[jboss-svn-commits] JBL Code SVN: r21035 - in labs/jbossrules/trunk/drools-guvnor/src: main/java/org/drools/guvnor/server/security and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 15 07:27:20 EDT 2008
Author: jervisliu
Date: 2008-07-15 07:27:20 -0400 (Tue, 15 Jul 2008)
New Revision: 21035
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
Log:
more fine-grained roles for role based authorization: http://wiki.jboss.org/wiki/RulesRepositoryRoleAuthorization
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-15 11:02:28 UTC (rev 21034)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-15 11:27:20 UTC (rev 21035)
@@ -162,7 +162,6 @@
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public Boolean createCategory(String path,
String name,
@@ -193,7 +192,7 @@
String initialPackage,
String format) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "create",
+ Identity.instance().checkPermission("ignoredanyway", "package.admin",
initialPackage);
}
@@ -227,7 +226,7 @@
@Restrict("#{identity.loggedIn}")
public void deleteUncheckedRule(String uuid, String initialPackage) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "delete",
+ Identity.instance().checkPermission("ignoredanyway", "package.admin",
initialPackage);
}
@@ -282,9 +281,9 @@
data.uuid = pkg.getUUID();
data.name = pkg.getName();
data.archived = pkg.isArchived();
- if (!archive && (filter == null || filter.accept(data, "read"))) {
+ if (!archive && (filter == null || filter.accept(data, "package.readonly"))) {
result.add(data);
- } else if (archive && data.archived && (filter == null || filter.accept(data, "read"))) {
+ } else if (archive && data.archived && (filter == null || filter.accept(data, "package.readonly"))) {
result.add(data);
}
}
@@ -359,7 +358,7 @@
asset.metaData = populateMetaData( item );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read",
+ Identity.instance().checkPermission("ignoredanyway", "package.readonly",
asset.metaData.packageName);
}
@@ -439,7 +438,7 @@
@Restrict("#{identity.loggedIn}")
public String checkinVersion(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update",
+ Identity.instance().checkPermission("ignoredanyway", "package.developer",
asset.metaData.packageName);
}
@@ -493,7 +492,7 @@
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", "package.readonly", item.getPackage().getUUID());
}
@@ -594,7 +593,6 @@
}
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public byte[] exportRepository() throws SerializableException {
@@ -611,7 +609,6 @@
}
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public String createPackage(String name,
String description) throws SerializableException {
@@ -629,7 +626,7 @@
//the uuid passed in is the uuid of that deployment bundle, not the package uudi.
//we have to figure out the package name.
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", item.getName());
+ Identity.instance().checkPermission("ignoredanyway", "package.readonly", item.getName());
}
PackageConfigData data = new PackageConfigData();
@@ -654,7 +651,7 @@
@Restrict("#{identity.loggedIn}")
public ValidatedResponse savePackage(PackageConfigData data) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update", data.uuid);
+ Identity.instance().checkPermission("ignoredanyway", "package.developer", data.uuid);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -827,7 +824,7 @@
String newPackage,
String comment) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update", newPackage);
+ Identity.instance().checkPermission("ignoredanyway", "package.developer", newPackage);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -842,7 +839,7 @@
String newPackage,
String newName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "create", newPackage);
+ Identity.instance().checkPermission("ignoredanyway", "package.developer", newPackage);
}
return repository.copyAsset( assetUUID, newPackage, newName );
@@ -852,7 +849,7 @@
@Restrict("#{identity.loggedIn}")
public SnapshotInfo[] listSnapshots(String packageName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.developer", packageName);
}
String[] snaps = repository.listPackageSnapshots( packageName );
@@ -875,7 +872,7 @@
boolean replaceExisting,
String comment) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.admin", packageName);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -899,7 +896,7 @@
boolean delete,
String newSnapshotName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.admin", packageName);
}
if (delete) {
@@ -943,7 +940,7 @@
break;
}
AssetItem item = (AssetItem) it.next();
- if (filter.accept(item, "read")) {
+ if (filter.accept(item, "package.readonly")) {
TableDataRow row = new TableDataRow();
row.id = item.getUUID();
String desc = item.getDescription() + "";
@@ -955,7 +952,7 @@
}
while (it.hasNext()) {
- if (filter.accept((AssetItem) it.next(), "read")) {
+ if (filter.accept((AssetItem) it.next(), "package.readonly")) {
TableDataRow empty = new TableDataRow();
empty.id = "MORE";
resultList.add(empty);
@@ -983,7 +980,6 @@
}
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public void clearRulesRepository() {
RulesRepositoryAdministrator admin = new RulesRepositoryAdministrator(repository.getSession());
@@ -994,7 +990,7 @@
@Restrict("#{identity.loggedIn}")
public SuggestionCompletionEngine loadSuggestionCompletionEngine(String packageName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.readonly", packageName);
}
try {
@@ -1012,7 +1008,7 @@
@Restrict("#{identity.loggedIn}")
public BuilderResult[] buildPackage(String packageUUID, String selectorConfigName, boolean force) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
}
PackageItem item = repository.loadPackageByUUID( packageUUID );
return buildPackage(selectorConfigName, force, item);
@@ -1080,7 +1076,7 @@
@Restrict("#{identity.loggedIn}")
public String buildPackageSource(String packageUUID) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
}
PackageItem item = repository.loadPackageByUUID( packageUUID );
@@ -1092,7 +1088,7 @@
@Restrict("#{identity.loggedIn}")
public String buildAssetSource(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", asset.metaData.packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", asset.metaData.packageName);
}
AssetItem item = repository.loadAssetByUUID( asset.uuid );
@@ -1121,7 +1117,7 @@
@Restrict("#{identity.loggedIn}")
public BuilderResult[] buildAsset(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", asset.metaData.packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", asset.metaData.packageName);
}
try {
@@ -1161,7 +1157,6 @@
}
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public void copyPackage(String sourcePackageName, String destPackageName) throws SerializableException {
try {
@@ -1192,7 +1187,7 @@
public String renameAsset(String uuid, String newName) {
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
}
return repository.renameAsset( uuid, newName );
@@ -1205,7 +1200,7 @@
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
}
item.archiveItem( value );
@@ -1226,7 +1221,7 @@
try {
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "delete", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
}
item.remove();
@@ -1242,7 +1237,7 @@
@Restrict("#{identity.loggedIn}")
public void removePackage(String uuid) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "delete", uuid);
+ Identity.instance().checkPermission("ignoredanyway", "package.admin", uuid);
}
try {
PackageItem item = repository.loadPackageByUUID(uuid);
@@ -1258,14 +1253,13 @@
@Restrict("#{identity.loggedIn}")
public String renamePackage(String uuid, String newName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "update", uuid);
+ Identity.instance().checkPermission("ignoredanyway", "package.admin", uuid);
}
return repository.renamePackage( uuid, newName );
}
@WebRemote
- //@Restrict("#{identity.loggedIn}")
@Restrict("#{s:hasRole('admin')}")
public void rebuildSnapshots() throws SerializableException {
Iterator pkit = repository.listPackages();
@@ -1291,7 +1285,7 @@
@Restrict("#{identity.loggedIn}")
public String[] listRulesInPackage(String packageName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.readonly", packageName);
}
PackageItem item = repository.loadPackage(packageName);
@@ -1322,7 +1316,7 @@
public ScenarioRunResult runScenario(String packageName, Scenario scenario)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageName);
+ Identity.instance().checkPermission("ignoredanyway", "package.testonly", packageName);
}
PackageItem item = this.repository.loadPackage(packageName);
@@ -1427,7 +1421,7 @@
public BulkTestRunResult runScenariosInPackage(String packageUUID)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", "package.testonly", packageUUID);
}
PackageItem item = repository.loadPackageByUUID(packageUUID);
@@ -1520,7 +1514,7 @@
public AnalysisReport analysePackage(String packageUUID)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
}
String drl = this.buildPackageSource(packageUUID);
@@ -1537,7 +1531,7 @@
@Restrict("#{identity.loggedIn}")
public String[] listTypesInPackage(String packageUUID) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "read", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", "package.readoly", packageUUID);
}
PackageItem pkg = this.repository.loadPackageByUUID(packageUUID);
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-15 11:02:28 UTC (rev 21034)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-15 11:27:20 UTC (rev 21035)
@@ -87,16 +87,54 @@
private boolean isPermitted(String requestedAction, String role) {
if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(role)) {
return true;
- } else if (RoleTypes.PACKAGE_GUEST.equalsIgnoreCase(role)) {
- if ("create".equalsIgnoreCase(requestedAction)) {
+ } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(role)) {
+ if ("package.admin".equalsIgnoreCase(requestedAction)) {
return false;
- } else if ("read".equalsIgnoreCase(requestedAction)) {
+ } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
return true;
- } else if ("update".equalsIgnoreCase(requestedAction)) {
+ } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ }
+ } else if (RoleTypes.PACKAGE_ANALYST.equalsIgnoreCase(role)) {
+ if ("package.admin".equalsIgnoreCase(requestedAction)) {
return false;
- } else if ("delete".equalsIgnoreCase(requestedAction)) {
+ } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
return false;
+ } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
+ return true;
}
+ } else if (RoleTypes.PACKAGE_TESTONLY.equalsIgnoreCase(role)) {
+ if ("package.admin".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ }
+ } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(role)) {
+ if ("package.admin".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
+ return true;
+ }
}
return false;
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-07-15 11:02:28 UTC (rev 21034)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-07-15 11:27:20 UTC (rev 21035)
@@ -3,6 +3,9 @@
public class RoleTypes {
public final static String ADMIN = "admin";
public final static String PACKAGE_ADMIN = "package.admin";
- public final static String PACKAGE_GUEST = "package.guest";
+ public final static String PACKAGE_DEVELOPER = "package.developer";
+ public final static String PACKAGE_ANALYST = "package.analyst";
+ public final static String PACKAGE_TESTONLY = "package.testonly";
+ public final static String PACKAGE_READONLY = "package.readonly";
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-07-15 11:02:28 UTC (rev 21034)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-07-15 11:27:20 UTC (rev 21035)
@@ -31,7 +31,7 @@
public class PackageBasedPermissionResolverTest extends TestCase {
- //admin can do everything
+ //admin: everything
public void testAdmin() throws Exception {
//Mock up SEAM contexts
Map application = new HashMap<String, Object>();
@@ -44,8 +44,8 @@
List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
- pbps.add(new PackageBasedPermission("631b3d79-5b67-42fb-83da-714624970a6b", "jervis", "package.admin"));
- pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", "package.guest"));
+ pbps.add(new PackageBasedPermission("631b3d79-5b67-42fb-83da-714624970a6b", "jervis", RoleTypes.ADMIN));
+ pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_READONLY));
Contexts.getSessionContext().set("packageBasedPermission", pbps);
PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
@@ -56,7 +56,7 @@
Lifecycle.endApplication();
}
- //Package.admin can do everything within this package
+ //Package.admin: everything for that package, including creating snapshots for that package.
public void testPackageAdmin() throws Exception {
//Mock up SEAM contexts
Map application = new HashMap<String, Object>();
@@ -69,22 +69,23 @@
List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
- pbps.add(new PackageBasedPermission("631b3d79-5b67-42fb-83da-714624970a6b", "jervis", "package.admin"));
+ pbps.add(new PackageBasedPermission("631b3d79-5b67-42fb-83da-714624970a6b", "jervis", RoleTypes.PACKAGE_ADMIN));
Contexts.getSessionContext().set("packageBasedPermission", pbps);
PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "create"));
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "read"));
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "update"));
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "delete"));
+ assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.admin"));
+ assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.developer"));
+ assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.analyst"));
+ assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.testonly"));
+ assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "read"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
Lifecycle.endApplication();
}
- //Package.guest can do read only
- public void testPackageGuest() throws Exception {
+ //Package.developer: everything for that package, NOT snapshots (can view snapshots of that package only)
+ public void testPackageDeveloper() throws Exception {
//Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
@@ -96,19 +97,109 @@
List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
- pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", "package.guest"));
+ pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_DEVELOPER));
Contexts.getSessionContext().set("packageBasedPermission", pbps);
PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "create"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "read"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "update"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "delete"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
- assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "read"));
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
Lifecycle.endApplication();
+ }
+
+ //Package.analyst: can read all contents. Can only edit/create files of "business" type,
+ //can run tests, and edit tests.
+ public void testPackageAnalyst() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ //this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
+ pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_ANALYST));
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
+
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
+
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
+
+ Lifecycle.endApplication();
+ }
+
+ //Package.testonly: can create, run, edit, and delete tests only.
+ public void testPackageTestonly() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ //this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
+ pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_TESTONLY));
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
+
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
+
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
+
+ Lifecycle.endApplication();
+ }
+
+ //Package.readonly: read only as the name suggested
+ public void testPackageReadOnly() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ //this makes Identity.hasRole("admin") return false
+ midentity.setHasRole(false);
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
+ pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_READONLY));
+ Contexts.getSessionContext().set("packageBasedPermission", pbps);
+
+ PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
+
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
+ assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
+
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
+
+ Lifecycle.endApplication();
}
+
}
\ No newline at end of file
More information about the jboss-svn-commits
mailing list