That needs to be done IMMEDIATELY. We had to go through a lot of trouble cleaning up the Regisytr & UM APIs, now we cannot be shabby when we make changes. These are very critical modules, so if you are making any changes, you need to be extremely careful and consult others.
On Sat, Feb 12, 2011 at 10:19 AM, Senaka Fernando <[email protected]> wrote: > > > On Sat, Feb 12, 2011 at 10:02 AM, Afkham Azeez <[email protected]> wrote: > >> You have to keep in mind that we have an API, and several classes & >> interfaces in user core will removed in the future. > > > Yes, :-). Actually, the same was brought up during code reviews on UM > kernel done by Asela (IIRC). Most (or all - not 100% sure, Asela?) of the > constants seen here, are out-dated and were discussed to be removed. > > Thanks, > Senaka. > >> >> >> On Fri, Feb 11, 2011 at 1:32 PM, Manjula Rathnayake <[email protected]>wrote: >> >>> Hi, >>> >>> I have to add some operations in authorization TreeNode.java class to set >>> SQS permissions. >>> >>> Following is the svn diff. >>> >>> Index: >>> src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >>> =================================================================== >>> --- >>> src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >>> (revision 87092) >>> +++ >>> src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java >>> (working copy) >>> @@ -28,28 +28,43 @@ >>> * A node in the Tree structure used to maintain hierarchical security >>> permissions. The growth >>> * of the tree is on the order of explicit permission statements, and >>> not on the number of >>> * resources whose permissions are maintained. >>> - * >>> */ >>> public class TreeNode { >>> >>> - public static enum Permission { GET, ADD, DELETE, EDIT, LOGIN, >>> MAN_CONFIG, MAN_LC_CONFIG, MAN_SEC, UP_SERV, >>> - MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER, >>> UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE} >>> + public static enum Permission { >>> + GET, ADD, DELETE, EDIT, LOGIN, MAN_CONFIG, MAN_LC_CONFIG, >>> MAN_SEC, UP_SERV, >>> + MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER, >>> UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE, >>> + SQS_SEND_MESSAGE, SQS_RECEIVE_MESSAGE, SQS_DELETE_MESSAGE, >>> SQS_CHANGE_MESSAGE_VISIBILITY, SQS_GET_QUEUE_ATTRIBUTES >>> + } >>> >>> - /** The name of the node - For the Registry, this would be the name >>> of a Collection/Rsource */ >>> + /** >>> + * The name of the node - For the Registry, this would be the name >>> of a Collection/Rsource >>> + */ >>> private String name; >>> - /** The children of this node - maintained on a Map by the names */ >>> + /** >>> + * The children of this node - maintained on a Map by the names >>> + */ >>> private Map<String, TreeNode> children = new HashMap<String, >>> TreeNode>(); >>> - /** Explicit allow permission for specific users */ >>> + /** >>> + * Explicit allow permission for specific users >>> + */ >>> private Map<String, BitSet> userAllowPermissions = new >>> HashMap<String, BitSet>(); >>> - /** Explicit deny permission for specific users */ >>> - private Map<String, BitSet> userDenyPermissions = new >>> HashMap<String, BitSet>(); >>> - /** Explicit allow permission for specific roles */ >>> + /** >>> + * Explicit deny permission for specific users >>> + */ >>> + private Map<String, BitSet> userDenyPermissions = new >>> HashMap<String, BitSet>(); >>> + /** >>> + * Explicit allow permission for specific roles >>> + */ >>> private Map<String, BitSet> roleAllowPermissions = new >>> HashMap<String, BitSet>(); >>> - /** Explicit deny permission for specific roles */ >>> - private Map<String, BitSet> roleDenyPermissions = new >>> HashMap<String, BitSet>(); >>> + /** >>> + * Explicit deny permission for specific roles >>> + */ >>> + private Map<String, BitSet> roleDenyPermissions = new >>> HashMap<String, BitSet>(); >>> >>> /** >>> * Constructor >>> + * >>> * @param name the name of the TreeNode >>> */ >>> TreeNode(String name) { >>> @@ -58,6 +73,7 @@ >>> >>> /** >>> * Get the child by the given name >>> + * >>> * @param name name of the child node >>> * @return the child with the given name, or null >>> */ >>> @@ -67,8 +83,9 @@ >>> >>> /** >>> * Is the 'user' authorized for the given permission p on this node? >>> + * >>> * @param user the name of the user >>> - * @param p the permission >>> + * @param p the permission >>> * @return Boolean.TRUE if authorized, Boolean.FALSE if not >>> */ >>> public Boolean isUserAuthorized(String user, Permission p) { >>> @@ -81,14 +98,15 @@ >>> } else if (bsAlow != null && bsAlow.get(p.ordinal())) { >>> return Boolean.TRUE; >>> } >>> - >>> + >>> return null; >>> } >>> >>> /** >>> * Is the 'role' authorized for the given permission p on this node? >>> + * >>> * @param role the name of the role >>> - * @param p the permission >>> + * @param p the permission >>> * @return Boolean.TRUE if authorized, Boolean.FALSE if not >>> */ >>> public Boolean isRoleAuthorized(String role, Permission p) { >>> @@ -107,8 +125,9 @@ >>> >>> /** >>> * Grant explicit authorization to the 'user' on this node for >>> permission p >>> + * >>> * @param user the user who is granted authorization >>> - * @param p the permission granted >>> + * @param p the permission granted >>> */ >>> public void authorizeUser(String user, Permission p) { >>> BitSet bsAllow = userAllowPermissions.get(user); >>> @@ -128,8 +147,9 @@ >>> >>> /** >>> * Grant explicit authorization to the 'role' on this node for >>> permission p >>> + * >>> * @param role the role that is granted authorization >>> - * @param p the permission granted >>> + * @param p the permission granted >>> */ >>> public void authorizeRole(String role, Permission p) { >>> BitSet bsAllow = roleAllowPermissions.get(role); >>> @@ -149,8 +169,9 @@ >>> >>> /** >>> * Deny explicit authorization to the 'user' on this node for >>> permission p >>> + * >>> * @param user the user that is denied authorization >>> - * @param p the permission denied >>> + * @param p the permission denied >>> */ >>> public void denyUser(String user, Permission p) { >>> BitSet bsDeny = userDenyPermissions.get(user); >>> @@ -170,8 +191,9 @@ >>> >>> /** >>> * Deny explicit authorization to the 'role' on this node for >>> permission p >>> + * >>> * @param role the role that is denied authorization >>> - * @param p the permission denied >>> + * @param p the permission denied >>> */ >>> public void denyRole(String role, Permission p) { >>> BitSet bsDeny = roleDenyPermissions.get(role); >>> @@ -191,6 +213,7 @@ >>> >>> /** >>> * Create the tree structure for the given paths array of nodes >>> + * >>> * @param paths an array of hierarchical nodes to be created, >>> in-order >>> * @return the reference to the lowest decendent created >>> */ >>> @@ -212,6 +235,7 @@ >>> >>> /** >>> * The name of the node >>> + * >>> * @return node name >>> */ >>> public String getName() { >>> @@ -220,6 +244,7 @@ >>> >>> /** >>> * The children of the node as a Map keyed by the name >>> + * >>> * @return the children as a Map >>> */ >>> public Map<String, TreeNode> getChildren() { >>> @@ -227,6 +252,7 @@ >>> } >>> >>> //-------- getters -------- >>> + >>> public Map<String, BitSet> getUserAllowPermissions() { >>> return userAllowPermissions; >>> } >>> @@ -255,7 +281,7 @@ >>> >>> Map<String, TreeNode> children = this.getChildren(); >>> if (null != children) { >>> - for (Map.Entry<String, TreeNode> entry : >>> children.entrySet()){ >>> + for (Map.Entry<String, TreeNode> entry : >>> children.entrySet()) { >>> TreeNode node = entry.getValue(); >>> if (null != node) { >>> node.clearNodes(); >>> @@ -266,7 +292,7 @@ >>> } >>> } >>> >>> - public int hashCode () { >>> + public int hashCode() { >>> int hash = 7; >>> hash = 31 * hash + (null == this.name ? 0 : >>> this.name.hashCode()); >>> hash = 31 * hash + (null == this.children ? 0 : >>> this.children.hashCode()); >>> @@ -276,6 +302,6 @@ >>> hash = 31 * hash + (null == this.roleDenyPermissions ? 0 : >>> this.roleDenyPermissions.hashCode()); >>> hash = 31 * hash + (null == this.roleDenyPermissions ? 0 : >>> this.roleDenyPermissions.hashCode()); >>> return hash; >>> - } >>> + } >>> >>> } >>> Index: >>> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >>> =================================================================== >>> --- >>> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >>> (revision 87092) >>> +++ >>> src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java >>> (working copy) >>> @@ -99,6 +99,16 @@ >>> return TreeNode.Permission.BROWSE; >>> } else if ("consume".equals(action)) { >>> return TreeNode.Permission.CONSUME; >>> + }else if ("SendMessage".equals(action)) { >>> + return TreeNode.Permission.SQS_SEND_MESSAGE; >>> + }else if ("ReceiveMessage".equals(action)) { >>> + return TreeNode.Permission.SQS_RECEIVE_MESSAGE; >>> + }else if ("DeleteMessage".equals(action)) { >>> + return TreeNode.Permission.SQS_DELETE_MESSAGE; >>> + }else if ("ChangeMessageVisibility".equals(action)) { >>> + return TreeNode.Permission.SQS_CHANGE_MESSAGE_VISIBILITY; >>> + }else if ("GetQueueAttributes".equals(action)) { >>> + return TreeNode.Permission.SQS_GET_QUEUE_ATTRIBUTES; >>> } >>> >>> throw new IllegalArgumentException("Invalid action : " + >>> action); >>> >>> May I commit these changes to carbon user core module? >>> >>> >>> Thank you. >>> -- >>> Manjula Rathnayaka >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 77 743 1987 >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> *Afkham Azeez* >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> * >> * >> *Member; Apache Software Foundation; >> **http://www.apache.org/*<http://www.apache.org/> >> * >> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Senaka Fernando* > Product Manager - WSO2 Governance Registry; > Associate Technical Lead; WSO2, Inc.; http://wso2.com* > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://www.linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
