svn commit: r898579 - in /ofbiz/branches/executionconte
Locked
 
|
Author: adrianc
Date: Tue Jan 12 23:57:05 2010 New Revision: 898579 URL: http://svn.apache.org/viewvc?rev=898579&view=rev Log: Some more code reorganization. Added a method to the AccessController so artifacts other than the current one can be checked. Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java (with props) Removed: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java Modified: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java Modified: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java (original) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java Tue Jan 12 23:57:05 2010 @@ -23,6 +23,8 @@ import java.util.List; import java.util.ListIterator; +import org.ofbiz.api.context.ArtifactPath; + /** AccessController interface. This interface is intended to * separate the permissions-checking logic from the artifacts * that use it. @@ -41,6 +43,18 @@ */ public void checkPermission(Permission permission) throws AccessControlException; + /** Returns silently if the user has been granted <code>permission</code> + * access for the specified artifact, throws <code>AccessControlException</code> + * otherwise.<p>Client code can call this method when an artifact other + * than the current one needs to be checked. If access is granted the + * method returns, otherwise it throws an unchecked exception. + * Higher level code can catch the exception and handle it accordingly.</p> + * + * @param permission The permission to check + * @throws AccessControlException + */ + public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException; + /** Applies permission filters to a <code>List</code>. The * returned <code>List</code> is security-aware, so methods * that return an <code>Object</code> will return only the Modified: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java (original) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java Tue Jan 12 23:57:05 2010 @@ -32,8 +32,6 @@ public abstract class AbstractExecutionContext implements ExecutionContext { public static final String module = AbstractExecutionContext.class.getName(); - public static final String PATH_ROOT_NODE_NAME = "ofbiz"; - public static final String PATH_ELEMENT_SEPARATOR = "/"; protected final FastList<ExecutionArtifact> artifactStack = FastList.newInstance(); protected String currencyUom = null; @@ -68,9 +66,9 @@ } public String getExecutionPath() { - StringBuilder sb = new StringBuilder(PATH_ROOT_NODE_NAME); + StringBuilder sb = new StringBuilder(ArtifactPath.PATH_ROOT_NODE_NAME); for (ExecutionArtifact artifact : this.artifactStack) { - sb.append(PATH_ELEMENT_SEPARATOR); + sb.append(ArtifactPath.PATH_ELEMENT_SEPARATOR); sb.append(artifact.getName()); } return sb.toString(); @@ -78,11 +76,11 @@ public String[] getExecutionPathAsArray() { FastList<String> elementList = FastList.newInstance(); - elementList.add(PATH_ROOT_NODE_NAME); + elementList.add(ArtifactPath.PATH_ROOT_NODE_NAME); for (ExecutionArtifact artifact : this.artifactStack) { String artifactName = artifact.getName(); - if (artifactName.contains(PATH_ELEMENT_SEPARATOR)) { - String[] strArray = artifactName.split(PATH_ELEMENT_SEPARATOR); + if (artifactName.contains(ArtifactPath.PATH_ELEMENT_SEPARATOR)) { + String[] strArray = artifactName.split(ArtifactPath.PATH_ELEMENT_SEPARATOR); for (int i = 0; i < strArray.length; i++) { elementList.add(strArray[i]); } Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java?rev=898579&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java Tue Jan 12 23:57:05 2010 @@ -0,0 +1,104 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.context; + +import java.util.Iterator; +import java.util.NoSuchElementException; + +import javolution.text.TextBuilder; +import javolution.util.FastList; + +/** Artifact path class. */ +public class ArtifactPath implements Iterator<String> { + + public static final String PATH_ROOT_NODE_NAME = "ofbiz"; + public static final String PATH_ELEMENT_SEPARATOR = "/"; + public static final ArtifactPath PATH_ROOT = new ArtifactPath(PATH_ROOT_NODE_NAME); + + protected int currentIndex = 0; + protected final String[] pathElementArray; + protected FastList<Integer> stack = null; + protected final TextBuilder stringBuilder = TextBuilder.newInstance(); + + public ArtifactPath(String artifactPath) { + this.pathElementArray = artifactPath.split(PATH_ELEMENT_SEPARATOR); + } + + public ArtifactPath(String[] pathElementArray) { + this.pathElementArray = pathElementArray; + } + + public String getCurrentPath() { + if (this.pathElementArray.length == 1 || !this.hasNext()) { + return this.pathElementArray[this.currentIndex]; + } + return getPathAsString(this.currentIndex); + } + + public String getCurrentPathElement() { + return this.pathElementArray[this.currentIndex]; + } + + protected String getPathAsString(int index) { + this.stringBuilder.clear(); + for (int i = index; i < this.pathElementArray.length; i++) { + if (i != index) { + stringBuilder.append(PATH_ELEMENT_SEPARATOR); + } + stringBuilder.append(this.pathElementArray[i]); + } + return stringBuilder.toString(); + } + + @Override + public boolean hasNext() { + return this.currentIndex + 1 < this.pathElementArray.length; + } + + @Override + public String next() { + if (!this.hasNext()) { + throw new NoSuchElementException(); + } + return this.pathElementArray[++this.currentIndex]; + } + + @Override + public void remove() { + throw new UnsupportedOperationException(); + } + + public void restoreState() { + if (this.stack != null && !this.stack.isEmpty()) { + this.currentIndex = this.stack.removeLast(); + } + } + + public void saveState() { + if (this.stack == null) { + this.stack = FastList.newInstance(); + } + this.stack.addLast(this.currentIndex); + } + + @Override + public String toString() { + return getPathAsString(0); + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java Tue Jan 12 23:57:05 2010 @@ -27,6 +27,7 @@ import javolution.util.FastMap; import org.ofbiz.api.authorization.AccessController; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilProperties; import org.ofbiz.entity.util.EntityListIterator; @@ -75,22 +76,7 @@ } public void checkPermission(Permission permission) throws AccessControlException { - if (this.verbose) { - Debug.logInfo("Checking permission: " + ThreadContext.getExecutionPath() + "[" + permission + "]", module); - } - this.permissionsGatherer.gatherPermissions(new ArtifactPath(ThreadContext.getExecutionPathAsArray())); - if (this.verbose) { - Debug.logInfo("Found permission(s): " + ThreadContext.getUserLogin().getString("userLoginId") + - "@" + ThreadContext.getExecutionPath() + "[" + this.permission + "]", module); - } - if (this.disabled) { - return; - } - if (this.permission.implies(permission) && this.hasServicePermission()) { - return; - } - throw new AccessControlException(ThreadContext.getUserLogin().getString("userLoginId") + - "@" + ThreadContext.getExecutionPath() + "[" + permission + "]"); + checkPermission(permission, new ArtifactPath(ThreadContext.getExecutionPathAsArray())); } protected boolean hasServicePermission() { @@ -128,4 +114,24 @@ } return true; } + + @Override + public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException { + if (this.verbose) { + Debug.logInfo("Checking permission: " + artifactPath + "[" + permission + "]", module); + } + this.permissionsGatherer.gatherPermissions(artifactPath); + if (this.verbose) { + Debug.logInfo("Found permission(s): " + ThreadContext.getUserLogin().getString("userLoginId") + + "@" + artifactPath + "[" + this.permission + "]", module); + } + if (this.disabled) { + return; + } + if (this.permission.implies(permission) && this.hasServicePermission()) { + return; + } + throw new AccessControlException(ThreadContext.getUserLogin().getString("userLoginId") + + "@" + artifactPath + "[" + permission + "]"); + } } Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java Tue Jan 12 23:57:05 2010 @@ -26,6 +26,7 @@ import javolution.util.FastList; import org.ofbiz.api.authorization.AccessController; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.api.context.ThreadContext; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilProperties; @@ -44,19 +45,27 @@ this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose")); } + @Override public <E> List<E> applyFilters(List<E> list) { return FastList.newInstance(); } + @Override public <E> ListIterator<E> applyFilters(ListIterator<E> list) { return UtilGenerics.cast(FastList.newInstance().listIterator()); } + @Override public void checkPermission(Permission permission) throws AccessControlException { + checkPermission(permission, new ArtifactPath(ThreadContext.getExecutionPathAsArray())); + } + + @Override + public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException { if (this.verbose) { - Debug.logInfo("Checking permission: " + ThreadContext.getExecutionPath() + "[" + permission + "]", module); + Debug.logInfo("Checking permission: " + artifactPath + "[" + permission + "]", module); Debug.logInfo("Found permission(s): " + - "access-denied-controller@" + ThreadContext.getExecutionPath() + "[]", module); + "access-denied-controller@" + artifactPath + "[]", module); } throw new AccessControlException(null, permission); } Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java Tue Jan 12 23:57:05 2010 @@ -24,6 +24,7 @@ import java.util.ListIterator; import org.ofbiz.api.authorization.AccessController; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.api.context.ThreadContext; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilProperties; @@ -41,19 +42,27 @@ this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose")); } + @Override public <E> List<E> applyFilters(List<E> list) { return list; } + @Override public <E> ListIterator<E> applyFilters(ListIterator<E> list) { return list; } + @Override public void checkPermission(Permission permission) throws AccessControlException { + checkPermission(permission, new ArtifactPath(ThreadContext.getExecutionPathAsArray())); + } + + @Override + public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException { if (this.verbose) { - Debug.logInfo("Checking permission: " + ThreadContext.getExecutionPath() + "[" + permission + "]", module); + Debug.logInfo("Checking permission: " + artifactPath + "[" + permission + "]", module); Debug.logInfo("Found permission(s): " + - "access-granted-controller@" + ThreadContext.getExecutionPath() + "[admin=true]", module); + "access-granted-controller@" + artifactPath + "[admin=true]", module); } } } Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java Tue Jan 12 23:57:05 2010 @@ -18,23 +18,20 @@ *******************************************************************************/ package org.ofbiz.context; -import java.security.AccessControlException; import java.security.Permission; -import java.sql.Timestamp; import java.util.List; import org.ofbiz.api.authorization.AccessController; +import org.ofbiz.api.authorization.AuthorizationManager; import org.ofbiz.api.authorization.AuthorizationManagerException; import org.ofbiz.api.authorization.BasicPermissions; -import org.ofbiz.api.authorization.AuthorizationManager; -import org.ofbiz.entity.util.EntityUtil; +import org.ofbiz.api.context.ArtifactPath; +import org.ofbiz.base.util.UtilMisc; +import org.ofbiz.base.util.cache.UtilCache; import org.ofbiz.entity.Delegator; import org.ofbiz.entity.GenericEntityException; import org.ofbiz.entity.GenericValue; import org.ofbiz.entity.condition.EntityCondition; -import org.ofbiz.base.util.Debug; -import org.ofbiz.base.util.UtilMisc; -import org.ofbiz.base.util.cache.UtilCache; import org.ofbiz.security.OFBizSecurity; import org.ofbiz.service.ThreadContext; Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java Tue Jan 12 23:57:05 2010 @@ -20,6 +20,8 @@ import java.util.Map; +import org.ofbiz.api.context.ArtifactPath; + /** A node in a permissions tree. */ public abstract class PathNode { Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java Tue Jan 12 23:57:05 2010 @@ -18,6 +18,7 @@ *******************************************************************************/ package org.ofbiz.context; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.context.PathNode.BranchNode; public class PermissionTreeBuilder extends TreeBuilder { Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java Tue Jan 12 23:57:05 2010 @@ -18,6 +18,7 @@ *******************************************************************************/ package org.ofbiz.context; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.context.PathNode.BranchNode; public class PermissionsGatherer extends TreeWalker { Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java Tue Jan 12 23:57:05 2010 @@ -20,6 +20,7 @@ import javolution.util.FastMap; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.context.PathNode.BranchNode; import org.ofbiz.context.PathNode.SubstitutionNode; import org.ofbiz.context.PathNode.WildCardNode; Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java?rev=898579&r1=898578&r2=898579&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java Tue Jan 12 23:57:05 2010 @@ -18,6 +18,7 @@ *******************************************************************************/ package org.ofbiz.context; +import org.ofbiz.api.context.ArtifactPath; import org.ofbiz.context.PathNode.BranchNode; import org.ofbiz.context.PathNode.SubstitutionNode; import org.ofbiz.context.PathNode.WildCardNode; |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |