WIP: acm permissions

src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java

@@ -26,6 +26,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Map.Entry;
 
@@ -169,31 +170,60 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
   }
 
   private void normalize() {
-    for (final Entry<ResponsibleAgent, Long> set : this.priorityDenials.entrySet()) {
-      if (this.priorityGrants.containsKey(set.getKey())) {
-        this.priorityGrants.put(
-            set.getKey(), this.priorityGrants.get(set.getKey()) & ~set.getValue());
+    Iterator<Entry<ResponsibleAgent, Long>> iterator = this.priorityDenials.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry<ResponsibleAgent, Long> next = iterator.next();
+      final ResponsibleAgent agent = next.getKey();
+      long bitset = next.getValue();
+      if (bitset == 0L) {
+        iterator.remove();
+        continue;
       }
-      if (this.normalDenials.containsKey(set.getKey())) {
-        this.normalDenials.put(
-            set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
+      if (this.priorityGrants.containsKey(agent)) {
+        this.priorityGrants.put(agent, this.priorityGrants.get(agent) & ~bitset);
       }
-      if (this.normalGrants.containsKey(set.getKey())) {
-        this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+      if (this.normalDenials.containsKey(agent)) {
+        this.normalDenials.put(agent, this.normalDenials.get(agent) & ~bitset);
+      }
+      if (this.normalGrants.containsKey(agent)) {
+        this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
+      }
+    }
+    iterator = this.priorityGrants.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry<ResponsibleAgent, Long> next = iterator.next();
+      final ResponsibleAgent agent = next.getKey();
+      long bitset = next.getValue();
+      if (bitset == 0L) {
+        iterator.remove();
+        continue;
+      }
+      if (this.normalDenials.containsKey(agent)) {
+        this.normalDenials.put(agent, this.normalDenials.get(agent) & ~bitset);
+      }
+      if (this.normalGrants.containsKey(agent)) {
+        this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
       }
     }
-    for (final Entry<ResponsibleAgent, Long> set : this.priorityGrants.entrySet()) {
-      if (this.normalDenials.containsKey(set.getKey())) {
-        this.normalDenials.put(
-            set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
+    iterator = this.normalDenials.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry<ResponsibleAgent, Long> next = iterator.next();
+      final ResponsibleAgent agent = next.getKey();
+      long bitset = next.getValue();
+      if (bitset == 0L) {
+        iterator.remove();
+        continue;
       }
-      if (this.normalGrants.containsKey(set.getKey())) {
-        this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+      if (this.normalGrants.containsKey(agent)) {
+        this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
       }
     }
-    for (final Entry<ResponsibleAgent, Long> set : this.normalDenials.entrySet()) {
-      if (this.normalGrants.containsKey(set.getKey())) {
-        this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+    iterator = this.normalGrants.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry<ResponsibleAgent, Long> next = iterator.next();
+      long bitset = next.getValue();
+      if (bitset == 0L) {
+        iterator.remove();
       }
     }
   }
@@ -206,4 +236,41 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
   }
 
   protected abstract T create(Collection<EntityACI> acis);
+
+  public AbstractEntityACLFactory<T> remove(EntityACL permissions) {
+    if (permissions != null) {
+      for (EntityACI aci : permissions.getRules()) {
+        if (EntityACL.isAllowance(aci.getBitSet())) {
+          if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
+            long bitset = this.priorityGrants.get(aci.getResponsibleAgent());
+            long bitset2 = bitset;
+            bitset2 &= aci.getBitSet();
+            bitset ^= bitset2;
+            this.priorityGrants.put(aci.getResponsibleAgent(), bitset);
+          } else {
+            long bitset = this.normalGrants.get(aci.getResponsibleAgent());
+            long bitset2 = bitset;
+            bitset2 &= aci.getBitSet();
+            bitset ^= bitset2;
+            this.normalGrants.put(aci.getResponsibleAgent(), bitset);
+          }
+        } else {
+          if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
+            long bitset = this.priorityDenials.get(aci.getResponsibleAgent());
+            long bitset2 = bitset;
+            bitset2 &= aci.getBitSet();
+            bitset ^= bitset2;
+            this.priorityDenials.put(aci.getResponsibleAgent(), bitset);
+          } else {
+            long bitset = this.normalDenials.get(aci.getResponsibleAgent());
+            long bitset2 = bitset;
+            bitset2 &= aci.getBitSet();
+            bitset ^= bitset2;
+            this.normalDenials.put(aci.getResponsibleAgent(), bitset);
+          }
+        }
+      }
+    }
+    return this;
+  }
 }

src/main/java/org/caosdb/server/permissions/EntityACL.java

@@ -103,7 +103,7 @@ public class EntityACL {
   }
 
   public static final EntityACL getOwnerACLFor(final ResponsibleAgent agent) {
-    final EntityACLFactory f = new EntityACLFactory();
+    final AbstractEntityACLFactory<EntityACL> f = new EntityACLFactory();
     f.grant(agent, "*");
     return f.create();
   }
@@ -291,7 +291,7 @@ public class EntityACL {
    * @return
    */
   public static final EntityACL parseFromElement(final Element e) {
-    final EntityACLFactory factory = new EntityACLFactory();
+    final AbstractEntityACLFactory<EntityACL> factory = new EntityACLFactory();
 
     for (final Element c : e.getChildren()) {
       boolean priority;
@@ -323,7 +323,7 @@ public class EntityACL {
         }
       }
     }
-    return factory.create();
+    return factory.remove(GLOBAL_PERMISSIONS).create();
   }
 
   public static BitSet convert(final long value) {

src/test/java/org/caosdb/server/permissions/EntityACLTest.java

@@ -307,7 +307,7 @@ public class EntityACLTest {
 
   @Test
   public void testFactory() {
-    final EntityACLFactory f = new EntityACLFactory();
+    final AbstractEntityACLFactory<EntityACL> f = new EntityACLFactory();
 
     org.caosdb.server.permissions.Role role1 = org.caosdb.server.permissions.Role.create("role1");
     Config config1 = new Config();