|
1
17 package org.alfresco.repo.security.permissions.impl.model;
18
19 import java.io.IOException  ;
20 import java.io.InputStream ;
21 import java.util.Collections ;
22 import java.util.HashMap ;
23 import java.util.HashSet ;
24 import java.util.Iterator ;
25 import java.util.Map ;
26 import java.util.Set ;
27
28 import org.alfresco.repo.security.permissions.PermissionEntry;
29 import org.alfresco.repo.security.permissions.PermissionReference;
30 import org.alfresco.repo.security.permissions.impl.ModelDAO;
31 import org.alfresco.repo.security.permissions.impl.RequiredPermission;
32 import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
33 import org.alfresco.service.cmr.dictionary.AspectDefinition;
34 import org.alfresco.service.cmr.dictionary.ClassDefinition;
35 import org.alfresco.service.cmr.dictionary.DictionaryService;
36 import org.alfresco.service.cmr.dictionary.TypeDefinition;
37 import org.alfresco.service.cmr.repository.NodeRef;
38 import org.alfresco.service.cmr.repository.NodeService;
39 import org.alfresco.service.cmr.security.AccessStatus;
40 import org.alfresco.service.cmr.security.PermissionService;
41 import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
42 import org.alfresco.service.namespace.NamespaceService;
43 import org.alfresco.service.namespace.QName;
44 import org.dom4j.Attribute;
45 import org.dom4j.Document;
46 import org.dom4j.DocumentException;
47 import org.dom4j.Element;
48 import org.dom4j.io.SAXReader;
49 import org.springframework.beans.factory.InitializingBean;
50
51
60 public class PermissionModel implements ModelDAO, InitializingBean
61 {
62
64 private NodeService nodeService;
65
66 private DictionaryService dictionaryService;
67
68
70 private static final String NAMESPACES = "namespaces";
71
72 private static final String NAMESPACE = "namespace";
73
74 private static final String NAMESPACE_URI = "uri";
75
76 private static final String NAMESPACE_PREFIX = "prefix";
77
78 private static final String PERMISSION_SET = "permissionSet";
79
80 private static final String GLOBAL_PERMISSION = "globalPermission";
81
82 private static final String DENY = "deny";
83
84 private static final String ALLOW = "allow";
85
86 private static final String DEFAULT_PERMISSION = "defaultPermission";
87
88
90 private String model;
91
92 private Map <QName, PermissionSet> permissionSets = new HashMap <QName, PermissionSet>();
93
94 private Set <GlobalPermissionEntry> globalPermissions = new HashSet <GlobalPermissionEntry>();
95
96 private AccessStatus defaultPermission;
97
98 private HashMap <PermissionReference, Set <PermissionReference>> grantingPermissions = new HashMap <PermissionReference, Set <PermissionReference>>();
100
101 private HashMap <PermissionReference, Set <PermissionReference>> granteePermissions = new HashMap <PermissionReference, Set <PermissionReference>>();
103
104 private HashMap <PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap <PermissionGroup, PermissionGroup>();
106
107 private HashMap <String , PermissionReference> uniqueMap;
108
109 private HashMap <PermissionReference, Permission> permissionMap;
110
111 private HashMap <PermissionReference, PermissionGroup> permissionGroupMap;
112
113 private HashMap <String , PermissionReference> permissionReferenceMap;
114
115 public PermissionModel()
116 {
117 super();
118 }
119
120
122 public void setModel(String model)
123 {
124 this.model = model;
125 }
126
127 public void setDictionaryService(DictionaryService dictionaryService)
128 {
129 this.dictionaryService = dictionaryService;
130 }
131
132 public void setNodeService(NodeService nodeService)
133 {
134 this.nodeService = nodeService;
135 }
136
137
144
145 public void afterPropertiesSet()
146 {
147 Document document = createDocument(model);
148 Element root = document.getRootElement();
149
150 Attribute defaultPermissionAttribute = root.attribute(DEFAULT_PERMISSION);
151 if (defaultPermissionAttribute != null)
152 {
153 if (defaultPermissionAttribute.getStringValue().equalsIgnoreCase(ALLOW))
154 {
155 defaultPermission = AccessStatus.ALLOWED;
156 }
157 else if (defaultPermissionAttribute.getStringValue().equalsIgnoreCase(DENY))
158 {
159 defaultPermission = AccessStatus.DENIED;
160 }
161 else
162 {
163 throw new PermissionModelException("The default permission must be deny or allow");
164 }
165 }
166 else
167 {
168 defaultPermission = AccessStatus.DENIED;
169 }
170
171 DynamicNamespacePrefixResolver nspr = new DynamicNamespacePrefixResolver();
172
173
175 for (Iterator nsit = root.elementIterator(NAMESPACES); nsit.hasNext(); )
176 {
177 Element namespacesElement = (Element) nsit.next();
178 for (Iterator it = namespacesElement.elementIterator(NAMESPACE); it.hasNext(); )
179 {
180 Element nameSpaceElement = (Element) it.next();
181 nspr.registerNamespace(nameSpaceElement.attributeValue(NAMESPACE_PREFIX), nameSpaceElement
182 .attributeValue(NAMESPACE_URI));
183 }
184 }
185
186
188 for (Iterator psit = root.elementIterator(PERMISSION_SET); psit.hasNext(); )
189 {
190 Element permissionSetElement = (Element) psit.next();
191 PermissionSet permissionSet = new PermissionSet();
192 permissionSet.initialise(permissionSetElement, nspr, this);
193
194 permissionSets.put(permissionSet.getQName(), permissionSet);
195 }
196
197 buildUniquePermissionMap();
198
199
201 for (Iterator npit = root.elementIterator(GLOBAL_PERMISSION); npit.hasNext(); )
202 {
203 Element globalPermissionElement = (Element) npit.next();
204 GlobalPermissionEntry globalPermission = new GlobalPermissionEntry();
205 globalPermission.initialise(globalPermissionElement, nspr, this);
206
207 globalPermissions.add(globalPermission);
208 }
209
210 }
211
212
215 private Document createDocument(String model)
216 {
217 InputStream is = this.getClass().getClassLoader().getResourceAsStream(model);
218 if (is == null)
219 {
220 throw new PermissionModelException("File not found: " + model);
221 }
222 SAXReader reader = new SAXReader();
223 try
224 {
225 Document document = reader.read(is);
226 is.close();
227 return document;
228 }
229 catch (DocumentException e)
230 {
231 throw new PermissionModelException("Failed to create permission model document ", e);
232 }
233 catch (IOException e)
234 {
235 throw new PermissionModelException("Failed to close permission model document ", e);
236 }
237
238 }
239
240 public AccessStatus getDefaultPermission()
241 {
242 return defaultPermission;
243 }
244
245 public AccessStatus getDefaultPermission(PermissionReference pr)
246 {
247 Permission p = permissionMap.get(pr);
248 if (p == null)
249 {
250 return defaultPermission;
251 }
252 else
253 {
254 return p.getDefaultPermission();
255 }
256 }
257
258 public Set <? extends PermissionEntry> getGlobalPermissionEntries()
259 {
260 return Collections.unmodifiableSet(globalPermissions);
261 }
262
263 public Map <QName, PermissionSet> getPermissionSets()
264 {
265 return Collections.unmodifiableMap(permissionSets);
266 }
267
268 public Set <PermissionReference> getAllPermissions(QName type)
269 {
270 return getAllPermissionsImpl(type, false);
271 }
272
273 public Set <PermissionReference> getExposedPermissions(QName type)
274 {
275 return getAllPermissionsImpl(type, true);
276 }
277
278 private Set <PermissionReference> getAllPermissionsImpl(QName type, boolean exposedOnly)
279 {
280 Set <PermissionReference> permissions = new HashSet <PermissionReference>();
281 if (dictionaryService.getClass(type).isAspect())
282 {
283 addAspectPermissions(type, permissions, exposedOnly);
284 }
285 else
286 {
287 mergeGeneralAspectPermissions(permissions, exposedOnly);
288 addTypePermissions(type, permissions, exposedOnly);
289 }
290 return permissions;
291 }
292
293
299 private void addTypePermissions(QName type, Set <PermissionReference> permissions, boolean exposedOnly)
300 {
301 TypeDefinition typeDef = dictionaryService.getType(type);
302 if (typeDef.getParentName() != null)
303 {
304 PermissionSet permissionSet = permissionSets.get(type);
305 if (!exposedOnly || (permissionSet == null) || permissionSet.exposeAll())
306 {
307 addTypePermissions(typeDef.getParentName(), permissions, exposedOnly);
308 }
309 }
310 for (AspectDefinition ad : typeDef.getDefaultAspects())
311 {
312 addAspectPermissions(ad.getName(), permissions, exposedOnly);
313 }
314 mergePermissions(permissions, type, exposedOnly, true);
315 }
316
317
323 private void addAspectPermissions(QName type, Set <PermissionReference> permissions, boolean exposedOnly)
324 {
325 AspectDefinition aspectDef = dictionaryService.getAspect(type);
326 if (aspectDef.getParentName() != null)
327 {
328 PermissionSet permissionSet = permissionSets.get(type);
329 if (!exposedOnly || (permissionSet == null) || permissionSet.exposeAll())
330 {
331 addAspectPermissions(aspectDef.getParentName(), permissions, exposedOnly);
332 }
333 }
334 mergePermissions(permissions, type, exposedOnly, true);
335 }
336
337
343 private void mergePermissions(Set <PermissionReference> target, QName type, boolean exposedOnly, boolean typeRequired)
344 {
345 PermissionSet permissionSet = permissionSets.get(type);
346 if (permissionSet != null)
347 {
348 for (PermissionGroup pg : permissionSet.getPermissionGroups())
349 {
350 if (!exposedOnly || permissionSet.exposeAll() || pg.isExposed())
351 {
352 if (!pg.isExtends())
353 {
354 if (pg.isTypeRequired() == typeRequired)
355 {
356 target.add(pg);
357 }
358 }
359 else if (exposedOnly)
360 {
361 if (pg.isTypeRequired() == typeRequired)
362 {
363 target.add(getBasePermissionGroup(pg));
364 }
365 }
366 }
367 }
368 for (Permission p : permissionSet.getPermissions())
369 {
370 if (!exposedOnly || permissionSet.exposeAll() || p.isExposed())
371 {
372 if (p.isTypeRequired() == typeRequired)
373 {
374 target.add(p);
375 }
376 }
377 }
378 }
379 }
380
381
382 private void mergeGeneralAspectPermissions(Set <PermissionReference> target, boolean exposedOnly)
383 {
384 for(QName aspect : dictionaryService.getAllAspects())
385 {
386 mergePermissions(target, aspect, exposedOnly, false);
387 }
388 }
389
390 public Set <PermissionReference> getAllPermissions(NodeRef nodeRef)
391 {
392 return getExposedPermissionsImpl(nodeRef, false);
393 }
394
395 public Set <PermissionReference> getExposedPermissions(NodeRef nodeRef)
396 {
397 return getExposedPermissionsImpl(nodeRef, true);
398 }
399
400 public Set <PermissionReference> getExposedPermissionsImpl(NodeRef nodeRef, boolean exposedOnly)
401 {
402
403 QName typeName = nodeService.getType(nodeRef);
404 Set <PermissionReference> permissions = getAllPermissions(typeName);
405 mergeGeneralAspectPermissions(permissions, exposedOnly);
406 Set <QName> defaultAspects = new HashSet <QName>();
408 for (AspectDefinition aspDef : dictionaryService.getType(typeName).getDefaultAspects())
409 {
410 defaultAspects.add(aspDef.getName());
411 }
412 for (QName aspect : nodeService.getAspects(nodeRef))
413 {
414 if (!defaultAspects.contains(aspect))
415 {
416 addAspectPermissions(aspect, permissions, exposedOnly);
417 }
418 }
419 return permissions;
420
421 }
422
423 public synchronized Set <PermissionReference> getGrantingPermissions(PermissionReference permissionReference)
424 {
425 Set <PermissionReference> granters = grantingPermissions.get(permissionReference);
427 if (granters == null)
428 {
429 granters = getGrantingPermissionsImpl(permissionReference);
430 grantingPermissions.put(permissionReference, granters);
431 }
432 return granters;
433 }
434
435 private Set <PermissionReference> getGrantingPermissionsImpl(PermissionReference permissionReference)
436 {
437 HashSet <PermissionReference> permissions = new HashSet <PermissionReference>();
439 permissions.add(permissionReference);
440 for (PermissionSet ps : permissionSets.values())
441 {
442 for (PermissionGroup pg : ps.getPermissionGroups())
443 {
444 if (grants(pg, permissionReference))
445 {
446 permissions.add(getBasePermissionGroup(pg));
447 }
448 if (pg.isAllowFullControl())
449 {
450 permissions.add(pg);
451 }
452 }
453 for (Permission p : ps.getPermissions())
454 {
455 if (p.equals(permissionReference))
456 {
457 for (PermissionReference pg : p.getGrantedToGroups())
458 {
459 permissions.add(getBasePermissionGroup(getPermissionGroup(pg)));
460 }
461 }
462 for (RequiredPermission rp : p.getRequiredPermissions())
463 {
464 if (rp.equals(permissionReference) && rp.isImplies())
465 {
466 permissions.add(p);
467 break;
468 }
469 }
470 }
471 }
472 return permissions;
473 }
474
475 private boolean grants(PermissionGroup pg, PermissionReference permissionReference)
476 {
477 if (pg.getIncludedPermissionGroups().contains(permissionReference))
478 {
479 return true;
480 }
481 if (getGranteePermissions(pg).contains(permissionReference))
482 {
483 return true;
484 }
485 for (PermissionReference nested : pg.getIncludedPermissionGroups())
486 {
487 if (grants(getPermissionGroup(nested), permissionReference))
488 {
489 return true;
490 }
491 }
492 return false;
493 }
494
495 public synchronized Set <PermissionReference> getGranteePermissions(PermissionReference permissionReference)
496 {
497 Set <PermissionReference> grantees = granteePermissions.get(permissionReference);
499 if (grantees == null)
500 {
501 grantees = getGranteePermissionsImpl(permissionReference);
502 granteePermissions.put(permissionReference, grantees);
503 }
504 return grantees;
505 }
506
507 private Set <PermissionReference> getGranteePermissionsImpl(PermissionReference permissionReference)
508 {
509 HashSet <PermissionReference> permissions = new HashSet <PermissionReference>();
511 permissions.add(permissionReference);
512 for (PermissionSet ps : permissionSets.values())
513 {
514 for (PermissionGroup pg : ps.getPermissionGroups())
515 {
516 if (pg.equals(permissionReference))
517 {
518 for (PermissionReference included : pg.getIncludedPermissionGroups())
519 {
520 permissions.addAll(getGranteePermissions(included));
521 }
522
523 if (pg.isExtends())
524 {
525 if (pg.getTypeQName() != null)
526 {
527 permissions.addAll(getGranteePermissions(new SimplePermissionReference(pg.getTypeQName(),
528 pg.getName())));
529 }
530 else
531 {
532 ClassDefinition classDefinition = dictionaryService.getClass(pg.getQName());
533 QName parent = classDefinition.getParentName();
534 if (parent != null)
535 {
536 classDefinition = dictionaryService.getClass(parent);
537 PermissionGroup attempt = getPermissionGroupOrNull(new SimplePermissionReference(
538 parent, pg.getName()));
539 if (attempt != null)
540 {
541 permissions.addAll(getGranteePermissions(attempt));
542 }
543 }
544 }
545 }
546
547 if (pg.isAllowFullControl())
548 {
549 permissions.addAll(getAllPermissions());
551 }
552 }
553 }
554 PermissionGroup baseGroup = getBasePermissionGroupOrNull(getPermissionGroupOrNull(permissionReference));
555 if (baseGroup != null)
556 {
557 for (Permission p : ps.getPermissions())
558 {
559 for (PermissionReference grantedTo : p.getGrantedToGroups())
560 {
561 PermissionGroup base = getBasePermissionGroupOrNull(getPermissionGroupOrNull(grantedTo));
562 if (baseGroup.equals(base))
563 {
564 permissions.add(p);
565 }
566 }
567 }
568 }
569 }
570 return permissions;
571 }
572
573 private Set <PermissionReference> getAllPermissions()
574 {
575 HashSet <PermissionReference> permissions = new HashSet <PermissionReference>();
576 for (PermissionSet ps : permissionSets.values())
577 {
578 for (PermissionGroup pg : ps.getPermissionGroups())
579 {
580 permissions.add(pg);
581 }
582 for (Permission p : ps.getPermissions())
583 {
584 permissions.add(p);
585 }
586 }
587 return permissions;
588 }
589
590
596 private PermissionGroup getPermissionGroupOrNull(PermissionReference target)
597 {
598 PermissionGroup pg = permissionGroupMap.get(target);
599 return pg == null ? null : pg;
600 }
601
602
608 private PermissionGroup getPermissionGroup(PermissionReference target)
609 {
610 PermissionGroup pg = getPermissionGroupOrNull(target);
611 if (pg == null)
612 {
613 throw new PermissionModelException("There is no permission group :"
614 + target.getQName() + " " + target.getName());
615 }
616 return pg;
617 }
618
619
625 private synchronized PermissionGroup getBasePermissionGroupOrNull(PermissionGroup pg)
626 {
627 if (groupsToBaseGroup.containsKey(pg))
628 {
629 return groupsToBaseGroup.get(pg);
630 }
631 else
632 {
633 PermissionGroup answer = getBasePermissionGroupOrNullImpl(pg);
634 groupsToBaseGroup.put(pg, answer);
635 return answer;
636 }
637 }
638
639
647 private PermissionGroup getBasePermissionGroupOrNullImpl(PermissionGroup pg)
648 {
649 if (pg == null)
650 {
651 return null;
652 }
653 if (pg.isExtends())
654 {
655 if (pg.getTypeQName() != null)
656 {
657 return getPermissionGroup(new SimplePermissionReference(pg.getTypeQName(), pg.getName()));
658 }
659 else
660 {
661 ClassDefinition classDefinition = dictionaryService.getClass(pg.getQName());
662 QName parent;
663 while ((parent = classDefinition.getParentName()) != null)
664 {
665 classDefinition = dictionaryService.getClass(parent);
666 PermissionGroup attempt = getPermissionGroupOrNull(new SimplePermissionReference(parent, pg
667 .getName()));
668 if ((attempt != null) && (!attempt.isExtends()))
669 {
670 return attempt;
671 }
672 }
673 return null;
674 }
675 }
676 else
677 {
678 return pg;
679 }
680 }
681
682 private PermissionGroup getBasePermissionGroup(PermissionGroup target)
683 {
684 PermissionGroup pg = getBasePermissionGroupOrNull(target);
685 if (pg == null)
686 {
687 throw new PermissionModelException("There is no parent for permission group :"
688 + target.getQName() + " " + target.getName());
689 }
690 return pg;
691 }
692
693 public Set <PermissionReference> getRequiredPermissions(PermissionReference required, QName qName,
694 Set <QName> aspectQNames, RequiredPermission.On on)
695 {
696 PermissionGroup pg = getBasePermissionGroupOrNull(getPermissionGroupOrNull(required));
697 if (pg == null)
698 {
699 return getRequirementsForPermission(required, on);
700 }
701 else
702 {
703 return getRequirementsForPermissionGroup(pg, on, qName, aspectQNames);
704 }
705 }
706
707
714 private Set <PermissionReference> getRequirementsForPermission(PermissionReference required, RequiredPermission.On on)
715 {
716 HashSet <PermissionReference> requiredPermissions = new HashSet <PermissionReference>();
717 Permission p = getPermissionOrNull(required);
718 if (p != null)
719 {
720 for (RequiredPermission rp : p.getRequiredPermissions())
721 {
722 if (!rp.isImplies() && rp.getOn().equals(on))
723 {
724 requiredPermissions.add(rp);
725 }
726 }
727 }
728 return requiredPermissions;
729 }
730
731
740 private Set <PermissionReference> getRequirementsForPermissionGroup(PermissionGroup target,
741 RequiredPermission.On on, QName qName, Set <QName> aspectQNames)
742 {
743 HashSet <PermissionReference> requiredPermissions = new HashSet <PermissionReference>();
744 if (target == null)
745 {
746 return requiredPermissions;
747 }
748 for (PermissionSet ps : permissionSets.values())
749 {
750 for (PermissionGroup pg : ps.getPermissionGroups())
751 {
752 if (target.equals(getBasePermissionGroupOrNull(pg))
753 && isPartOfDynamicPermissionGroup(pg, qName, aspectQNames))
754 {
755 for (PermissionReference pr : pg.getIncludedPermissionGroups())
757 {
758 requiredPermissions.addAll(getRequirementsForPermissionGroup(
759 getBasePermissionGroupOrNull(getPermissionGroupOrNull(pr)), on, qName, aspectQNames));
760 }
761 }
762 }
763 for (Permission p : ps.getPermissions())
764 {
765 for (PermissionReference grantedTo : p.getGrantedToGroups())
766 {
767 PermissionGroup base = getBasePermissionGroupOrNull(getPermissionGroupOrNull(grantedTo));
768 if (target.equals(base) && (!base.isTypeRequired() || isPartOfDynamicPermissionGroup(grantedTo, qName, aspectQNames)))
769 {
770 if (on == RequiredPermission.On.NODE)
771 {
772 requiredPermissions.add(p);
773 }
774 }
775 }
776 }
777 }
778 return requiredPermissions;
779 }
780
781
789 private boolean isPartOfDynamicPermissionGroup(PermissionReference pr, QName typeQname, Set <QName> aspects)
790 {
791 if (dictionaryService.isSubClass(typeQname, pr.getQName()))
792 {
793 return true;
794 }
795 for (QName aspect : aspects)
796 {
797 if (dictionaryService.isSubClass(aspect, pr.getQName()))
798 {
799 return true;
800 }
801 }
802 return false;
803 }
804
805
811 private Permission getPermissionOrNull(PermissionReference perm)
812 {
813 Permission p = permissionMap.get(perm);
814 return p == null ? null : p;
815 }
816
817 public boolean checkPermission(PermissionReference required)
818 {
819 Permission permission = getPermissionOrNull(required);
820 if (permission != null)
821 {
822 return true;
823 }
824 PermissionGroup pg = getPermissionGroupOrNull(required);
825 if (pg != null)
826 {
827 if (pg.isExtends())
828 {
829 if (pg.getTypeQName() != null)
830 {
831 return checkPermission(new SimplePermissionReference(pg.getTypeQName(), pg.getName()));
832 }
833 else
834 {
835 ClassDefinition classDefinition = dictionaryService.getClass(pg.getQName());
836 QName parent;
837 while ((parent = classDefinition.getParentName()) != null)
838 {
839 classDefinition = dictionaryService.getClass(parent);
840 PermissionGroup attempt = getPermissionGroupOrNull(new SimplePermissionReference(parent, pg
841 .getName()));
842 if ((attempt != null) && attempt.isAllowFullControl())
843 {
844 return true;
845 }
846 }
847 return false;
848 }
849 }
850 else
851 {
852 return pg.isAllowFullControl();
853 }
854 }
855 else
856 {
857 return false;
858 }
859
860 }
861
862 public PermissionReference getPermissionReference(QName qname, String permissionName)
863 {
864 if(permissionName == null)
865 {
866 return null;
867 }
868 PermissionReference pr = uniqueMap.get(permissionName);
869 if (pr == null)
870 {
871 pr = permissionReferenceMap.get(permissionName);
872 if (pr == null)
873 {
874 throw new UnsupportedOperationException ("Can not find " + permissionName);
875 }
876 }
877 return pr;
878
879 }
880
881 public boolean isUnique(PermissionReference permissionReference)
882 {
883 return uniqueMap.containsKey(permissionReference.getName());
884 }
885
886 private void buildUniquePermissionMap()
887 {
888 Set <String > excluded = new HashSet <String >();
889 uniqueMap = new HashMap <String , PermissionReference>();
890 permissionReferenceMap = new HashMap <String , PermissionReference>();
891 permissionGroupMap = new HashMap <PermissionReference, PermissionGroup>();
892 permissionMap = new HashMap <PermissionReference, Permission>();
893 for (PermissionSet ps : permissionSets.values())
894 {
895 for (PermissionGroup pg : ps.getPermissionGroups())
896 {
897 if (uniqueMap.containsKey(pg.getName()) && !excluded.contains(pg.getName()))
898 {
899 PermissionReference value = uniqueMap.get(pg.getName());
900 if (!value.equals(getBasePermissionGroup(pg)))
901 {
902 uniqueMap.remove(pg.getName());
903 excluded.add(pg.getName());
904 }
905 }
906 else
907 {
908 uniqueMap.put(pg.getName(), getBasePermissionGroup(pg));
909 }
910 permissionReferenceMap.put(pg.toString(), pg);
911 permissionGroupMap.put(pg, pg);
912 }
913 for (Permission p : ps.getPermissions())
914 {
915 if (uniqueMap.containsKey(p.getName()) && !excluded.contains(p.getName()))
916 {
917 PermissionReference value = uniqueMap.get(p.getName());
918 if (!value.equals(p))
919 {
920 uniqueMap.remove(p.getName());
921 excluded.add(p.getName());
922 }
923 }
924 else
925 {
926 uniqueMap.put(p.getName(), p);
927 }
928 permissionReferenceMap.put(p.toString(), p);
929 permissionMap.put(p, p);
930 }
931 }
932 if (uniqueMap.containsKey(PermissionService.ALL_PERMISSIONS))
934 {
935 throw new IllegalStateException (
936 "There must not be a permission with the same name as the ALL_PERMISSION constant: "
937 + PermissionService.ALL_PERMISSIONS);
938 }
939 uniqueMap.put(PermissionService.ALL_PERMISSIONS, new SimplePermissionReference(QName.createQName(
940 NamespaceService.SECURITY_MODEL_1_0_URI, PermissionService.ALL_PERMISSIONS), PermissionService.ALL_PERMISSIONS));
941
942 }
943
944 }
945 |
Popular Tags |
Java API By Example, From Geeks To Geeks.