Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve ACL implementation #26

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Improve ACL implementation #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1d110ad
Improve ACL implementation
arteymix Sep 27, 2023
b1be48d
Use a natural ID to retrieve ACL object identity by type/identifier
arteymix Sep 29, 2023
f3f16a0
Fast path using ID for SIDs
arteymix Sep 29, 2023
abc83b6
More tests and documentation
arteymix Sep 29, 2023
a7d2c77
Rework findOrCreateSid() to be simply createSid()
arteymix Sep 29, 2023
7d94a11
More documentation update and assertions
arteymix Sep 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 48 additions & 15 deletions gsec/src/main/java/gemma/gsec/acl/domain/AclDao.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,11 @@
package gemma.gsec.acl.domain;

import org.springframework.security.acls.jdbc.LookupStrategy;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.ChildrenExistException;

import javax.annotation.CheckReturnValue;
import javax.annotation.Nullable;
import java.io.Serializable;
import java.util.List;

/**
Expand All @@ -29,22 +28,56 @@
*/
public interface AclDao extends LookupStrategy {

AclObjectIdentity createObjectIdentity( String type, Serializable identifier, Sid sid, boolean entriesInheriting );
/**
* Find an ACL object identity confirming to the given object identity.
* <p>
* If the provided object as a non-null ID, it is used, otherwise the type and identifier is used.
*/
@Nullable
AclObjectIdentity findObjectIdentity( AclObjectIdentity objectIdentity );

void delete( ObjectIdentity objectIdentity, boolean deleteChildren );
/**
* Find all the children of the given object identity.
*/
List<AclObjectIdentity> findChildren( AclObjectIdentity parentIdentity );

void delete( Sid sid );
/**
* Create a new object identity.
*/
@CheckReturnValue
AclObjectIdentity createObjectIdentity( AclObjectIdentity oid );

@Nullable
AclObjectIdentity find( ObjectIdentity oid );
/**
* Update a given object identity so that it conforms to a given ACL object.
*/
void updateObjectIdentity( AclObjectIdentity aclObjectIdentity, Acl acl );

@Nullable
AclSid find( Sid sid );
/**
* Delete a given object identity.
*
* @param deleteChildren if true, the children are recursively deleted as well
* @throws ChildrenExistException if deleteChildren is false and there are children associated to the object
* identity, those must be removed beforehand
*/
void deleteObjectIdentity( AclObjectIdentity objectIdentity, boolean deleteChildren ) throws ChildrenExistException;

List<ObjectIdentity> findChildren( ObjectIdentity parentIdentity );

AclSid findOrCreate( Sid sid );
/**
* Retrieve a SID conforming to the given object.
* <p>
* If the provided object as a non-null ID, it is used, otherwise either the principal or granted authority is used
* depending on the type.
*/
@Nullable
AclSid findSid( AclSid sid );

void update( MutableAcl acl );
/**
* Create a given SID.
*/
@CheckReturnValue
AclSid createSid( AclSid sid );

/**
* Delete a given SID.
*/
void deleteSid( AclSid sid );
}
Loading