[jboss-svn-commits] JBL Code SVN: r24240 - in labs/jbossrules/trunk/drools-guvnor/src: test/java/org/drools/guvnor/server and 1 other directory.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Dec 4 09:01:00 EST 2008
Author: Rikkola
Date: 2008-12-04 09:01:00 -0500 (Thu, 04 Dec 2008)
New Revision: 24240
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
Log:
JBRULES-1851: analyst.readonly role is broken
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-12-04 12:57:09 UTC (rev 24239)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-12-04 14:01:00 UTC (rev 24240)
@@ -1085,31 +1085,38 @@
try {
RuleAsset ruleAsset = loadAsset(asset);
- // Check category permissions
- boolean passed = false;
- RuntimeException exception = null;
+ if (ruleAsset.metaData.categories.length == 0) {
+ Identity.instance().checkPermission(
+ new CategoryPathType(null),
+ RoleTypes.ANALYST_READ);
+ } else {
- for (String cat : ruleAsset.metaData.categories) {
- try {
- Identity.instance().checkPermission(
- new CategoryPathType(cat),
- RoleTypes.ANALYST);
- passed = true;
- } catch (RuntimeException e) {
- exception = e;
+ // Check category permissions
+ boolean passed = false;
+ RuntimeException exception = null;
+
+ for (String cat : ruleAsset.metaData.categories) {
+ try {
+ Identity.instance().checkPermission(
+ new CategoryPathType(cat),
+ RoleTypes.ANALYST);
+ passed = true;
+ } catch (RuntimeException e) {
+ exception = e;
+ }
}
+ if (!passed) {
+ throw exception;
+ }
}
- if (!passed) {
- throw exception;
- }
} catch (RulesRepositoryException e) {
// This was not a rule asset
} catch (SerializableException e) {
// This was not a rule asset
}
- }
- asset.updateState( newState );
+ asset.updateState(newState);
+ }
} else {
if ( Contexts.isSessionContextActive() ) {
Identity.instance().checkPermission( new PackageUUIDType( uuid ),
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-12-04 12:57:09 UTC (rev 24239)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-12-04 14:01:00 UTC (rev 24240)
@@ -369,85 +369,12 @@
fail("User has permissions for the category");
}
- // Check that asset is not read only with analyst.
- assertNotNull(asset);
- assertFalse(asset.isreadonly);
-
} finally {
Lifecycle.endApplication();
}
}
- public void testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnly()
- throws Exception {
- try {
- String category1 = "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyCat";
-
- ServiceImplementation impl = getService();
- PackageItem packageItem = impl.repository
- .createPackage(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyPack",
- "desc");
- String packageUuid = packageItem.getUUID();
- impl.createCategory("", category1, "this is a cat");
-
- String uuid = impl
- .createNewRule(
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnly",
- "description",
- category1,
- "testLoadRuleAssetWithRoleBasedAuthrozationAssetHasCategoryReadOnlyPack",
- AssetFormats.DRL);
-
- // Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
- resolver.setEnableRoleBasedAuthorization(true);
- midentity.addPermissionResolver(resolver);
-
- Contexts.getSessionContext().set(
- "org.jboss.seam.security.identity", midentity);
- Contexts.getSessionContext().set(
- "org.drools.guvnor.client.rpc.RepositoryService", impl);
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST_READ,
- null, category1));
- MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(
- pbps);
- Contexts
- .getSessionContext()
- .set(
- "org.drools.guvnor.server.security.RoleBasedPermissionStore",
- store);
-
- // Put permission list in session.
- RoleBasedPermissionManager testManager = new RoleBasedPermissionManager();
- testManager.create();
- Contexts.getSessionContext().set("roleBasedPermissionManager",
- testManager);
-
- // now lets see if we can access this asset with the permissions
- RuleAsset asset = null;
- try {
- asset = impl.loadRuleAsset(uuid);
- } catch (AuthorizationException e) {
- fail("User has permissions for the category");
- }
-
- // Check that asset is read only with analyst.readonly.
- assertNotNull(asset);
- assertTrue(asset.isreadonly);
-
- } finally {
- Lifecycle.endApplication();
- }
- }
-
//Access an asset that belongs to no category. The user role is analyst and package.admin.
//Because the analyst role the user has has no category access to the asset,
//the permission can not be granted even though the package.admin role has package access.
More information about the jboss-svn-commits
mailing list