Class SecurityServiceImpl

java.lang.Object
fr.becpg.repo.security.impl.SecurityServiceImpl
All Implemented Interfaces:
SecurityService

@Service("securityService") public class SecurityServiceImpl extends Object implements SecurityService
Security Service : is in charge to compute acls by node Type. And provide permission on properties
Version:
$Id: $Id
Author:
"Matthieu Laborie"
  • Field Details

    • ACLS_CACHE_KEY

      private static final String ACLS_CACHE_KEY
      Constant ACLS_CACHE_KEY="ACLS_CACHE_KEY"
      See Also:
    • LOCAL_ACLS_CACHE_KEY

      private static final String LOCAL_ACLS_CACHE_KEY
      Constant LOCAL_ACLS_CACHE_KEY="LOCAL_ACLS_CACHE_KEY"
      See Also:
    • USER_ROLE_CACHE_KEY

      private static final String USER_ROLE_CACHE_KEY
      Constant USER_ROLE_CACHE_KEY="USER_ROLE_CACHE_KEY"
      See Also:
    • logger

      private static final org.apache.commons.logging.Log logger
      Constant logger
    • alfrescoRepository

      @Autowired private AlfrescoRepository<ACLGroupData> alfrescoRepository
    • authorityService

      @Autowired private org.alfresco.service.cmr.security.AuthorityService authorityService
    • dictionaryService

      @Autowired private EntityDictionaryService dictionaryService
    • namespaceService

      @Autowired private org.alfresco.service.namespace.NamespaceService namespaceService
    • beCPGCacheService

      @Autowired private BeCPGCacheService beCPGCacheService
    • securityPlugins

      @Autowired private SecurityServicePlugin[] securityPlugins
    • nodeService

      @Autowired private org.alfresco.service.cmr.repository.NodeService nodeService
    • associationService

      @Autowired private AssociationService associationService
  • Constructor Details

    • SecurityServiceImpl

      public SecurityServiceImpl()
  • Method Details

    • computeAccessMode

      public int computeAccessMode(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, org.alfresco.service.namespace.QName propName)
      Compute access mode for the given field name on a specific type
      Specified by:
      computeAccessMode in interface SecurityService
      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object.
      propName - a QName object.
      Returns:
      Access Mode status
    • computeAccessMode

      public int computeAccessMode(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, String propName)
      Compute access mode for the given field name on a specific type
      Specified by:
      computeAccessMode in interface SecurityService
      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object.
      propName - a String object.
      Returns:
      Access Mode status
    • isEntityTemplate

      private boolean isEntityTemplate(org.alfresco.service.cmr.repository.NodeRef nodeRef)

      isEntityTemplate.

      Parameters:
      nodeRef - a NodeRef object
      Returns:
      a boolean
    • computeAccessMode

      private int computeAccessMode(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, List<PermissionModel> permissions)

      computeAccessMode.

      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      permissions - a List object
      Returns:
      a int
    • hasWritablePropForUser

      private boolean hasWritablePropForUser(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType)
      Check if the current user has write access on at least one property of the given node type.

      Used for entity level access checks (propName is null): when the security group is configured as "default read only", the entity should still be considered writable as soon as the user can edit one of its fields through a local ACL entry. The per field protection is then applied by the form filters.

      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      Returns:
      a boolean
    • getPermissionContext

      public PermissionContext getPermissionContext(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, String propName)
      Get the permission context for a given node and a given property
      Specified by:
      getPermissionContext in interface SecurityService
      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      propName - a String object
      Returns:
      a List object.
    • computeCacheKey

      private String computeCacheKey(org.alfresco.service.cmr.repository.NodeRef nodeRef)

      computeCacheKey.

      Parameters:
      nodeRef - a NodeRef object
      Returns:
      a String object
    • getReadOnlyCachedMap

      private Map<String,Boolean> getReadOnlyCachedMap(String cacheKey)

      getReadOnlyCachedMap.

      Parameters:
      cacheKey - a String object
      Returns:
      a Map object
    • computeNodeTypeKey

      private String computeNodeTypeKey(org.alfresco.service.namespace.QName nodeType)

      computeNodeTypeKey.

      Parameters:
      nodeType - a QName object
      Returns:
      a String object
    • refreshAcls

      public void refreshAcls()
      Refresh ACLS cache per tenant
      Specified by:
      refreshAcls in interface SecurityService
    • getPermissionCachedMap

      private Map<String,List<PermissionModel>> getPermissionCachedMap(String cacheKey)

      getPermissionCachedMap.

      Parameters:
      cacheKey - a String object
      Returns:
      a Map object
    • isCurrentUserAllowed

      public boolean isCurrentUserAllowed(String securityGroup)
      Check user is in currentSecurityGroup or isAdmin
      Specified by:
      isCurrentUserAllowed in interface SecurityService
      Parameters:
      securityGroup - a String object.
      Returns:
      a boolean.
    • getUserSecurityRoles

      public List<String> getUserSecurityRoles()
      List available security roles for user
      Specified by:
      getUserSecurityRoles in interface SecurityService
      Returns:
      a List object.
    • isAdmin

      private boolean isAdmin()

      isAdmin.

      Returns:
      a boolean
    • isInGroup

      private boolean isInGroup(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, List<org.alfresco.service.cmr.repository.NodeRef> groups)
      Check if current user is in corresponding group or role
      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      groups - a List object
      Returns:
      a boolean
    • computePluginAccessMode

      private int computePluginAccessMode(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType, int accesMode)

      computePluginAccessMode.

      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      accesMode - a int
      Returns:
      a int
    • buildCacheKey

      private String buildCacheKey(org.alfresco.service.cmr.repository.NodeRef nodeRef, List<org.alfresco.service.cmr.repository.NodeRef> groups)

      buildCacheKey.

      Parameters:
      nodeRef - a NodeRef object
      groups - a List object
      Returns:
      a String object
    • buildPluginAccessModeCacheKey

      private String buildPluginAccessModeCacheKey(org.alfresco.service.cmr.repository.NodeRef nodeRef, org.alfresco.service.namespace.QName nodeType)

      buildPluginAccessModeCacheKey.

      Parameters:
      nodeRef - a NodeRef object
      nodeType - a QName object
      Returns:
      a String object
    • computeNodeTypePropKey

      private String computeNodeTypePropKey(org.alfresco.service.namespace.QName nodeType, String propName)

      computeNodeTypePropKey.

      Parameters:
      nodeType - a QName object
      propName - a String object
      Returns:
      a String object
    • findAllAclGroups

      private List<org.alfresco.service.cmr.repository.NodeRef> findAllAclGroups()

      findAllAclGroups.

      Returns:
      a List object
    • getAvailablePropNames

      public List<String> getAvailablePropNames()
      Extract props list based on existing ACL_GROUPS
      Specified by:
      getAvailablePropNames in interface SecurityService
      Returns:
      a List object.
    • appendPropName

      private void appendPropName(org.alfresco.service.cmr.dictionary.TypeDefinition typeDefinition, Map.Entry<org.alfresco.service.namespace.QName,org.alfresco.service.cmr.dictionary.PropertyDefinition> properties, List<String> ret)

      appendPropName.

      Parameters:
      typeDefinition - a TypeDefinition object
      properties - a Map.Entry object
      ret - a List object
    • isViewableProperty

      private boolean isViewableProperty(org.alfresco.service.namespace.QName qName)
      Test if the property should be show
      Parameters:
      qName - the q name
      Returns:
      true, if is viewable property