add catalog entitlements and refactor entitlement enum dispatching now adds an interface to highlight when new methods have been added
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/f782060e Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/f782060e Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/f782060e Branch: refs/heads/master Commit: f782060edb28d27e0e77f11475c0a5b45c798979 Parents: 3ff0e79 Author: Alex Heneveld <[email protected]> Authored: Mon Dec 22 18:03:20 2014 +0000 Committer: Alex Heneveld <[email protected]> Committed: Thu Feb 5 12:02:53 2015 +0000 ---------------------------------------------------------------------- .../entitlement/EntitlementManagerAdapter.java | 96 +++++++++++++++----- .../management/entitlement/Entitlements.java | 55 ++++++++--- 2 files changed, 113 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f782060e/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java b/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java index e1c6be8..7044be8 100644 --- a/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java +++ b/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java @@ -24,6 +24,7 @@ import org.slf4j.LoggerFactory; import com.google.common.annotations.Beta; import brooklyn.entity.Entity; +import brooklyn.management.entitlement.Entitlements.EntitlementClassesHandler; import brooklyn.management.entitlement.Entitlements.EntityAndItem; import brooklyn.management.entitlement.Entitlements.StringAndArgument; @@ -40,7 +41,65 @@ public abstract class EntitlementManagerAdapter implements EntitlementManager { private static final Logger log = LoggerFactory.getLogger(EntitlementManagerAdapter.class); - @SuppressWarnings("unchecked") + protected class Handler implements EntitlementClassesHandler<Boolean> { + final EntitlementContext context; + protected Handler(EntitlementContext context) { + this.context = context; + } + + @Override + public Boolean handleSeeCatalogItem(String catalogItemId) { + return isEntitledToSeeCatalogItem(context, catalogItemId); + } + @Override + public Boolean handleAddCatalogItem(Object catalogItemBeingAdded) { + return isEntitledToAddCatalogItem(context, catalogItemBeingAdded); + } + @Override + public Boolean handleModifyCatalogItem(StringAndArgument catalogItemIdAndModification) { + return isEntitledToModifyCatalogItem(context, catalogItemIdAndModification==null ? null : catalogItemIdAndModification.getString(), + catalogItemIdAndModification==null ? null : catalogItemIdAndModification.getArgument()); + } + + @Override + public Boolean handleSeeEntity(Entity entity) { + return isEntitledToSeeEntity(context, entity); + } + @Override + public Boolean handleSeeSensor(EntityAndItem<String> sensorInfo) { + return isEntitledToSeeSensor(context, sensorInfo.getEntity(), sensorInfo.getItem()); + } + @Override + public Boolean handleInvokeEffector(EntityAndItem<StringAndArgument> effectorInfo) { + StringAndArgument item = effectorInfo.getItem(); + return isEntitledToInvokeEffector(context, effectorInfo.getEntity(), item==null ? null : item.getString(), item==null ? null : item.getArgument()); + } + @Override + public Boolean handleModifyEntity(Entity entity) { + return isEntitledToModifyEntity(context, entity); + } + + @Override + public Boolean handleDeployApplication(Object app) { + return isEntitledToDeployApplication(context, app); + } + + @Override + public Boolean handleSeeAllServerInfo() { + return isEntitledToSeeAllServerInfo(context); + } + + @Override + public Boolean handleSeeServerStatus() { + return isEntitledToSeeServerStatus(context); + } + + @Override + public Boolean handleRoot() { + return isEntitledToRoot(context); + } + } + @Override public <T> boolean isEntitled(EntitlementContext context, EntitlementClass<T> entitlementClass, T entitlementClassArgument) { if (log.isTraceEnabled()) { @@ -49,33 +108,22 @@ public abstract class EntitlementManagerAdapter implements EntitlementManager { if (isEntitledToRoot( context )) return true; - switch (Entitlements.EntitlementClassesEnum.of(entitlementClass)) { - case ENTITLEMENT_SEE_ENTITY: - return isEntitledToSeeEntity( context, (Entity)entitlementClassArgument ); - - case ENTITLEMENT_SEE_SENSOR: - return isEntitledToSeeSensor( context, (EntityAndItem<String>)entitlementClassArgument ); - - case ENTITLEMENT_INVOKE_EFFECTOR: - return isEntitledToInvokeEffector( context, (EntityAndItem<StringAndArgument>)entitlementClassArgument ); - - case ENTITLEMENT_DEPLOY_APPLICATION: - return isEntitledToDeploy( context, entitlementClassArgument ); - - case ENTITLEMENT_SEE_ALL_SERVER_INFO: - return isEntitledToSeeAllServerInfo( context ); - - default: - log.warn("Unsupported permission type: "+entitlementClass+" / "+entitlementClassArgument); - return false; - } + Handler handler = new Handler(context); + return Entitlements.EntitlementClassesEnum.of(entitlementClass).handle( + handler, entitlementClassArgument); } - protected abstract boolean isEntitledToSeeSensor(EntitlementContext context, EntityAndItem<String> sensorInfo); + protected abstract boolean isEntitledToSeeCatalogItem(EntitlementContext context, String catalogItemId); + protected abstract boolean isEntitledToAddCatalogItem(EntitlementContext context, Object catalogItemBeingAdded); + protected abstract boolean isEntitledToModifyCatalogItem(EntitlementContext context, String catalogItemId, Object catalogItemModification); + protected abstract boolean isEntitledToSeeSensor(EntitlementContext context, Entity entity, String sensorName); protected abstract boolean isEntitledToSeeEntity(EntitlementContext context, Entity entity); - protected abstract boolean isEntitledToInvokeEffector(EntitlementContext context, EntityAndItem<StringAndArgument> effectorInfo); - protected abstract boolean isEntitledToDeploy(EntitlementContext context, Object app); + /** arguments might be null, a map, or a list, depending how/where invoked */ + protected abstract boolean isEntitledToInvokeEffector(EntitlementContext context, Entity entity, String effectorName, Object arguments); + protected abstract boolean isEntitledToModifyEntity(EntitlementContext context, Entity entity); + protected abstract boolean isEntitledToDeployApplication(EntitlementContext context, Object app); protected abstract boolean isEntitledToSeeAllServerInfo(EntitlementContext context); + protected abstract boolean isEntitledToSeeServerStatus(EntitlementContext context); protected abstract boolean isEntitledToRoot(EntitlementContext context); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f782060e/core/src/main/java/brooklyn/management/entitlement/Entitlements.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/entitlement/Entitlements.java b/core/src/main/java/brooklyn/management/entitlement/Entitlements.java index 67fb3c7..76cf060 100644 --- a/core/src/main/java/brooklyn/management/entitlement/Entitlements.java +++ b/core/src/main/java/brooklyn/management/entitlement/Entitlements.java @@ -52,6 +52,10 @@ public class Entitlements { // ------------------- individual permissions + public static EntitlementClass<String> SEE_CATALOG_ITEM = new BasicEntitlementClassDefinition<String>("catalog.see", String.class); + public static EntitlementClass<Object> ADD_CATALOG_ITEM = new BasicEntitlementClassDefinition<Object>("catalog.add", Object.class); + public static EntitlementClass<StringAndArgument> MODIFY_CATALOG_ITEM = new BasicEntitlementClassDefinition<StringAndArgument>("catalog.modify", StringAndArgument.class); + public static EntitlementClass<Entity> SEE_ENTITY = new BasicEntitlementClassDefinition<Entity>("entity.see", Entity.class); public static EntitlementClass<EntityAndItem<String>> SEE_SENSOR = new BasicEntitlementClassDefinition<EntityAndItem<String>>("sensor.see", EntityAndItem. typeToken(String.class)); // string is effector name; argument may be a map or a list, depending how the args were supplied @@ -61,27 +65,34 @@ public class Entitlements { /** the permission to deploy an application, where parameter is some representation of the app to be deployed (spec instance or yaml plan) */ public static EntitlementClass<Object> DEPLOY_APPLICATION = new BasicEntitlementClassDefinition<Object>("app.deploy", Object.class); - /** catch-all for catalog, locations, scripting, usage, etc; - * NB1: all users can see HA status; - * NB2: this may be refactored and deprecated in future */ + /** catch-all for catalog, locations, scripting, usage, etc - exporting persistence, shutting down, etc; + * this is significantly more powerful than {@link #SERVER_STATUS}. + * NB: this may be refactored and deprecated in future */ public static EntitlementClass<Void> SEE_ALL_SERVER_INFO = new BasicEntitlementClassDefinition<Void>("server.info.all.see", Void.class); + + /** permission to see general server status info: basically HA status; not nearly as much as {@link #SEE_ALL_SERVER_INFO} */ + public static EntitlementClass<Void> SERVER_STATUS = new BasicEntitlementClassDefinition<Void>("server.status", Void.class); /** permission to run untrusted code or embedded scripts at the server; * secondary check required for any operation which could potentially grant root-level access */ public static EntitlementClass<Void> ROOT = new BasicEntitlementClassDefinition<Void>("root", Void.class); - /** permission to see the server status API */ - public static EntitlementClass<Void> SERVER_STATUS = new BasicEntitlementClassDefinition<Void>("server.status", Void.class); - + @SuppressWarnings("unchecked") public static enum EntitlementClassesEnum { - ENTITLEMENT_SEE_ENTITY(SEE_ENTITY), - ENTITLEMENT_SEE_SENSOR(SEE_SENSOR), - ENTITLEMENT_INVOKE_EFFECTOR(INVOKE_EFFECTOR), - ENTITLEMENT_MODIFY_ENTITY(MODIFY_ENTITY), - ENTITLEMENT_DEPLOY_APPLICATION(DEPLOY_APPLICATION), - ENTITLEMENT_SEE_ALL_SERVER_INFO(SEE_ALL_SERVER_INFO), - ENTITLEMENT_ROOT(ROOT), - ENTITLEMENT_SERVER_STATUS(SERVER_STATUS), + ENTITLEMENT_SEE_CATALOG_ITEM(SEE_CATALOG_ITEM) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleSeeCatalogItem((String)argument); } }, + ENTITLEMENT_ADD_CATALOG_ITEM(ADD_CATALOG_ITEM) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleAddCatalogItem(argument); } }, + ENTITLEMENT_MODIFY_CATALOG_ITEM(MODIFY_CATALOG_ITEM) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleModifyCatalogItem((StringAndArgument)argument); } }, + + ENTITLEMENT_SEE_ENTITY(SEE_ENTITY) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleSeeEntity((Entity)argument); } }, + ENTITLEMENT_SEE_SENSOR(SEE_SENSOR) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleSeeSensor((EntityAndItem<String>)argument); } }, + ENTITLEMENT_INVOKE_EFFECTOR(INVOKE_EFFECTOR) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleInvokeEffector((EntityAndItem<StringAndArgument>)argument); } }, + ENTITLEMENT_MODIFY_ENTITY(MODIFY_ENTITY) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleModifyEntity((Entity)argument); } }, + + ENTITLEMENT_DEPLOY_APPLICATION(DEPLOY_APPLICATION) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleDeployApplication(argument); } }, + + ENTITLEMENT_SEE_ALL_SERVER_INFO(SEE_ALL_SERVER_INFO) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleSeeAllServerInfo(); } }, + ENTITLEMENT_SERVER_STATUS(SERVER_STATUS) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleSeeServerStatus(); } }, + ENTITLEMENT_ROOT(ROOT) { public <T> T handle(EntitlementClassesHandler<T> handler, Object argument) { return handler.handleRoot(); } }, ; private EntitlementClass<?> entitlementClass; @@ -92,6 +103,8 @@ public class Entitlements { public EntitlementClass<?> getEntitlementClass() { return entitlementClass; } + + public abstract <T> T handle(EntitlementClassesHandler<T> handler, Object argument); public static EntitlementClassesEnum of(EntitlementClass<?> entitlementClass) { for (EntitlementClassesEnum x: values()) { @@ -101,6 +114,20 @@ public class Entitlements { } } + public interface EntitlementClassesHandler<T> { + public T handleSeeCatalogItem(String catalogItemId); + public T handleSeeServerStatus(); + public T handleAddCatalogItem(Object catalogItemBeingAdded); + public T handleModifyCatalogItem(StringAndArgument catalogItemIdAndModification); + public T handleSeeEntity(Entity entity); + public T handleSeeSensor(EntityAndItem<String> sensorInfo); + public T handleInvokeEffector(EntityAndItem<StringAndArgument> effectorInfo); + public T handleModifyEntity(Entity entity); + public T handleDeployApplication(Object app); + public T handleSeeAllServerInfo(); + public T handleRoot(); + } + protected static class Pair<T1,T2> { protected final T1 p1; protected final T2 p2;
