Author: shane.bryzak(a)jboss.com
Date: 2008-04-07 06:04:31 -0400 (Mon, 07 Apr 2008)
New Revision: 7822
Modified:
trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java
Log:
finer grained management permissions, minor
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-04-07
08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-04-07
10:04:31 UTC (rev 7822)
@@ -30,7 +30,8 @@
@BypassInterceptors
public class IdentityManager implements Serializable
{
- public static final String ACCOUNT_PERMISSION_NAME = "seam.account";
+ public static final String USER_PERMISSION_NAME = "seam.user";
+ public static final String ROLE_PERMISSION_NAME = "seam.role";
public static final String PERMISSION_CREATE = "create";
public static final String PERMISSION_READ = "read";
@@ -93,67 +94,79 @@
public boolean createUser(String name, String password, String firstname, String
lastname)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_CREATE);
return identityStore.createUser(name, password, firstname, lastname);
}
public boolean deleteUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_DELETE);
return identityStore.deleteUser(name);
}
public boolean enableUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.enableUser(name);
}
public boolean disableUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.disableUser(name);
}
public boolean changePassword(String name, String password)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.changePassword(name, password);
}
public boolean isUserEnabled(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
return identityStore.isUserEnabled(name);
}
public boolean grantRole(String name, String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
return roleIdentityStore.grantRole(name, role);
}
public boolean revokeRole(String name, String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
return roleIdentityStore.revokeRole(name, role);
}
public boolean createRole(String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+ Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_CREATE);
return roleIdentityStore.createRole(role);
}
public boolean deleteRole(String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+ Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_DELETE);
return roleIdentityStore.deleteRole(role);
}
+ public boolean addRoleToGroup(String role, String group)
+ {
+ Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
+ return roleIdentityStore.addRoleToGroup(role, group);
+ }
+
+ public boolean removeRoleFromGroup(String role, String group)
+ {
+ Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
+ return roleIdentityStore.removeRoleFromGroup(role, group);
+ }
+
public boolean userExists(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
return identityStore.userExists(name);
}
@@ -164,7 +177,7 @@
public List<String> listUsers()
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
List<String> users = identityStore.listUsers();
Collections.sort(users, new Comparator<String>() {
@@ -178,7 +191,7 @@
public List<String> listUsers(String filter)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
List<String> users = identityStore.listUsers(filter);
Collections.sort(users, new Comparator<String>() {
@@ -192,6 +205,7 @@
public List<String> listRoles()
{
+ Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_READ);
List<String> roles = roleIdentityStore.listRoles();
Collections.sort(roles, new Comparator<String>() {
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-04-07
08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-04-07
10:04:31 UTC (rev 7822)
@@ -80,6 +80,8 @@
boolean revokeRole(String name, String role);
boolean deleteRole(String role);
boolean roleExists(String name);
+ boolean addRoleToGroup(String role, String group);
+ boolean removeRoleFromGroup(String role, String group);
List<String> listUsers();
List<String> listUsers(String filter);
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-07
08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-07
10:04:31 UTC (rev 7822)
@@ -427,7 +427,7 @@
mergeEntity(user);
return true;
- }
+ }
public boolean revokeRole(String username, String role)
{
@@ -449,6 +449,59 @@
return success;
}
+ public boolean addRoleToGroup(String role, String group)
+ {
+ Object targetRole = lookupRole(role);
+ if (targetRole == null)
+ {
+ throw new NoSuchUserException("Could not add role to group, no such role
'" + role + "'");
+ }
+
+ Object targetGroup = lookupRole(group);
+ if (targetGroup == null)
+ {
+ throw new NoSuchRoleException("Could not grant role, group '" +
group + "' does not exist");
+ }
+
+ if (roleGroupsProperty != null)
+ {
+ Collection roleGroups = (Collection) roleGroupsProperty.getValue(targetRole);
+ if (roleGroups == null)
+ {
+ // This should either be a Set, or a List...
+ if (Set.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
+ {
+ roleGroups = new HashSet();
+ }
+ else if (List.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
+ {
+ roleGroups = new ArrayList();
+ }
+
+ roleGroupsProperty.setValue(targetRole, roleGroups);
+ }
+ else if (((Collection)
roleGroupsProperty.getValue(targetRole)).contains(targetGroup))
+ {
+ return false;
+ }
+
+ ((Collection) roleGroupsProperty.getValue(targetRole)).add(targetGroup);
+ mergeEntity(targetRole);
+
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public boolean removeRoleFromGroup(String role, String group)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
public boolean createRole(String role)
{
try
@@ -804,5 +857,5 @@
public void setEntityManager(ValueExpression expression)
{
this.entityManager = expression;
- }
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java 2008-04-07
08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java 2008-04-07
10:04:31 UTC (rev 7822)
@@ -54,7 +54,7 @@
{
for (String r : groups)
{
- identityManager.grantRole(role, r);
+ identityManager.addRoleToGroup(role, r);
}
Conversation.instance().end();
@@ -71,13 +71,13 @@
{
for (String r : grantedRoles)
{
- if (!groups.contains(r)) identityManager.revokeRole(role, r);
+ if (!groups.contains(r)) identityManager.removeRoleFromGroup(role, r);
}
}
for (String r : groups)
{
- if (grantedRoles == null || !grantedRoles.contains(r))
identityManager.grantRole(role, r);
+ if (grantedRoles == null || !grantedRoles.contains(r))
identityManager.addRoleToGroup(role, r);
}
Conversation.instance().end();