Seam SVN: r8160 - trunk/build and 1 other directory.
by seam-commits@lists.jboss.org
Author: pete.muir(a)jboss.org
Date: 2008-05-12 06:28:43 -0400 (Mon, 12 May 2008)
New Revision: 8160
Modified:
branches/Seam_2_0/build/ci.build.xml
trunk/build/ci.build.xml
Log:
Newer docs deploy, fix ws
Modified: branches/Seam_2_0/build/ci.build.xml
===================================================================
--- branches/Seam_2_0/build/ci.build.xml 2008-05-12 08:18:28 UTC (rev 8159)
+++ branches/Seam_2_0/build/ci.build.xml 2008-05-12 10:28:43 UTC (rev 8160)
@@ -3,7 +3,6 @@
<project name="Seam2 Continuous Integration Support" basedir="." xmlns:artifact="urn:maven-artifact-ant">
<property name="qualifier" value="-SNAPSHOT" />
-
<property file="default.build.properties" />
<property file="build.properties" />
@@ -14,7 +13,7 @@
<property name="maven.settings.xml" location="ci.settings.xml" />
<import file="common.build.xml" />
-
+
<artifact:remoteRepository id="snapshots.jboss.org" url="dav:https://snapshots.jboss.org/maven2" />
<target name="deploySeamSnapshot" description="Deploy a Seam snapshot to snapshots.jboss.org" depends="initdav, initpoms">
@@ -22,7 +21,7 @@
<deploySnapshotPom pom="${parent.pom}" />
<deploySnapshot pom="${core.pom}" jar="${lib.dir}/jboss-seam.jar" srcjar="${lib.dir}/src/jboss-seam-sources.jar" />
<deploySnapshot pom="${debug.pom}" jar="${lib.dir}/jboss-seam-debug.jar" srcjar="${lib.dir}/src/jboss-seam-debug-sources.jar" />
- <deploySnapshot pom="${jbas5.pom}" jar="${lib.dir}/interop/jboss-seam-jbas5.jar" srcjar="${lib.dir}/interop/src/jboss-seam-jbas5-sources.jar" />
+ <deploySnapshot pom="${jbas5.pom}" jar="${lib.dir}/interop/jboss-seam-jbas5.jar" srcjar="${lib.dir}/interop/src/jboss-seam-jbas5-sources.jar" />
<deploySnapshot pom="${gen.pom}" jar="${lib.dir}/jboss-seam-gen.jar" srcjar="${lib.dir}/src/jboss-seam-gen-sources.jar" />
<deploySnapshot pom="${ioc.pom}" jar="${lib.dir}/jboss-seam-ioc.jar" srcjar="${lib.dir}/src/jboss-seam-ioc-sources.jar" />
<deploySnapshot pom="${mail.pom}" jar="${lib.dir}/jboss-seam-mail.jar" srcjar="${lib.dir}/src/jboss-seam-mail-sources.jar" />
@@ -33,24 +32,24 @@
<target name="tests">
<build target="cleanall" />
- <build target="coverageall" testngjvmargs="-Dfoo" />
+ <build target="coverageall" />
<build target="copytestoutput" />
<build target="testreport" />
</target>
+
+ <target name="tests-java16">
+ <build target="cleanall" />
+ <copyInlineDependencies id="endorsed" scope="compile" todir="${endorsed.dir}">
+ <dependency groupId="javax.xml.bind" artifactId="jaxb-api" version="2.1">
+ <exclusion groupId="javax.xml.stream" artifactId="stax-api" />
+ <exclusion groupId="javax.activation" artifactId="activation" />
+ </dependency>
+ </copyInlineDependencies>
+ <build target="testall" testngjvmargs="-Dsun.lang.ClassLoader.allowArraySyntax=true" />
+ <build target="copytestoutput" />
+ <build target="testreport" />
+ </target>
- <target name="tests-java16">
- <build target="cleanall" />
- <copyInlineDependencies id="endorsed" scope="compile" todir="${endorsed.dir}">
- <dependency groupId="javax.xml.bind" artifactId="jaxb-api" version="2.1">
- <exclusion groupId="javax.xml.stream" artifactId="stax-api" />
- <exclusion groupId="javax.activation" artifactId="activation" />
- </dependency>
- </copyInlineDependencies>
- <build target="testall" testngjvmargs="-Dsun.lang.ClassLoader.allowArraySyntax=true" />
- <build target="copytestoutput" />
- <build target="testreport" />
- </target>
-
<target name="snapshot">
<build target="cleanall" />
<build target="dist" />
@@ -72,13 +71,13 @@
<property name="qualifier" value="-SNAPSHOT" />
</ant>
</target>
-
+
<target name="deployExamplesSnapshot" depends="initdav">
<deployExample name="booking" repositoryId="snapshots.jboss.org" />
<deployExampleNoDs name="numberguess" repositoryId="snapshots.jboss.org" />
<deployExample name="dvd" path="${seam.dir}/examples/dvdstore" repositoryId="snapshots.jboss.org" />
</target>
-
+
<target name="deployDocumentation" depends="initdav, initpoms">
<artifact:deploy uniqueVersion="false" file="${docs.pom}">
<pom file="${docs.pom}" />
@@ -89,38 +88,38 @@
<macrodef name="build">
<attribute name="target" />
- <attribute name="testngjvmargs" default="" />
+ <attribute name="testngjvmargs" default="" />
<element name="properties" optional="true" />
<sequential>
<ant antfile="${seam.dir}/build.xml" target="@{target}" inheritall="false" inheritrefs="false" dir="../">
<property name="dist.location" value="${dist.location}" />
<property name="qualifier" value="-SNAPSHOT" />
<property name="quietclean" value="true" />
- <property name="testng.jvmargs" value="@{testngjvmargs}" />
+ <property name="testng.jvmargs" value="@{testngjvmargs}" />
<property name="maven.settings.xml" value="${maven.settings.xml}" />
<properties />
</ant>
</sequential>
</macrodef>
- <macrodef name="deploySnapshotPom">
- <attribute name="pom" />
- <sequential>
- <artifact:deploy uniqueVersion="true">
- <pom file="@{pom}" />
- <remoteRepository refid="snapshots.jboss.org" />
- </artifact:deploy>
- </sequential>
- </macrodef>
+ <macrodef name="deploySnapshotPom">
+ <attribute name="pom" />
+ <sequential>
+ <artifact:deploy uniqueVersion="true">
+ <pom file="@{pom}" />
+ <remoteRepository refid="snapshots.jboss.org" />
+ </artifact:deploy>
+ </sequential>
+ </macrodef>
<macrodef name="deploySnapshot">
<attribute name="pom" />
<attribute name="jar" />
- <attribute name="srcjar" />
+ <attribute name="srcjar" />
<sequential>
<artifact:deploy file="@{jar}" uniqueVersion="true">
<pom file="@{pom}" />
- <attach file="@{srcjar}" classifier="sources" />
+ <attach file="@{srcjar}" classifier="sources" />
<remoteRepository refid="snapshots.jboss.org" />
</artifact:deploy>
</sequential>
Modified: trunk/build/ci.build.xml
===================================================================
--- trunk/build/ci.build.xml 2008-05-12 08:18:28 UTC (rev 8159)
+++ trunk/build/ci.build.xml 2008-05-12 10:28:43 UTC (rev 8160)
@@ -2,14 +2,13 @@
<!-- Continuous integration related targets -->
<project name="Seam2 Continuous Integration Support" basedir="." xmlns:artifact="urn:maven-artifact-ant">
- <property name="qualifier" value="-SNAPSHOT"/>
-
+ <property name="qualifier" value="-SNAPSHOT" />
<property file="default.build.properties" />
<property file="build.properties" />
<property name="seam.dir" value="${basedir}/../" />
<property name="dist.location" value="${seam.dir}/dist" />
- <property name="dist.ref.dir" value="${dist.location}/ref" />
+ <property name="doc.ref.dir" value="${seam.dir}/doc/Seam_Reference_Guide" />
<property name="maven.settings.xml" location="ci.settings.xml" />
@@ -17,7 +16,7 @@
<artifact:remoteRepository id="snapshots.jboss.org" url="dav:https://snapshots.jboss.org/maven2" />
- <target name="deploySeamSnapshot" description="Deploy a Seam snapshot to snapshots.jboss.org" depends="initdav, initpoms">
+ <target name="deploySeamSnapshot" description="Deploy a Seam snapshot to snapshots.jboss.org" depends="initdav, initpoms">
<deploySnapshotPom pom="${root.pom}" />
<deploySnapshotPom pom="${parent.pom}" />
<deploySnapshot pom="${core.pom}" jar="${lib.dir}/jboss-seam.jar" srcjar="${lib.dir}/src/jboss-seam-sources.jar" />
@@ -34,22 +33,21 @@
</target>
<target name="tests">
- <echo>${maven.settings.xml}</echo>
<build target="cleanall" />
- <build target="coverageall" testngjvmargs="-Dfoo"/>
+ <build target="coverageall" />
<build target="copytestoutput" />
<build target="testreport" />
</target>
-
+
<target name="tests-java16">
- <build target="cleanall" />
- <copyInlineDependencies id="endorsed" scope="compile" todir="${endorsed.dir}">
+ <build target="cleanall" />
+ <copyInlineDependencies id="endorsed" scope="compile" todir="${endorsed.dir}">
<dependency groupId="javax.xml.bind" artifactId="jaxb-api" version="2.1">
<exclusion groupId="javax.xml.stream" artifactId="stax-api" />
<exclusion groupId="javax.activation" artifactId="activation" />
</dependency>
</copyInlineDependencies>
- <build target="testall" testngjvmargs="-Dsun.lang.ClassLoader.allowArraySyntax=true"/>
+ <build target="testall" testngjvmargs="-Dsun.lang.ClassLoader.allowArraySyntax=true" />
<build target="copytestoutput" />
<build target="testreport" />
</target>
@@ -63,27 +61,31 @@
</properties>
</build>
<ant target="deploySeamSnapshot" antfile="${ant.file}" inheritall="false" inheritrefs="false" dir=".">
- <property name="qualifier" value="-SNAPSHOT"/>
+ <property name="qualifier" value="-SNAPSHOT" />
</ant>
<ant target="deployExamplesSnapshot" antfile="${ant.file}" inheritall="false" inheritrefs="false" dir=".">
- <property name="qualifier" value="-SNAPSHOT"/>
+ <property name="qualifier" value="-SNAPSHOT" />
</ant>
<ant target="deployDocumentation" antfile="${ant.file}" inheritall="false" inheritrefs="false" dir=".">
- <property name="qualifier" value="-SNAPSHOT"/>
+ <property name="qualifier" value="-SNAPSHOT" />
</ant>
<ant target="tests" antfile="${ant.file}" inheritall="false" inheritrefs="false" dir=".">
- <property name="qualifier" value="-SNAPSHOT"/>
+ <property name="qualifier" value="-SNAPSHOT" />
</ant>
</target>
<target name="deployExamplesSnapshot" depends="initdav">
- <deployExample name="booking" repositoryId="snapshots.jboss.org"/>
- <deployExampleNoDs name="numberguess" repositoryId="snapshots.jboss.org"/>
- <deployExample name="dvd" path="${seam.dir}/examples/dvdstore" repositoryId="snapshots.jboss.org"/>
+ <deployExample name="booking" repositoryId="snapshots.jboss.org" />
+ <deployExampleNoDs name="numberguess" repositoryId="snapshots.jboss.org" />
+ <deployExample name="dvd" path="${seam.dir}/examples/dvdstore" repositoryId="snapshots.jboss.org" />
</target>
<target name="deployDocumentation" depends="initdav, initpoms">
- <deploy pom="${docs.pom}" jar="${dist.ref.dir}/en/pdf/seam_reference.pdf" unique="false" repositoryId="snapshots.jboss.org"/>
+ <artifact:deploy uniqueVersion="false" file="${docs.pom}">
+ <pom file="${docs.pom}" />
+ <remoteRepository refId="snapshots.jboss.org" />
+ <attach file="${doc.ref.dir}/target/docbook/publish/en-US/pdf/seam_reference.pdf" classifier="pdf" type="pdf" />
+ </artifact:deploy>
</target>
<macrodef name="build">
@@ -103,13 +105,13 @@
</macrodef>
<macrodef name="deploySnapshotPom">
- <attribute name="pom" />
- <sequential>
- <artifact:deploy uniqueVersion="true">
- <pom file="@{pom}" />
- <remoteRepository refid="snapshots.jboss.org" />
- </artifact:deploy>
- </sequential>
+ <attribute name="pom" />
+ <sequential>
+ <artifact:deploy uniqueVersion="true">
+ <pom file="@{pom}" />
+ <remoteRepository refid="snapshots.jboss.org" />
+ </artifact:deploy>
+ </sequential>
</macrodef>
<macrodef name="deploySnapshot">
16 years, 6 months
- 1
- 0
Seam SVN: r8159 - in trunk/examples/seamspace: src/org/jboss/seam/example/seamspace and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-12 04:18:28 -0400 (Mon, 12 May 2008)
New Revision: 8159
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
trunk/examples/seamspace/view/pictures.xhtml
Log:
implemented delete image feature
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 08:17:42 UTC (rev 8158)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 08:18:28 UTC (rev 8159)
@@ -28,6 +28,19 @@
check.grant();
end
+# This rule allows a member to delete their own images
+
+rule DeleteImage
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "delete", granted == false)
+then
+ check.grant();
+end
+
# This rule allows members to revoke permissions on their images to other users/roles
rule RevokeImagePermissions
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12 08:17:42 UTC (rev 8158)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12 08:18:28 UTC (rev 8159)
@@ -11,6 +11,7 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.security.Delete;
import org.jboss.seam.annotations.web.RequestParameter;
import org.jboss.seam.security.Identity;
@@ -41,6 +42,11 @@
this.memberName = memberName;
}
+ public void delete(@Delete MemberImage image)
+ {
+ entityManager.remove(image);
+ }
+
public MemberImage lookupImage()
{
return entityManager.find(MemberImage.class, imageId);
@@ -50,7 +56,7 @@
public void loadMemberPictures()
{
memberImages = (List<MemberImage>) entityManager.createQuery(
- "select i from MemberImage i where i.member.memberName = :name")
+ "select i from MemberImage i where i.member.memberName = :name and not i = i.member.picture")
.setParameter("name", memberName)
.getResultList();
Identity.instance().filterByPermission(memberImages, "view");
Modified: trunk/examples/seamspace/view/pictures.xhtml
===================================================================
--- trunk/examples/seamspace/view/pictures.xhtml 2008-05-12 08:17:42 UTC (rev 8158)
+++ trunk/examples/seamspace/view/pictures.xhtml 2008-05-12 08:18:28 UTC (rev 8159)
@@ -14,6 +14,13 @@
</ui:define>
<ui:define name="content">
+
+ <script type="text/javascript">
+ function confirmDelete()
+ {
+ return confirm("Are you sure you wish to delete this image? This action cannot be undone.");
+ }
+ </script>
<div class="errors"><h:messages globalOnly="true"/></div>
@@ -45,10 +52,18 @@
<a href="content/images?id=#{img.imageId}" rel="lightbox[pictureset]" title="#{img.caption}">
<h:graphicImage value="/content/images?id=#{img.imageId}&width=90" border="0"/>
</a>
- <s:button view="/imagepermissions.seam" action="#{permissionSearch.search(pictureSearch.lookupImage())}" styleClass="padlock">
+ <s:button view="/imagepermissions.seam"
+ action="#{permissionSearch.search(pictureSearch.lookupImage())}"
+ styleClass="padlock"
+ rendered="#{s:hasPermission(img, 'seam.grant-permission')}">
<f:param name="imageId" value="#{img.imageId}"/>
</s:button>
- <s:button styleClass="trash"/>
+ <s:button styleClass="trash"
+ action="#{pictureSearch.delete(pictureSearch.lookupImage())}"
+ rendered="#{s:hasPermission(img, 'delete')}"
+ onclick="if (!confirmDelete()) return false">
+ <f:param name="imageId" value="#{img.imageId}"/>
+ </s:button>
</div>
</ui:repeat>
16 years, 6 months
- 1
- 0
Seam SVN: r8158 - in trunk/src/main/org/jboss/seam: annotations/security and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-12 04:17:42 -0400 (Mon, 12 May 2008)
New Revision: 8158
Modified:
trunk/src/main/org/jboss/seam/Component.java
trunk/src/main/org/jboss/seam/annotations/security/Delete.java
trunk/src/main/org/jboss/seam/annotations/security/Insert.java
trunk/src/main/org/jboss/seam/annotations/security/Read.java
trunk/src/main/org/jboss/seam/annotations/security/Update.java
trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
Log:
support for parameter-level restrictions
Modified: trunk/src/main/org/jboss/seam/Component.java
===================================================================
--- trunk/src/main/org/jboss/seam/Component.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/Component.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1077,20 +1077,30 @@
if ( beanClassHasAnnotation(Restrict.class) )
{
secure = true;
+ return;
}
- if (!secure)
+ for (Method method : getBeanClass().getMethods())
{
- for (Method method : getBeanClass().getMethods())
+ for (Annotation annotation : method.getAnnotations())
{
- for (Annotation annotation : method.getAnnotations())
+ if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
+ secure = true;
+ return;
+ }
+ }
+
+ for (Annotation[] annotations : method.getParameterAnnotations())
+ {
+ for (Annotation annotation : annotations)
+ {
if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
secure = true;
- break;
+ return;
}
- }
+ }
}
}
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Delete.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Delete.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Delete.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,5 +1,6 @@
package org.jboss.seam.annotations.security;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
-@Target({METHOD})
+@Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
-@PermissionCheck("delete")
+@PermissionCheck
public @interface Delete {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Insert.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Insert.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Insert.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
-@Target({METHOD})
+@Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
-@PermissionCheck("insert")
+@PermissionCheck
public @interface Insert {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Read.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Read.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Read.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
-@Target({METHOD})
+@Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
-@PermissionCheck("read")
+@PermissionCheck
public @interface Read {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Update.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Update.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Update.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
-@Target({METHOD})
+@Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
-@PermissionCheck("update")
+@PermissionCheck
public @interface Update {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -3,7 +3,9 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.jboss.seam.annotations.intercept.AroundInvoke;
import org.jboss.seam.annotations.intercept.Interceptor;
@@ -32,25 +34,47 @@
{
private String expression;
- private Object target;
- private String action;
+ private Map<String, Object> methodRestrictions;
+ private Map<Integer,Set<String>> paramRestrictions;
public void setExpression(String expression)
{
this.expression = expression;
}
- public void setTarget(Object target)
+ public void addMethodRestriction(Object target, String action)
{
- this.target = target;
+ if (methodRestrictions == null)
+ {
+ methodRestrictions = new HashMap<String, Object>();
+ }
+
+ methodRestrictions.put(action, target);
}
- public void setAction(String action)
+ public void addParameterRestriction(int index, String action)
{
- this.action = action;
+ Set<String> actions = null;
+
+ if (paramRestrictions == null)
+ {
+ paramRestrictions = new HashMap<Integer,Set<String>>();
+ }
+
+ if (!paramRestrictions.containsKey(index))
+ {
+ actions = new HashSet<String>();
+ paramRestrictions.put(index, actions);
+ }
+ else
+ {
+ actions = paramRestrictions.get(index);
+ }
+
+ actions.add(action);
}
- public void check()
+ public void check(Object[] parameters)
{
if (Identity.isSecurityEnabled())
{
@@ -58,10 +82,26 @@
{
Identity.instance().checkRestriction(expression);
}
- else if (target != null && action != null)
+
+ if (methodRestrictions != null)
{
- Identity.instance().checkPermission(target, action);
+ for (String action : methodRestrictions.keySet())
+ {
+ Identity.instance().checkPermission(methodRestrictions.get(action), action);
+ }
}
+
+ if (paramRestrictions != null)
+ {
+ for (Integer idx : paramRestrictions.keySet())
+ {
+ Set<String> actions = paramRestrictions.get(idx);
+ for (String action : actions)
+ {
+ Identity.instance().checkPermission(parameters[idx], action);
+ }
+ }
+ }
}
}
}
@@ -73,7 +113,7 @@
Restriction restriction = getRestriction(interfaceMethod);
- if ( restriction != null ) restriction.check();
+ if ( restriction != null ) restriction.check(invocation.getParameters());
return invocation.proceed();
}
@@ -85,7 +125,9 @@
synchronized(restrictions)
{
if (!restrictions.containsKey(interfaceMethod))
- {
+ {
+ Restriction restriction = null;
+
Method method = getComponent().getBeanClass().getMethod(
interfaceMethod.getName(), interfaceMethod.getParameterTypes() );
@@ -105,18 +147,17 @@
if (restrict != null)
{
- Restriction restriction = new Restriction();
+ if (restriction == null) restriction = new Restriction();
restriction.setExpression(!Strings.isEmpty( restrict.value() ) ?
restrict.value() : createDefaultExpr(method));
- restrictions.put(interfaceMethod, restriction);
- return restriction;
}
for (Annotation annotation : method.getAnnotations())
{
if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
- PermissionCheck permissionAction = annotation.annotationType().getAnnotation(PermissionCheck.class);
+ PermissionCheck permissionCheck = annotation.annotationType().getAnnotation(
+ PermissionCheck.class);
Method valueMethod = null;
for (Method m : annotation.annotationType().getDeclaredMethods())
@@ -126,33 +167,55 @@
}
if (valueMethod != null)
- {
- Restriction restriction = new Restriction();
- restriction.setTarget(valueMethod.invoke(annotation));
-
- if (!"".equals(permissionAction.value()))
+ {
+ if (restriction == null) restriction = new Restriction();
+ Object target = valueMethod.invoke(annotation);
+ if (!target.equals(void.class))
{
- restriction.setAction(permissionAction.value());
+ if (restriction == null) restriction = new Restriction();
+ restriction.addMethodRestriction(target,
+ getPermissionAction(permissionCheck, annotation));
}
- else
- {
- // If the PermissionAction.value isn't set, just use the lower-case version of the annotation name
- restriction.setAction(annotation.annotationType().getSimpleName().toLowerCase());
- }
- restrictions.put(interfaceMethod, restriction);
- return restriction;
}
}
- }
+ }
- restrictions.put(interfaceMethod, null);
- return null;
+ for (int i = 0; i < method.getParameterAnnotations().length; i++)
+ {
+ Annotation[] annotations = method.getParameterAnnotations()[i];
+ for (Annotation annotation : annotations)
+ {
+ if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
+ {
+ PermissionCheck permissionCheck = annotation.annotationType().getAnnotation(
+ PermissionCheck.class);
+ if (restriction == null) restriction = new Restriction();
+ restriction.addParameterRestriction(i,
+ getPermissionAction(permissionCheck, annotation));
+ }
+ }
+ }
+
+ restrictions.put(interfaceMethod, restriction);
+ return restriction;
}
}
}
return restrictions.get(interfaceMethod);
}
+ private String getPermissionAction(PermissionCheck check, Annotation annotation)
+ {
+ if (!"".equals(check.value()))
+ {
+ return check.value();
+ }
+ else
+ {
+ return annotation.annotationType().getSimpleName().toLowerCase();
+ }
+ }
+
/**
* Creates a default security expression for a specified method. The method must
* be a method of a Seam component.
16 years, 6 months
- 1
- 0
Seam SVN: r8157 - in trunk/examples/seamspace: resources/META-INF and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-12 00:01:32 -0400 (Mon, 12 May 2008)
New Revision: 8157
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/resources/import.sql
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
Log:
filter member images by permission
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 04:00:45 UTC (rev 8156)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 04:01:32 UTC (rev 8157)
@@ -56,10 +56,10 @@
no-loop
activation-group "permissions"
when
- member: Member()
- image: MemberImage(mbr : member -> (mbr.friends contains member))
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.isFriend(acct.member)))
PermissionCheck(target == image, action == "view")
- role: RoleCheck(name == "friend")
+ role: RoleCheck(name == "friends")
then
role.grant();
end
Modified: trunk/examples/seamspace/resources/import.sql
===================================================================
--- trunk/examples/seamspace/resources/import.sql 2008-05-12 04:00:45 UTC (rev 8156)
+++ trunk/examples/seamspace/resources/import.sql 2008-05-12 04:01:32 UTC (rev 8157)
@@ -3,8 +3,9 @@
insert into Member (memberid, membername, firstname, lastname, email, tagline, gender, dob, location, membersince) values (3, 'shadowman', 'shadow', 'man', 'shadowman(a)redhat.com', 'I''m wearing a hat', 0, '1999-01-01', '', '2007-01-05')
insert into Member (memberid, membername, firstname, lastname, email, tagline, gender, dob, location, membersince) values (4, 'mona', 'mona', 'lisa', 'monalisa(a)louvre.fr', 'Some describe me as enigmatic', 1, '1503-07-01', '', '2007-01-06')
-insert into MemberRole (roleid, name) values (1, 'user');
-insert into MemberRole (roleid, name) values (2, 'admin');
+insert into MemberRole (roleid, name, conditional) values (1, 'user', false);
+insert into MemberRole (roleid, name, conditional) values (2, 'admin', false);
+insert into MemberRole (roleid, name, conditional) values (3, 'friends', true);
insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values (1, 'demo', '/9Se/pfHeUH8FJ4asBD6jQ==', 1, 1);
insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values (2, 'duke', 'lykcKcxppliQQk0Pl9so8g==', 1, 2);
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java 2008-05-12 04:00:45 UTC (rev 8156)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java 2008-05-12 04:01:32 UTC (rev 8157)
@@ -10,6 +10,7 @@
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
+import org.jboss.seam.annotations.security.management.RoleConditional;
import org.jboss.seam.annotations.security.management.RoleGroups;
import org.jboss.seam.annotations.security.management.RoleName;
@@ -20,6 +21,7 @@
private Integer roleId;
private String name;
+ private boolean conditional;
private Set<MemberRole> groups;
@@ -60,4 +62,15 @@
{
this.groups = groups;
}
+
+ @RoleConditional
+ public boolean isConditional()
+ {
+ return conditional;
+ }
+
+ public void setConditional(boolean conditional)
+ {
+ this.conditional = conditional;
+ }
}
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12 04:00:45 UTC (rev 8156)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12 04:01:32 UTC (rev 8157)
@@ -12,6 +12,7 @@
import org.jboss.seam.annotations.Out;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.web.RequestParameter;
+import org.jboss.seam.security.Identity;
@Name("pictureSearch")
@Scope(EVENT)
@@ -52,5 +53,6 @@
"select i from MemberImage i where i.member.memberName = :name")
.setParameter("name", memberName)
.getResultList();
+ Identity.instance().filterByPermission(memberImages, "view");
}
}
16 years, 6 months
- 1
- 0
Seam SVN: r8156 - in trunk/src/main/org/jboss/seam/security: management and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-12 00:00:45 -0400 (Mon, 12 May 2008)
New Revision: 8156
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java
trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
support collection filtering by permission
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -8,6 +8,7 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
@@ -564,6 +565,11 @@
}
}
+ public void filterByPermission(Collection collection, String action)
+ {
+ permissionMapper.filterByPermission(collection, action);
+ }
+
public boolean hasPermission(Object target, String action)
{
if (!securityEnabled)
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -217,6 +217,12 @@
return roles;
}
+ public List<String> listAssignableRoles()
+ {
+ return listRoles();
+ // TODO fix
+ }
+
public List<String> getGrantedRoles(String name)
{
return roleIdentityStore.getGrantedRoles(name);
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -81,7 +81,7 @@
boolean deleteRole(String role);
boolean roleExists(String name);
boolean addRoleToGroup(String role, String group);
- boolean removeRoleFromGroup(String role, String group);
+ boolean removeRoleFromGroup(String role, String group);
List<String> listUsers();
List<String> listUsers(String filter);
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -19,6 +19,7 @@
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.annotations.security.management.RoleConditional;
import org.jboss.seam.annotations.security.management.RoleGroups;
import org.jboss.seam.annotations.security.management.RoleName;
import org.jboss.seam.annotations.security.management.UserEnabled;
@@ -70,6 +71,7 @@
private AnnotatedBeanProperty<UserLastName> userLastNameProperty;
private AnnotatedBeanProperty<RoleName> roleNameProperty;
private AnnotatedBeanProperty<RoleGroups> roleGroupsProperty;
+ private AnnotatedBeanProperty<RoleConditional> roleConditionalProperty;
public Set<Feature> getFeatures()
{
@@ -126,6 +128,7 @@
roleNameProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleName.class);
roleGroupsProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleGroups.class);
+ roleConditionalProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleConditional.class);
if (userPrincipalProperty == null)
{
@@ -659,6 +662,12 @@
return (String) roleNameProperty.getValue(role);
}
+ public boolean isRoleConditional(String role)
+ {
+ return roleConditionalProperty == null ? false : (Boolean) roleConditionalProperty.getValue(
+ lookupRole(role));
+ }
+
public Object lookupRole(String role)
{
try
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -7,12 +7,12 @@
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
import javax.persistence.Query;
import org.jboss.seam.Component;
@@ -33,8 +33,8 @@
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.management.JpaIdentityStore;
+import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.seam.util.AnnotatedBeanProperty;
-import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
/**
* A permission store implementation that uses JPA as its persistence mechanism.
@@ -156,14 +156,20 @@
}
}
- protected Query createPermissionQuery(Object target, Principal recipient, Discrimination discrimination)
+ protected Query createPermissionQuery(Object target, Set targets, Principal recipient, Discrimination discrimination)
{
- int queryKey = ((target != null) ? 1 : 0);
- queryKey |= (recipient != null ? 2 : 0);
- queryKey |= (discrimination.equals(Discrimination.user) ? 4 : 0);
- queryKey |= (discrimination.equals(Discrimination.role) ? 8 : 0);
- queryKey |= (discrimination.equals(Discrimination.either) ? 16 : 0);
+ if (target != null && targets != null)
+ {
+ throw new IllegalArgumentException("Cannot specify both target and targets");
+ }
+ int queryKey = (target != null) ? 1 : 0;
+ queryKey |= (targets != null) ? 2 : 0;
+ queryKey |= (recipient != null) ? 4 : 0;
+ queryKey |= (discrimination.equals(Discrimination.user) ? 8 : 0);
+ queryKey |= (discrimination.equals(Discrimination.role) ? 16 : 0);
+ queryKey |= (discrimination.equals(Discrimination.either) ? 32 : 0);
+
boolean isRole = discrimination.equals(Discrimination.role) && rolePermissionClass != null;
if (!queryCache.containsKey(queryKey))
@@ -177,15 +183,23 @@
if (target != null)
{
- q.append(" where ");
+ q.append(" where p.");
q.append(isRole ? roleTargetProperty.getName() : targetProperty.getName());
q.append(" = :target");
conditionsAdded = true;
}
+ if (targets != null)
+ {
+ q.append(" where p.");
+ q.append(isRole ? roleTargetProperty.getName() : targetProperty.getName());
+ q.append(" in (:targets)");
+ conditionsAdded = true;
+ }
+
if (recipient != null)
{
- q.append(conditionsAdded ? " and " : " where ");
+ q.append(conditionsAdded ? " and p." : " where p.");
q.append(isRole ? roleProperty.getName() : userProperty.getName());
q.append(" = :recipient");
conditionsAdded = true;
@@ -194,7 +208,7 @@
// If there is no discrimination, then don't add such a condition to the query
if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
{
- q.append(conditionsAdded ? " and " : " where ");
+ q.append(conditionsAdded ? " and p." : " where p.");
q.append(discriminatorProperty.getName());
q.append(" = :discriminator");
conditionsAdded = true;
@@ -206,8 +220,20 @@
Query query = lookupEntityManager().createQuery(queryCache.get(queryKey));
if (target != null) query.setParameter("target", identifierPolicy.getIdentifier(target));
- if (recipient != null) query.setParameter("recipient", resolvePrincipal(recipient));
+ if (targets != null)
+ {
+ Set<String> identifiers = new HashSet<String>();
+ for (Object t : targets)
+ {
+ identifiers.add(identifierPolicy.getIdentifier(t));
+ }
+ query.setParameter("targets", identifiers);
+ }
+
+
+ if (recipient != null) query.setParameter("recipient", resolvePrincipalEntity(recipient));
+
if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
{
query.setParameter("discriminator", getDiscriminatorValue(
@@ -249,7 +275,7 @@
{
if (rolePermissionClass != null)
{
- List permissions = createPermissionQuery(target, recipient, Discrimination.role).getResultList();
+ List permissions = createPermissionQuery(target, null, recipient, Discrimination.role).getResultList();
if (permissions.isEmpty())
{
@@ -264,7 +290,7 @@
Object instance = rolePermissionClass.newInstance();
roleTargetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
roleActionProperty.setValue(instance, actionSet.toString());
- roleProperty.setValue(instance, resolvePrincipal(recipient));
+ roleProperty.setValue(instance, resolvePrincipalEntity(recipient));
lookupEntityManager().persist(instance);
return true;
}
@@ -325,7 +351,7 @@
throw new RuntimeException("Could not grant permission, userPermissionClass not set");
}
- List permissions = createPermissionQuery(target, recipient, recipientIsRole ?
+ List permissions = createPermissionQuery(target, null, recipient, recipientIsRole ?
Discrimination.role : Discrimination.user).getResultList();
if (permissions.isEmpty())
@@ -341,7 +367,7 @@
Object instance = userPermissionClass.newInstance();
targetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
actionProperty.setValue(instance, actionSet.toString());
- userProperty.setValue(instance, resolvePrincipal(recipient));
+ userProperty.setValue(instance, resolvePrincipalEntity(recipient));
if (discriminatorProperty != null)
{
@@ -493,7 +519,7 @@
* @param recipient
* @return The entity or name representing the permission recipient
*/
- protected Object resolvePrincipal(Principal recipient)
+ protected Object resolvePrincipalEntity(Principal recipient)
{
boolean recipientIsRole = recipient instanceof Role;
@@ -514,26 +540,27 @@
return recipient.getName();
}
- protected String resolvePrincipalName(Object principal, boolean isUser
- )
+ protected Principal resolvePrincipal(Object principal, boolean isUser)
{
+ JpaIdentityStore identityStore = (JpaIdentityStore) Component.getInstance(JpaIdentityStore.class, true);
+
if (principal instanceof String)
- {
- return (String) principal;
- }
+ {
+ return isUser ? new SimplePrincipal((String) principal) : new Role((String) principal,
+ identityStore == null ? false : identityStore.isRoleConditional((String) principal));
+ }
- JpaIdentityStore identityStore = (JpaIdentityStore) Component.getInstance(JpaIdentityStore.class, true);
-
if (identityStore != null)
{
if (isUser && identityStore.getUserClass().equals(principal.getClass()))
{
- return identityStore.getUserName(principal);
+ return new SimplePrincipal(identityStore.getUserName(principal));
}
if (!isUser && identityStore.getRoleClass().equals(principal.getClass()))
{
- return identityStore.getRoleName(principal);
+ String name = identityStore.getRoleName(principal);
+ return new Role(name, identityStore.isRoleConditional(name));
}
}
@@ -541,51 +568,87 @@
}
/**
+ * Returns a list of all user and role permissions for the specified action for all specified target objects
+ */
+ public List<Permission> listPermissions(Set<Object> targets, String action)
+ {
+ return listPermissions(null, targets, action);
+ }
+
+ /**
* Returns a list of all user and role permissions for a specific permission target and action.
*/
public List<Permission> listPermissions(Object target, String action)
{
+ return listPermissions(target, null, action);
+ }
+
+ protected List<Permission> listPermissions(Object target, Set<Object> targets, String action)
+ {
+ if (target != null && targets != null)
+ {
+ throw new IllegalArgumentException("Cannot specify both target and targets");
+ }
+
List<Permission> permissions = new ArrayList<Permission>();
+ if (targets != null && targets.isEmpty()) return permissions;
+
// First query for user permissions
- Query permissionQuery = createPermissionQuery(target, null, Discrimination.either);
- List userPermissions = permissionQuery.getResultList();
+ Query permissionQuery = targets != null ?
+ createPermissionQuery(null, targets, null, Discrimination.either) :
+ createPermissionQuery(target, null, null, Discrimination.either);
+
+ List userPermissions = permissionQuery.getResultList();
Map<String,Principal> principalCache = new HashMap<String,Principal>();
boolean useDiscriminator = rolePermissionClass == null && discriminatorProperty != null;
+ Map<String,Object> identifierCache = null;
+
+ if (targets != null)
+ {
+ identifierCache = new HashMap<String,Object>();
+
+ for (Object t : targets)
+ {
+ identifierCache.put(identifierPolicy.getIdentifier(t), t);
+ }
+ }
+
for (Object permission : userPermissions)
{
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- actionProperty.getValue(permission).toString());
+ ActionSet actionSet = null;
- if (action == null || actionSet.contains(action))
+ if (targets != null)
+ {
+ target = identifierCache.get(targetProperty.getValue(permission));
+ if (target != null)
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ actionProperty.getValue(permission).toString());
+ }
+ }
+ else
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ actionProperty.getValue(permission).toString());
+ }
+
+ if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
{
- Principal principal;
boolean isUser = true;
if (useDiscriminator &&
- discriminatorProperty.getAnnotation().roleValue().equals(discriminatorProperty.getValue(permission)))
+ discriminatorProperty.getAnnotation().roleValue().equals(
+ discriminatorProperty.getValue(permission)))
{
isUser = false;
}
-
- String name = resolvePrincipalName(isUser ? userProperty.getValue(permission) :
- roleProperty.getValue(permission), isUser);
+
+ Principal principal = lookupPrincipal(principalCache, permission, isUser);
- String key = (isUser ? "u:" : "r:") + name;
-
- if (!principalCache.containsKey(key))
- {
- principal = isUser ? new SimplePrincipal(name) : new Role(name);
- principalCache.put(key, principal);
- }
- else
- {
- principal = principalCache.get(key);
- }
-
if (action != null)
{
permissions.add(new Permission(target, action, principal));
@@ -603,30 +666,33 @@
// If we have a separate class for role permissions, then query them now
if (rolePermissionClass != null)
{
- permissionQuery = createPermissionQuery(target, null, Discrimination.role);
+ permissionQuery = targets != null ?
+ createPermissionQuery(null, targets, null, Discrimination.role) :
+ createPermissionQuery(target, null, null, Discrimination.role);
List rolePermissions = permissionQuery.getResultList();
for (Object permission : rolePermissions)
{
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- roleActionProperty.getValue(permission).toString());
+ ActionSet actionSet = null;
- if (action == null || actionSet.contains(action))
+ if (targets != null)
{
- Principal principal;
-
- String name = resolvePrincipalName(roleProperty.getValue(permission), false);
- String key = "r:" + name;
-
- if (!principalCache.containsKey(key))
+ target = identifierCache.get(roleTargetProperty.getValue(permission));
+ if (target != null)
{
- principal = new Role(name);
- principalCache.put(key, principal);
+ actionSet = metadata.createActionSet(target.getClass(),
+ roleActionProperty.getValue(permission).toString());
}
- else
- {
- principal = principalCache.get(key);
- }
+ }
+ else
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ roleActionProperty.getValue(permission).toString());
+ }
+
+ if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
+ {
+ Principal principal = lookupPrincipal(principalCache, permission, false);
if (action != null)
{
@@ -645,6 +711,25 @@
return permissions;
}
+
+ private Principal lookupPrincipal(Map<String,Principal> cache, Object permission, boolean isUser)
+ {
+ Principal principal = resolvePrincipal(isUser ? userProperty.getValue(permission) :
+ roleProperty.getValue(permission), isUser);
+
+ String key = (isUser ? "u:" : "r:") + principal.getName();
+
+ if (!cache.containsKey(key))
+ {
+ cache.put(key, principal);
+ }
+ else
+ {
+ principal = cache.get(key);
+ }
+
+ return principal;
+ }
public List<Permission> listPermissions(Object target)
{
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -4,8 +4,11 @@
import static org.jboss.seam.annotations.Install.BUILT_IN;
import java.io.Serializable;
+import java.util.Collection;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
@@ -80,6 +83,69 @@
return false;
}
+ public void filterByPermission(Collection collection, String action)
+ {
+ boolean homogenous = true;
+
+ Class targetClass = null;
+ for (Object target : collection)
+ {
+ if (targetClass == null) targetClass = target.getClass();
+ if (!targetClass.equals(target.getClass()))
+ {
+ homogenous = false;
+ break;
+ }
+ }
+
+ if (homogenous)
+ {
+ Set<Object> denied = new HashSet<Object>(collection);
+ ResolverChain chain = getResolverChain(targetClass, action);
+ for (PermissionResolver resolver : chain.getResolvers())
+ {
+ resolver.filterSetByAction(denied, action);
+ }
+
+ for (Object target : denied)
+ {
+ collection.remove(target);
+ }
+ }
+ else
+ {
+ Map<Class,Set<Object>> deniedByClass = new HashMap<Class,Set<Object>>();
+ for (Object obj : collection)
+ {
+ if (!deniedByClass.containsKey(obj.getClass()))
+ {
+ Set<Object> denied = new HashSet<Object>();
+ denied.add(obj);
+ deniedByClass.put(obj.getClass(), denied);
+ }
+ else
+ {
+ deniedByClass.get(obj.getClass()).add(obj);
+ }
+ }
+
+ for (Class cls : deniedByClass.keySet())
+ {
+ Set<Object> denied = deniedByClass.get(cls);
+ ResolverChain chain = getResolverChain(cls, action);
+ for (PermissionResolver resolver : chain.getResolvers())
+ {
+ resolver.filterSetByAction(denied, action);
+ }
+
+ for (Object target : denied)
+ {
+ collection.remove(target);
+ }
+ }
+ }
+ }
+
private ResolverChain createDefaultResolverChain()
{
ResolverChain chain = (ResolverChain) Contexts.getSessionContext().get(DEFAULT_RESOLVER_CHAIN);
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -1,5 +1,7 @@
package org.jboss.seam.security.permission;
+import java.util.Set;
+
/**
* Implementations of this interface perform permission checks using a variety of methods.
*
@@ -8,4 +10,5 @@
public interface PermissionResolver
{
boolean hasPermission(Object target, String action);
+ void filterSetByAction(Set<Object> targets, String action);
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -1,6 +1,7 @@
package org.jboss.seam.security.permission;
import java.util.List;
+import java.util.Set;
/**
* Permission store interface.
@@ -11,6 +12,7 @@
{
List<Permission> listPermissions(Object target);
List<Permission> listPermissions(Object target, String action);
+ List<Permission> listPermissions(Set<Object> targets, String action);
boolean grantPermission(Permission permission);
boolean grantPermissions(List<Permission> permissions);
boolean revokePermission(Permission permission);
Modified: trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -4,7 +4,9 @@
import static org.jboss.seam.annotations.Install.FRAMEWORK;
import java.io.Serializable;
+import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import org.jboss.seam.Component;
import org.jboss.seam.Seam;
@@ -105,4 +107,55 @@
return false;
}
+
+ public void filterSetByAction(Set<Object> targets, String action)
+ {
+ if (permissionStore == null) return;
+
+ Identity identity = Identity.instance();
+ if (!identity.isLoggedIn()) return;
+
+ List<Permission> permissions = permissionStore.listPermissions(targets, action);
+
+ String username = identity.getPrincipal().getName();
+
+ Iterator iter = targets.iterator();
+ while (iter.hasNext())
+ {
+ Object target = iter.next();
+
+ for (Permission permission : permissions)
+ {
+ if (permission.getTarget().equals(target))
+ {
+ if (permission.getRecipient() instanceof SimplePrincipal &&
+ username.equals(permission.getRecipient().getName()))
+ {
+ iter.remove();
+ break;
+ }
+
+ if (permission.getRecipient() instanceof Role)
+ {
+ Role role = (Role) permission.getRecipient();
+
+ if (role.isConditional())
+ {
+ RuleBasedPermissionResolver resolver = RuleBasedPermissionResolver.instance();
+ if (resolver.checkConditionalRole(role.getName(), target, action))
+ {
+ iter.remove();
+ break;
+ }
+ else if (identity.hasRole(role.getName()))
+ {
+ iter.remove();
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -10,6 +10,7 @@
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import org.drools.FactHandle;
import org.drools.RuleBase;
@@ -127,14 +128,24 @@
return check.isGranted();
}
+ public void filterSetByAction(Set<Object> targets, String action)
+ {
+ Iterator iter = targets.iterator();
+ while (iter.hasNext())
+ {
+ Object target = iter.next();
+ if (hasPermission(target, action)) iter.remove();
+ }
+ }
+
public boolean checkConditionalRole(String roleName, Object target, String action)
{
- if (getSecurityContext() == null) return false;
+ StatefulSession securityContext = getSecurityContext();
+ if (securityContext == null) return false;
RoleCheck roleCheck = new RoleCheck(roleName);
List<FactHandle> handles = new ArrayList<FactHandle>();
- handles.add(getSecurityContext().insert(roleCheck));
if (!(target instanceof String) && !(target instanceof Class))
{
@@ -153,7 +164,8 @@
try
{
synchronizeContext();
-
+
+ handles.add( securityContext.insert(roleCheck));
handles.add( securityContext.insert(check));
securityContext.fireAllRules();
16 years, 6 months
- 1
- 0
Seam SVN: r8155 - in trunk: seam-gen and 1 other directory.
by seam-commits@lists.jboss.org
Author: jbalunas(a)redhat.com
Date: 2008-05-11 22:27:49 -0400 (Sun, 11 May 2008)
New Revision: 8155
Modified:
trunk/build/core.pom.xml
trunk/build/gen.pom.xml
trunk/build/root.pom.xml
trunk/seam-gen/build.xml
Log:
JBSEAM-2592, JBSEAM-2482, JBSEAM-2961 - these changes make concurrent.jar and hsqldb.jar part of seam's distribution by making them optional core dependencies. Changes were also needed to make seam-gen use hsqldb.jar in its new location.
Modified: trunk/build/core.pom.xml
===================================================================
--- trunk/build/core.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
+++ trunk/build/core.pom.xml 2008-05-12 02:27:49 UTC (rev 8155)
@@ -288,7 +288,19 @@
<optional>true</optional>
<scope>runtime</scope>
</dependency>
+
+ <dependency>
+ <groupId>oswego-concurrent</groupId>
+ <artifactId>concurrent</artifactId>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <optional>true</optional>
+ </dependency>
+
</dependencies>
</project>
Modified: trunk/build/gen.pom.xml
===================================================================
--- trunk/build/gen.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
+++ trunk/build/gen.pom.xml 2008-05-12 02:27:49 UTC (rev 8155)
@@ -34,15 +34,15 @@
</dependency>
<dependency>
- <groupId>hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <scope>runtime</scope>
- </dependency>
-
- <dependency>
<groupId>org.jboss.seam</groupId>
<artifactId>jboss-seam</artifactId>
<scope>runtime</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
Modified: trunk/build/root.pom.xml
===================================================================
--- trunk/build/root.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
+++ trunk/build/root.pom.xml 2008-05-12 02:27:49 UTC (rev 8155)
@@ -976,6 +976,12 @@
</dependency>
<dependency>
+ <groupId>oswego-concurrent</groupId>
+ <artifactId>concurrent</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.2</version>
Modified: trunk/seam-gen/build.xml
===================================================================
--- trunk/seam-gen/build.xml 2008-05-12 02:02:40 UTC (rev 8154)
+++ trunk/seam-gen/build.xml 2008-05-12 02:27:49 UTC (rev 8155)
@@ -368,7 +368,7 @@
message="Enter the Hibernate dialect for your database [${hibernate.dialect.default}]"
defaultvalue="${hibernate.dialect.default}"/>
- <property name="old.driver.jar" value="../lib/gen/hsqldb.jar"/>
+ <property name="old.driver.jar" value="../lib/hsqldb.jar"/>
<input addproperty="driver.jar.new"
message="Enter the filesystem path to the JDBC driver jar [${old.driver.jar}]"
defaultvalue="${old.driver.jar}"/>
16 years, 6 months
- 1
- 0
Seam SVN: r8154 - in branches/Seam_2_0: seam-gen and 1 other directory.
by seam-commits@lists.jboss.org
Author: jbalunas(a)redhat.com
Date: 2008-05-11 22:02:40 -0400 (Sun, 11 May 2008)
New Revision: 8154
Modified:
branches/Seam_2_0/build/core.pom.xml
branches/Seam_2_0/build/gen.pom.xml
branches/Seam_2_0/build/root.pom.xml
branches/Seam_2_0/seam-gen/build.xml
Log:
JBSEAM-2592, JBSEAM-2482, JBSEAM-2961 - these changes make concurrent.jar and hsqldb.jar part of seam's distribution by making them optional core dependencies. Changes were also needed to make seam-gen use hsqldb.jar in its new location.
Modified: branches/Seam_2_0/build/core.pom.xml
===================================================================
--- branches/Seam_2_0/build/core.pom.xml 2008-05-11 13:51:35 UTC (rev 8153)
+++ branches/Seam_2_0/build/core.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
@@ -288,6 +288,18 @@
<optional>true</optional>
<scope>runtime</scope>
</dependency>
+
+ <dependency>
+ <groupId>oswego-concurrent</groupId>
+ <artifactId>concurrent</artifactId>
+ <optional>true</optional>
+ </dependency>
+
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <optional>true</optional>
+ </dependency>
</dependencies>
Modified: branches/Seam_2_0/build/gen.pom.xml
===================================================================
--- branches/Seam_2_0/build/gen.pom.xml 2008-05-11 13:51:35 UTC (rev 8153)
+++ branches/Seam_2_0/build/gen.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
@@ -34,15 +34,15 @@
</dependency>
<dependency>
- <groupId>hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <scope>runtime</scope>
- </dependency>
-
- <dependency>
<groupId>org.jboss.seam</groupId>
<artifactId>jboss-seam</artifactId>
<scope>runtime</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
Modified: branches/Seam_2_0/build/root.pom.xml
===================================================================
--- branches/Seam_2_0/build/root.pom.xml 2008-05-11 13:51:35 UTC (rev 8153)
+++ branches/Seam_2_0/build/root.pom.xml 2008-05-12 02:02:40 UTC (rev 8154)
@@ -833,6 +833,12 @@
</dependency>
<dependency>
+ <groupId>oswego-concurrent</groupId>
+ <artifactId>concurrent</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.2</version>
Modified: branches/Seam_2_0/seam-gen/build.xml
===================================================================
--- branches/Seam_2_0/seam-gen/build.xml 2008-05-11 13:51:35 UTC (rev 8153)
+++ branches/Seam_2_0/seam-gen/build.xml 2008-05-12 02:02:40 UTC (rev 8154)
@@ -368,7 +368,7 @@
message="Enter the Hibernate dialect for your database [${hibernate.dialect.default}]"
defaultvalue="${hibernate.dialect.default}"/>
- <property name="old.driver.jar" value="../lib/gen/hsqldb.jar"/>
+ <property name="old.driver.jar" value="../lib/hsqldb.jar"/>
<input addproperty="driver.jar.new"
message="Enter the filesystem path to the JDBC driver jar [${old.driver.jar}]"
defaultvalue="${old.driver.jar}"/>
16 years, 6 months
- 1
- 0
Seam SVN: r8153 - trunk/src/main/org/jboss/seam/util and 1 other directory.
by seam-commits@lists.jboss.org
Author: pete.muir(a)jboss.org
Date: 2008-05-11 09:51:35 -0400 (Sun, 11 May 2008)
New Revision: 8153
Modified:
branches/Seam_2_0/src/main/org/jboss/seam/util/Work.java
trunk/src/main/org/jboss/seam/util/Work.java
Log:
JBSEAM-2970
Modified: branches/Seam_2_0/src/main/org/jboss/seam/util/Work.java
===================================================================
--- branches/Seam_2_0/src/main/org/jboss/seam/util/Work.java 2008-05-10 13:48:52 UTC (rev 8152)
+++ branches/Seam_2_0/src/main/org/jboss/seam/util/Work.java 2008-05-11 13:51:35 UTC (rev 8153)
@@ -27,10 +27,10 @@
{
boolean transactionActive = Transaction.instance().isActiveOrMarkedRollback()
|| Transaction.instance().isRolledBack(); //TODO: temp workaround, what should we really do in this case??
- boolean begin = isNewTransactionRequired(transactionActive);
- UserTransaction userTransaction = begin ? Transaction.instance() : null;
+ boolean newTransactionRequired = isNewTransactionRequired(transactionActive);
+ UserTransaction userTransaction = newTransactionRequired ? Transaction.instance() : null;
- if (begin)
+ if (newTransactionRequired)
{
log.debug("beginning transaction");
userTransaction.begin();
@@ -39,16 +39,24 @@
try
{
T result = work();
- if (begin)
+ if (newTransactionRequired)
{
- log.debug("committing transaction");
- userTransaction.commit();
+ if (Transaction.instance().isMarkedRollback())
+ {
+ log.debug("rolling back transaction");
+ userTransaction.rollback();
+ }
+ else
+ {
+ log.debug("committing transaction");
+ userTransaction.commit();
+ }
}
return result;
}
catch (Exception e)
{
- if (begin && userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
+ if (newTransactionRequired && userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
{
log.debug("rolling back transaction");
userTransaction.rollback();
Modified: trunk/src/main/org/jboss/seam/util/Work.java
===================================================================
--- trunk/src/main/org/jboss/seam/util/Work.java 2008-05-10 13:48:52 UTC (rev 8152)
+++ trunk/src/main/org/jboss/seam/util/Work.java 2008-05-11 13:51:35 UTC (rev 8153)
@@ -27,10 +27,10 @@
{
boolean transactionActive = Transaction.instance().isActiveOrMarkedRollback()
|| Transaction.instance().isRolledBack(); //TODO: temp workaround, what should we really do in this case??
- boolean begin = isNewTransactionRequired(transactionActive);
- UserTransaction userTransaction = begin ? Transaction.instance() : null;
+ boolean newTransactionRequired = isNewTransactionRequired(transactionActive);
+ UserTransaction userTransaction = newTransactionRequired ? Transaction.instance() : null;
- if (begin)
+ if (newTransactionRequired)
{
log.debug("beginning transaction");
userTransaction.begin();
@@ -39,16 +39,24 @@
try
{
T result = work();
- if (begin)
+ if (newTransactionRequired)
{
- log.debug("committing transaction");
- userTransaction.commit();
+ if (Transaction.instance().isMarkedRollback())
+ {
+ log.debug("rolling back transaction");
+ userTransaction.rollback();
+ }
+ else
+ {
+ log.debug("committing transaction");
+ userTransaction.commit();
+ }
}
return result;
}
catch (Exception e)
{
- if (begin && userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
+ if (newTransactionRequired && userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
{
log.debug("rolling back transaction");
userTransaction.rollback();
16 years, 6 months
- 1
- 0
Seam SVN: r8152 - trunk/examples/seamspace/src/org/jboss/seam/example/seamspace.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-10 09:48:52 -0400 (Sat, 10 May 2008)
New Revision: 8152
Modified:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
Log:
fixed permission editing
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java 2008-05-10 13:34:54 UTC (rev 8151)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java 2008-05-10 13:48:52 UTC (rev 8152)
@@ -31,6 +31,8 @@
private List<Member> selectedFriends;
private List<String> selectedActions;
+ private List<String> originalActions;
+
private List<Member> availableFriends;
@In IdentityManager identityManager;
@@ -66,7 +68,7 @@
List<Permission> permissions = permissionManager.listPermissions(target);
- selectedActions = new ArrayList<String>();
+ selectedActions = new ArrayList<String>();
for (Permission permission : permissions)
{
@@ -78,6 +80,8 @@
}
}
}
+
+ originalActions = new ArrayList<String>(selectedActions);
}
public List<String> getSelectedRoles()
@@ -112,33 +116,60 @@
public void applyPermissions()
{
- List<Permission> permissions = new ArrayList<Permission>();
-
- for (String role : selectedRoles)
+ if (recipient != null)
{
- Principal r = new Role(role);
+ List<Permission> grantedPermissions = new ArrayList<Permission>();
+ List<Permission> revokedPermissions = new ArrayList<Permission>();
+
for (String action : selectedActions)
- {
- permissions.add(new Permission(target, action, r));
+ {
+ if (!originalActions.contains(action))
+ {
+ grantedPermissions.add(new Permission(target, action, recipient));
+ }
}
+
+ for (String action : originalActions)
+ {
+ if (!selectedActions.contains(action))
+ {
+ revokedPermissions.add(new Permission(target, action, recipient));
+ }
+ }
+
+ if (!grantedPermissions.isEmpty()) permissionManager.grantPermissions(grantedPermissions);
+ if (!revokedPermissions.isEmpty()) permissionManager.revokePermissions(revokedPermissions);
}
-
- for (Member friend : selectedFriends)
+ else
{
- MemberAccount acct = (MemberAccount) entityManager.createQuery(
- "select a from MemberAccount a where a.member = :member")
- .setParameter("member", friend)
- .getSingleResult();
+ List<Permission> permissions = new ArrayList<Permission>();
+
+ for (String role : selectedRoles)
+ {
+ Principal r = new Role(role);
+ for (String action : selectedActions)
+ {
+ permissions.add(new Permission(target, action, r));
+ }
+ }
- Principal p = new SimplePrincipal(acct.getUsername());
-
- for (String action : selectedActions)
+ for (Member friend : selectedFriends)
{
- permissions.add(new Permission(target, action, p));
+ MemberAccount acct = (MemberAccount) entityManager.createQuery(
+ "select a from MemberAccount a where a.member = :member")
+ .setParameter("member", friend)
+ .getSingleResult();
+
+ Principal p = new SimplePrincipal(acct.getUsername());
+
+ for (String action : selectedActions)
+ {
+ permissions.add(new Permission(target, action, p));
+ }
}
+
+ permissionManager.grantPermissions(permissions);
}
-
- permissionManager.grantPermissions(permissions);
Conversation.instance().endBeforeRedirect();
}
16 years, 6 months
- 1
- 0
Seam SVN: r8151 - in trunk/examples/seamspace: view and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-10 09:34:54 -0400 (Sat, 10 May 2008)
New Revision: 8151
Modified:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java
trunk/examples/seamspace/view/imagepermissions.page.xml
trunk/examples/seamspace/view/imagepermissions.xhtml
Log:
support for bulk granting of permissions
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java 2008-05-10 13:33:34 UTC (rev 8150)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java 2008-05-10 13:34:54 UTC (rev 8151)
@@ -62,7 +62,7 @@
public void editPermission()
{
target = (MemberImage) permissionSearch.getTarget();
- recipient = permissionSearch.getSelectedPermission().getRecipient();
+ recipient = permissionSearch.getSelectedRecipient();
List<Permission> permissions = permissionManager.listPermissions(target);
@@ -139,8 +139,7 @@
}
permissionManager.grantPermissions(permissions);
-
- Conversation.instance().end();
+ Conversation.instance().endBeforeRedirect();
}
public List<Member> getAvailableFriends()
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java 2008-05-10 13:33:34 UTC (rev 8150)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java 2008-05-10 13:34:54 UTC (rev 8151)
@@ -13,7 +13,8 @@
import org.jboss.seam.annotations.security.permission.Permissions;
@Permissions({
- @Permission(action = "view")
+ @Permission(action = "view"),
+ @Permission(action = "comment")
})
@Entity
public class MemberImage implements Serializable
Modified: trunk/examples/seamspace/view/imagepermissions.page.xml
===================================================================
--- trunk/examples/seamspace/view/imagepermissions.page.xml 2008-05-10 13:33:34 UTC (rev 8150)
+++ trunk/examples/seamspace/view/imagepermissions.page.xml 2008-05-10 13:34:54 UTC (rev 8151)
@@ -4,6 +4,9 @@
<page action="#{permissionSearch.refresh}">
<navigation from-action="#{imagePermission.createPermission}">
- <redirect view-id="/imagepermissiondetail.xhtml"/>
+ <redirect view-id="/imagepermissiondetail.xhtml"/>
</navigation>
+ <navigation from-action="#{imagePermission.editPermission}">
+ <redirect view-id="/imagepermissiondetail.xhtml"/>
+ </navigation>
</page>
\ No newline at end of file
Modified: trunk/examples/seamspace/view/imagepermissions.xhtml
===================================================================
--- trunk/examples/seamspace/view/imagepermissions.xhtml 2008-05-10 13:33:34 UTC (rev 8150)
+++ trunk/examples/seamspace/view/imagepermissions.xhtml 2008-05-10 13:34:54 UTC (rev 8151)
@@ -42,8 +42,8 @@
<h:dataTable
id="threads"
- value="#{permissions}"
- var="permission"
+ value="#{recipients}"
+ var="recipient"
styleClass="security"
cellspacing="0"
headerClass="header"
@@ -53,18 +53,21 @@
<f:facet name="header">
Recipient
</f:facet>
- #{permission.recipient}
+ #{recipient.name}
</h:column>
<h:column width="auto">
<f:facet name="header">
Actions Allowed
</f:facet>
- #{permission.action}
+ #{permissionSearch.getActions(recipient)}
</h:column>
<h:column width="auto">
<f:facet name="header">
Action
</f:facet>
+ <s:link value="Edit" action="#{imagePermission.editPermission}"
+ rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"/>
+ <span> | </span>
<s:link value="Revoke All" action="#{permissionSearch.revokeSelected}"
rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"
onclick="return confirmRevoke()"/>
16 years, 6 months
- 1
- 0