Java Code Examples for org.alfresco.service.cmr.security.AuthorityType#USER
The following examples show how to use
org.alfresco.service.cmr.security.AuthorityType#USER .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ChainingUserRegistrySynchronizer.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
private void maintainAssociationDeletions(String authorityName) { boolean isPerson = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER; Set<String> parentsToDelete = isPerson ? this.personParentAssocsToDelete.get(authorityName) : this.groupParentAssocsToDelete.get(authorityName); if (parentsToDelete != null && !parentsToDelete.isEmpty()) { for (String parent : parentsToDelete) { if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled()) { ChainingUserRegistrySynchronizer.logger .debug("Removing '" + ChainingUserRegistrySynchronizer.this.authorityService .getShortName(authorityName) + "' from group '" + ChainingUserRegistrySynchronizer.this.authorityService .getShortName(parent) + "'"); } ChainingUserRegistrySynchronizer.this.authorityService.removeAuthority(parent, authorityName); } } }
Example 2
Source File: GroupsImpl.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 6 votes |
private AuthorityType getAuthorityType(String memberType) { AuthorityType authorityType = null; if (memberType != null && !memberType.isEmpty()) { switch (memberType) { case PARAM_MEMBER_TYPE_GROUP: authorityType = AuthorityType.GROUP; break; case PARAM_MEMBER_TYPE_PERSON: authorityType = AuthorityType.USER; break; default: throw new InvalidArgumentException("MemberType is invalid (expected eg. GROUP, PERSON)"); } } return authorityType; }
Example 3
Source File: SolrOwnerScorer.java From SearchServices with GNU Lesser General Public License v3.0 | 6 votes |
public static SolrOwnerScorer createOwnerScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authority) throws IOException { if (AuthorityType.getAuthorityType(authority) == AuthorityType.USER) { DocSet ownedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority); if (ownedDocs == null) { // Cache miss: query the index for docs where the owner matches the authority. ownedDocs = searcher.getDocSet(new TermQuery(new Term(QueryConstants.FIELD_OWNER, authority))); searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority, ownedDocs); } return new SolrOwnerScorer(weight, ownedDocs, context, searcher); } // Return an empty doc set, as the authority isn't a user. return new SolrOwnerScorer(weight, new BitDocSet(new FixedBitSet(0)), context, searcher); }
Example 4
Source File: UserNameConstraint.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
@Override protected void evaluateSingleValue(Object value) { // ensure that the value can be converted to a String String checkValue = null; try { checkValue = DefaultTypeConverter.INSTANCE.convert(String.class, value); } catch (TypeConversionException e) { throw new ConstraintException(ERR_NON_STRING, value); } AuthorityType type = AuthorityType.getAuthorityType(checkValue); if((type != AuthorityType.USER) && (type != AuthorityType.GUEST)) { throw new ConstraintException(ERR_INVALID_USERNAME, value, type); } }
Example 5
Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public void addAuthorityToZones(String authorityName, Set<String> zones) { if ((zones != null) && (zones.size() > 0)) { Set<NodeRef> zoneRefs = new HashSet<NodeRef>(zones.size() * 2); for (String authorityZone : zones) { zoneRefs.add(getOrCreateZone(authorityZone)); } NodeRef authRef = getAuthorityOrNull(authorityName); if (authRef != null) { // Normalize the user name if necessary if (AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER) { authorityName = (String) nodeService.getProperty(authRef, ContentModel.PROP_USERNAME); } nodeService.addChild(zoneRefs, authRef, ContentModel.ASSOC_IN_ZONE, QName.createQName("cm", authorityName, namespacePrefixResolver)); } } }
Example 6
Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public Set<String> getContainedAuthorities(AuthorityType type, String parentName, boolean immediate) { AuthorityType parentAuthorityType = AuthorityType.getAuthorityType(parentName); if (parentAuthorityType == AuthorityType.USER) { // Users never contain other authorities return Collections.<String> emptySet(); } else { NodeRef nodeRef = getAuthorityOrNull(parentName); if (nodeRef == null) { throw new UnknownAuthorityException("An authority was not found for " + parentName); } Set<String> authorities = new TreeSet<String>(); listAuthorities(type, nodeRef, authorities, false, !immediate, false); return authorities; } }
Example 7
Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
/** * Checks if the {@code authority} (normally a username) is the same as or is contained * within the {@code parentAuthority}. * @param authority String * @param parentAuthority a normalized, case sensitive authority name * @return {@code true} if does, {@code false} otherwise. */ private boolean hasAuthority(String authority, String parentAuthority, Set<String> positiveHits, Set<String> negativeHits) { // Even users are matched case sensitively in ACLs if (AuthorityType.getAuthorityType(parentAuthority) == AuthorityType.USER) { return false; } if (parentAuthority.equals(authority)) { return true; } return authorityDAO.isAuthorityContained(parentAuthority, authority, positiveHits, negativeHits); }
Example 8
Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public void removeAuthority(String parentName, String childName, boolean cacheRefresh) { NodeRef parentRef = getAuthorityOrNull(parentName); if (parentRef == null) { throw new UnknownAuthorityException("An authority was not found for " + parentName); } NodeRef childRef = getAuthorityOrNull(childName); if (childRef == null) { throw new UnknownAuthorityException("An authority was not found for " + childName); } nodeService.removeChild(parentRef, childRef); childAuthorityCache.remove(parentRef); if (AuthorityType.getAuthorityType(childName) == AuthorityType.USER) { // Normalize the user name childName = (String) nodeService.getProperty(childRef, ContentModel.PROP_USERNAME); userAuthorityCache.remove(childName); } else { userAuthorityCache.clear(); if (cacheRefresh) { authorityBridgeTableCache.refresh(); } } }
Example 9
Source File: ChainingUserRegistrySynchronizer.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
@Override public boolean createMissingPerson(String userName) { // synchronise or auto-create the missing person if we are allowed if (userName != null && !userName.equals(AuthenticationUtil.getSystemUserName())) { if (this.syncWhenMissingPeopleLogIn) { try { synchronizeInternal(false, false, false); } catch (Exception e) { // We don't want to fail the whole login if we can help it ChainingUserRegistrySynchronizer.logger.warn("User authenticated but failed to sync with user registry", e); } if (this.personService.personExists(userName)) { return true; } } if (this.autoCreatePeopleOnLogin && this.personService.createMissingPeople()) { AuthorityType authorityType = AuthorityType.getAuthorityType(userName); if (authorityType == AuthorityType.USER) { this.personService.getPerson(userName); return true; } } } return false; }
Example 10
Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * {@inheritDoc} */ public Set<String> findAuthorities(AuthorityType type, String parentAuthority, boolean immediate, String displayNamePattern, String zoneName) { if (type == null || type == AuthorityType.GROUP || type == AuthorityType.USER) { return authorityDAO.findAuthorities(type, parentAuthority, immediate, displayNamePattern, zoneName); } else { throw new UnsupportedOperationException(); } }
Example 11
Source File: WorkflowAuthorityManager.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public boolean isUser(String authorityName) { AuthorityType type = AuthorityType.getAuthorityType(authorityName); return type == AuthorityType.USER || type == AuthorityType.ADMIN || type == AuthorityType.GUEST; }
Example 12
Source File: SolrAuthoritySetQuery.java From SearchServices with GNU Lesser General Public License v3.0 | 5 votes |
private BitsFilter getOwnerFilter(String[] auths, SolrIndexSearcher searcher) throws IOException { Builder builder = new BooleanQuery.Builder(); for(String current : auths) { if (AuthorityType.getAuthorityType(current) == AuthorityType.USER) { builder.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), BooleanClause.Occur.SHOULD); } } BitsFilterCollector collector = new BitsFilterCollector(searcher.getTopReaderContext().leaves().size()); searcher.search(builder.build(), collector); return collector.getBitsFilter(); }
Example 13
Source File: SolrOwnerSetScorer.java From SearchServices with GNU Lesser General Public License v3.0 | 5 votes |
public static SolrOwnerSetScorer createOwnerSetScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authorities) throws IOException { DocSet authorityOwnedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities); if(authorityOwnedDocs == null) { // Split the authorities. The first character in the authorities String // specifies the separator, e.g. ",jbloggs,abeecher" String[] auths = authorities.substring(1).split(authorities.substring(0, 1)); BooleanQuery.Builder bQuery = new BooleanQuery.Builder(); for(String current : auths) { if (AuthorityType.getAuthorityType(current) == AuthorityType.USER) { bQuery.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), Occur.SHOULD); } } WrappedQuery wrapped = new WrappedQuery(bQuery.build()); wrapped.setCache(false); authorityOwnedDocs = searcher.getDocSet(wrapped); searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities, authorityOwnedDocs); } // TODO: Cache the final set? e.g. searcher.cacheInsert(authorities, authorityOwnedDocs) return new SolrOwnerSetScorer(weight, authorityOwnedDocs, context, searcher); }
Example 14
Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * {@inheritDoc} */ public PagingResults<AuthorityInfo> getAuthoritiesInfo(AuthorityType type, String zoneName, String displayNameFilter, String sortBy, boolean sortAscending, PagingRequest pagingRequest) { ParameterCheck.mandatory("pagingRequest", pagingRequest); ParameterCheck.mandatory("type", type); if (type != AuthorityType.USER && type != AuthorityType.GROUP && type != AuthorityType.ROLE) { throw new UnsupportedOperationException("Unexpected authority type: "+type); } return authorityDAO.getAuthoritiesInfo(type, zoneName, displayNameFilter, sortBy, sortAscending, pagingRequest); }
Example 15
Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
private Pair<String, String> cacheKey(String authorityName) { String tenantDomain = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER ? tenantService.getDomain(authorityName) : tenantService.getCurrentUserDomain(); return new Pair<String, String>(tenantDomain, getPooledName(authorityName)); }
Example 16
Source File: PersonServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
/** * {@inheritDoc} */ public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones) { ParameterCheck.mandatory("properties", properties); String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME)); if (userName == null) { throw new IllegalArgumentException("No username specified when creating the person."); } if (EqualsHelper.nullSafeEquals(userName, AuthenticationUtil.getSystemUserName())) { throw new AlfrescoRuntimeException("The built-in authority '" + AuthenticationUtil.getSystemUserName() + "' is a user, but not a Person (i.e. it does not have a profile)."); } AuthorityType authorityType = AuthorityType.getAuthorityType(userName); if (authorityType != AuthorityType.USER) { throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user"); } tenantService.checkDomainUser(userName); if (personExists(userName)) { throw new AlfrescoRuntimeException("Person '" + userName + "' already exists."); } properties.put(ContentModel.PROP_USERNAME, userName); properties.put(ContentModel.PROP_SIZE_CURRENT, 0L); NodeRef personRef = null; try { beforeCreateNodeValidationBehaviour.disable(); personRef = nodeService.createNode( getPeopleContainer(), ContentModel.ASSOC_CHILDREN, getChildNameLower(userName), // Lowercase: ContentModel.TYPE_PERSON, properties).getChildRef(); } finally { beforeCreateNodeValidationBehaviour.enable(); } checkIfPersonShouldBeDisabledAndSetAspect(personRef, properties); if (zones != null) { for (String zone : zones) { // Add the person to an authentication zone (corresponding to an external user registry) // Let's preserve case on this child association nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver)); } } removeFromCache(userName, false); publishEvent("user.create", this.nodeService.getProperties(personRef)); return personRef; }
Example 17
Source File: SiteServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
/** * @see org.alfresco.service.cmr.site.SiteService#removeMembership(java.lang.String, java.lang.String) */ public void removeMembership(final String shortName, final String authorityName) { final NodeRef siteNodeRef = getSiteNodeRef(shortName); if (siteNodeRef == null) { throw new SiteDoesNotExistException(shortName); } // TODO what do we do about the user if they are in a group that has // rights to the site? // Get the current user String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser(); // Get the user current role final String role = getMembersRole(shortName, authorityName); if (role != null) { // Check that we are not about to remove the last site manager checkLastManagerRemoval(shortName, authorityName, role); // If ... // -- the current user has change permissions rights on the site // or // -- the user is ourselves if ((currentUserName.equals(authorityName) == true) || isSiteAdmin(currentUserName) || (permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)) { // Run as system user AuthenticationUtil.runAs( new AuthenticationUtil.RunAsWork<Object>() { public Object doWork() throws Exception { // Remove the user from the current permission // group String currentGroup = getSiteRoleGroup(shortName, role, true); authorityService.removeAuthority(currentGroup, authorityName); return null; } }, AuthenticationUtil.SYSTEM_USER_NAME); // Raise events AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName); if (authorityType == AuthorityType.USER) { activityService.postActivity( ActivityType.SITE_USER_REMOVED, shortName, ACTIVITY_TOOL, getActivityUserData(authorityName, ""), authorityName); } else if (authorityType == AuthorityType.GROUP) { String authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName); activityService.postActivity( ActivityType.SITE_GROUP_REMOVED, shortName, ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, "")); } } else { // Throw an exception throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName}); } } else { // Throw an exception throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName}); } }
Example 18
Source File: SiteServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
/** * @see org.alfresco.service.cmr.site.SiteService#setMembership(java.lang.String, * java.lang.String, java.lang.String) */ public void setMembership(final String shortName, final String authorityName, final String role) { final NodeRef siteNodeRef = getSiteNodeRef(shortName); if (siteNodeRef == null) { throw new SiteDoesNotExistException(shortName); } // Get the user's current role final String currentRole = getMembersRole(shortName, authorityName); // Do nothing if the role of the user is not being changed if (currentRole == null || role.equals(currentRole) == false) { // TODO if this is the only site manager do not down grade their // permissions if(canAddMember(shortName, authorityName, role)) { // Check that we are not about to remove the last site manager checkLastManagerRemoval(shortName, authorityName, currentRole); // Run as system user AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { public Object doWork() throws Exception { if (currentRole != null) { // Remove the user from the current // permission group String currentGroup = getSiteRoleGroup(shortName, currentRole, true); authorityService.removeAuthority(currentGroup, authorityName); } // Add the user to the new permission group String newGroup = getSiteRoleGroup(shortName, role, true); authorityService.addAuthority(newGroup, authorityName); return null; } }, AuthenticationUtil.SYSTEM_USER_NAME); AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName); String authorityDisplayName = authorityName; if (authorityType == AuthorityType.GROUP) { authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName); } if (currentRole == null) { if (authorityType == AuthorityType.USER) { activityService.postActivity( ActivityType.SITE_USER_JOINED, shortName, ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role), authorityName); } else if (authorityType == AuthorityType.GROUP) { activityService.postActivity( ActivityType.SITE_GROUP_ADDED, shortName, ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role)); } } else { if (authorityType == AuthorityType.USER) { activityService.postActivity( ActivityType.SITE_USER_ROLE_UPDATE, shortName, ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role)); } else if (authorityType == AuthorityType.GROUP) { activityService.postActivity( ActivityType.SITE_GROUP_ROLE_UPDATE, shortName, ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role)); } } } else { // Raise a permission exception throw new SiteServiceException(MSG_CAN_NOT_CHANGE_MSHIP, new Object[]{shortName}); } } }