Author: shane.bryzak(a)jboss.com
Date: 2008-07-31 11:10:36 -0400 (Thu, 31 Jul 2008)
New Revision: 8549
Modified:
trunk/src/main/org/jboss/seam/persistence/EntityManagerProxy.java
trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java
trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
Log:
clean up permissions on entity delete, added listGrantedRoles to id management
Modified: trunk/src/main/org/jboss/seam/persistence/EntityManagerProxy.java
===================================================================
--- trunk/src/main/org/jboss/seam/persistence/EntityManagerProxy.java 2008-07-31 15:09:05
UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/persistence/EntityManagerProxy.java 2008-07-31 15:10:36
UTC (rev 8549)
@@ -8,6 +8,8 @@
import javax.persistence.LockModeType;
import javax.persistence.Query;
+import org.jboss.seam.security.permission.PermissionManager;
+
/**
* Proxies the EntityManager, and implements EL interpolation
* in JPA-QL
@@ -143,6 +145,7 @@
public void remove(Object entity)
{
delegate.remove(entity);
+ PermissionManager.instance().clearPermissions(entity);
}
public void setFlushMode(FlushModeType fm)
Modified: trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -79,10 +79,7 @@
Class beanClass = provider.getBeanClass(entity);
if (beanClass != null)
- {
- String name = Seam.getComponentName(entity.getClass());
- if (name == null) name = beanClass.getName();
-
+ {
Method m = null;
switch (action)
{
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -217,10 +217,17 @@
return roles;
}
- public List<String> listAssignableRoles()
+ public List<String> listGrantableRoles()
{
- return listRoles();
- // TODO fix
+ List<String> roles = roleIdentityStore.listGrantableRoles();
+
+ Collections.sort(roles, new Comparator<String>() {
+ public int compare(String value1, String value2) {
+ return value1.compareTo(value2);
+ }
+ });
+
+ return roles;
}
/**
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -186,6 +186,11 @@
* Returns a list of all the roles.
*/
List<String> listRoles();
+
+ /**
+ * Returns a list of roles that can be granted (i.e, excluding conditional roles)
+ */
+ List<String> listGrantableRoles();
/**
* Returns a list of all the roles explicitly granted to the specified user.
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -715,6 +715,12 @@
}
public List<String> listRoles()
+ {
+ return lookupEntityManager().createQuery(
+ "select r." + roleNameProperty.getName() + " from " +
roleClass.getName() + " r").getResultList();
+ }
+
+ public List<String> listGrantableRoles()
{
StringBuilder roleQuery = new StringBuilder();
@@ -732,7 +738,7 @@
}
return lookupEntityManager().createQuery(roleQuery.toString()).getResultList();
- }
+ }
protected void persistEntity(Object entity)
{
Modified: trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -1049,7 +1049,14 @@
}
}
}
+
+ public List<String> listGrantableRoles()
+ {
+ // TODO should we support conditional roles with LDAP?
+ return listRoles();
+ }
+
public List<String> listUsers()
{
return listUsers(null);
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -32,6 +32,8 @@
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
+import org.jboss.seam.security.management.IdentityManager;
+import org.jboss.seam.security.management.IdentityStore;
import org.jboss.seam.security.management.JpaIdentityStore;
import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.seam.util.AnnotatedBeanProperty;
@@ -542,8 +544,11 @@
protected Principal resolvePrincipal(Object principal, boolean isUser)
{
- JpaIdentityStore identityStore = (JpaIdentityStore)
Component.getInstance(JpaIdentityStore.class, true);
+ IdentityStore ids = IdentityManager.instance().getRoleIdentityStore();
+ JpaIdentityStore identityStore = null;
+ if (ids instanceof JpaIdentityStore) identityStore = (JpaIdentityStore) ids;
+
if (principal instanceof String)
{
return isUser ? new SimplePrincipal((String) principal) : new Role((String)
principal,
@@ -572,6 +577,7 @@
*/
public List<Permission> listPermissions(Set<Object> targets, String
action)
{
+ // TODO limit the number of targets passed at a single time to 25
return listPermissions(null, targets, action);
}
@@ -775,4 +781,25 @@
{
this.rolePermissionClass = rolePermissionClass;
}
+
+ public void clearPermissions(Object target)
+ {
+ EntityManager em = lookupEntityManager();
+ String identifier = identifierPolicy.getIdentifier(target);
+
+ em.createQuery(
+ "delete from " + userPermissionClass.getName() + " p where
p." +
+ targetProperty.getName() + " = :target")
+ .setParameter("target", identifier)
+ .executeUpdate();
+
+ if (rolePermissionClass != null)
+ {
+ em.createQuery(
+ "delete from " + rolePermissionClass.getName() + " p where
p." +
+ roleTargetProperty.getName() + " = :target")
+ .setParameter("target", identifier)
+ .executeUpdate();
+ }
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -131,4 +131,12 @@
{
return permissionStore.listAvailableActions(target);
}
+
+ public void clearPermissions(Object target)
+ {
+ if (permissionStore != null)
+ {
+ permissionStore.clearPermissions(target);
+ }
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-07-31
15:09:05 UTC (rev 8548)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-07-31
15:10:36 UTC (rev 8549)
@@ -18,4 +18,5 @@
boolean revokePermission(Permission permission);
boolean revokePermissions(List<Permission> permissions);
List<String> listAvailableActions(Object target);
+ void clearPermissions(Object target);
}