Update of
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders
In directory
james.mmbase.org:/tmp/cvs-serv30106/src/org/mmbase/security/implementation/cloudcontext/builders
Modified Files:
Contexts.java Users.java
Log Message:
MMB-1749
See also:
http://cvs.mmbase.org/viewcvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders
See also: http://www.mmbase.org/jira/browse/MMB-1749
Index: Contexts.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders/Contexts.java,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -b -r1.56 -r1.57
--- Contexts.java 7 Aug 2008 20:01:51 -0000 1.56
+++ Contexts.java 8 Dec 2008 17:02:46 -0000 1.57
@@ -35,7 +35,7 @@
* @author Eduard Witteveen
* @author Pierre van Rooden
* @author Michiel Meeuwissen
- * @version $Id: Contexts.java,v 1.56 2008/08/07 20:01:51 michiel Exp $
+ * @version $Id: Contexts.java,v 1.57 2008/12/08 17:02:46 michiel Exp $
* @see org.mmbase.security.implementation.cloudcontext.Verify
* @see org.mmbase.security.Authorization
*/
@@ -193,7 +193,7 @@
if (user.getNode() != null && user.getNode().getNumber() == nodeId
&& operation == Operation.DELETE) return false; // nobody may delete own node
if (builder instanceof Contexts) {
try {
- Users users = Users.getBuilder();
+ MMObjectBuilder users =
Authenticate.getInstance().getUserProvider().getUserBuilder();
BasicSearchQuery query = new BasicSearchQuery(true);
Step step = query.addStep(users);
BasicFieldValueConstraint constraint = new
BasicFieldValueConstraint(new BasicStepField(step,
users.getField("defaultcontext")), new Integer(nodeId));
@@ -521,8 +521,9 @@
Constraint newConstraint =
query.createConstraint(field, ac.contexts);
if (ac.inverse) query.setInverse(newConstraint, true);
- if (step.getTableName().equals("mmbaseusers")) { //
anybody may see own node
- Users users = Users.getBuilder();
+ Provider users =
Authenticate.getInstance().getUserProvider();
+
+ if
(step.getTableName().equals(users.getUserBuilder().getTableName())) { //
anybody may see own node
Constraint own =
query.createConstraint(query.createStepField(step, "number"),
new
Integer(users.getUser(userContext.getIdentifier()).getNumber()));
newConstraint =
query.createConstraint(newConstraint, CompositeConstraint.LOGICAL_OR, own);
@@ -604,7 +605,8 @@
if (found == null) {
found = new HashSet<MMObjectNode>();
- found.addAll(getGroupsOrUsers(contextNode, operation,
Users.getBuilder()));
+ MMObjectBuilder users =
Authenticate.getInstance().getUserProvider().getUserBuilder();
+ found.addAll(getGroupsOrUsers(contextNode, operation, users));
found.addAll(getGroupsOrUsers(contextNode, operation,
Groups.getBuilder()));
operationsCache.put(contextNode, operation, found);
}
@@ -790,7 +792,7 @@
* @javadoc
*/
protected boolean mayGrant(MMObjectNode contextNode, MMObjectNode
groupOrUserNode, Operation operation, MMObjectNode user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
if (users.getRank(user).getInt() >= Rank.ADMIN.getInt()) return true;
// admin may do everything
Groups groups = Groups.getBuilder();
@@ -855,7 +857,7 @@
* @todo untested
*/
protected boolean mayRevoke(MMObjectNode contextNode, MMObjectNode
groupOrUserNode, Operation operation, MMObjectNode user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
if (users.getRank(user).getInt() >= Rank.ADMIN.getInt()) return true;
// admin may do everything
if (groupOrUserNode.getBuilder() instanceof Groups) {
if (! Groups.getBuilder().contains(groupOrUserNode,
user.getNumber()) || users.getRank(user).getInt() <= Rank.BASICUSER.getInt())
return false; // must be 'high rank' member of group
@@ -914,7 +916,7 @@
* @javadoc
*/
protected MMObjectNode getUserNode(UserContext user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
return users.getUser(user.getIdentifier());
}
@@ -985,7 +987,8 @@
throw new SecurityException("Self was not supplied");
}
// find the user first, the check if the current user actually has
rights on the object
- MMObjectNode userToCheck =
Users.getBuilder().getNode(a.getString("usertocheck"));
+ Provider users = Authenticate.getInstance().getUserProvider();
+ MMObjectNode userToCheck =
users.getUserBuilder().getNode(a.getString("usertocheck"));
if (userToCheck == null) { // the user is null?
// I don't know then,
// yes perhaps?
@@ -993,9 +996,9 @@
}
// admin bypasses security system (maydo(mmobjectnode ... does not
check for this)
- if (Users.getBuilder().getRank(checkingUser).getInt() <
Rank.ADMIN_INT) {
+ if (users.getRank(checkingUser).getInt() < Rank.ADMIN_INT) {
if ((! mayDo(checkingUser, getContextNode(userToCheck),
Operation.READ, true))) {
- throw new SecurityException("You " + checkingUser + " / "
+ Users.getBuilder().getRank(checkingUser) + " are not allowed to check user '"
+ userToCheck + "' of context '" + getContextNode(userToCheck) + "' (you have
no read rights on that context)");
+ throw new SecurityException("You " + checkingUser + " / "
+ users.getRank(checkingUser) + " are not allowed to check user '" +
userToCheck + "' of context '" + getContextNode(userToCheck) + "' (you have no
read rights on that context)");
}
}
Index: Users.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders/Users.java,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -b -r1.58 -r1.59
--- Users.java 27 Oct 2008 18:24:22 -0000 1.58
+++ Users.java 8 Dec 2008 17:02:46 -0000 1.59
@@ -17,6 +17,7 @@
import org.mmbase.storage.search.*;
import org.mmbase.storage.search.implementation.*;
import org.mmbase.cache.Cache;
+import org.mmbase.cache.QueryResultCache;
import org.mmbase.util.Encode;
import org.mmbase.util.logging.Logger;
import org.mmbase.util.logging.Logging;
@@ -31,10 +32,10 @@
* @author Eduard Witteveen
* @author Pierre van Rooden
* @author Michiel Meeuwissen
- * @version $Id: Users.java,v 1.58 2008/10/27 18:24:22 michiel Exp $
+ * @version $Id: Users.java,v 1.59 2008/12/08 17:02:46 michiel Exp $
* @since MMBase-1.7
*/
-public class Users extends MMObjectBuilder {
+public class Users extends MMObjectBuilder implements Provider {
private static final Logger log = Logging.getLoggerInstance(Users.class);
@@ -63,6 +64,11 @@
public String getDescription() { return "Caches the users.
UserName --> User Node"; }
};
+ protected static QueryResultCache userRankCache = new
QueryResultCache(100) {
+ public String getName() { return "CCS:UserRankCache"; }
+ public String getDescription() { return "Caches the rank objects
related to queries"; }
+
+ };
protected Function<String> encodeFunction = new
AbstractFunction<String>("encode", new Parameter[] {new
Parameter<String>("password", String.class, true) }, ReturnType.STRING) {
{
@@ -584,6 +590,19 @@
return true;
}
+ /**
+ * @since MMBase-1.8.7
+ */
+ public boolean allowEncodedPassword() {
+ return
org.mmbase.util.Casting.toBoolean(getInitParameter("allowencodedpassword"));
+ }
+
+ /**
+ * @since MMBase-1.8.7
+ */
+ public MMObjectBuilder getUserBuilder() {
+ return this;
+ }
}
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
