Author: tv
Date: Mon Sep 10 08:55:44 2012
New Revision: 1382699
URL: http://svn.apache.org/viewvc?rev=1382699&view=rev
Log:
Add test for TurbineAccessControlList and make it work
Added:
turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml
(with props)
Modified:
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
Modified:
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java?rev=1382699&r1=1382698&r2=1382699&view=diff
==============================================================================
---
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
(original)
+++
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
Mon Sep 10 08:55:44 2012
@@ -18,18 +18,16 @@ package org.apache.fulcrum.security.mode
* specific language governing permissions and limitations
* under the License.
*/
-import java.util.HashMap;
-import java.util.Map;
+import java.util.Set;
import org.apache.fulcrum.security.GroupManager;
import org.apache.fulcrum.security.acl.AccessControlList;
-import org.apache.fulcrum.security.entity.Group;
-import org.apache.fulcrum.security.entity.Role;
import org.apache.fulcrum.security.entity.User;
import org.apache.fulcrum.security.model.ACLFactory;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineUser;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
import org.apache.fulcrum.security.spi.AbstractManager;
-import org.apache.fulcrum.security.util.PermissionSet;
-import org.apache.fulcrum.security.util.RoleSet;
+import org.apache.fulcrum.security.util.DataBackendException;
import org.apache.fulcrum.security.util.UnknownEntityException;
/**
@@ -46,13 +44,13 @@ public class TurbineACLFactory extends A
*/
public <T extends AccessControlList> T getAccessControlList(User user)
{
- Map<Group, RoleSet> roleSets = new HashMap<Group, RoleSet>();
- Map<Role, PermissionSet> permissionSets = new HashMap<Role,
PermissionSet>();
+ TurbineUser tu = (TurbineUser)user;
+ Set<TurbineUserGroupRole> tugr = tu.getUserGroupRoleSet();
try
{
@SuppressWarnings("unchecked")
- T aclInstance = (T) getAclInstance(roleSets,
permissionSets);
+ T aclInstance = (T) getAclInstance(tugr);
return aclInstance;
}
catch (UnknownEntityException uue)
@@ -67,23 +65,30 @@ public class TurbineACLFactory extends A
* This constructs a new ACL object from the configured class and
* initializes it with the supplied roles and permissions.
*
- * @param roles
- * The roles that this ACL should contain
- * @param permissions
- * The permissions for this ACL
+ * @param turbineUserGroupRoleSet
+ * The set of user/group/role relations that this acl is built
from
*
* @return an object implementing ACL interface.
* @throws UnknownEntityException
* if the object could not be instantiated.
*/
- private TurbineAccessControlList getAclInstance(Map<? extends Group, ?
extends RoleSet> roles,
- Map<? extends Role, ? extends PermissionSet> permissions) throws
UnknownEntityException
+ private TurbineAccessControlList getAclInstance(Set<? extends
TurbineUserGroupRole> turbineUserGroupRoleSet) throws UnknownEntityException
{
+ GroupManager groupManager = null;
+
+ try
+ {
+ groupManager = getGroupManager();
+ }
+ catch (DataBackendException e)
+ {
+ // ignore
+ }
+
TurbineAccessControlList accessControlList;
try
{
- GroupManager groupManager = (GroupManager)
resolve(GroupManager.ROLE);
- accessControlList = new TurbineAccessControlListImpl(roles,
permissions, groupManager);
+ accessControlList = new
TurbineAccessControlListImpl(turbineUserGroupRoleSet, groupManager);
}
catch (Exception e)
{
Modified:
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java?rev=1382699&r1=1382698&r2=1382699&view=diff
==============================================================================
---
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
(original)
+++
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
Mon Sep 10 08:55:44 2012
@@ -21,12 +21,16 @@ package org.apache.fulcrum.security.mode
*/
+import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
import org.apache.fulcrum.security.GroupManager;
import org.apache.fulcrum.security.entity.Group;
import org.apache.fulcrum.security.entity.Permission;
import org.apache.fulcrum.security.entity.Role;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
import org.apache.fulcrum.security.util.FulcrumSecurityException;
import org.apache.fulcrum.security.util.GroupSet;
import org.apache.fulcrum.security.util.PermissionSet;
@@ -52,9 +56,9 @@ public class TurbineAccessControlListImp
private static final long serialVersionUID = 2678947159949477950L;
/** The sets of roles that the user has in different groups */
- private Map<? extends Group, ? extends RoleSet> roleSets;
+ private Map<Group, RoleSet> roleSets;
/** The sets of permissions that the user has in different groups */
- private Map<? extends Role, ? extends PermissionSet> permissionSets;
+ private Map<Group, PermissionSet> permissionSets;
/** The global group */
private Group globalGroup;
/** The group manager */
@@ -75,36 +79,58 @@ public class TurbineAccessControlListImp
* changes made to the security settings in that time are not reflected
* in the state of this object. If you need to reset an user's permissions
* you need to invalidate his session. <br>
- * The objects that constructs an AccessControlList must supply hashtables
- * of role/permission sets keyed with group objects. <br>
*
- * @param roleSets a hashtable containing RoleSet objects keyed with Group
objects
- * @param permissionSets a hashtable containing PermissionSet objects
keyed with Group objects
+ * @param turbineUserGroupRoleSet
+ * The set of user/group/role relations that this acl is built
from
* @param groupManager the Group manager
+ *
* @throws FulcrumSecurityException if the global group cannot be retrieved
*/
public TurbineAccessControlListImpl(
- Map<? extends Group, ? extends RoleSet> roleSets,
- Map<? extends Role, ? extends PermissionSet> permissionSets,
+ Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
GroupManager groupManager) throws FulcrumSecurityException
{
- this.roleSets = roleSets;
- this.permissionSets = permissionSets;
+ this.roleSets = new HashMap<Group, RoleSet>();
+ this.permissionSets = new HashMap<Group, PermissionSet>();
this.groupManager = groupManager;
- this.globalGroup =
groupManager.getGroupByName(TurbineModelManager.GLOBAL_GROUP_NAME);
- for (Map.Entry<? extends Group, ? extends RoleSet> entry :
roleSets.entrySet())
+
+ for (TurbineUserGroupRole ugr : turbineUserGroupRoleSet)
{
- Group group = entry.getKey();
+ Group group = ugr.getGroup();
groupSet.add(group);
- RoleSet rs = entry.getValue();
- roleSet.add(rs);
- }
- for (Map.Entry<? extends Role, ? extends PermissionSet> entry :
permissionSets.entrySet())
- {
- Role role = entry.getKey();
+
+ TurbineRole role = (TurbineRole)ugr.getRole();
roleSet.add(role);
- PermissionSet ps = entry.getValue();
+ if (roleSets.containsKey(group))
+ {
+ roleSets.get(group).add(role);
+ }
+ else
+ {
+ RoleSet rs = new RoleSet();
+ rs.add(role);
+ roleSets.put(group, rs);
+ }
+
+ PermissionSet ps = role.getPermissions();
permissionSet.add(ps);
+ if (permissionSets.containsKey(group))
+ {
+ permissionSets.get(group).add(ps);
+ }
+ else
+ {
+ permissionSets.put(group, ps);
+ }
+ }
+
+ if (groupManager != null)
+ {
+ this.globalGroup =
groupManager.getGroupByName(TurbineModelManager.GLOBAL_GROUP_NAME);
+ }
+ else
+ {
+ this.globalGroup =
groupSet.getByName(TurbineModelManager.GLOBAL_GROUP_NAME);
}
}
@@ -206,34 +232,24 @@ public class TurbineAccessControlListImp
/**
* Checks if the user is assigned a specific Role in the Group.
*
- * @param role the Role
- * @param group the Group
+ * @param roleName the Role name
+ * @param groupName the Group name
* @return <code>true</code> if the user is assigned the Role in the Group.
*/
- public boolean hasRole(String role, String group)
+ public boolean hasRole(String roleName, String groupName)
{
- boolean roleFound = false;
try
{
- for (Map.Entry<? extends Group, ? extends RoleSet> entry :
roleSets.entrySet())
- {
- Group g = entry.getKey();
- if (g.getName().equalsIgnoreCase(group))
- {
- RoleSet rs = entry.getValue();
- roleFound = rs.containsName(role);
- }
- }
+ return hasRole(roleSet.getByName(roleName),
groupSet.getByName(groupName));
}
catch (Exception e)
{
- roleFound = false;
+ return false;
}
- return roleFound;
}
/**
- * Checks if the user is assigned a specifie Role in any of the given
+ * Checks if the user is assigned a specific Role in any of the given
* Groups
*
* @param rolename the name of the Role
@@ -243,28 +259,14 @@ public class TurbineAccessControlListImp
*/
public boolean hasRole(String rolename, GroupSet groupset)
{
- Role role;
try
{
- role = roleSet.getByName(rolename);
+ return hasRole(roleSet.getByName(rolename), groupset);
}
catch (Exception e)
{
return false;
}
- if (role == null)
- {
- return false;
- }
- for (Group group : groupset)
- {
- RoleSet roles = getRoles(group);
- if (roles != null && roles.contains(role))
- {
- return true;
- }
- }
- return false;
}
/**
@@ -288,7 +290,7 @@ public class TurbineAccessControlListImp
{
try
{
- return roleSet.containsName(role);
+ return hasRole(roleSet.getByName(role));
}
catch (Exception e)
{
@@ -438,7 +440,7 @@ public class TurbineAccessControlListImp
{
try
{
- return permissionSet.containsName(permission);
+ return hasPermission(permissionSet.getByName(permission));
}
catch (Exception e)
{
Added: turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml?rev=1382699&view=auto
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml (added)
+++ turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml Mon
Sep 10 08:55:44 2012
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- This configuration file for Avalon components is used for testing the
TestComponent -->
+<role-list>
+ <role
+ name="org.apache.fulcrum.security.model.ACLFactory"
+ shorthand="acl"
+
default-class="org.apache.fulcrum.security.model.turbine.TurbineACLFactory"/>
+</role-list>
Propchange: turbine/fulcrum/trunk/security/api/src/test/TurbineACLRoleConfig.xml
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java?rev=1382699&r1=1382698&r2=1382699&view=diff
==============================================================================
---
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
(original)
+++
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
Mon Sep 10 08:55:44 2012
@@ -34,10 +34,20 @@ import org.apache.fulcrum.security.model
import
org.apache.fulcrum.security.model.dynamic.entity.impl.DynamicPermissionImpl;
import org.apache.fulcrum.security.model.dynamic.entity.impl.DynamicRoleImpl;
import org.apache.fulcrum.security.model.dynamic.entity.impl.DynamicUserImpl;
+import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineGroup;
+import org.apache.fulcrum.security.model.turbine.entity.TurbinePermission;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineUser;
+import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
+import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineGroupImpl;
+import
org.apache.fulcrum.security.model.turbine.entity.impl.TurbinePermissionImpl;
+import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineRoleImpl;
+import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl;
import org.apache.fulcrum.testcontainer.BaseUnitTest;
/**
- *
+ *
* @author <a href="mailto:[email protected]";>Eric Pugh</a>
* @version $Id$
*/
@@ -49,6 +59,36 @@ public class ACLFactoryTest extends Base
super(arg0);
}
+ public void testCreatingTurbineACL() throws Exception
+ {
+ this.setRoleFileName("src/test/TurbineACLRoleConfig.xml");
+ this.setConfigurationFileName("src/test/ACLComponentConfig.xml");
+
+ ACLFactory factory = (ACLFactory) lookup(ACLFactory.ROLE);
+ TurbineUser user = new TurbineUserImpl();
+ user.setName("bob");
+ user.setId(new Integer(1));
+ TurbineGroup group = new TurbineGroupImpl();
+ group.setName("group1");
+ group.setId(new Integer(1));
+ TurbineRole role = new TurbineRoleImpl();
+ role.setName("role1");
+ role.setId(new Integer(1));
+ TurbinePermission permission = new TurbinePermissionImpl();
+ permission.setName("permission1");
+ permission.setId(new Integer(1));
+ role.addPermission(permission);
+ TurbineUserGroupRole ugr = new TurbineUserGroupRole();
+ ugr.setGroup(group);
+ ugr.setRole(role);
+ ugr.setUser(user);
+ user.addUserGroupRole(ugr);
+ AccessControlList acl = factory.getAccessControlList(user);
+ assertTrue(acl instanceof TurbineAccessControlList);
+ TurbineAccessControlList tacl = (TurbineAccessControlList) acl;
+ assertTrue(tacl.hasPermission(permission, group));
+ }
+
public void testCreatingDynamicACL() throws Exception
{
this.setRoleFileName("src/test/DynamicACLRoleConfig.xml");
@@ -74,7 +114,6 @@ public class ACLFactoryTest extends Base
assertTrue(acl instanceof DynamicAccessControlList);
DynamicAccessControlList dacl = (DynamicAccessControlList) acl;
assertTrue(dacl.hasPermission(permission));
-
}
public void testCreatingBasicACL() throws Exception
@@ -94,7 +133,5 @@ public class ACLFactoryTest extends Base
assertTrue(acl instanceof BasicAccessControlList);
BasicAccessControlList bacl = (BasicAccessControlList) acl;
assertTrue(bacl.hasGroup(group));
-
}
-
}
