[seam-commits] Seam SVN: r7822 - in trunk/src/main/org/jboss/seam/security/management: action and 1 other directory.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Mon Apr 7 06:04:31 EDT 2008


Author: shane.bryzak at jboss.com
Date: 2008-04-07 06:04:31 -0400 (Mon, 07 Apr 2008)
New Revision: 7822

Modified:
   trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
   trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
   trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
   trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java
Log:
finer grained management permissions, minor

Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java	2008-04-07 08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java	2008-04-07 10:04:31 UTC (rev 7822)
@@ -30,7 +30,8 @@
 @BypassInterceptors
 public class IdentityManager implements Serializable
 {
-   public static final String ACCOUNT_PERMISSION_NAME = "seam.account";
+   public static final String USER_PERMISSION_NAME = "seam.user";
+   public static final String ROLE_PERMISSION_NAME = "seam.role";
    
    public static final String PERMISSION_CREATE = "create";
    public static final String PERMISSION_READ = "read";
@@ -93,67 +94,79 @@
 
    public boolean createUser(String name, String password, String firstname, String lastname)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_CREATE);
       return identityStore.createUser(name, password, firstname, lastname); 
    }   
    
    public boolean deleteUser(String name)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_DELETE);
       return identityStore.deleteUser(name);
    }
    
    public boolean enableUser(String name)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
       return identityStore.enableUser(name);
    }
    
    public boolean disableUser(String name)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
       return identityStore.disableUser(name);
    }
    
    public boolean changePassword(String name, String password)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
       return identityStore.changePassword(name, password);
    }
    
    public boolean isUserEnabled(String name)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
       return identityStore.isUserEnabled(name);
    }
    
    public boolean grantRole(String name, String role)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
       return roleIdentityStore.grantRole(name, role);
    }
    
    public boolean revokeRole(String name, String role)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
       return roleIdentityStore.revokeRole(name, role);
    }
    
    public boolean createRole(String role)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+      Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_CREATE);
       return roleIdentityStore.createRole(role);
    }
    
    public boolean deleteRole(String role)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+      Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_DELETE);
       return roleIdentityStore.deleteRole(role);
    }
    
+   public boolean addRoleToGroup(String role, String group)
+   {
+      Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
+      return roleIdentityStore.addRoleToGroup(role, group);
+   }
+   
+   public boolean removeRoleFromGroup(String role, String group)
+   {
+      Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
+      return roleIdentityStore.removeRoleFromGroup(role, group);      
+   }
+   
    public boolean userExists(String name)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
       return identityStore.userExists(name);
    }
    
@@ -164,7 +177,7 @@
    
    public List<String> listUsers()
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
       List<String> users = identityStore.listUsers();      
       
       Collections.sort(users, new Comparator<String>() {
@@ -178,7 +191,7 @@
    
    public List<String> listUsers(String filter)
    {
-      Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+      Identity.instance().checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
       List<String> users = identityStore.listUsers(filter);
       
       Collections.sort(users, new Comparator<String>() {
@@ -192,6 +205,7 @@
    
    public List<String> listRoles()
    {      
+      Identity.instance().checkPermission(ROLE_PERMISSION_NAME, PERMISSION_READ);
       List<String> roles = roleIdentityStore.listRoles();
       
       Collections.sort(roles, new Comparator<String>() {

Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java	2008-04-07 08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java	2008-04-07 10:04:31 UTC (rev 7822)
@@ -80,6 +80,8 @@
    boolean revokeRole(String name, String role);
    boolean deleteRole(String role);
    boolean roleExists(String name);   
+   boolean addRoleToGroup(String role, String group);
+   boolean removeRoleFromGroup(String role, String group);
 
    List<String> listUsers();
    List<String> listUsers(String filter);

Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java	2008-04-07 08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java	2008-04-07 10:04:31 UTC (rev 7822)
@@ -427,7 +427,7 @@
       mergeEntity(user);
       
       return true;
-   }
+   }   
    
    public boolean revokeRole(String username, String role)
    {
@@ -449,6 +449,59 @@
       return success;
    }
    
+   public boolean addRoleToGroup(String role, String group)
+   {
+      Object targetRole = lookupRole(role);
+      if (targetRole == null)
+      {
+         throw new NoSuchUserException("Could not add role to group, no such role '" + role + "'");
+      }
+      
+      Object targetGroup = lookupRole(group);
+      if (targetGroup == null)
+      {
+         throw new NoSuchRoleException("Could not grant role, group '" + group + "' does not exist");
+      }
+      
+      if (roleGroupsProperty != null)
+      {
+         Collection roleGroups = (Collection) roleGroupsProperty.getValue(targetRole); 
+         if (roleGroups == null)
+         {
+            // This should either be a Set, or a List...
+            if (Set.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
+            {
+               roleGroups = new HashSet();
+            }
+            else if (List.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
+            {
+               roleGroups = new ArrayList();
+            }
+            
+            roleGroupsProperty.setValue(targetRole, roleGroups);
+         }
+         else if (((Collection) roleGroupsProperty.getValue(targetRole)).contains(targetGroup))
+         {
+            return false;
+         }
+
+         ((Collection) roleGroupsProperty.getValue(targetRole)).add(targetGroup);
+         mergeEntity(targetRole);
+         
+         return true;
+      }
+      else
+      {
+         return false;
+      }
+   }
+
+   public boolean removeRoleFromGroup(String role, String group)
+   {
+      // TODO Auto-generated method stub
+      return false;
+   }      
+   
    public boolean createRole(String role)
    {
       try
@@ -804,5 +857,5 @@
    public void setEntityManager(ValueExpression expression)
    {
       this.entityManager = expression;
-   }         
+   }      
 }

Modified: trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java	2008-04-07 08:58:53 UTC (rev 7821)
+++ trunk/src/main/org/jboss/seam/security/management/action/RoleAction.java	2008-04-07 10:04:31 UTC (rev 7822)
@@ -54,7 +54,7 @@
       {
          for (String r : groups)
          {
-            identityManager.grantRole(role, r);
+            identityManager.addRoleToGroup(role, r);
          }
          
          Conversation.instance().end();
@@ -71,13 +71,13 @@
       {
          for (String r : grantedRoles)
          {
-            if (!groups.contains(r)) identityManager.revokeRole(role, r);
+            if (!groups.contains(r)) identityManager.removeRoleFromGroup(role, r);
          }
       }
       
       for (String r : groups)
       {
-         if (grantedRoles == null || !grantedRoles.contains(r)) identityManager.grantRole(role, r);
+         if (grantedRoles == null || !grantedRoles.contains(r)) identityManager.addRoleToGroup(role, r);
       }
                
       Conversation.instance().end();




More information about the seam-commits mailing list