On Sat, Feb 12, 2011 at 8:52 AM, Danushka Menikkumbura <[email protected]>wrote:
> I think its better if we could mange with existing actions and add > something if you really need it. Also try to use generic actions rather than > making them SQS specific as much as possible so that they could be reusable. > +1. Thanks, Senaka. > > Danushka > > On Fri, Feb 11, 2011 at 1:32 PM, Manjula Rathnayake <[email protected]>wrote: > >> Hi, >> >> I have to add some operations in authorization TreeNode.java class to set >> SQS permissions. >> >> Following is the svn diff. >> >> Index: src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >> =================================================================== >> --- src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >> (revision 87092) >> +++ src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >> (working copy) >> @@ -28,28 +28,43 @@ >> * A node in the Tree structure used to maintain hierarchical security >> permissions. The growth >> * of the tree is on the order of explicit permission statements, and not >> on the number of >> * resources whose permissions are maintained. >> - * >> */ >> public class TreeNode { >> >> - public static enum Permission { GET, ADD, DELETE, EDIT, LOGIN, >> MAN_CONFIG, MAN_LC_CONFIG, MAN_SEC, UP_SERV, >> - MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER, >> UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE} >> + public static enum Permission { >> + GET, ADD, DELETE, EDIT, LOGIN, MAN_CONFIG, MAN_LC_CONFIG, >> MAN_SEC, UP_SERV, >> + MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER, >> UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE, >> + SQS_SEND_MESSAGE, SQS_RECEIVE_MESSAGE, SQS_DELETE_MESSAGE, >> SQS_CHANGE_MESSAGE_VISIBILITY, SQS_GET_QUEUE_ATTRIBUTES >> + } >> >> - /** The name of the node - For the Registry, this would be the name >> of a Collection/Rsource */ >> + /** >> + * The name of the node - For the Registry, this would be the name of >> a Collection/Rsource >> + */ >> private String name; >> - /** The children of this node - maintained on a Map by the names */ >> + /** >> + * The children of this node - maintained on a Map by the names >> + */ >> private Map<String, TreeNode> children = new HashMap<String, >> TreeNode>(); >> - /** Explicit allow permission for specific users */ >> + /** >> + * Explicit allow permission for specific users >> + */ >> private Map<String, BitSet> userAllowPermissions = new >> HashMap<String, BitSet>(); >> - /** Explicit deny permission for specific users */ >> - private Map<String, BitSet> userDenyPermissions = new >> HashMap<String, BitSet>(); >> - /** Explicit allow permission for specific roles */ >> + /** >> + * Explicit deny permission for specific users >> + */ >> + private Map<String, BitSet> userDenyPermissions = new HashMap<String, >> BitSet>(); >> + /** >> + * Explicit allow permission for specific roles >> + */ >> private Map<String, BitSet> roleAllowPermissions = new >> HashMap<String, BitSet>(); >> - /** Explicit deny permission for specific roles */ >> - private Map<String, BitSet> roleDenyPermissions = new >> HashMap<String, BitSet>(); >> + /** >> + * Explicit deny permission for specific roles >> + */ >> + private Map<String, BitSet> roleDenyPermissions = new HashMap<String, >> BitSet>(); >> >> /** >> * Constructor >> + * >> * @param name the name of the TreeNode >> */ >> TreeNode(String name) { >> @@ -58,6 +73,7 @@ >> >> /** >> * Get the child by the given name >> + * >> * @param name name of the child node >> * @return the child with the given name, or null >> */ >> @@ -67,8 +83,9 @@ >> >> /** >> * Is the 'user' authorized for the given permission p on this node? >> + * >> * @param user the name of the user >> - * @param p the permission >> + * @param p the permission >> * @return Boolean.TRUE if authorized, Boolean.FALSE if not >> */ >> public Boolean isUserAuthorized(String user, Permission p) { >> @@ -81,14 +98,15 @@ >> } else if (bsAlow != null && bsAlow.get(p.ordinal())) { >> return Boolean.TRUE; >> } >> - >> + >> return null; >> } >> >> /** >> * Is the 'role' authorized for the given permission p on this node? >> + * >> * @param role the name of the role >> - * @param p the permission >> + * @param p the permission >> * @return Boolean.TRUE if authorized, Boolean.FALSE if not >> */ >> public Boolean isRoleAuthorized(String role, Permission p) { >> @@ -107,8 +125,9 @@ >> >> /** >> * Grant explicit authorization to the 'user' on this node for >> permission p >> + * >> * @param user the user who is granted authorization >> - * @param p the permission granted >> + * @param p the permission granted >> */ >> public void authorizeUser(String user, Permission p) { >> BitSet bsAllow = userAllowPermissions.get(user); >> @@ -128,8 +147,9 @@ >> >> /** >> * Grant explicit authorization to the 'role' on this node for >> permission p >> + * >> * @param role the role that is granted authorization >> - * @param p the permission granted >> + * @param p the permission granted >> */ >> public void authorizeRole(String role, Permission p) { >> BitSet bsAllow = roleAllowPermissions.get(role); >> @@ -149,8 +169,9 @@ >> >> /** >> * Deny explicit authorization to the 'user' on this node for >> permission p >> + * >> * @param user the user that is denied authorization >> - * @param p the permission denied >> + * @param p the permission denied >> */ >> public void denyUser(String user, Permission p) { >> BitSet bsDeny = userDenyPermissions.get(user); >> @@ -170,8 +191,9 @@ >> >> /** >> * Deny explicit authorization to the 'role' on this node for >> permission p >> + * >> * @param role the role that is denied authorization >> - * @param p the permission denied >> + * @param p the permission denied >> */ >> public void denyRole(String role, Permission p) { >> BitSet bsDeny = roleDenyPermissions.get(role); >> @@ -191,6 +213,7 @@ >> >> /** >> * Create the tree structure for the given paths array of nodes >> + * >> * @param paths an array of hierarchical nodes to be created, >> in-order >> * @return the reference to the lowest decendent created >> */ >> @@ -212,6 +235,7 @@ >> >> /** >> * The name of the node >> + * >> * @return node name >> */ >> public String getName() { >> @@ -220,6 +244,7 @@ >> >> /** >> * The children of the node as a Map keyed by the name >> + * >> * @return the children as a Map >> */ >> public Map<String, TreeNode> getChildren() { >> @@ -227,6 +252,7 @@ >> } >> >> //-------- getters -------- >> + >> public Map<String, BitSet> getUserAllowPermissions() { >> return userAllowPermissions; >> } >> @@ -255,7 +281,7 @@ >> >> Map<String, TreeNode> children = this.getChildren(); >> if (null != children) { >> - for (Map.Entry<String, TreeNode> entry : >> children.entrySet()){ >> + for (Map.Entry<String, TreeNode> entry : children.entrySet()) >> { >> TreeNode node = entry.getValue(); >> if (null != node) { >> node.clearNodes(); >> @@ -266,7 +292,7 @@ >> } >> } >> >> - public int hashCode () { >> + public int hashCode() { >> int hash = 7; >> hash = 31 * hash + (null == this.name ? 0 : >> this.name.hashCode()); >> hash = 31 * hash + (null == this.children ? 0 : >> this.children.hashCode()); >> @@ -276,6 +302,6 @@ >> hash = 31 * hash + (null == this.roleDenyPermissions ? 0 : >> this.roleDenyPermissions.hashCode()); >> hash = 31 * hash + (null == this.roleDenyPermissions ? 0 : >> this.roleDenyPermissions.hashCode()); >> return hash; >> - } >> + } >> >> } >> Index: >> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >> =================================================================== >> --- >> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >> (revision 87092) >> +++ >> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >> (working copy) >> @@ -99,6 +99,16 @@ >> return TreeNode.Permission.BROWSE; >> } else if ("consume".equals(action)) { >> return TreeNode.Permission.CONSUME; >> + }else if ("SendMessage".equals(action)) { >> + return TreeNode.Permission.SQS_SEND_MESSAGE; >> + }else if ("ReceiveMessage".equals(action)) { >> + return TreeNode.Permission.SQS_RECEIVE_MESSAGE; >> + }else if ("DeleteMessage".equals(action)) { >> + return TreeNode.Permission.SQS_DELETE_MESSAGE; >> + }else if ("ChangeMessageVisibility".equals(action)) { >> + return TreeNode.Permission.SQS_CHANGE_MESSAGE_VISIBILITY; >> + }else if ("GetQueueAttributes".equals(action)) { >> + return TreeNode.Permission.SQS_GET_QUEUE_ATTRIBUTES; >> } >> >> throw new IllegalArgumentException("Invalid action : " + action); >> >> May I commit these changes to carbon user core module? >> >> >> Thank you. >> -- >> Manjula Rathnayaka >> Software Engineer >> WSO2, Inc. >> Mobile:+94 77 743 1987 >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2, Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://www.linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
