[jboss-svn-commits] JBL Code SVN: r21618 - in labs/jbossrules/trunk/drools-guvnor/src: main/java/org/drools/guvnor/server/security and 2 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Aug 18 23:50:43 EDT 2008
Author: jervisliu
Date: 2008-08-18 23:50:43 -0400 (Mon, 18 Aug 2008)
New Revision: 21618
Added:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/AdminType.java
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java
Log:
fix for JBRULES-1742.
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-08-19 02:54:52 UTC (rev 21617)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-08-19 03:50:43 UTC (rev 21618)
@@ -84,6 +84,7 @@
import org.drools.guvnor.server.contenthandler.IRuleAsset;
import org.drools.guvnor.server.contenthandler.IValidating;
import org.drools.guvnor.server.contenthandler.ModelContentHandler;
+import org.drools.guvnor.server.security.AdminType;
import org.drools.guvnor.server.security.CategoryPathType;
import org.drools.guvnor.server.security.PackageNameType;
import org.drools.guvnor.server.security.PackageUUIDType;
@@ -178,7 +179,7 @@
public Boolean createCategory(String path, String name, String description) {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -240,7 +241,7 @@
public void deleteUncheckedRule(String uuid, String initialPackage) {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(initialPackage),
+ new AdminType(),
RoleTypes.PACKAGE_ADMIN);
}
@@ -719,7 +720,7 @@
throws SerializableException {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1178,7 +1179,7 @@
public void clearRulesRepository() {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1384,7 +1385,7 @@
throws SerializableException {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1498,7 +1499,7 @@
public void rebuildSnapshots() throws SerializableException {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1866,7 +1867,7 @@
public LogEntry[] showLog() {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1970,7 +1971,7 @@
public Map<String, List<String>> listUserPermissions() {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1981,7 +1982,7 @@
public Map<String, List<String>> retrieveUserPermissions(String userName) {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -1993,7 +1994,7 @@
Map<String, List<String>> perms) {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
@@ -2007,7 +2008,7 @@
public String[] listAvailablePermissionTypes() {
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
- new PackageNameType(null),
+ new AdminType(),
RoleTypes.ADMIN);
}
Added: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/AdminType.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/AdminType.java (rev 0)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/AdminType.java 2008-08-19 03:50:43 UTC (rev 21618)
@@ -0,0 +1,10 @@
+package org.drools.guvnor.server.security;
+
+
+/**
+ * This class is used to indicate this is a admin type
+ *
+ */
+public class AdminType {
+
+}
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java 2008-08-19 02:54:52 UTC (rev 21617)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java 2008-08-19 03:50:43 UTC (rev 21618)
@@ -30,6 +30,11 @@
Map<String, List<String>> perms = permissionManager
.retrieveUserPermissions(userName);
for (String roleType : perms.keySet()) {
+ if(RoleTypes.ADMIN.equals(roleType)) {
+ permissions.add(new RoleBasedPermission(userName, RoleTypes.ADMIN,
+ null, null));
+ }
+
List<String> permissionsPerRole = perms.get(roleType);
for (String permissionPerRole : permissionsPerRole) {
if (permissionPerRole.startsWith("package=")) {
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-08-19 02:54:52 UTC (rev 21617)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2008-08-19 03:50:43 UTC (rev 21618)
@@ -7,6 +7,7 @@
import java.util.Set;
import org.drools.guvnor.server.ServiceImplementation;
+import org.drools.guvnor.server.security.AdminType;
import org.drools.guvnor.server.security.CategoryPathType;
import org.drools.guvnor.server.security.PackageNameType;
import org.drools.guvnor.server.security.PackageUUIDType;
@@ -86,6 +87,7 @@
public boolean hasPermission(Object requestedObject, String requestedRole) {
if (!((requestedObject instanceof CategoryPathType)
|| (requestedObject instanceof PackageNameType)
+ || (requestedObject instanceof AdminType)
|| (requestedObject instanceof PackageUUIDType))) {
return false;
}
@@ -98,10 +100,11 @@
Component.getInstance("roleBasedPermissionManager");
List<RoleBasedPermission> permissions = permManager.getRoleBasedPermission();
- for (RoleBasedPermission p : permissions) {
- if (RoleTypes.ADMIN.equalsIgnoreCase(p.getRole())) {
- return true;
- }
+ if(RoleTypes.ADMIN.equals(requestedRole)) {
+ return hasAdminPermission(permissions);
+ } else if (hasAdminPermission(permissions)) {
+ //admin can do everything,no need for further checks.
+ return true;
}
if (requestedObject instanceof CategoryPathType) {
@@ -152,6 +155,15 @@
return false;
}
}
+
+ private boolean hasAdminPermission(List<RoleBasedPermission> permissions) {
+ for (RoleBasedPermission p : permissions) {
+ if (RoleTypes.ADMIN.equalsIgnoreCase(p.getRole())) {
+ return true;
+ }
+ }
+ return false;
+ }
private boolean isPermittedCategoryPath(String requestedPath, String allowedPath) {
if(requestedPath == null || allowedPath == null) {
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java 2008-08-19 02:54:52 UTC (rev 21617)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionStoreTest.java 2008-08-19 03:50:43 UTC (rev 21618)
@@ -40,10 +40,11 @@
store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package2Name", null));
store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package3Name", null));
store.addRoleBasedPermission("jervis", new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
- store.addRoleBasedPermission("john", new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
+ store.addRoleBasedPermission("john", new RoleBasedPermission("john", RoleTypes.ANALYST, null, "category2"));
+ store.addRoleBasedPermission("johnson", new RoleBasedPermission("johnson", RoleTypes.ADMIN, null, null));
+
List<RoleBasedPermission> perms = store.getRoleBasedPermissionsByUserName("jervis");
- assertTrue(perms.size() == 4);
-
+ assertTrue(perms.size() == 4);
List<RoleBasedPermission> expectedPerms = new ArrayList<RoleBasedPermission>();
expectedPerms.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "package1Name", null));
expectedPerms.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "package2Name", null));
@@ -66,6 +67,14 @@
perms = store.getRoleBasedPermissionsByUserName("john");
assertTrue(perms.size() == 1);
+ assertTrue(perms.get(0).getRole().equals(RoleTypes.ANALYST));
+ assertTrue(perms.get(0).getUserName().equals("john"));
+
+
+ perms = store.getRoleBasedPermissionsByUserName("johnson");
+ assertTrue(perms.size() == 1);
+ assertTrue(perms.get(0).getRole().equals(RoleTypes.ADMIN));
+ assertTrue(perms.get(0).getUserName().equals("johnson"));
}
private RoleBasedPermissionStore getStore() throws Exception {
More information about the jboss-svn-commits
mailing list