{
    if ((zones != null) && (zones.size() > 0))
    {
        Set<NodeRef> zoneRefs = new HashSet<NodeRef>(zones.size() * 2);
        for (String authorityZone : zones)
        {
            zoneRefs.add(getOrCreateZone(authorityZone));
        }
        NodeRef authRef = getAuthorityOrNull(authorityName);
        if (authRef != null)
        {
            // Normalize the user name if necessary
            if (AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER)
            {
                authorityName = (String) nodeService.getProperty(authRef, ContentModel.PROP_USERNAME);
            }
            
            nodeService.addChild(zoneRefs, authRef, ContentModel.ASSOC_IN_ZONE, QName.createQName("cm", authorityName, namespacePrefixResolver));
        }
    }
}
 
Example 3
Source File: AuthorityServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
public void deleteAuthority(String name, boolean cascade)
{
    AuthorityType type = AuthorityType.getAuthorityType(name);
    checkTypeIsMutable(type);
    if (cascade)
    {
        for (String child : getContainedAuthorities(type, name, true))
        {
            deleteAuthority(child, true);
        }
    }
    authorityDAO.deleteAuthority(name);
    permissionServiceSPI.deletePermissions(name);
    
    if (isGroup(type))
    {
        OnGroupDeleted onGroupDelete = onGroupDeletedDelegate.get(ContentModel.TYPE_AUTHORITY);
        onGroupDelete.onGroupDeleted(name, cascade);
    }
}
 
Example 4
Source File: SolrOwnerScorer.java    From SearchServices with GNU Lesser General Public License v3.0 6 votes vote down vote up
public static SolrOwnerScorer createOwnerScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authority) throws IOException
{
    if (AuthorityType.getAuthorityType(authority) == AuthorityType.USER)
    {
        DocSet ownedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority);

        if (ownedDocs == null)
        {
            // Cache miss: query the index for docs where the owner matches the authority. 
            ownedDocs = searcher.getDocSet(new TermQuery(new Term(QueryConstants.FIELD_OWNER, authority)));
            searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority, ownedDocs);
        }
        return new SolrOwnerScorer(weight, ownedDocs, context, searcher);
    }
    
    // Return an empty doc set, as the authority isn't a user.
    return new SolrOwnerScorer(weight, new BitDocSet(new FixedBitSet(0)), context, searcher);
}
 
Example 5
Source File: AuthorityDAOImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
private void listAuthorities(AuthorityType type, String name, Set<String> authorities, boolean parents, boolean recursive)
{
    AuthorityType localType = AuthorityType.getAuthorityType(name);
    if (localType.equals(AuthorityType.GUEST))
    {
        // Nothing to do
    }
    else
    {
        NodeRef ref = getAuthorityOrNull(name);
        
        if (ref != null)
        {
            listAuthorities(type, ref, authorities, parents, recursive, false);
        }
        else if (!localType.equals(AuthorityType.USER))
        {
            // Don't worry about missing person objects. It might be the system user or a user yet to be
            // auto-created
            throw new UnknownAuthorityException("An authority was not found for " + name);
        }
    }
}
 
Example 6
Source File: AuthorityDAOImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
public String getShortName(String name)
{
    AuthorityType type = AuthorityType.getAuthorityType(name);
    if (type.isFixedString())
    {
        return "";
    }
    else if (type.isPrefixed())
    {
        return name.substring(type.getPrefixString().length());
    }
    else
    {
        return name;
    }
}
 
Example 7
Source File: SolrOwnerSetScorer.java    From SearchServices with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static SolrOwnerSetScorer createOwnerSetScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authorities) throws IOException
{
    
    DocSet authorityOwnedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities);
    
    if(authorityOwnedDocs == null)
    {
        // Split the authorities. The first character in the authorities String
        // specifies the separator, e.g. ",jbloggs,abeecher"
        String[] auths = authorities.substring(1).split(authorities.substring(0, 1));

        BooleanQuery.Builder bQuery = new BooleanQuery.Builder();
        for(String current : auths)
        {
            if (AuthorityType.getAuthorityType(current) == AuthorityType.USER)
            {
                bQuery.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), Occur.SHOULD);
            }
        }
        
        WrappedQuery wrapped = new WrappedQuery(bQuery.build());
        wrapped.setCache(false);
        authorityOwnedDocs = searcher.getDocSet(wrapped);
    
        searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities, authorityOwnedDocs);
    }
    
    // TODO: Cache the final set? e.g. searcher.cacheInsert(authorities, authorityOwnedDocs)
    return new SolrOwnerSetScorer(weight, authorityOwnedDocs, context, searcher);
   
}
 
Example 8
Source File: GetAuthoritiesCannedQuery.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
private boolean includeFilter(AuthorityInfo auth, AuthorityType type, Pattern nameFilter)
    {
        String authName = auth.getAuthorityName();
        
        AuthorityType authType = AuthorityType.getAuthorityType(authName);
        if ((authName == null) || ((type != null) && (! type.equals(authType))))
        {
            // exclude by type
            return false;
        }
        
        if (nameFilter == null)
        {
            return true;
        }
        
        String displayName = auth.getAuthorityDisplayName();
        if (displayName != null && nameFilter.matcher(displayName).find())
        {
            return true;
        }
//        To match on just displayName use the following.
//        if (displayName != null)
//        {
//            return nameFilter.matcher(displayName).find();
//        }
        
        if (authType.isPrefixed())
        {
            authName = authName.substring(authType.getPrefixString().length());
        }
        
        return (nameFilter.matcher(authName).find());
    }
 
Example 9
Source File: GroupsImpl.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 5 votes vote down vote up
private GroupMember getGroupMember(AuthorityInfo authorityInfo)
{
    if (authorityInfo == null)
    {
        return null;
    }

    GroupMember groupMember = new GroupMember();
    groupMember.setId(authorityInfo.getAuthorityName());

    String authorityDisplayName = authorityInfo.getAuthorityDisplayName();
    if (authorityDisplayName == null || authorityDisplayName.isEmpty())
    {
        authorityDisplayName = authorityService.getAuthorityDisplayName(authorityInfo.getAuthorityName());
    }

    groupMember.setDisplayName(authorityDisplayName);

    String memberType = null;
    AuthorityType authorityType = AuthorityType.getAuthorityType(authorityInfo.getAuthorityName());
    switch (authorityType)
    {
    case GROUP:
        memberType = PARAM_MEMBER_TYPE_GROUP;
        break;
    case USER:
        memberType = PARAM_MEMBER_TYPE_PERSON;
        break;
    default:
    }
    groupMember.setMemberType(memberType);

    return groupMember;
}
 
Example 10
Source File: AuthorityDAOImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public void removeAuthority(String parentName, String childName, boolean cacheRefresh)
{
    NodeRef parentRef = getAuthorityOrNull(parentName);
    if (parentRef == null)
    {
        throw new UnknownAuthorityException("An authority was not found for " + parentName);
    }
    NodeRef childRef = getAuthorityOrNull(childName);
    if (childRef == null)
    {
        throw new UnknownAuthorityException("An authority was not found for " + childName);
    }
    nodeService.removeChild(parentRef, childRef);
    childAuthorityCache.remove(parentRef);
    if (AuthorityType.getAuthorityType(childName) == AuthorityType.USER)
    {
        // Normalize the user name
        childName = (String) nodeService.getProperty(childRef, ContentModel.PROP_USERNAME);
        userAuthorityCache.remove(childName);
    }
    else
    {
        userAuthorityCache.clear();
        if (cacheRefresh)
        {
            authorityBridgeTableCache.refresh();
        }
    }
}
 
Example 11
Source File: SolrAuthoritySetQuery.java    From SearchServices with GNU Lesser General Public License v3.0 5 votes vote down vote up
private BitsFilter getOwnerFilter(String[] auths, SolrIndexSearcher searcher) throws IOException
{
    Builder builder = new BooleanQuery.Builder();
    for(String current : auths)
    {
        if (AuthorityType.getAuthorityType(current) == AuthorityType.USER)
        {
        	builder.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), BooleanClause.Occur.SHOULD);
        }
    }

    BitsFilterCollector collector = new BitsFilterCollector(searcher.getTopReaderContext().leaves().size());
    searcher.search(builder.build(), collector);
    return collector.getBitsFilter();
}
 
Example 12
Source File: WorkflowAuthorityManager.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public boolean isUser(String authorityName)
{
    AuthorityType type = AuthorityType.getAuthorityType(authorityName);
    return type == AuthorityType.USER ||
        type == AuthorityType.ADMIN ||
        type == AuthorityType.GUEST;
}
 
Example 13
Source File: AuthorityServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
public void setAuthorityDisplayName(String authorityName, String authorityDisplayName)
{
    AuthorityType type = AuthorityType.getAuthorityType(authorityName);
    checkTypeIsMutable(type);
    authorityDAO.setAuthorityDisplayName(authorityName, authorityDisplayName);
}
 
Example 14
Source File: AccessPermissionImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 5 votes vote down vote up
public AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority, int position)
{
    this.permission = permission;
    this.accessStatus = accessStatus;
    this.authority = authority;
    this.authorityType = AuthorityType.getAuthorityType(authority);
    this.position = position;
}
 
Example 15
Source File: AuthorityDAOImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 4 votes vote down vote up
private Pair<String, String> cacheKey(String authorityName)
{
    String tenantDomain = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER ? tenantService.getDomain(authorityName) : tenantService.getCurrentUserDomain();
    return new Pair<String, String>(tenantDomain, getPooledName(authorityName));
}
 
Example 16
Source File: SiteServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 4 votes vote down vote up
/**
 * @see org.alfresco.service.cmr.site.SiteService#removeMembership(java.lang.String, java.lang.String)
 */
public void removeMembership(final String shortName, final String authorityName)
{
    final NodeRef siteNodeRef = getSiteNodeRef(shortName);
    if (siteNodeRef == null)
    {
       throw new SiteDoesNotExistException(shortName);
    }

    // TODO what do we do about the user if they are in a group that has
    // rights to the site?

    // Get the current user
    String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();

    // Get the user current role
    final String role = getMembersRole(shortName, authorityName);
    if (role != null)
    {
        // Check that we are not about to remove the last site manager
        checkLastManagerRemoval(shortName, authorityName, role);
        
        // If ...
        // -- the current user has change permissions rights on the site
        // or
        // -- the user is ourselves
        if ((currentUserName.equals(authorityName) == true) || isSiteAdmin(currentUserName) ||
            (permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED))
        {
            // Run as system user
            AuthenticationUtil.runAs(
                new AuthenticationUtil.RunAsWork<Object>()
                {
                    public Object doWork() throws Exception
                    {
                        // Remove the user from the current permission
                        // group
                        String currentGroup = getSiteRoleGroup(shortName, role, true);
                        authorityService.removeAuthority(currentGroup, authorityName);
                        
                        return null;
                    }
                }, AuthenticationUtil.SYSTEM_USER_NAME);

            // Raise events
            AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
            if (authorityType == AuthorityType.USER)
            {
                activityService.postActivity(
                        ActivityType.SITE_USER_REMOVED, shortName,
                        ACTIVITY_TOOL, getActivityUserData(authorityName, ""), authorityName);
            }
            else if (authorityType == AuthorityType.GROUP)
            {
                String authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName);
                activityService.postActivity(
                        ActivityType.SITE_GROUP_REMOVED, shortName,
                        ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, ""));
            }
        }
        else
        {
            // Throw an exception
            throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
        }
    } 
    else
    {
        // Throw an exception
        throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
    }
}
 
Example 17
Source File: GroupsImpl.java    From alfresco-remote-api with GNU Lesser General Public License v3.0 4 votes vote down vote up
private boolean isGroupAuthority(String authorityName)
{
    AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
    return AuthorityType.GROUP.equals(authorityType) || AuthorityType.EVERYONE.equals(authorityType);
}
 
Example 18
Source File: PersonServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 4 votes vote down vote up
/**
 * {@inheritDoc}
 */
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
{
    ParameterCheck.mandatory("properties", properties);
    String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
    if (userName == null)
    {
        throw new IllegalArgumentException("No username specified when creating the person.");
    }
    
    if (EqualsHelper.nullSafeEquals(userName, AuthenticationUtil.getSystemUserName()))
    {
        throw new AlfrescoRuntimeException("The built-in authority '" + AuthenticationUtil.getSystemUserName()  + "' is a user, but not a Person (i.e. it does not have a profile).");
    }

    AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
    if (authorityType != AuthorityType.USER)
    {
        throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
    }

    tenantService.checkDomainUser(userName);

    if (personExists(userName))
    {
        throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
    }
    
    properties.put(ContentModel.PROP_USERNAME, userName);
    properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
    
    NodeRef personRef = null;
    try
    {
        beforeCreateNodeValidationBehaviour.disable();
        
        personRef = nodeService.createNode(
                getPeopleContainer(),
                ContentModel.ASSOC_CHILDREN,
                getChildNameLower(userName), // Lowercase:
                ContentModel.TYPE_PERSON, properties).getChildRef();         
    }
    finally
    {
        beforeCreateNodeValidationBehaviour.enable();
    }
    
    checkIfPersonShouldBeDisabledAndSetAspect(personRef, properties);
    
    if (zones != null)
    {
        for (String zone : zones)
        {
            // Add the person to an authentication zone (corresponding to an external user registry)
            // Let's preserve case on this child association
            nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver));
        }
    }
    
    removeFromCache(userName, false);
    
    publishEvent("user.create", this.nodeService.getProperties(personRef));
    
    return personRef;
}
 
Example 19
Source File: SimpleAccessControlEntry.java    From alfresco-repository with GNU Lesser General Public License v3.0 4 votes vote down vote up
/**
 * Set the authority
 * @param authority String
 */
public void setAuthority(String authority)
{
    this.authority = authority;
    this.authorityType = AuthorityType.getAuthorityType(authority);
}
 
Example 20
Source File: SiteServiceImpl.java    From alfresco-repository with GNU Lesser General Public License v3.0 4 votes vote down vote up
/**
 * @see org.alfresco.service.cmr.site.SiteService#setMembership(java.lang.String,
 *      java.lang.String, java.lang.String)
 */
public void setMembership(final String shortName, 
                          final String authorityName,
                          final String role)
{
    final NodeRef siteNodeRef = getSiteNodeRef(shortName);
    if (siteNodeRef == null)
    {
       throw new SiteDoesNotExistException(shortName);
    }

    // Get the user's current role
    final String currentRole = getMembersRole(shortName, authorityName);

    // Do nothing if the role of the user is not being changed
    if (currentRole == null || role.equals(currentRole) == false)
    {
        // TODO if this is the only site manager do not down grade their
        // permissions
        if(canAddMember(shortName, authorityName, role))
        {
            // Check that we are not about to remove the last site manager
            checkLastManagerRemoval(shortName, authorityName, currentRole);
            
            // Run as system user
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
            {
                public Object doWork() throws Exception
                {
                    if (currentRole != null)
                    {
                        // Remove the user from the current
                        // permission group
                        String currentGroup = getSiteRoleGroup(shortName, currentRole, true);
                        authorityService.removeAuthority(currentGroup, authorityName);
                    }

                    // Add the user to the new permission group
                    String newGroup = getSiteRoleGroup(shortName, role, true);
                    authorityService.addAuthority(newGroup, authorityName);

                    return null;
                }

            }, AuthenticationUtil.SYSTEM_USER_NAME);

            AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
            String authorityDisplayName = authorityName;
            if (authorityType == AuthorityType.GROUP)
            {
                authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName);
            }

            if (currentRole == null)
            {
                if (authorityType == AuthorityType.USER)
                {
                    activityService.postActivity(
                            ActivityType.SITE_USER_JOINED, shortName,
                            ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role), authorityName);
                } 
                else if (authorityType == AuthorityType.GROUP)
                { 
                    activityService.postActivity(
                            ActivityType.SITE_GROUP_ADDED, shortName,
                            ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role));                   
                }
            }
            else
            {
                if (authorityType == AuthorityType.USER)
                {
                    activityService.postActivity(
                            ActivityType.SITE_USER_ROLE_UPDATE, shortName,
                            ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role));
                } 
                else if (authorityType == AuthorityType.GROUP)
                {
                    activityService.postActivity(
                            ActivityType.SITE_GROUP_ROLE_UPDATE, shortName,
                            ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role));
                }
            }
        } 
        else
        {
            // Raise a permission exception
            throw new SiteServiceException(MSG_CAN_NOT_CHANGE_MSHIP, new Object[]{shortName});
        }
    }
}