[jboss-cvs] JBossBlog SVN: r218 - in trunk: resources and 10 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Feb 25 13:27:57 EST 2008
Author: adamw
Date: 2008-02-25 13:27:57 -0500 (Mon, 25 Feb 2008)
New Revision: 218
Added:
trunk/resources/META-INF/security.drl
trunk/src/action/org/jboss/blog/session/security/FeedsCombinedRole.java
trunk/src/action/org/jboss/blog/session/security/FeedsIdentity.java
trunk/src/model/org/jboss/blog/model/security/FeedsSecurityRole.java
Removed:
trunk/resources/security.drl
trunk/src/action/org/jboss/blog/session/security/DummySecurityManager.java
trunk/src/action/org/jboss/blog/session/security/FeedsSecurity.java
trunk/src/action/org/jboss/blog/session/security/GlobalSecurity.java
trunk/src/action/org/jboss/blog/session/security/GroupsSecurity.java
trunk/src/action/org/jboss/blog/session/security/SecurityManager.java
trunk/src/action/org/jboss/blog/session/security/TemplatesSecurity.java
Modified:
trunk/blog.iml
trunk/build.xml
trunk/resources/WEB-INF/components.xml
trunk/resources/WEB-INF/pages.xml
trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java
trunk/src/action/org/jboss/blog/session/feed/mod/FeedModBean.java
trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java
trunk/src/action/org/jboss/blog/session/group/GroupModBean.java
trunk/src/action/org/jboss/blog/session/security/Authenticator.java
trunk/src/action/org/jboss/blog/session/view/FeedViewBean.java
trunk/src/action/org/jboss/blog/session/view/PostViewBean.java
trunk/src/action/org/jboss/blog/session/xml/velocity/TemplateModBean.java
trunk/view/home.xhtml
trunk/view/layout/menu.xhtml
Log:
Modified: trunk/blog.iml
===================================================================
--- trunk/blog.iml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/blog.iml 2008-02-25 18:27:57 UTC (rev 218)
@@ -168,6 +168,15 @@
<SOURCES />
</library>
</orderEntry>
+ <orderEntry type="module-library">
+ <library>
+ <CLASSES>
+ <root url="jar://$MODULE_DIR$/lib/drools-core.jar!/" />
+ </CLASSES>
+ <JAVADOC />
+ <SOURCES />
+ </library>
+ </orderEntry>
<orderEntryProperties />
</component>
</module>
Modified: trunk/build.xml
===================================================================
--- trunk/build.xml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/build.xml 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,7 +1,6 @@
<?xml version="1.0"?>
<project name="blog" default="deploy" basedir=".">
-
<!-- Give user a chance to override without editing this file or typing -D -->
<property file="${basedir}/build.properties" />
@@ -202,6 +201,7 @@
<include name="application.xml" />
<include name="jboss-app.xml" />
<include name="jbossblog.taglib.xml" />
+ <include name="security.drl" />
</fileset>
</copy>
</target>
Added: trunk/resources/META-INF/security.drl
===================================================================
--- trunk/resources/META-INF/security.drl (rev 0)
+++ trunk/resources/META-INF/security.drl 2008-02-25 18:27:57 UTC (rev 218)
@@ -0,0 +1,35 @@
+package FeedsPermissions;
+
+import org.jboss.seam.security.PermissionCheck;
+import org.jboss.seam.security.Role;
+
+import org.jboss.blog.model.feed.Feed;
+import org.jboss.blog.model.Group;
+import org.jboss.blog.model.security.FeedsSecurityRole;
+import org.jboss.blog.session.security.FeedsCombinedRole;
+
+rule CanDoAnything
+when
+ c: PermissionCheck()
+ FeedsCombinedRole(role == FeedsSecurityRole.ADMIN)
+then
+ c.grant();
+end;
+
+rule CanEditFeed
+when
+ c: PermissionCheck(name == "feed", action == "edit") and
+ (
+ FeedsCombinedRole(role == FeedsSecurityRole.ADMIN) or
+ (
+ feed : Feed() and
+ FeedsCombinedRole(role == FeedsSecurityRole.FEED_ADMIN, id == feed.id)
+ ) or
+ (
+ group : Group() and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN, id == group.id)
+ )
+ )
+then
+ c.grant();
+end;
\ No newline at end of file
Modified: trunk/resources/WEB-INF/components.xml
===================================================================
--- trunk/resources/WEB-INF/components.xml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/resources/WEB-INF/components.xml 2008-02-25 18:27:57 UTC (rev 218)
@@ -30,10 +30,17 @@
auto-create="true"
persistence-unit-jndi-name="java:/blogEntityManagerFactory"/>
- <security:identity authenticate-method="#{authenticator.authenticate}" />
+ <security:identity authenticate-method="#{authenticator.authenticate}"
+ security-rules="#{securityRules}" />
<async:thread-pool-dispatcher />
+ <drools:rule-base name="securityRules">
+ <drools:rule-files>
+ <value>/META-INF/security.drl</value>
+ </drools:rule-files>
+ </drools:rule-base>
+
<event type="org.jboss.seam.notLoggedIn">
<action execute="#{redirect.captureCurrentView}"/>
</event>
Modified: trunk/resources/WEB-INF/pages.xml
===================================================================
--- trunk/resources/WEB-INF/pages.xml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/resources/WEB-INF/pages.xml 2008-02-25 18:27:57 UTC (rev 218)
@@ -40,6 +40,10 @@
<action execute="#{postSearch.search}" />
</page>
+ <!-- Manage main -->
+
+ <page view-id="/manage/index.xhtml" />
+
<!-- Manage feeds -->
<page view-id="/manage/feed_add.xhtml" conversation-required="true">
@@ -252,7 +256,7 @@
</navigation>
</page>
- <!-- Manage -->
+ <!-- Manage updates -->
<page view-id="/manage/update_manager.xhtml" />
@@ -284,7 +288,7 @@
</exception>
<exception class="org.jboss.seam.security.NotLoggedInException">
- <redirect view-id="/login.xhtml">
+ <redirect view-id="/security/login.xhtml">
<message>Please log in first</message>
</redirect>
</exception>
Deleted: trunk/resources/security.drl
===================================================================
--- trunk/resources/security.drl 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/resources/security.drl 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,6 +0,0 @@
-package Permissions;
-
-import java.security.Principal;
-
-import org.jboss.seam.security.PermissionCheck;
-import org.jboss.seam.security.Role;
\ No newline at end of file
Modified: trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -4,7 +4,6 @@
import org.jboss.blog.model.feed.Feed;
import org.jboss.blog.model.Group;
import org.jboss.blog.model.post.PostFilter;
-import org.jboss.blog.service.FeedsService;
import org.jboss.blog.service.GroupsService;
import org.jboss.blog.session.feed.InvalidFeedTypeException;
import org.jboss.blog.model.post.filter.AndFilter;
@@ -13,6 +12,7 @@
import org.jboss.seam.core.Events;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.annotations.*;
+import org.jboss.seam.annotations.security.Restrict;
import javax.faces.application.FacesMessage;
import javax.persistence.EntityManager;
@@ -32,9 +32,6 @@
private EntityManager entityManager;
@In
- private FeedsService feedsService;
-
- @In
private FacesMessages facesMessages;
@In
@@ -202,10 +199,12 @@
getAggregatedFeed().setGlobalFilter(new AndFilter(globalFilters));
}
+ @Restrict("#{identity.hasPermission('feed', 'add', aggregatedFeedMod.feed, aggregatedFeedMod.feed.group)}")
public void saveNew() {
save();
}
+ @Restrict("#{identity.hasPermission('feed', 'edit', aggregatedFeedMod.feed, aggregatedFeedMod.feed.group)}")
public void saveExisting() {
save();
entityManager.flush();
Modified: trunk/src/action/org/jboss/blog/session/feed/mod/FeedModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/feed/mod/FeedModBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/feed/mod/FeedModBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -14,6 +14,7 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import javax.faces.application.FacesMessage;
@@ -83,6 +84,7 @@
facesMessages.addFromResourceBundle(FacesMessage.SEVERITY_INFO, "blog.feed.proposed", getFeed().getName());
}
+ @Restrict("#{identity.hasPermission('feed', 'add', feedMod.feed.group)}")
public void saveNew() {
Lock feedLock = feedsLocks.getLockForFeed(feed.getName());
feedLock.lock();
@@ -103,6 +105,7 @@
Events.instance().raiseEvent("org.jboss.blog.feed.added", getFeed().getName());
}
+ @Restrict("#{identity.hasPermission('feed', 'edit', feedMod.feed, feedMod.feed.group)}")
public void saveExisting() {
entityManager.flush();
@@ -111,6 +114,7 @@
Events.instance().raiseEvent("org.jboss.blog.feed.updated", getFeed().getName());
}
+ @Restrict("#{identity.hasPermission('feed', 'delete', feedMod.feed, feedMod.feed.group)}")
public void delete() {
entityManager.remove(getFeed());
Modified: trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -14,6 +14,7 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import org.hibernate.validator.ClassValidator;
import org.hibernate.validator.InvalidValue;
@@ -118,6 +119,7 @@
}
}
+ @Restrict("#{identity.hasPermission('feed', 'add', remoteFeedMod.feed.group)}")
public void saveNew() {
getRemoteFeed().setAuthor(parsedFeed.getAuthor());
getRemoteFeed().setDescription(parsedFeed.getDescription());
@@ -129,6 +131,7 @@
}
}
+ @Restrict("#{identity.hasPermission('feed', 'edit', remoteFeedMod.feed, remoteFeedMod.feed.group)}")
public void saveExisting() {
getRemoteFeed().setLink(parsedFeed.getLink());
@@ -140,6 +143,7 @@
Events.instance().raiseEvent("org.jboss.blog.feed.updated", getRemoteFeed().getName());
}
+ @Restrict("#{identity.hasPermission('feed', 'edit', remoteFeedMod.feed, remoteFeedMod.feed.group)}")
public void saveOnlyPostAuthorType() {
PostAuthorType newPostAuthorType = getRemoteFeed().getPostAuthorType();
Modified: trunk/src/action/org/jboss/blog/session/group/GroupModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/group/GroupModBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/group/GroupModBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -2,6 +2,7 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.blog.model.Group;
import org.jboss.blog.service.GroupsService;
@@ -37,6 +38,7 @@
this.group = group;
}
+ @Restrict("#{identity.hasPermission('group', 'add')}")
public void saveNew() {
entityManager.persist(group);
entityManager.flush();
@@ -45,6 +47,7 @@
group.getName());
}
+ @Restrict("#{identity.hasPermission('group', 'edit', groupMod.group)}")
public void saveExisting() {
entityManager.flush();
@@ -52,6 +55,7 @@
group.getName());
}
+ @Restrict("#{identity.hasPermission('group', 'delete', groupMod.group)}")
public void delete() {
if ((groupsService.acceptedFeeds(group).size() > 0) || (groupsService.unacceptedFeeds(group).size() > 0)) {
facesMessages.addFromResourceBundle(FacesMessage.SEVERITY_INFO, "blog.group.cannotdelete",
Modified: trunk/src/action/org/jboss/blog/session/security/Authenticator.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/Authenticator.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/Authenticator.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -4,26 +4,27 @@
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
-import org.jboss.seam.security.Identity;
-import org.jboss.blog.model.security.SecurityRoles;
+import org.jboss.blog.model.security.FeedsSecurityRole;
@Name("authenticator")
public class Authenticator {
- @Logger Log log;
+ @Logger
+ private Log log;
- @In Identity identity;
+ @In
+ private FeedsIdentity identity;
public boolean authenticate() {
log.info("authenticating #0", identity.getUsername());
if ("admin".equals(identity.getUsername())) {
- identity.addRole(SecurityRoles.ADMIN.toString());
+ identity.addFeedsRole(FeedsSecurityRole.ADMIN);
}
if ("bobs_group".equals(identity.getUsername())) {
- identity.addRole(SecurityRoles.GROUP_ADMIN + "/bobs_group");
+ identity.addFeedsRole(FeedsSecurityRole.GROUP_ADMIN, 6);
}
if ("sacha".equals(identity.getUsername())) {
- identity.addRole(SecurityRoles.FEED_ADMIN + "/bobs_group/sacha");
+ identity.addFeedsRole(FeedsSecurityRole.FEED_ADMIN, 34);
}
return true;
Deleted: trunk/src/action/org/jboss/blog/session/security/DummySecurityManager.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/DummySecurityManager.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/DummySecurityManager.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,33 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.blog.model.Group;
-import org.jboss.blog.model.feed.Feed;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.ScopeType;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("securityManager")
- at Scope(ScopeType.STATELESS)
-//@Install(precedence = Install.MOCK)
- at Install(precedence = 15)
-public class DummySecurityManager extends SecurityManager {
- public boolean hasAdminRole() {
- return true;
- }
-
- public boolean hasGroupAdminRole(Group group) {
- return true;
- }
-
- public boolean hasAnyGroupAdminRole() {
- return true;
- }
-
- public boolean hasFeedAdminRole(Feed feed) {
- return true;
- }
-}
Added: trunk/src/action/org/jboss/blog/session/security/FeedsCombinedRole.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/FeedsCombinedRole.java (rev 0)
+++ trunk/src/action/org/jboss/blog/session/security/FeedsCombinedRole.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -0,0 +1,43 @@
+package org.jboss.blog.session.security;
+
+import org.jboss.blog.model.security.FeedsSecurityRole;
+
+/**
+ * @author <a href="mailto:adam at warski.org">Adam Warski</a>
+ */
+public class FeedsCombinedRole {
+ private FeedsSecurityRole role;
+ private Integer id;
+
+ public FeedsCombinedRole(FeedsSecurityRole role, Integer id) {
+ this.role = role;
+ this.id = id;
+ }
+
+ public FeedsSecurityRole getRole() {
+ return role;
+ }
+
+ public Integer getId() {
+ return id;
+ }
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (!(o instanceof FeedsCombinedRole)) return false;
+
+ FeedsCombinedRole that = (FeedsCombinedRole) o;
+
+ if (id != null ? !id.equals(that.id) : that.id != null) return false;
+ if (role != that.role) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ int result;
+ result = (role != null ? role.hashCode() : 0);
+ result = 31 * result + (id != null ? id.hashCode() : 0);
+ return result;
+ }
+}
Added: trunk/src/action/org/jboss/blog/session/security/FeedsIdentity.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/FeedsIdentity.java (rev 0)
+++ trunk/src/action/org/jboss/blog/session/security/FeedsIdentity.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -0,0 +1,66 @@
+package org.jboss.blog.session.security;
+
+import org.jboss.seam.security.RuleBasedIdentity;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Startup;
+import static org.jboss.seam.annotations.Install.APPLICATION;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import static org.jboss.seam.ScopeType.SESSION;
+import org.jboss.blog.model.security.FeedsSecurityRole;
+import org.drools.StatefulSession;
+import org.drools.FactHandle;
+import org.drools.base.ClassObjectFilter;
+
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:adam at warski.org">Adam Warski</a>
+ */
+ at Name("org.jboss.seam.security.identity")
+ at Scope(SESSION)
+ at BypassInterceptors
+ at Install(precedence = APPLICATION)
+ at Startup
+public class FeedsIdentity extends RuleBasedIdentity {
+ public boolean addFeedsRole(FeedsSecurityRole role) {
+ return addFeedsRole(role, null);
+ }
+
+ public boolean addFeedsRole(FeedsSecurityRole role, Integer id) {
+ StatefulSession securityContext = getSecurityContext();
+
+ if (securityContext != null) {
+ getSecurityContext().insert(new FeedsCombinedRole(role, id));
+ getSecurityContext().fireAllRules();
+ return true;
+ }
+
+ return false;
+ }
+
+ public void removeFeedsRole(FeedsSecurityRole role) {
+ removeFeedsRole(role, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ public void removeFeedsRole(FeedsSecurityRole role, Integer id) {
+ StatefulSession securityContext = getSecurityContext();
+
+ FeedsCombinedRole fcr = new FeedsCombinedRole(role, id);
+
+ if (securityContext != null) {
+ Iterator<FeedsCombinedRole> iter = securityContext.iterateObjects(
+ new ClassObjectFilter(FeedsCombinedRole.class));
+ while (iter.hasNext()) {
+ FeedsCombinedRole r = iter.next();
+ if (r.equals(fcr)) {
+ FactHandle fh = getSecurityContext().getFactHandle(r);
+ getSecurityContext().retract(fh);
+ break;
+ }
+ }
+ }
+ }
+}
Deleted: trunk/src/action/org/jboss/blog/session/security/FeedsSecurity.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/FeedsSecurity.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/FeedsSecurity.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,34 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.In;
-import org.jboss.seam.ScopeType;
-import org.jboss.blog.model.feed.Feed;
-import org.jboss.blog.model.Group;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("feedsSecurity")
- at Scope(ScopeType.STATELESS)
-public class FeedsSecurity {
- @In
- private SecurityManager securityManager;
-
- public boolean canAddFeed() {
- return securityManager.hasAnyGroupAdminRole();
- }
-
- public boolean canAddFeed(Group group) {
- return securityManager.hasGroupAdminRole(group);
- }
-
- public boolean canDeleteFeed(Feed feed) {
- return securityManager.hasAdminRole();
- }
-
- public boolean canEditFeed(Feed feed) {
- return securityManager.hasFeedAdminRole(feed);
- }
-}
Deleted: trunk/src/action/org/jboss/blog/session/security/GlobalSecurity.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/GlobalSecurity.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/GlobalSecurity.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,20 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.In;
-import org.jboss.seam.ScopeType;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("globalSecurity")
- at Scope(ScopeType.STATELESS)
-public class GlobalSecurity {
- @In
- private SecurityManager securityManager;
-
- public boolean canAdministrate() {
- return securityManager.hasAdminRole();
- }
-}
Deleted: trunk/src/action/org/jboss/blog/session/security/GroupsSecurity.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/GroupsSecurity.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/GroupsSecurity.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,34 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.In;
-import org.jboss.seam.ScopeType;
-import org.jboss.seam.security.Identity;
-import org.jboss.blog.model.Group;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("groupsSecurity")
- at Scope(ScopeType.STATELESS)
-public class GroupsSecurity {
- @In
- private SecurityManager securityManager;
-
- public boolean canAddGroup() {
- return securityManager.hasAnyGroupAdminRole();
- }
-
- public boolean canDeleteGroup(Group group) {
- return securityManager.hasAdminRole();
- }
-
- public boolean canEditGroup(Group group) {
- return securityManager.hasAdminRole();
- }
-
- public boolean canEditGroupSecurity(Group group) {
- return securityManager.hasGroupAdminRole(group);
- }
-}
Deleted: trunk/src/action/org/jboss/blog/session/security/SecurityManager.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/SecurityManager.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/SecurityManager.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,51 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.In;
-import org.jboss.seam.ScopeType;
-import org.jboss.seam.security.Identity;
-import org.jboss.blog.model.Group;
-import org.jboss.blog.model.security.SecurityRoles;
-import org.jboss.blog.model.feed.Feed;
-import org.jboss.blog.service.GroupsService;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("securityManager")
- at Scope(ScopeType.STATELESS)
-public class SecurityManager {
- @In
- private Identity identity;
-
- @In
- private GroupsService groupsService;
-
- public boolean hasAdminRole() {
- return identity.hasRole(SecurityRoles.ADMIN.toString());
- }
-
- public boolean hasGroupAdminRole(Group group) {
- return identity.hasRole(SecurityRoles.GROUP_ADMIN + "/" + group.getName()) || hasAdminRole();
- }
-
- public boolean hasAnyGroupAdminRole() {
- if (hasAdminRole()) {
- return true;
- }
-
- for (Group group : groupsService.getAllGroups()) {
- if (identity.hasRole(SecurityRoles.GROUP_ADMIN + "/" + group.getName())) {
- return true;
- }
- }
-
- return false;
- }
-
- public boolean hasFeedAdminRole(Feed feed) {
- return identity.hasRole(SecurityRoles.FEED_ADMIN + "/" + feed.getGroup().getName() + "/" + feed.getName()) ||
- hasGroupAdminRole(feed.getGroup());
- }
-}
Deleted: trunk/src/action/org/jboss/blog/session/security/TemplatesSecurity.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/security/TemplatesSecurity.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/security/TemplatesSecurity.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -1,29 +0,0 @@
-package org.jboss.blog.session.security;
-
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.In;
-import org.jboss.seam.ScopeType;
-import org.jboss.blog.model.Template;
-
-/**
- * @author <a href="mailto:adam at warski.org">Adam Warski</a>
- */
- at Name("templatesSecurity")
- at Scope(ScopeType.STATELESS)
-public class TemplatesSecurity {
- @In
- private SecurityManager securityManager;
-
- public boolean canAddTemplate() {
- return securityManager.hasAdminRole();
- }
-
- public boolean canDeleteTemplate(Template template) {
- return securityManager.hasAdminRole();
- }
-
- public boolean canEditTemplate(Template template) {
- return securityManager.hasAdminRole();
- }
-}
Modified: trunk/src/action/org/jboss/blog/session/view/FeedViewBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/view/FeedViewBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/view/FeedViewBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -12,6 +12,7 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.security.Restrict;
import javax.faces.application.FacesMessage;
import java.util.List;
@@ -79,6 +80,7 @@
* Remove in the future!
* @Deprecated
*/
+ @Restrict("#{identity.hasPermission('admin', null)}")
public void fixHtml() {
for (Group group : groupsService.getAllGroups()) {
for (Feed feed : groupsService.acceptedFeeds(group)) {
@@ -88,22 +90,4 @@
}
}
}
-
- @In
- private FacesMessages facesMessages;
-
- // TODO: remove
- public void showInfos() {
- facesMessages.add(FacesMessage.SEVERITY_INFO, "This is message 1.");
- facesMessages.add(FacesMessage.SEVERITY_INFO, "That's a info message that is longer, saying something quite " +
- "important to the user.");
- facesMessages.add(FacesMessage.SEVERITY_INFO, "And finally the last message, number 3.");
- }
-
- // TODO: remove
- public void showWarns() {
- facesMessages.add(FacesMessage.SEVERITY_WARN, "This is message 1.");
- facesMessages.add(FacesMessage.SEVERITY_WARN, "That's a warning message that is longer, saying that the user " +
- "has followed a wrong path in his life (2).");
- }
}
Modified: trunk/src/action/org/jboss/blog/session/view/PostViewBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/view/PostViewBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/view/PostViewBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -3,6 +3,7 @@
import org.jboss.blog.model.Post;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.core.Events;
@@ -32,6 +33,7 @@
}
// TODO: the delete method shouldn't be here
+ @Restrict("#{identity.hasPermission('post', 'delete', postView.post, postView.post.feed, postView.post.feed.group)}")
public void delete() {
entityManager.remove(entityManager.merge(post));
Modified: trunk/src/action/org/jboss/blog/session/xml/velocity/TemplateModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/xml/velocity/TemplateModBean.java 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/src/action/org/jboss/blog/session/xml/velocity/TemplateModBean.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -3,6 +3,7 @@
import org.jboss.blog.model.Template;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import javax.persistence.EntityManager;
@@ -33,6 +34,7 @@
this.template = template;
}
+ @Restrict("#{identity.hasPermission('template', 'add')}")
public void saveNew() {
entityManager.persist(template);
entityManager.flush();
@@ -41,6 +43,7 @@
template.getType());
}
+ @Restrict("#{identity.hasPermission('template', 'edit', templateMod.template)}")
public void saveExisting() {
entityManager.flush();
@@ -48,6 +51,7 @@
template.getType());
}
+ @Restrict("#{identity.hasPermission('template', 'delete', templateMod.template)}")
public void delete() {
entityManager.remove(template);
Copied: trunk/src/model/org/jboss/blog/model/security/FeedsSecurityRole.java (from rev 216, trunk/src/model/org/jboss/blog/model/security/SecurityRoles.java)
===================================================================
--- trunk/src/model/org/jboss/blog/model/security/FeedsSecurityRole.java (rev 0)
+++ trunk/src/model/org/jboss/blog/model/security/FeedsSecurityRole.java 2008-02-25 18:27:57 UTC (rev 218)
@@ -0,0 +1,10 @@
+package org.jboss.blog.model.security;
+
+/**
+ * @author <a href="mailto:adam at warski.org">Adam Warski</a>
+ */
+public enum FeedsSecurityRole {
+ ADMIN,
+ GROUP_ADMIN,
+ FEED_ADMIN
+}
Modified: trunk/view/home.xhtml
===================================================================
--- trunk/view/home.xhtml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/view/home.xhtml 2008-02-25 18:27:57 UTC (rev 218)
@@ -23,12 +23,6 @@
<h3 class="head3">Select a feed to view:</h3>
- <p>
- For James and Cheyenne only: <br />
- <s:link action="#{feedView.showInfos}" value="Show 3 information messages!" /> <br />
- <s:link action="#{feedView.showWarns}" value="Show 2 warning messages!" />
- </p>
-
<table cellspacing="5" class="deftable" width="75%">
<ui:repeat var="group" value="#{groupsService.allGroups}">
<s:fragment rendered="#{groupsService.acceptedFeeds(group).size() > 0}">
Modified: trunk/view/layout/menu.xhtml
===================================================================
--- trunk/view/layout/menu.xhtml 2008-02-25 09:47:41 UTC (rev 217)
+++ trunk/view/layout/menu.xhtml 2008-02-25 18:27:57 UTC (rev 218)
@@ -15,7 +15,15 @@
<div id='utilitynav'>
<h:form styleClass="nomargin" id="TopSearch">
<ul>
- <li><s:link view="/security/login.xhtml" value="Login" />  |  </li>
+ <li>
+ <s:fragment rendered="#{!identity.loggedIn}">
+ <s:link view="/security/login.xhtml" value="Login" />  |  
+ </s:fragment>
+ <s:fragment rendered="#{identity.loggedIn}">
+ #{identity.username}   |  
+ <s:link action="#{identity.logout}" value="Logout" />  |  
+ </s:fragment>
+ </li>
<li><a href="https://www.redhat.com/apps/store/jboss/">Subscribe</a>  |  </li>
<li><a href="http://www.jboss.com/index.html?op=checkage&module=user">Register</a>  |  </li>
<li>
More information about the jboss-cvs-commits
mailing list