Author: dimuthul
Date: Sun Jan 13 23:53:15 2008
New Revision: 12192
Log:
Adding isUserEditable and isUserReadable.
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
Sun Jan 13 23:53:15 2008
@@ -14,20 +14,17 @@
private AccessControlAdmin admin = null;
- private String adminUserName = null;
-
public ACLAccessControlAdmin(Authorizer athzr, AccessControlAdmin admin,
- String user) {
- super(athzr, user);
+ AuthorizingRealmConfig authConfig) {
+ super(athzr, authConfig);
this.authorizer = athzr;
this.admin = admin;
- this.adminUserName = user;
}
public void authorizeUser(String userName, String resourceId, String
action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -42,7 +39,7 @@
*/
public void denyUser(String userName, String resourceId, String action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -56,7 +53,7 @@
*/
public void authorizeRole(String roleName, String resourceId, String
action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -70,7 +67,7 @@
*/
public void denyRole(String roleName, String resourceId, String action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -84,7 +81,7 @@
*/
public void clearUserAuthorization(String userName, String resourceId,
String action) throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -98,7 +95,7 @@
*/
public void clearRoleAuthorization(String roleName, String resourceId,
String action) throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -112,7 +109,7 @@
*/
public void clearResourceAuthorizations(String resourceId)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, resourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
UserManagerConstants.DELETE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -126,7 +123,7 @@
*/
public void copyAuthorizations(String fromResourceId, String toResourceId)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName, toResourceId,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
toResourceId,
UserManagerConstants.AUTHORIZE)) {
throw new UnauthorizedException("unAuthorized", new String[] {
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
Sun Jan 13 23:53:15 2008
@@ -7,11 +7,11 @@
private Authorizer authorizer = null;
- private String adminUserName = null;
+ protected AuthorizingRealmConfig config = null;
- public ACLAuthorizer(Authorizer athzr, String user) {
+ public ACLAuthorizer(Authorizer athzr, AuthorizingRealmConfig authConfig) {
this.authorizer = athzr;
- this.adminUserName = user;
+ config = authConfig;
}
public String[] getAllowedRolesForResource(String resourceId,
@@ -45,15 +45,6 @@
return authorizer.isUserAuthorized(userName, resourceId, action);
}
- /* protected void doAuthorization() throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
- UserManagerConstants.PERMISSION_RESOURCE,
- UserManagerConstants.READ)) {
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.PERMISSION_RESOURCE,
- UserManagerConstants.READ });
- }
-
- }*/
+
}
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
Sun Jan 13 23:53:15 2008
@@ -17,12 +17,10 @@
private UserStoreAdmin usAdmin = null;
- private String adminUserName = null;
-
- public ACLUserStoreAdmin(Authorizer athzr, UserStoreAdmin admin, String
user) {
- super(athzr, admin, user);
+
+ public ACLUserStoreAdmin(Authorizer athzr, UserStoreAdmin admin,
AuthorizingRealmConfig authConfig) {
+ super(athzr, admin, authConfig);
this.authorizer = athzr;
- this.adminUserName = user;
this.usAdmin = admin;
}
@@ -31,7 +29,7 @@
*/
public void addUser(String userName, Object credential)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -46,7 +44,8 @@
*/
public void updateUser(String userName, Object newCredential,
Object oldCredential) throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -58,7 +57,7 @@
public void updateUser(String userName, Object newCredential)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -73,10 +72,9 @@
*/
public void deleteUser(String userName) throws UserManagerException {
if (!authorizer
- .isUserAuthorized(adminUserName,
+ .isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.DELETE)) {
-
throw new UnauthorizedException("unAuthorized", new String[] {
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.DELETE });
@@ -89,7 +87,10 @@
*/
public void setUserProperties(String userName, Map properties)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if(config.getAuthenticatedUserName().equals(userName) &&
+ config.isCurrentUserEditable()){
+ //do nothing - authorized
+ }else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -103,7 +104,7 @@
* Add role to user store
*/
public void addRole(String roleName) throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -118,7 +119,7 @@
*/
public void deleteRole(String roleName) throws UserManagerException {
if (!authorizer
- .isUserAuthorized(adminUserName,
+ .isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.DELETE)) {
@@ -134,7 +135,7 @@
*/
public void setRoleProperties(String roleName, Map properties)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -149,7 +150,7 @@
*/
public void addUserToRole(String userName, String roleName)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -165,7 +166,7 @@
public void removeUserFromRole(String userName, String roleName)
throws UserManagerException {
if (!authorizer
- .isUserAuthorized(adminUserName,
+ .isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.DELETE)) {
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
Sun Jan 13 23:53:15 2008
@@ -10,15 +10,15 @@
public class ACLUserStoreReader implements UserStoreReader {
private Authorizer authorizer = null;
-
- private String adminUserName = null;
-
+
private UserStoreReader usReader = null;
+ protected AuthorizingRealmConfig config = null;
+
public ACLUserStoreReader(Authorizer athzr, UserStoreReader reader,
- String user) {
+ AuthorizingRealmConfig authConfig) {
this.authorizer = athzr;
- this.adminUserName = user;
+ this.config = authConfig;
this.usReader = reader;
}
@@ -35,7 +35,12 @@
}
public Map getUserProperties(String userName) throws UserManagerException {
- doAuthorizationToReadUser();
+ if (config.getAuthenticatedUserName().equals(userName)
+ && config.isCurrentUserReadable()) {
+ //do nothing authorized
+ }else{
+ doAuthorizationToReadUser();
+ }
return usReader.getUserProperties(userName);
}
@@ -70,9 +75,8 @@
}
protected void doAuthorizationToReadRole() throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
- UserManagerConstants.ROLE_RESOURCE,
- UserManagerConstants.READ)) {
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.READ)) {
throw new UnauthorizedException("unAuthorized", new String[] {
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.READ });
@@ -80,9 +84,8 @@
}
protected void doAuthorizationToReadUser() throws UserManagerException {
- if (!authorizer.isUserAuthorized(adminUserName,
- UserManagerConstants.USER_RESOURCE,
- UserManagerConstants.READ)) {
+ if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ UserManagerConstants.USER_RESOURCE,
UserManagerConstants.READ)) {
throw new UnauthorizedException("unAuthorized", new String[] {
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.READ });
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
Sun Jan 13 23:53:15 2008
@@ -94,21 +94,21 @@
this.authenticator = realm.getAuthenticator();
- this.authorizer = new ACLAuthorizer(authorizer, username);
+ this.authorizer = new ACLAuthorizer(authorizer, config);
if (realm.getAccessControlAdmin() != null) {
this.aclAdmin = new ACLAccessControlAdmin(authorizer, realm
- .getAccessControlAdmin(), username);
+ .getAccessControlAdmin(), config);
}
if (realm.getUserStoreAdmin() != null) {
this.usAdmin = new ACLUserStoreAdmin(authorizer, realm
- .getUserStoreAdmin(), username);
+ .getUserStoreAdmin(), config);
}
if (realm.getUserStoreReader() != null) {
this.usReader = new ACLUserStoreReader(authorizer, realm
- .getUserStoreReader(), username);
+ .getUserStoreReader(), config);
}
}
_______________________________________________
Commons-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/commons-dev
