On Mon, Nov 22, 2010 at 6:52 PM, Amila Suriarachchi <[email protected]> wrote:
> > > On Mon, Nov 22, 2010 at 5:31 PM, Manjula Rathnayake <[email protected]>wrote: > >> Hi Amila, >> >> I have corrected the code by using composite message box name for storing >> message boxes. >> And the patch is attached with jira CARBON-8070 [1]. >> [1]. https://wso2.org/jira/browse/CARBON-8070 >> > > I can not apply this patch. Please create a new one. > New patch was added at same location. > > And also add more comments on what you did to jira. > sure, I will add a full description regarding the fixed issue there. > > thanks, > Amila. > >> >> thanks >> >> >> On Mon, Nov 22, 2010 at 9:37 AM, Manjula Rathnayake <[email protected]>wrote: >> >>> Hi Amila, >>> >>> Thank you for going through the code and pointing out things so that I >>> can improve myself. >>> I re-factored the code and still few more things to do. I will attach a >>> patch soon. >>> >>> On Sun, Nov 21, 2010 at 11:07 AM, Amila Suriarachchi <[email protected]>wrote: >>> >>>> hi Manjula, >>>> >>>> I went through your code. You have done the overall design correctly but >>>> there are some problem with the logic. >>>> >>>> if you go through the amazon message queue document you see that the >>>> return url for the >>>> created queue looks like this, >>>> >>>> http://sqs.us-east-1.amazonaws.com/123456789012/queue2 >>>> >>>> this numeric number represents the AWS number and hence user name. >>>> therefore two users can have the same queue name. >>>> >>>> so we need to add the username part to message queue as well. >>>> >>>> In order to do that we need to pass the composite message box name to >>>> the osgi service. >>>> eg. user1/queu1. >>>> >>>> at the user store we can use this to keep the messages boxes since now >>>> message box name is unique. >>>> >>>> the return address of the queue should always be to MessageQueue since >>>> users send to this address in order to >>>> do the operations. >>>> >>>> I saw some private variables like (userid, messageBoxOwner) >>>> kept in InMemoryMessageBoxService. Please remove them. You can keep >>>> private variables only if they are part of the object attribute. >>>> >>> yes, I kept those private variables to keep logged in user and messagebox >>> owner, now they have been changed. >>> >>>> >>>> public boolean isAccessible(String messageBoxName, String operation) { >>>> String loggedInUser = getLoggedInUser(); >>>> Map<String, MessageBox> messageBoxMap = >>>> messageBoxMapStore.get(loggedInUser); >>>> if (isAdminLoggedIn()) { >>>> return true; >>>> } >>>> // if user owns messageBoxName, enable direct access to it. >>>> if (messageBoxMap != null && messageBoxMap.get(messageBoxName) >>>> != null) { >>>> messageBoxOwner = loggedInUser; >>>> return true; >>>> } else { >>>> if (accessControllerMapStore.get(messageBoxName) == null) { >>>> return false; >>>> } else { >>>> Set<String> permissionLabels = >>>> accessControllerMapStore.get(messageBoxName).keySet(); >>>> for (String permissionLabel : permissionLabels) { >>>> AccessController accessController = >>>> accessControllerMapStore.get(messageBoxName).get(permissionLabel); >>>> if (accessController.isAccessible(loggedInUser, >>>> operation)) { >>>> messageBoxOwner = >>>> accessController.getMessageBoxOwner(); >>>> return true; >>>> } >>>> } >>>> return false; >>>> } >>>> } >>>> } >>>> >>>> this logic is wrong with the current implementation. Actually this is >>>> why you need to have user name in the message box name. >>>> >>>> lets take the senario where a uesr2 wants to send a message to queue >>>> queue1 created by user2. And user2 also have a queue called >>>> queue1. >>>> >>> yes, this logic fails here with above scenario :( I understand that >>> composite message box name needed here. I have taken the composite message >>> box name and changed the code. >>> >>>> >>>> it authorize user just checking the availability of his queue and >>>> finally receive the message from that as well. >>>> >>>> Keep all the access control details in the Message Box as well. >>>> >>> I changed this as well. >>> >>>> >>>> And also put more comments as well. >>>> >>> I will put more comments properly. >>> >>>> >>>> >>>> thanks, >>>> Amila. >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> thanks >>> -- >>> Manjula Rathnayaka >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 77 743 1987 >>> >> >> >> >> -- >> Manjula Rathnayaka >> Software Engineer >> WSO2, Inc. >> Mobile:+94 77 743 1987 >> > > thanks -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
