[jboss-svn-commits] JBL Code SVN: r32991 - in labs/jbossrules/trunk/drools-guvnor/src/main/java/org: drools/guvnor/client/common and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri May 21 01:02:45 EDT 2010
Author: jervisliu
Date: 2010-05-21 01:02:44 -0400 (Fri, 21 May 2010)
New Revision: 32991
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/admin/PermissionViewer.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/common/RulePackageSelector.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
Log:
GUVNOR-539: Authorization problem: can not assign package access for global package
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/admin/PermissionViewer.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/admin/PermissionViewer.java 2010-05-20 22:40:44 UTC (rev 32990)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/admin/PermissionViewer.java 2010-05-21 05:02:44 UTC (rev 32991)
@@ -394,7 +394,7 @@
});
pop.addAttribute(constants.SelectCategoryToProvidePermissionFor(), cat);
} else if (sel.startsWith("package")) {
- final RulePackageSelector rps = new RulePackageSelector();
+ final RulePackageSelector rps = new RulePackageSelector(true);
com.google.gwt.user.client.ui.Button ok = new com.google.gwt.user.client.ui.Button(constants.OK());
ok.addClickListener(new ClickListener() {
public void onClick(Widget w) {
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/common/RulePackageSelector.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/common/RulePackageSelector.java 2010-05-20 22:40:44 UTC (rev 32990)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/client/common/RulePackageSelector.java 2010-05-21 05:02:44 UTC (rev 32991)
@@ -38,9 +38,16 @@
public static String currentlySelectedPackage;
private ListBox packageList;
+ private boolean loadGlobalArea = false;
public RulePackageSelector() {
+ this(false);
+ }
+
+ public RulePackageSelector(boolean loadGlobalArea) {
+ this.loadGlobalArea = loadGlobalArea;
+
packageList = new ListBox();
DeferredCommand.addCommand(new Command() {
@@ -50,7 +57,7 @@
});
initWidget( packageList );
- }
+ }
private void loadPackageList() {
RepositoryServiceFactory.getService().listPackages( new GenericCallback<PackageConfigData[]>() {
@@ -63,6 +70,11 @@
packageList.setSelectedIndex( i );
}
}
+
+ if(loadGlobalArea) {
+ packageList.addItem( "globalArea", "nouuidavailable" );
+ }
+
packageList.addChangeListener(new ChangeListener() {
public void onChange(Widget sender) {
currentlySelectedPackage = getSelectedPackage();
@@ -79,10 +91,4 @@
return packageList.getItemText( packageList.getSelectedIndex() );
}
- /**
- * Returns the selected package.
- */
- public String getSelectedPackageUUID() {
- return packageList.getValue( packageList.getSelectedIndex() );
- }
}
\ No newline at end of file
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2010-05-20 22:40:44 UTC (rev 32990)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java 2010-05-21 05:02:44 UTC (rev 32991)
@@ -6,6 +6,7 @@
import java.util.List;
import java.util.Set;
+import org.apache.log4j.Logger;
import org.drools.guvnor.server.ServiceImplementation;
import org.drools.guvnor.server.security.AdminType;
import org.drools.guvnor.server.security.CategoryPathType;
@@ -15,6 +16,7 @@
import org.drools.guvnor.server.security.RoleBasedPermissionManager;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.security.WebDavPackageNameType;
+import org.drools.guvnor.server.util.LoggingHelper;
import org.drools.repository.RulesRepositoryException;
import org.jboss.seam.Component;
import org.jboss.seam.annotations.Create;
@@ -54,6 +56,7 @@
implements
PermissionResolver,
Serializable {
+ private static final Logger log = LoggingHelper.getLogger(RoleBasedPermissionResolver.class);
private boolean enableRoleBasedAuthorization = false;
@@ -79,7 +82,8 @@
public boolean hasPermission(Object requestedObject,
String requestedPermission) {
if ( !((requestedObject instanceof CategoryPathType) || (requestedObject instanceof PackageNameType) || (requestedObject instanceof WebDavPackageNameType) || (requestedObject instanceof AdminType) || (requestedObject instanceof PackageUUIDType)) ) {
- return false;
+ log.debug("Requested permission is not an instance of CategoryPathType|PackageNameType|WebDavPackageNameType|AdminType|PackageUUIDType");
+ return false;
}
if ( !enableRoleBasedAuthorization ) {
@@ -89,11 +93,11 @@
RoleBasedPermissionManager permManager = (RoleBasedPermissionManager) Component.getInstance( "roleBasedPermissionManager" );
List<RoleBasedPermission> permissions = permManager.getRoleBasedPermission();
- if ( RoleTypes.ADMIN.equals( requestedPermission ) ) {
- return hasAdminPermission( permissions );
- } else if ( hasAdminPermission( permissions ) ) {
+ if ( hasAdminPermission( permissions ) ) {
//admin can do everything,no need for further checks.
return true;
+ } else if ( RoleTypes.ADMIN.equals( requestedPermission ) ) {
+ return hasAdminPermission( permissions );
}
if ( requestedObject instanceof CategoryPathType ) {
@@ -105,13 +109,19 @@
if ( p.getCategoryPath().equals( requestedPath ) ) return true;
if ( isSubPath( requestedPath,
p.getCategoryPath() ) ) {
+ log.debug("Requested permission: " + requestedPermType + ", Requested object: "
+ + requestedPath + " , Permission granted: Yes");
return true;
} else if ( isSubPath( p.getCategoryPath(),
requestedPath ) ) {
+ log.debug("Requested permission: " + requestedPermType + ", Requested object: "
+ + requestedPath + " , Permission granted: Yes");
return true;
}
}
}
+ log.debug("Requested permission: " + requestedPermType + ", Requested object: "
+ + requestedPath + " , Permission granted: No");
return false;
} else {
for ( RoleBasedPermission pbp : permissions ) {
@@ -122,12 +132,16 @@
if ( requestedPermType.equals( pbp.getRole() ) || (requestedPermType.equals( RoleTypes.ANALYST_READ ) && pbp.getRole().equals( RoleTypes.ANALYST )) ) {
if ( isPermittedCategoryPath( requestedPath,
pbp.getCategoryPath() ) ) {
+ log.debug("Requested permission: " + requestedPermType + ", Requested object: "
+ + requestedPath + " , Permission granted: Yes");
return true;
}
}
}
}
+ log.debug("Requested permission: " + requestedPermType + ", Requested object: "
+ + requestedPath + " , Permission granted: No");
return false;
}
} else {
@@ -148,10 +162,14 @@
for ( RoleBasedPermission pbp : permissions ) {
if ( targetName.equalsIgnoreCase( pbp.getPackageName() ) && isPermittedPackage( requestedPermission,
pbp.getRole() ) ) {
+ log.debug("Requested permission: " + requestedPermission + ", Requested object: "
+ + targetName + " , Permission granted: Yes");
return true;
}
}
+ log.debug("Requested permission: " + requestedPermission + ", Requested object: "
+ + targetName + " , Permission granted: No");
return false;
}
}
@@ -159,9 +177,11 @@
private boolean hasAdminPermission(List<RoleBasedPermission> permissions) {
for ( RoleBasedPermission p : permissions ) {
if ( RoleTypes.ADMIN.equalsIgnoreCase( p.getRole() ) ) {
+ log.debug("Requested permission: unknown, Permission granted: Yes");
return true;
}
}
+ log.debug("Requested permission: admin, Permission granted: No");
return false;
}
More information about the jboss-svn-commits
mailing list