Author: snoopdave Date: Thu Aug 30 06:45:46 2007 New Revision: 571171 URL: http://svn.apache.org/viewvc?rev=571171&view=rev Log: More progress on permssions. Adding impl and a test for checkPermission()
http://opensource.atlassian.com/projects/roller/browse/ROL-1534 Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/config/roller.properties roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/GlobalPermission.java roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/ObjectPermission.java roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/RollerPermission.java roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/WeblogPermission.java roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/util/Utilities.java roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/TestUtils.java roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/business/PermissionTest.java Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java Thu Aug 30 06:45:46 2007 @@ -448,7 +448,26 @@ //-------------------------------------------------------- permissions CRUD public boolean checkPermission(RollerPermission perm, User user) throws WebloggerException { - throw new UnsupportedOperationException("Not supported yet."); + + // if permission a weblog permission + if (perm instanceof WeblogPermission) { + // if user has specified permission in weblog return true + WeblogPermission permToCheck = (WeblogPermission)perm; + RollerPermission existingPerm = null; + try { + existingPerm = getWeblogPermission(permToCheck.getWeblog(), user); + if (existingPerm.hasActions(permToCheck.getActionsAsList())) return true; + } catch (WebloggerException ignored) {} + } + + if (perm instanceof GlobalPermission) { + // if user has specified global permission return true + GlobalPermission permToCheck = (GlobalPermission)perm; + GlobalPermission existingPerm = new GlobalPermission(user); + if (existingPerm.hasActions(permToCheck.getActionsAsList())) return true; + } + + return false; } Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/config/roller.properties URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/config/roller.properties?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/config/roller.properties (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/config/roller.properties Thu Aug 30 06:45:46 2007 @@ -358,11 +358,11 @@ passwds.encryption.enabled=true passwds.encryption.algorithm=SHA -# Role to permissions mappings +# Role to globbal permissions mappings role.names=anonymous,editor,admin -role.actions.anonymous=comment -role.actions.editor=login,comment,createWeblog -role.actions.admin=login,comment,createWeblog,admin +role.action.anonymous=comment +role.action.editor=login,comment,createWeblog +role.action.admin=login,comment,createWeblog,admin #---------------------------------- # Single-Sign-On Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/GlobalPermission.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/GlobalPermission.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/GlobalPermission.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/GlobalPermission.java Thu Aug 30 06:45:46 2007 @@ -18,13 +18,44 @@ package org.apache.roller.weblogger.pojos; +import java.util.ArrayList; +import java.util.List; +import org.apache.roller.weblogger.WebloggerException; +import org.apache.roller.weblogger.business.WebloggerFactory; +import org.apache.roller.weblogger.config.WebloggerRuntimeConfig; +import org.apache.roller.weblogger.util.Utilities; + + /** * */ public class GlobalPermission extends RollerPermission { - - public GlobalPermission(String action) { - super(action); + + public GlobalPermission(User user) throws WebloggerException { + super("GlobalPermission user: " + user.getUserName()); + List<String> roles = WebloggerFactory.getWeblogger().getUserManager().getRoles(user); + List<String> actionsList = new ArrayList<String>(); + + // loop through user's roles, adding actions implied by each + for (String role : roles) { + String impliedActions = WebloggerRuntimeConfig.getProperty("role.action." + role); + if (impliedActions != null) { + List<String> toAdds = Utilities.stringToStringList(impliedActions, ","); + for (String toAdd : toAdds) { + if (!actionsList.contains(toAdd)) { + actionsList.add(toAdd); + } + } + } + } + setActionsAsList(actionsList); } + public boolean equals(Object arg0) { + throw new UnsupportedOperationException("Not supported yet."); + } + + public int hashCode() { + throw new UnsupportedOperationException("Not supported yet."); + } } Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/ObjectPermission.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/ObjectPermission.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/ObjectPermission.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/ObjectPermission.java Thu Aug 30 06:45:46 2007 @@ -18,15 +18,10 @@ package org.apache.roller.weblogger.pojos; -import java.security.Permission; -import java.util.ArrayList; -import java.util.Arrays; import java.util.Date; -import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.roller.util.UUIDGenerator; -import org.apache.roller.weblogger.util.Utilities; /** @@ -37,7 +32,6 @@ protected String id = UUIDGenerator.generateUUID();; protected String userName; - protected String actions; protected String objectType; protected String objectId; protected boolean pending = false; @@ -48,75 +42,9 @@ super(""); } - public ObjectPermission(String actions) { - super(actions); - this.actions = actions; - } - - public boolean hasAction(String action) { - List<String> actionList = getActionsAsList(); - return actionList.contains(action); - } - - /** - * Merge actions into this permission. - */ - public void addActions(ObjectPermission perm) { - List<String> newActions = perm.getActionsAsList(); - List<String> updatedActions = getActionsAsList(); - for (String newAction : newActions) { - if (!updatedActions.contains(newAction)) { - updatedActions.add(newAction); - } - } - setActionsAsList(updatedActions); - } - - /** - * Merge actions into this permission. - */ - public void removeActions(ObjectPermission perm) { - List<String> actionsToRemove = perm.getActionsAsList(); - List<String> updatedActions = getActionsAsList(); - for (String actionToRemove : actionsToRemove) { - updatedActions.remove(actionToRemove); - } - log.debug("updatedActions2: " + updatedActions); - setActionsAsList(updatedActions); - } - - /** - * True if permission specifies no actions - */ - public boolean isEmpty() { - if (actions == null || actions.trim().length() == 0) { - return true; - } - return false; - } - - public boolean implies(Permission perm) { - return false; - } - - public String getActions() { - return actions; - } - - public List<String> getActionsAsList() { - List<String> list = new ArrayList<String>(); - List<String> rolist = Arrays.asList(Utilities.stringToStringArray(getActions(), ",")); - list.addAll(rolist); - return list; - } - - public void setActionsAsList(List<String> actionsList) { - if (actionsList.size() == 0) { - setActions(""); - } - setActions(Utilities.stringArrayToString(actionsList.toArray(new String[0]), ",")); + public ObjectPermission(String name) { + super(name); } - public String getId() { return id; } @@ -125,16 +53,22 @@ this.id = id; } + @Override + public void setActions(String actions) { + this.actions = actions; + } + + @Override + public String getActions() { + return actions; + } + public String getUserName() { return userName; } public void setUserName(String username) { this.userName = username; - } - - public void setActions(String actions) { - this.actions = actions; } public String getObjectType() { Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/RollerPermission.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/RollerPermission.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/RollerPermission.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/RollerPermission.java Thu Aug 30 06:45:46 2007 @@ -19,30 +19,91 @@ package org.apache.roller.weblogger.pojos; import java.security.Permission; +import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.roller.weblogger.util.Utilities; + /** * Base permission class for Roller. */ -public class RollerPermission extends java.security.Permission { +public abstract class RollerPermission extends java.security.Permission { + private static Log log = LogFactory.getLog(RollerPermission.class); + protected String actions; - public RollerPermission(String action) { - super(action); - } - public boolean implies(Permission arg0) { - throw new UnsupportedOperationException("Not supported yet."); + public RollerPermission(String name) { + super(name); } - - public boolean equals(Object arg0) { - throw new UnsupportedOperationException("Not supported yet."); + + public void setActions(String actions) { + this.actions = actions; } - public int hashCode() { - throw new UnsupportedOperationException("Not supported yet."); + public String getActions() { + return actions; } - public String getActions() { - throw new UnsupportedOperationException("Not supported yet."); + public List<String> getActionsAsList() { + return Utilities.stringToStringList(getActions(), ","); + } + + public void setActionsAsList(List<String> actionsList) { + setActions(Utilities.stringListToString(actionsList, ",")); } + public boolean hasAction(String action) { + List<String> actionList = getActionsAsList(); + return actionList.contains(action); + } + + public boolean hasActions(List<String> actionsToCheck) { + List<String> actionList = getActionsAsList(); + for (String actionToCheck : actionsToCheck) { + if (!actionList.contains(actionToCheck)) return false; + } + return true; + } + + /** + * Merge actions into this permission. + */ + public void addActions(ObjectPermission perm) { + List<String> newActions = perm.getActionsAsList(); + List<String> updatedActions = getActionsAsList(); + for (String newAction : newActions) { + if (!updatedActions.contains(newAction)) { + updatedActions.add(newAction); + } + } + setActionsAsList(updatedActions); + } + + /** + * Merge actions into this permission. + */ + public void removeActions(ObjectPermission perm) { + List<String> actionsToRemove = perm.getActionsAsList(); + List<String> updatedActions = getActionsAsList(); + for (String actionToRemove : actionsToRemove) { + updatedActions.remove(actionToRemove); + } + log.debug("updatedActions2: " + updatedActions); + setActionsAsList(updatedActions); + } + + /** + * True if permission specifies no actions + */ + public boolean isEmpty() { + if (actions == null || actions.trim().length() == 0) { + return true; + } + return false; + } + + public boolean implies(Permission perm) { + return false; + } } Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/WeblogPermission.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/WeblogPermission.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/WeblogPermission.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/pojos/WeblogPermission.java Thu Aug 30 06:45:46 2007 @@ -32,7 +32,8 @@ public WeblogPermission(Weblog weblog, User user, String actions) { - super(actions); + super("WeblogPermission user: " + user.getUserName()); + setActions(actions); objectType = "Weblog"; objectId = weblog.getHandle(); userName = user.getUserName(); @@ -44,5 +45,13 @@ public User getUser() throws WebloggerException { return WebloggerFactory.getWeblogger().getUserManager().getUserByUserName(userName); + } + + public boolean equals(Object arg0) { + throw new UnsupportedOperationException("Not supported yet."); + } + + public int hashCode() { + throw new UnsupportedOperationException("Not supported yet."); } } Modified: roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/util/Utilities.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/util/Utilities.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/util/Utilities.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/src/java/org/apache/roller/weblogger/util/Utilities.java Thu Aug 30 06:45:46 2007 @@ -12,6 +12,7 @@ import java.net.URLDecoder; import java.net.URLEncoder; import java.security.MessageDigest; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -277,11 +278,7 @@ } //------------------------------------------------------------------------ - /** - * @param stringArray - * @param delim - * @return - */ + /** Convert string array to string with delimeters. */ public static String stringArrayToString(String[] stringArray, String delim) { String ret = ""; for (int i = 0; i < stringArray.length; i++) { @@ -293,8 +290,21 @@ return ret; } + //------------------------------------------------------------------------ + /** Convert string array to string with delimeters. */ + public static String stringListToString(List<String> stringList, String delim) { + String ret = ""; + for (String s : stringList) { + if (ret.length() > 0) + ret = ret + delim + s; + else + ret = s; + } + return ret; + } + //-------------------------------------------------------------------------- - /** Convert string to string array. */ + /** Convert string with delimeters to string array. */ public static String[] stringToStringArray(String instr, String delim) throws NoSuchElementException, NumberFormatException { StringTokenizer toker = new StringTokenizer(instr, delim); @@ -305,6 +315,18 @@ stringArray[i++] = toker.nextToken(); } return stringArray; + } + + //-------------------------------------------------------------------------- + /** Convert string with delimeters to string list. */ + public static List<String> stringToStringList(String instr, String delim) + throws NoSuchElementException, NumberFormatException { + StringTokenizer toker = new StringTokenizer(instr, delim); + List<String> stringList = new ArrayList<String>(); + while (toker.hasMoreTokens()) { + stringList.add(toker.nextToken()); + } + return stringList; } //-------------------------------------------------------------------------- Modified: roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/TestUtils.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/TestUtils.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/TestUtils.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/TestUtils.java Thu Aug 30 06:45:46 2007 @@ -40,7 +40,6 @@ import org.apache.roller.weblogger.pojos.WeblogEntryComment; import org.apache.roller.weblogger.pojos.WeblogBookmarkFolder; import org.apache.roller.weblogger.pojos.WeblogHitCount; -import org.apache.roller.weblogger.pojos.WeblogUserPermission; import org.apache.roller.weblogger.pojos.PingTarget; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.WeblogCategory; Modified: roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/business/PermissionTest.java URL: http://svn.apache.org/viewvc/roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/business/PermissionTest.java?rev=571171&r1=571170&r2=571171&view=diff ============================================================================== --- roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/business/PermissionTest.java (original) +++ roller/branches/roller_4.1_dev/apps/weblogger/test/java/org/apache/roller/weblogger/business/PermissionTest.java Thu Aug 30 06:45:46 2007 @@ -26,7 +26,6 @@ import org.apache.roller.weblogger.TestUtils; import org.apache.roller.weblogger.business.WebloggerFactory; import org.apache.roller.weblogger.business.UserManager; -import org.apache.roller.weblogger.pojos.WeblogUserPermission; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.Weblog; import org.apache.roller.weblogger.pojos.WeblogPermission; @@ -306,4 +305,29 @@ log.info("END"); } + + /** + * Tests weblog invitation process. + */ + public void testPermissionChecks() throws Exception { + + log.info("BEGIN"); + + WeblogPermission perm = + new WeblogPermission(testWeblog, testUser, WeblogPermission.POST); + UserManager umgr = WebloggerFactory.getWeblogger().getUserManager(); + assertTrue(umgr.checkPermission(perm, testUser)); + + // we need a second user for this test + User adminUser = TestUtils.setupUser("adminUser"); + umgr.grantRole("admin", adminUser); + TestUtils.endSession(true); + + // because adminUser is a global admin, they should have POST perm + WeblogPermission perm2 = + new WeblogPermission(testWeblog, testUser, WeblogPermission.POST); + assertTrue(umgr.checkPermission(perm, testUser)); + + log.info("END"); + } }
