diff --git a/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java b/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
index 3a3d03d18bc7b0913a522e2edd6c235f9a7d39a7..675d65dcfee5b8f98e0410bd33992094308fa461 100644
--- a/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
+++ b/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
@@ -169,31 +170,60 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
private void normalize() {
- for (final Entry<ResponsibleAgent, Long> set : this.priorityDenials.entrySet()) {
- if (this.priorityGrants.containsKey(set.getKey())) {
- this.priorityGrants.put(
- set.getKey(), this.priorityGrants.get(set.getKey()) & ~set.getValue());
+ Iterator<Entry<ResponsibleAgent, Long>> iterator = this.priorityDenials.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Entry<ResponsibleAgent, Long> next = iterator.next();
+ final ResponsibleAgent agent = next.getKey();
+ long bitset = next.getValue();
+ if (bitset == 0L) {
+ iterator.remove();
+ continue;
}
- if (this.normalDenials.containsKey(set.getKey())) {
- this.normalDenials.put(
- set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
+ if (this.priorityGrants.containsKey(agent)) {
+ this.priorityGrants.put(agent, this.priorityGrants.get(agent) & ~bitset);
}
- if (this.normalGrants.containsKey(set.getKey())) {
- this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+ if (this.normalDenials.containsKey(agent)) {
+ this.normalDenials.put(agent, this.normalDenials.get(agent) & ~bitset);
+ }
+ if (this.normalGrants.containsKey(agent)) {
+ this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
+ }
+ }
+ iterator = this.priorityGrants.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Entry<ResponsibleAgent, Long> next = iterator.next();
+ final ResponsibleAgent agent = next.getKey();
+ long bitset = next.getValue();
+ if (bitset == 0L) {
+ iterator.remove();
+ continue;
+ }
+ if (this.normalDenials.containsKey(agent)) {
+ this.normalDenials.put(agent, this.normalDenials.get(agent) & ~bitset);
+ }
+ if (this.normalGrants.containsKey(agent)) {
+ this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.priorityGrants.entrySet()) {
- if (this.normalDenials.containsKey(set.getKey())) {
- this.normalDenials.put(
- set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
+ iterator = this.normalDenials.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Entry<ResponsibleAgent, Long> next = iterator.next();
+ final ResponsibleAgent agent = next.getKey();
+ long bitset = next.getValue();
+ if (bitset == 0L) {
+ iterator.remove();
+ continue;
}
- if (this.normalGrants.containsKey(set.getKey())) {
- this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+ if (this.normalGrants.containsKey(agent)) {
+ this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.normalDenials.entrySet()) {
- if (this.normalGrants.containsKey(set.getKey())) {
- this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
+ iterator = this.normalGrants.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Entry<ResponsibleAgent, Long> next = iterator.next();
+ long bitset = next.getValue();
+ if (bitset == 0L) {
+ iterator.remove();
}
}
}
@@ -206,4 +236,41 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
protected abstract T create(Collection<EntityACI> acis);
+
+ public AbstractEntityACLFactory<T> remove(EntityACL permissions) {
+ if (permissions != null) {
+ for (EntityACI aci : permissions.getRules()) {
+ if (EntityACL.isAllowance(aci.getBitSet())) {
+ if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
+ long bitset = this.priorityGrants.get(aci.getResponsibleAgent());
+ long bitset2 = bitset;
+ bitset2 &= aci.getBitSet();
+ bitset ^= bitset2;
+ this.priorityGrants.put(aci.getResponsibleAgent(), bitset);
+ } else {
+ long bitset = this.normalGrants.get(aci.getResponsibleAgent());
+ long bitset2 = bitset;
+ bitset2 &= aci.getBitSet();
+ bitset ^= bitset2;
+ this.normalGrants.put(aci.getResponsibleAgent(), bitset);
+ }
+ } else {
+ if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
+ long bitset = this.priorityDenials.get(aci.getResponsibleAgent());
+ long bitset2 = bitset;
+ bitset2 &= aci.getBitSet();
+ bitset ^= bitset2;
+ this.priorityDenials.put(aci.getResponsibleAgent(), bitset);
+ } else {
+ long bitset = this.normalDenials.get(aci.getResponsibleAgent());
+ long bitset2 = bitset;
+ bitset2 &= aci.getBitSet();
+ bitset ^= bitset2;
+ this.normalDenials.put(aci.getResponsibleAgent(), bitset);
+ }
+ }
+ }
+ }
+ return this;
+ }
}
diff --git a/src/main/java/org/caosdb/server/permissions/EntityACL.java b/src/main/java/org/caosdb/server/permissions/EntityACL.java
index df1915bd460079eb52dfc6d4f3bbf4fe42795918..d8533cba2f98adc7a56287af914472cb9f759c57 100644
--- a/src/main/java/org/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/org/caosdb/server/permissions/EntityACL.java
@@ -103,7 +103,7 @@ public class EntityACL {
}
public static final EntityACL getOwnerACLFor(final ResponsibleAgent agent) {
- final EntityACLFactory f = new EntityACLFactory();
+ final AbstractEntityACLFactory<EntityACL> f = new EntityACLFactory();
f.grant(agent, "*");
return f.create();
}
@@ -291,7 +291,7 @@ public class EntityACL {
* @return
*/
public static final EntityACL parseFromElement(final Element e) {
- final EntityACLFactory factory = new EntityACLFactory();
+ final AbstractEntityACLFactory<EntityACL> factory = new EntityACLFactory();
for (final Element c : e.getChildren()) {
boolean priority;
@@ -323,7 +323,7 @@ public class EntityACL {
}
}
}
- return factory.create();
+ return factory.remove(GLOBAL_PERMISSIONS).create();
}
public static BitSet convert(final long value) {
diff --git a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
index 0e0e3ee121b09332b6cbb7d86a22458bb5fbf17f..8e8b0a10dd340bce53bca01ffb519868d13ca027 100644
--- a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
+++ b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
@@ -307,7 +307,7 @@ public class EntityACLTest {
@Test
public void testFactory() {
- final EntityACLFactory f = new EntityACLFactory();
+ final AbstractEntityACLFactory<EntityACL> f = new EntityACLFactory();
org.caosdb.server.permissions.Role role1 = org.caosdb.server.permissions.Role.create("role1");
Config config1 = new Config();