org.squashtest.tm.service.security.acls.jdbc

Class JdbcManageableAclService

java.lang.Object

org.springframework.security.acls.jdbc.JdbcAclService

org.squashtest.tm.service.security.acls.jdbc.JdbcManageableAclService

All Implemented Interfaces:

org.springframework.security.acls.model.AclService, ManageableAclService, ObjectAclService

@Service(value="squashtest.core.security.AclService")
@Transactional
public class JdbcManageableAclService
extends org.springframework.security.acls.jdbc.JdbcAclService
implements ManageableAclService, ObjectAclService

When one update the Acl of an object (ie the permissions of a user), one want to refresh the aclCache if there is one. The right way to do this would have been to delegate such task to the LookupStrategy when it's relevant to do so. However we cannot subclass BasicLookupStrategy because it's final and duplicating its code for a class of ours would be illegal. So we're bypassing the cache encapsulation and expose it right here.

Author:

bsiri

Field Summary

Fields inherited from class org.springframework.security.acls.jdbc.JdbcAclService

jdbcTemplate, log

Constructor Summary

Constructors

Constructor and Description
JdbcManageableAclService(DataSource dataSource, org.springframework.security.acls.jdbc.LookupStrategy lookupStrategy, org.springframework.security.acls.model.AclCache aclCache, org.squashtest.tm.service.security.acls.jdbc.DerivedPermissionsManager derivedManager)

Method Summary

Methods

Modifier and Type	Method and Description
void	addNewResponsibility(long partyId, org.springframework.security.acls.model.ObjectIdentity entityRef, String qualifiedName)
void	createObjectIdentity(org.springframework.security.acls.model.ObjectIdentity objectIdentity) Creates (persists) a not noll, not existing object identity
protected void	evictFromCache(org.springframework.security.acls.model.ObjectIdentity oIdentity)
List<org.squashtest.tm.security.acls.PermissionGroup>	findAllPermissionGroupsByNamespace(String namespace)
List<Long>	findObjectWithoutPermissionByPartyId(long partyId, List<String> qualifiedClasses) Only a size of 1 or 2 is supported for now for the second parameter.
List<Long>	findObjectWithoutPermissionByPartyId(long partyId, String qualifiedClass)
List<Long>	findPartiesWithoutPermissionByObject(long objectId, List<String> qualifiedClassNames) Only a size of 1 or 2 is supported for now for the second parameter.
List<Long>	findPartiesWithoutPermissionByObject(long objectId, String qualifiedClassName)
List<String>	findUsersWithExecutePermission(List<org.springframework.security.acls.model.ObjectIdentity> entityRefs)
List<String>	findUsersWithWritePermission(List<org.springframework.security.acls.model.ObjectIdentity> entityRefs)
void	refreshAcls() basically ensures that recent modification affecting the ACL will be taken into account immediately.
void	removeAllResponsibilities(long partyId) Remove all responsibilities for the Party of the given Id
void	removeAllResponsibilities(long partyId, org.springframework.security.acls.model.ObjectIdentity entityRef) Removes all responsibilities a user might have on a entity.
void	removeAllResponsibilities(org.springframework.security.acls.model.ObjectIdentity entityRef) Removes ALL RESPONSIBILITIES from the given object.
void	removeObjectIdentity(org.springframework.security.acls.model.ObjectIdentity objectIdentity)
List<Object[]>	retrieveClassAclGroupFromPartyId(long partyId, List<String> qualifiedClassNames) Only a size of 1 or 2 is supported for now for the second parameter.
List<Object[]>	retrieveClassAclGroupFromPartyId(long partyId, List<String> qualifiedClassNames, org.squashtest.tm.core.foundation.collection.Sorting sorting, org.squashtest.tm.core.foundation.collection.Filtering filtering) Only a size of 1 or 2 is supported for now for the second parameter.
List<Object[]>	retrieveClassAclGroupFromPartyId(long partyId, String qualifiedClassName)
List<Object[]>	retrieveClassAclGroupFromPartyId(long partyId, String qualifiedClassName, org.squashtest.tm.core.foundation.collection.Sorting sorting, org.squashtest.tm.core.foundation.collection.Filtering filtering)
List<Object[]>	retrieveClassAclGroupFromUserLogin(String userLogin, List<String> qualifiedClassNames)
List<Object[]>	retrieveClassAclGroupFromUserLogin(String userLogin, String qualifiedClassName)
List<Object[]>	retrievePartyAndAclGroupNameFromIdentityAndClass(long entityId, Class<?> entityClass) Will find squash User ids and theirs permission names for the given acl_object_identity.identity and acl_object_identity.className
List<Object[]>	retrievePartyAndAclGroupNameFromIdentityAndClass(long entityId, Class<?> entityClass, org.squashtest.tm.core.foundation.collection.Sorting sorting, org.squashtest.tm.core.foundation.collection.Filtering filtering) Same as #retriveUserAndAclGroupNameFromIdentityAndClass(long, Class), sorted and filtered version
List<Object[]>	retrieveUsersFromIdentityAndClass(long entityId)
void	updateDerivedPermissions(long partyId)

Methods inherited from class org.springframework.security.acls.jdbc.JdbcAclService

findChildren, readAclById, readAclById, readAclsById, readAclsById, setFindChildrenQuery

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JdbcManageableAclService

@Inject
public JdbcManageableAclService(DataSource dataSource,
                               org.springframework.security.acls.jdbc.LookupStrategy lookupStrategy,
                               org.springframework.security.acls.model.AclCache aclCache,
                               org.squashtest.tm.service.security.acls.jdbc.DerivedPermissionsManager derivedManager)

Method Detail

addNewResponsibility

public void addNewResponsibility(@NotNull
                        long partyId,
                        @NotNull
                        org.springframework.security.acls.model.ObjectIdentity entityRef,
                        @NotNull
                        String qualifiedName)

Specified by:

addNewResponsibility in interface ObjectAclService

removeObjectIdentity

public void removeObjectIdentity(org.springframework.security.acls.model.ObjectIdentity objectIdentity)

Specified by:

removeObjectIdentity in interface ManageableAclService

removeAllResponsibilities

public void removeAllResponsibilities(org.springframework.security.acls.model.ObjectIdentity entityRef)

Description copied from interface: ObjectAclService

Removes ALL RESPONSIBILITIES from the given object.

Specified by:

removeAllResponsibilities in interface ObjectAclService

removeAllResponsibilities

public void removeAllResponsibilities(long partyId)

Description copied from interface: ObjectAclService

Remove all responsibilities for the Party of the given Id

Specified by:

removeAllResponsibilities in interface ObjectAclService

removeAllResponsibilities

public void removeAllResponsibilities(@NotNull
                             long partyId,
                             @NotNull
                             org.springframework.security.acls.model.ObjectIdentity entityRef)

Removes all responsibilities a user might have on a entity. In other words, the given user will no longer have any permission on the entity.

Specified by:

removeAllResponsibilities in interface ObjectAclService

Parameters:

partyId -

entityRef -

updateDerivedPermissions

public void updateDerivedPermissions(long partyId)

Specified by:

updateDerivedPermissions in interface ObjectAclService

createObjectIdentity

public void createObjectIdentity(@NotNull
                        org.springframework.security.acls.model.ObjectIdentity objectIdentity)
                          throws org.springframework.security.acls.model.AlreadyExistsException

Description copied from interface: ManageableAclService

Creates (persists) a not noll, not existing object identity

Specified by:

createObjectIdentity in interface ManageableAclService

Throws:

org.springframework.security.acls.model.AlreadyExistsException

findAllPermissionGroupsByNamespace

public List<org.squashtest.tm.security.acls.PermissionGroup> findAllPermissionGroupsByNamespace(@NotNull
                                                                                       String namespace)

Specified by:

findAllPermissionGroupsByNamespace in interface ObjectAclService

retrieveClassAclGroupFromPartyId

public List<Object[]> retrieveClassAclGroupFromPartyId(@NotNull
                                              long partyId,
                                              String qualifiedClassName)

Specified by:

retrieveClassAclGroupFromPartyId in interface ObjectAclService

retrieveClassAclGroupFromPartyId

public List<Object[]> retrieveClassAclGroupFromPartyId(long partyId,
                                              List<String> qualifiedClassNames)

Only a size of 1 or 2 is supported for now for the second parameter.

Specified by:

retrieveClassAclGroupFromPartyId in interface ObjectAclService

retrieveClassAclGroupFromUserLogin

public List<Object[]> retrieveClassAclGroupFromUserLogin(String userLogin,
                                                String qualifiedClassName)

Specified by:

retrieveClassAclGroupFromUserLogin in interface ObjectAclService

retrieveClassAclGroupFromUserLogin

public List<Object[]> retrieveClassAclGroupFromUserLogin(String userLogin,
                                                List<String> qualifiedClassNames)

Specified by:

retrieveClassAclGroupFromUserLogin in interface ObjectAclService

retrieveClassAclGroupFromPartyId

public List<Object[]> retrieveClassAclGroupFromPartyId(@NotNull
                                              long partyId,
                                              String qualifiedClassName,
                                              org.squashtest.tm.core.foundation.collection.Sorting sorting,
                                              org.squashtest.tm.core.foundation.collection.Filtering filtering)

Specified by:

retrieveClassAclGroupFromPartyId in interface ObjectAclService

retrieveClassAclGroupFromPartyId

public List<Object[]> retrieveClassAclGroupFromPartyId(long partyId,
                                              List<String> qualifiedClassNames,
                                              org.squashtest.tm.core.foundation.collection.Sorting sorting,
                                              org.squashtest.tm.core.foundation.collection.Filtering filtering)

Only a size of 1 or 2 is supported for now for the second parameter.

Specified by:

retrieveClassAclGroupFromPartyId in interface ObjectAclService

findObjectWithoutPermissionByPartyId

public List<Long> findObjectWithoutPermissionByPartyId(long partyId,
                                              String qualifiedClass)

Specified by:

findObjectWithoutPermissionByPartyId in interface ObjectAclService

findObjectWithoutPermissionByPartyId

public List<Long> findObjectWithoutPermissionByPartyId(long partyId,
                                              List<String> qualifiedClasses)

Only a size of 1 or 2 is supported for now for the second parameter.

Specified by:

findObjectWithoutPermissionByPartyId in interface ObjectAclService

findUsersWithExecutePermission

public List<String> findUsersWithExecutePermission(List<org.springframework.security.acls.model.ObjectIdentity> entityRefs)

Specified by:

findUsersWithExecutePermission in interface ObjectAclService

findUsersWithWritePermission

public List<String> findUsersWithWritePermission(@NotNull
                                        List<org.springframework.security.acls.model.ObjectIdentity> entityRefs)

Specified by:

findUsersWithWritePermission in interface ObjectAclService

evictFromCache

protected void evictFromCache(org.springframework.security.acls.model.ObjectIdentity oIdentity)

retrievePartyAndAclGroupNameFromIdentityAndClass

public List<Object[]> retrievePartyAndAclGroupNameFromIdentityAndClass(long entityId,
                                                              Class<?> entityClass)

Description copied from interface: ObjectAclService

Will find squash User ids and theirs permission names for the given acl_object_identity.identity and acl_object_identity.className

Specified by:

retrievePartyAndAclGroupNameFromIdentityAndClass in interface ObjectAclService

Returns:

a list of Object[] containing at index 0 the user id and , at index 1, the user's acl_group.qualified_name for the given acl_object.

retrieveUsersFromIdentityAndClass

public List<Object[]> retrieveUsersFromIdentityAndClass(long entityId)

Specified by:

retrieveUsersFromIdentityAndClass in interface ObjectAclService

retrievePartyAndAclGroupNameFromIdentityAndClass

public List<Object[]> retrievePartyAndAclGroupNameFromIdentityAndClass(long entityId,
                                                              Class<?> entityClass,
                                                              org.squashtest.tm.core.foundation.collection.Sorting sorting,
                                                              org.squashtest.tm.core.foundation.collection.Filtering filtering)

Description copied from interface: ObjectAclService

Same as #retriveUserAndAclGroupNameFromIdentityAndClass(long, Class), sorted and filtered version

Specified by:

retrievePartyAndAclGroupNameFromIdentityAndClass in interface ObjectAclService

Returns:

findPartiesWithoutPermissionByObject

public List<Long> findPartiesWithoutPermissionByObject(long objectId,
                                              String qualifiedClassName)

Specified by:

findPartiesWithoutPermissionByObject in interface ObjectAclService

findPartiesWithoutPermissionByObject

public List<Long> findPartiesWithoutPermissionByObject(long objectId,
                                              List<String> qualifiedClassNames)

Only a size of 1 or 2 is supported for now for the second parameter.

Specified by:

findPartiesWithoutPermissionByObject in interface ObjectAclService

refreshAcls

public void refreshAcls()

Description copied from interface: ObjectAclService

basically ensures that recent modification affecting the ACL will be taken into account immediately.

Specified by:

refreshAcls in interface ObjectAclService