[jboss-svn-commits] JBL Code SVN: r21074 - in labs/jbossrules/trunk/drools-guvnor/src: main/java/org/drools/guvnor/server/security and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Jul 16 22:43:54 EDT 2008
Author: jervisliu
Date: 2008-07-16 22:43:54 -0400 (Wed, 16 Jul 2008)
New Revision: 21074
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
Log:
Revised role types: now we have 5 types: ADMIN, ANALYST, PACKAGE_ADMIN, PACKAGE_DEVELOPER, PACKAGE_READONLY, what specific actions a role can perform can be found in RoleTypes.
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-17 01:28:50 UTC (rev 21073)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-17 02:43:54 UTC (rev 21074)
@@ -83,6 +83,7 @@
import org.drools.guvnor.server.contenthandler.IRuleAsset;
import org.drools.guvnor.server.contenthandler.IValidating;
import org.drools.guvnor.server.contenthandler.ModelContentHandler;
+import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.util.BRMSSuggestionCompletionLoader;
import org.drools.guvnor.server.util.LoggingHelper;
import org.drools.guvnor.server.util.MetaDataMapper;
@@ -192,7 +193,7 @@
String initialPackage,
String format) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin",
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN,
initialPackage);
}
@@ -226,7 +227,7 @@
@Restrict("#{identity.loggedIn}")
public void deleteUncheckedRule(String uuid, String initialPackage) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin",
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN,
initialPackage);
}
@@ -281,9 +282,9 @@
data.uuid = pkg.getUUID();
data.name = pkg.getName();
data.archived = pkg.isArchived();
- if (!archive && (filter == null || filter.accept(data, "package.readonly"))) {
+ if (!archive && (filter == null || filter.accept(data, RoleTypes.PACKAGE_READONLY))) {
result.add(data);
- } else if (archive && data.archived && (filter == null || filter.accept(data, "package.readonly"))) {
+ } else if (archive && data.archived && (filter == null || filter.accept(data, RoleTypes.PACKAGE_READONLY))) {
result.add(data);
}
}
@@ -358,7 +359,7 @@
asset.metaData = populateMetaData( item );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.readonly",
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_READONLY,
asset.metaData.packageName);
}
@@ -438,7 +439,7 @@
@Restrict("#{identity.loggedIn}")
public String checkinVersion(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.developer",
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER,
asset.metaData.packageName);
}
@@ -492,7 +493,7 @@
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.readonly", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_READONLY, item.getPackage().getUUID());
}
@@ -626,7 +627,7 @@
//the uuid passed in is the uuid of that deployment bundle, not the package uudi.
//we have to figure out the package name.
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.readonly", item.getName());
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_READONLY, item.getName());
}
PackageConfigData data = new PackageConfigData();
@@ -651,7 +652,7 @@
@Restrict("#{identity.loggedIn}")
public ValidatedResponse savePackage(PackageConfigData data) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.developer", data.uuid);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, data.uuid);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -824,7 +825,7 @@
String newPackage,
String comment) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.developer", newPackage);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, newPackage);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -839,7 +840,7 @@
String newPackage,
String newName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.developer", newPackage);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, newPackage);
}
return repository.copyAsset( assetUUID, newPackage, newName );
@@ -849,7 +850,7 @@
@Restrict("#{identity.loggedIn}")
public SnapshotInfo[] listSnapshots(String packageName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.developer", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageName);
}
String[] snaps = repository.listPackageSnapshots( packageName );
@@ -872,7 +873,7 @@
boolean replaceExisting,
String comment) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN, packageName);
}
log.info( "USER:" + repository.getSession().getUserID() +
@@ -896,7 +897,7 @@
boolean delete,
String newSnapshotName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN, packageName);
}
if (delete) {
@@ -940,7 +941,7 @@
break;
}
AssetItem item = (AssetItem) it.next();
- if (filter.accept(item, "package.readonly")) {
+ if (filter.accept(item, RoleTypes.PACKAGE_READONLY)) {
TableDataRow row = new TableDataRow();
row.id = item.getUUID();
String desc = item.getDescription() + "";
@@ -952,7 +953,7 @@
}
while (it.hasNext()) {
- if (filter.accept((AssetItem) it.next(), "package.readonly")) {
+ if (filter.accept((AssetItem) it.next(), RoleTypes.PACKAGE_READONLY)) {
TableDataRow empty = new TableDataRow();
empty.id = "MORE";
resultList.add(empty);
@@ -990,7 +991,7 @@
@Restrict("#{identity.loggedIn}")
public SuggestionCompletionEngine loadSuggestionCompletionEngine(String packageName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.readonly", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_READONLY, packageName);
}
try {
@@ -1008,7 +1009,7 @@
@Restrict("#{identity.loggedIn}")
public BuilderResult[] buildPackage(String packageUUID, String selectorConfigName, boolean force) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageUUID);
}
PackageItem item = repository.loadPackageByUUID( packageUUID );
return buildPackage(selectorConfigName, force, item);
@@ -1076,7 +1077,7 @@
@Restrict("#{identity.loggedIn}")
public String buildPackageSource(String packageUUID) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageUUID);
}
PackageItem item = repository.loadPackageByUUID( packageUUID );
@@ -1088,7 +1089,7 @@
@Restrict("#{identity.loggedIn}")
public String buildAssetSource(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", asset.metaData.packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, asset.metaData.packageName);
}
AssetItem item = repository.loadAssetByUUID( asset.uuid );
@@ -1117,7 +1118,7 @@
@Restrict("#{identity.loggedIn}")
public BuilderResult[] buildAsset(RuleAsset asset) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", asset.metaData.packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, asset.metaData.packageName);
}
try {
@@ -1187,7 +1188,7 @@
public String renameAsset(String uuid, String newName) {
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, item.getPackage().getUUID());
}
return repository.renameAsset( uuid, newName );
@@ -1200,7 +1201,7 @@
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, item.getPackage().getUUID());
}
item.archiveItem( value );
@@ -1221,7 +1222,7 @@
try {
AssetItem item = repository.loadAssetByUUID( uuid );
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", item.getPackage().getUUID());
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, item.getPackage().getUUID());
}
item.remove();
@@ -1237,7 +1238,7 @@
@Restrict("#{identity.loggedIn}")
public void removePackage(String uuid) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin", uuid);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN, uuid);
}
try {
PackageItem item = repository.loadPackageByUUID(uuid);
@@ -1253,7 +1254,7 @@
@Restrict("#{identity.loggedIn}")
public String renamePackage(String uuid, String newName) {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.admin", uuid);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_ADMIN, uuid);
}
return repository.renamePackage( uuid, newName );
@@ -1285,7 +1286,7 @@
@Restrict("#{identity.loggedIn}")
public String[] listRulesInPackage(String packageName) throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.readonly", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_READONLY, packageName);
}
PackageItem item = repository.loadPackage(packageName);
@@ -1316,7 +1317,7 @@
public ScenarioRunResult runScenario(String packageName, Scenario scenario)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.testonly", packageName);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageName);
}
PackageItem item = this.repository.loadPackage(packageName);
@@ -1421,7 +1422,7 @@
public BulkTestRunResult runScenariosInPackage(String packageUUID)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.testonly", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageUUID);
}
PackageItem item = repository.loadPackageByUUID(packageUUID);
@@ -1514,7 +1515,7 @@
public AnalysisReport analysePackage(String packageUUID)
throws SerializableException {
if (Contexts.isSessionContextActive()) {
- Identity.instance().checkPermission("ignoredanyway", "package.analyst", packageUUID);
+ Identity.instance().checkPermission("ignoredanyway", RoleTypes.PACKAGE_DEVELOPER, packageUUID);
}
String drl = this.buildPackageSource(packageUUID);
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-17 01:28:50 UTC (rev 21073)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-07-17 02:43:54 UTC (rev 21074)
@@ -99,30 +99,6 @@
} else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
return true;
}
- } else if (RoleTypes.PACKAGE_ANALYST.equalsIgnoreCase(role)) {
- if ("package.admin".equalsIgnoreCase(requestedAction)) {
- return false;
- } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
- return false;
- } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
- return true;
- } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
- return true;
- } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
- return true;
- }
- } else if (RoleTypes.PACKAGE_TESTONLY.equalsIgnoreCase(role)) {
- if ("package.admin".equalsIgnoreCase(requestedAction)) {
- return false;
- } else if ("package.developer".equalsIgnoreCase(requestedAction)) {
- return false;
- } else if ("package.analyst".equalsIgnoreCase(requestedAction)) {
- return false;
- } else if ("package.testonly".equalsIgnoreCase(requestedAction)) {
- return true;
- } else if ("package.readonly".equalsIgnoreCase(requestedAction)) {
- return true;
- }
} else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(role)) {
if ("package.admin".equalsIgnoreCase(requestedAction)) {
return false;
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-07-17 01:28:50 UTC (rev 21073)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleTypes.java 2008-07-17 02:43:54 UTC (rev 21074)
@@ -1,11 +1,26 @@
package org.drools.guvnor.server.security;
public class RoleTypes {
+ //Admin can do everything
public final static String ADMIN = "admin";
+
+ /*
+ * Analyst only see the "rules" view, and we specify what category paths they
+ * can see. They can't create anything, only edit rules, and run tests etc,
+ * but only things that are exposed to them via categories
+ */
+ public final static String ANALYST = "analyst";
+
+ //package.admin can do everything within this package
public final static String PACKAGE_ADMIN = "package.admin";
+
+ /*
+ * package.developer can do anything in that package but not snapshots. This
+ * includes creating a new package (in which case they inherit permissions
+ * for it).
+ */
public final static String PACKAGE_DEVELOPER = "package.developer";
- public final static String PACKAGE_ANALYST = "package.analyst";
- public final static String PACKAGE_TESTONLY = "package.testonly";
+
+ //Read only
public final static String PACKAGE_READONLY = "package.readonly";
-
}
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-07-17 01:28:50 UTC (rev 21073)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-07-17 02:43:54 UTC (rev 21074)
@@ -75,8 +75,6 @@
PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.admin"));
assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.developer"));
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.analyst"));
- assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.testonly"));
assertTrue(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
@@ -104,74 +102,13 @@
assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
Lifecycle.endApplication();
- }
-
- //Package.analyst: can read all contents. Can only edit/create files of "business" type,
- //can run tests, and edit tests.
- public void testPackageAnalyst() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
- pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_ANALYST));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
-
- assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
-
- Lifecycle.endApplication();
- }
-
- //Package.testonly: can create, run, edit, and delete tests only.
- public void testPackageTestonly() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<PackageBasedPermission> pbps = new ArrayList<PackageBasedPermission>();
- pbps.add(new PackageBasedPermission("47982482-7912-4881-97ec-e852494383d7", "jervis", RoleTypes.PACKAGE_TESTONLY));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
- assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
-
- assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
-
- Lifecycle.endApplication();
- }
-
+ }
+
//Package.readonly: read only as the name suggested
public void testPackageReadOnly() throws Exception {
//Mock up SEAM contexts
@@ -192,8 +129,6 @@
assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.admin"));
assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.developer"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.analyst"));
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.testonly"));
assertTrue(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", "package.readonly"));
assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", "package.readonly"));
More information about the jboss-svn-commits
mailing list