本文整理汇总了Java中org.alfresco.service.cmr.security.AccessStatus.ALLOWED属性的典型用法代码示例。如果您正苦于以下问题:Java AccessStatus.ALLOWED属性的具体用法?Java AccessStatus.ALLOWED怎么用?Java AccessStatus.ALLOWED使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类org.alfresco.service.cmr.security.AccessStatus
的用法示例。
在下文中一共展示了AccessStatus.ALLOWED属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: ownerRead
protected AccessStatus ownerRead(String username, NodeRef nodeRef)
{
// Reviewed the behaviour of deny and ownership with Mike F
// ATM ownership takes precendence over READ deny
// TODO: check that global owner rights are set
AccessStatus result = AccessStatus.DENIED;
String owner = ownableService.getOwner(nodeRef);
if(owner == null)
{
// TODO node may not have auditable aspect and hence creator property
result = AccessStatus.DENIED;
}
// is the user the owner of the node?
if(EqualsHelper.nullSafeEquals(username, owner))
{
// ROLE_OWNER authority has FULL_CONTROL in permissionDefinitions
// so we don't need to check node requirements
return AccessStatus.ALLOWED;
}
return result;
}
示例2: toString
/**
* Override Object.toString() to provide useful debug output
*/
public String toString()
{
if (this.nodeService.exists(nodeRef))
{
if (this.services.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PROPERTIES) == AccessStatus.ALLOWED)
{
// TODO: DC: Allow debug output of property values - for now it's disabled as this could potentially
// follow a large network of nodes.
return "Node Type: " + getType() + ", Node Aspects: " + getAspectsSet().toString();
}
else
{
return "Access denied to node " + nodeRef;
}
}
else
{
return "Node no longer exists: " + nodeRef;
}
}
示例3: hasVirtualNodePermission
public AccessStatus hasVirtualNodePermission(String permission, boolean readonly)
{
if (readonly)
{
if (denyReadonlySmartNodesFull.contains(permission) || denyReadonlySmartNodes.contains(permission))
{
return AccessStatus.DENIED;
}
}
if (denySmartNodesFull.contains(permission) || denySmartNodes.contains(permission))
{
return AccessStatus.DENIED;
}
else if (allowSmartNodesFull.contains(permission) || allowSmartNodes.contains(permission))
{
return AccessStatus.ALLOWED;
}
else
{
return AccessStatus.UNDETERMINED;
}
}
示例4: getRulesForNode
private List<Rule> getRulesForNode(NodeRef nodeRef)
{
// Extra check of CONSUMER permission was added to rule selection,
// to prevent Access Denied Exception due to the bug:
// https://issues.alfresco.com/browse/ETWOTWO-438
if (!runtimeNodeService.hasAspect(nodeRef, RuleModel.ASPECT_RULES) ||
permissionService.hasPermission(nodeRef, PermissionService.READ) != AccessStatus.ALLOWED)
{
// Doesn't have the aspect or the user doesn't have access
return Collections.emptyList();
}
List<Rule> nodeRules = nodeRulesCache.get(nodeRef);
if (nodeRules != null)
{
// We have already processed this node
return nodeRules;
}
// Not in the cache, so go and get the rules
nodeRules = new ArrayList<Rule>();
NodeRef ruleFolder = getSavedRuleFolderRef(nodeRef);
if (ruleFolder != null)
{
// Get the rules for this node
List<ChildAssociationRef> ruleChildAssocRefs =
this.runtimeNodeService.getChildAssocs(ruleFolder, RegexQNamePattern.MATCH_ALL, ASSOC_NAME_RULES_REGEX);
for (ChildAssociationRef ruleChildAssocRef : ruleChildAssocRefs)
{
// Create the rule and add to the list
NodeRef ruleNodeRef = ruleChildAssocRef.getChildRef();
Rule rule = getRule(ruleNodeRef);
nodeRules.add(rule);
}
}
// Store this in the cache for later re-use
nodeRulesCache.put(nodeRef, nodeRules);
// Done
return nodeRules;
}
示例5: pre
public AccessStatus pre(Object object)
{
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
if (this.getAccessDecisionManager() instanceof AffirmativeBasedAccessDecisionManger)
{
return ((AffirmativeBasedAccessDecisionManger)getAccessDecisionManager()).pre(object, attr);
}
else
{
return AccessStatus.ALLOWED;
}
}
示例6: canUserEditPost
/**
* Is the current user allowed to edit this post?
* In order to be deemed allowed, you first need write
* permissions on the underlying node of the post.
* You then also need to either be the cm:creator of
* the post node, or a site manager
*/
protected boolean canUserEditPost(PostInfo post, SiteInfo site)
{
// Are they OK on the node?
AccessStatus canEdit = permissionService.hasPermission(post.getNodeRef(), PermissionService.WRITE);
if (canEdit == AccessStatus.ALLOWED)
{
// Only the creator and site managers may edit
String user = AuthenticationUtil.getFullyAuthenticatedUser();
if (post.getCreator().equals(user))
{
// It's their post
return true;
}
if (site != null)
{
String role = siteService.getMembersRole(site.getShortName(), user);
if (SiteServiceImpl.SITE_MANAGER.equals(role))
{
// Managers may edit
return true;
}
}
}
// If in doubt, you may not edit
return false;
}
示例7: canEditPermission
private boolean canEditPermission(NodeRef commentNodeRef)
{
String creator = (String)nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
Serializable owner = nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER);
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
boolean isSiteManager = permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED);
boolean isCoordinator = permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED);
return (isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner));
}
示例8: canAddMember
/**
* @see org.alfresco.service.cmr.site.SiteService#canAddMember(java.lang.String,
* java.lang.String, java.lang.String)
*/
public boolean canAddMember(final String shortName, final String authorityName, final String role)
{
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
if (siteNodeRef == null)
{
throw new SiteDoesNotExistException(shortName);
}
// Get the user's current role
final String currentRole = getMembersRole(shortName, authorityName);
// Get the visibility of the site
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
// If we are ...
// -- the current user has change permissions rights on the site
// or we are ...
// -- referring to a public site and
// -- the role being set is consumer and
// -- the user being added is ourselves and
// -- the member does not already have permissions
// ... then we can set the permissions as system user
final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
return ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
|| isSiteAdmin(currentUserName) || (SiteVisibility.PUBLIC.equals(visibility)
&& role.equals(SiteModel.SITE_CONSUMER) && authorityName.equals(currentUserName) && currentRole == null));
}
示例9: getSiteName
private String getSiteName(NodeRef nodeRef)
{
NodeRef parent = nodeService.getPrimaryParent(nodeRef).getParentRef();
while (parent != null && !nodeService.getType(parent).equals(SiteModel.TYPE_SITE))
{
// check that we can read parent name
if (permissionService.hasReadPermission(parent) == AccessStatus.ALLOWED)
{
String parentName = (String) nodeService.getProperty(parent,ContentModel.PROP_NAME);
}
else
{
return null;
}
if (nodeService.getPrimaryParent(nodeRef) != null)
{
parent = nodeService.getPrimaryParent(parent).getParentRef();
}
}
if (parent == null)
{
return null;
}
return nodeService.getProperty(parent, ContentModel.PROP_NAME).toString();
}
示例10: removeAllRules
@Override
public void removeAllRules(NodeRef nodeRef)
{
checkForLinkedRules(nodeRef);
if (this.permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
{
if (this.nodeService.exists(nodeRef) == true &&
this.nodeService.hasAspect(nodeRef, RuleModel.ASPECT_RULES) == true)
{
NodeRef folder = getSavedRuleFolderRef(nodeRef);
if (folder != null)
{
List<ChildAssociationRef> ruleChildAssocs = this.nodeService.getChildAssocs(
folder,
RegexQNamePattern.MATCH_ALL, ASSOC_NAME_RULES_REGEX);
for (ChildAssociationRef ruleChildAssoc : ruleChildAssocs)
{
this.nodeService.removeChild(folder, ruleChildAssoc.getChildRef());
}
}
// As this was the last rule on the node, remove the aspect
this.nodeService.removeAspect(nodeRef, RuleModel.ASPECT_RULES);
}
// Drop the rules from the cache
nodeRulesCache.remove(nodeRef);
}
else
{
throw new RuleServiceException("Insufficient permissions to remove a rule.");
}
}
示例11: createContainer
/**
* Creates a new site container
*
* @param componentId component id
* @param folderType folder type to create
* @return ScriptNode the created container
*/
public ScriptNode createContainer(final String componentId, final String folderType, final Object permissions)
{
final NodeRef containerNodeRef = this.createContainerImpl(componentId, folderType, permissions);
if (Site.this.serviceRegistry.getPermissionService().hasPermission(containerNodeRef, PermissionService.READ_PROPERTIES) == AccessStatus.ALLOWED)
{
return getContainer(componentId);
}
else
{
// current user has no access.
return null;
}
}
示例12: toJSONObject
/**
* Convert a node reference to a JSON object. Selects the correct converter based on selection
* implementation.
*/
@SuppressWarnings("unchecked")
public JSONObject toJSONObject(final NodeRef nodeRef, final boolean useShortQNames)
{
final JSONObject json = new JSONObject();
if (this.nodeService.exists(nodeRef))
{
if (publicServiceAccessService.hasAccess(ServiceRegistry.NODE_SERVICE.getLocalName(), "getProperties", nodeRef) == AccessStatus.ALLOWED)
{
// init namespace prefix cache
namespacePrefixCache.get().clear();
// Get node info
FileInfo nodeInfo = this.fileFolderService.getFileInfo(nodeRef);
// Set root values
setRootValues(nodeInfo, json, useShortQNames);
// add permissions
json.put("permissions", permissionsToJSON(nodeRef));
// add properties
json.put("properties", propertiesToJSON(nodeRef, nodeInfo.getProperties(), useShortQNames));
// add aspects
json.put("aspects", apsectsToJSON(nodeRef, useShortQNames));
}
}
return json;
}
示例13: personExists
/**
* {@inheritDoc}
*/
public boolean personExists(String caseSensitiveUserName)
{
NodeRef person = getPersonOrNullImpl(caseSensitiveUserName);
if (person != null)
{
// re: THOR-293
return permissionServiceSPI.hasPermission(person, PermissionService.READ) == AccessStatus.ALLOWED;
}
return false;
}
示例14: pre
public AccessStatus pre(Object object, ConfigAttributeDefinition attr)
{
Iterator iter = this.getDecisionVoters().iterator();
int deny = 0;
while (iter.hasNext())
{
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
int result = voter.vote(AuthenticationUtil.getFullAuthentication(), object, attr);
switch (result)
{
case AccessDecisionVoter.ACCESS_GRANTED:
return AccessStatus.ALLOWED;
case AccessDecisionVoter.ACCESS_DENIED:
deny++;
break;
default:
break;
}
}
if (deny > 0)
{
return AccessStatus.DENIED;
}
// To get this far, every AccessDecisionVoter abstained
if (this.isAllowIfAllAbstainDecisions())
{
return AccessStatus.ALLOWED;
}
else
{
return AccessStatus.DENIED;
}
}
示例15: removeRule
@Override
public void removeRule(NodeRef nodeRef, Rule rule)
{
checkForLinkedRules(nodeRef);
if (this.permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
{
if (this.nodeService.exists(nodeRef) == true &&
this.nodeService.hasAspect(nodeRef, RuleModel.ASPECT_RULES) == true)
{
disableRules(nodeRef);
try
{
NodeRef ruleNodeRef = rule.getNodeRef();
if (ruleNodeRef != null)
{
this.nodeService.removeChild(getSavedRuleFolderRef(nodeRef), ruleNodeRef);
}
}
finally
{
enableRules(nodeRef);
}
// If this was the last rule on the node, remove the aspect
if(countRules(nodeRef) == 0)
{
// Since this is the last rule, unlink any linked rulesets
List<NodeRef> linkedFrom = getLinkedFromRuleNodes(nodeRef);
if (linkedFrom.isEmpty() == false)
{
for (NodeRef linkedFromNodeRef : linkedFrom)
{
NodeRef ruleFolder = getSavedRuleFolderAssoc(nodeRef).getChildRef();
nodeService.removeChild(linkedFromNodeRef, ruleFolder);
nodeService.removeAspect(linkedFromNodeRef, RuleModel.ASPECT_RULES);
}
}
this.nodeService.removeAspect(nodeRef, RuleModel.ASPECT_RULES);
}
}
// Drop the rules from the cache
nodeRulesCache.remove(nodeRef);
}
else
{
throw new RuleServiceException("Insufficient permissions to remove a rule.");
}
}