PermissionsGrantingManager.java

package eu.europeana.cloud.service.commons.permissions;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;

import java.util.List;

/**
 * Grants permissions to eCLoud objects (versions, files, data-providers, ...)
 */
public class PermissionsGrantingManager {


    @Autowired
    private MutableAclService mutableAclService;

    /**
     * @param objectType object type
     * @param objectIdentifier object identifier
     * @param userName name of the user who will be granted to access resource
     * @param listOfPermissions list of permissions that will be added to resource
     */
    public void grantPermissions(String objectType, String objectIdentifier, String userName, List<Permission> listOfPermissions) {

        ObjectIdentity objectIdentity = new ObjectIdentityImpl(objectType, objectIdentifier);

        MutableAcl versionAcl;
        try {
            versionAcl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
        } catch (NotFoundException ex) {
            versionAcl = mutableAclService.createAcl(objectIdentity);
        }

        for (Permission permission : listOfPermissions) {
            versionAcl.insertAce(versionAcl.getEntries().size(), permission, new PrincipalSid(userName), true);
        }

        mutableAclService.updateAcl(versionAcl);
    }

    public void removePermissions(String objectType, String objectIdentifier, String userName, List<Permission> listOfPermissions) {
        ObjectIdentity objectIdentity = new ObjectIdentityImpl(objectType, objectIdentifier);
        removePermissions(objectIdentity, userName, listOfPermissions);
    }

    public void removePermissions(ObjectIdentity objectIdentity, String userName, List<Permission> listOfPermissions) {

        MutableAcl objectAcl = (MutableAcl) mutableAclService.readAclById(objectIdentity);

        for (int i = objectAcl.getEntries().size() - 1; i >= 0; i--) {
            AccessControlEntry currentEntry = objectAcl.getEntries().get(i);
            if (currentEntry.getSid() instanceof PrincipalSid) {
                PrincipalSid s = (PrincipalSid) currentEntry.getSid();
                if (userName.equals(s.getPrincipal()) && isPermissionOnTheList(currentEntry.getPermission(), listOfPermissions)) {
                    objectAcl.deleteAce(i);
                }
            }
        }
        mutableAclService.updateAcl(objectAcl);
    }

    private boolean isPermissionOnTheList(Permission permission, List<Permission> listOfPermissions) {
        for (Permission permissionFromList : listOfPermissions) {
            if (permissionFromList.equals(permission)) {
                return true;
            }
        }
        return false;
    }
}