understanding createacl in spring security acl?

Question

I am following this tutorial in order to understand how spring acl works.

https://grails-plugins.github.io/grails-spring-security-acl/v3/index.html#tutorial

The sample data service is as follows.

@Transactional
class SampleDataService {

   def aclService
   def aclUtilService
   def objectIdentityRetrievalStrategy

   void createSampleData() {
      createUsers()
      loginAsAdmin()
      grantPermissions()

      // logout
      SCH.clearContext()
   }

   private void loginAsAdmin() {
      // have to be authenticated as an admin to create ACLs
      SCH.context.authentication = new UsernamePasswordAuthenticationToken(
         'admin', 'admin123',
         AuthorityUtils.createAuthorityList('ROLE_ADMIN'))
   }

   private void createUsers() {
      def roleAdmin = new Role(authority: 'ROLE_ADMIN').save()
      def roleUser = new Role(authority: 'ROLE_USER').save()

      3.times {
         long id = it + 1
         def user = new User("user$id", "password$id").save()
         UserRole.create user, roleUser
      }

      def admin = new User('admin', 'admin123').save()

      UserRole.create admin, roleUser
      UserRole.create admin, roleAdmin
   }

   private void grantPermissions() {
      def reports = []
      100.times {
         long id = it + 1
         def report = new Report(name: "report$id").save()
         reports << report
         aclService.createAcl(
                 objectIdentityRetrievalStrategy.getObjectIdentity(report))
      }

      // grant user 1 admin on 11,12 and read on 1-67
      aclUtilService.addPermission reports[10], 'user1', ADMINISTRATION
      aclUtilService.addPermission reports[11], 'user1', ADMINISTRATION
      67.times {
         aclUtilService.addPermission reports[it], 'user1', READ
      }

      // grant user 2 read on 1-5, write on 5
      5.times {
         aclUtilService.addPermission reports[it], 'user2', READ
      }
      aclUtilService.addPermission reports[4], 'user2', WRITE

      // user 3 has no grants

      // grant admin admin on all
      for (report in reports) {
         aclUtilService.addPermission report, 'admin', ADMINISTRATION
      }

      // grant user 1 ownership on 1,2 to allow the user to grant
      aclUtilService.changeOwner reports[0], 'user1'
      aclUtilService.changeOwner reports[1], 'user1'
   }
}

My concern is with this line

aclService.createAcl(objectIdentityRetrievalStrategy.getObjectIdentity(report))

What is the purpose of createacl? I commented out this line and the app seems to function properly. So is this line not necessary?

I appreciate any help! Thanks!

score 0 · Answer 1 · answered Jul 23 '18 at 14:51

Acl is created on adding permissions too. As you can see it creates acl on add permission, but better to create acl after you insert object into db(afterInsert event) to create permission faster. The code from addPermission method:

MutableAcl acl
try {
    acl = aclService.readAclById(oid)
}
catch (NotFoundException e) {
    acl = aclService.createAcl(oid)
}

understanding createacl in spring security acl?

1 Answers1