Update of
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext
In directory
james.mmbase.org:/tmp/cvs-serv30793/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext
Modified Files:
ContextProvider.java BasicContextProvider.java
Log Message:
MMB-1767 Create disableContextChecks property in Contexts builder of
CloudContext Security
See also:
http://cvs.mmbase.org/viewcvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext
See also: http://www.mmbase.org/jira/browse/MMB-1767
Index: ContextProvider.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/ContextProvider.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- ContextProvider.java 30 Dec 2008 17:49:44 -0000 1.2
+++ ContextProvider.java 4 Jan 2009 18:57:14 -0000 1.3
@@ -22,7 +22,7 @@
* esential properties of them are acquired.
*
* @author Michiel Meeuwissen
- * @version $Id: ContextProvider.java,v 1.2 2008/12/30 17:49:44 michiel Exp $
+ * @version $Id: ContextProvider.java,v 1.3 2009/01/04 18:57:14 nklasens Exp $
* MMBase-1.9.1
*/
public interface ContextProvider {
@@ -36,12 +36,16 @@
MMObjectNode getContextNode(MMObjectNode node);
+ MMObjectNode getContextNode(String context);
+
Set<String> getPossibleContexts(User user, MMObjectNode node) throws
SecurityException;
Set<String> getPossibleContexts(User user) throws SecurityException;
boolean mayDo(User user, MMObjectNode nodeId, Operation operation) throws
SecurityException;
+ boolean mayDoOnContext(MMObjectNode userNode, MMObjectNode contextNode,
Operation operation, boolean checkOwnRights);
+
/**
* Whether, or not, the user is allowed to grant the security operation
to the group or user on the context
* node.
Index: BasicContextProvider.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/BasicContextProvider.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- BasicContextProvider.java 30 Dec 2008 17:49:44 -0000 1.3
+++ BasicContextProvider.java 4 Jan 2009 18:57:14 -0000 1.4
@@ -21,7 +21,6 @@
import org.mmbase.security.SecurityException;
import org.mmbase.module.core.*;
import org.mmbase.module.corebuilders.*;
-import org.mmbase.core.CoreField;
import org.mmbase.storage.search.*;
import org.mmbase.storage.search.implementation.*;
import org.mmbase.cache.Cache;
@@ -36,7 +35,7 @@
* This is a basic implemention of {...@link Provider} that implements all the
methods in a default way.
*
* @author Michiel Meeuwissen
- * @version $Id: BasicContextProvider.java,v 1.3 2008/12/30 17:49:44 michiel
Exp $
+ * @version $Id: BasicContextProvider.java,v 1.4 2009/01/04 18:57:14 nklasens
Exp $
* @since MMBase-1.9.1
*/
public class BasicContextProvider implements ContextProvider {
@@ -85,6 +84,10 @@
return 50;
}
+ protected boolean disableContextChecks() {
+ return false;
+ }
+
public Collection<NodeSearchQuery> getContextQueries() {
return queries;
@@ -194,7 +197,7 @@
}
- protected MMObjectNode getContextNode(String context) {
+ public MMObjectNode getContextNode(String context) {
Cache<String,MMObjectNode> contextCache = Caches.getContextCache();
MMObjectNode contextNode = contextCache.get(context);
if (contextNode == null && ! contextCache.contains(context)) {
@@ -419,11 +422,19 @@
}
protected boolean mayDoOnContext(User user, MMObjectNode contextNode,
Operation operation, boolean checkOwnRights) {
+ return mayDoOnContext(user.getNode(), contextNode, operation,
checkOwnRights);
+ }
+
+ public boolean mayDoOnContext(MMObjectNode userNode, MMObjectNode
contextNode,
+ Operation operation, boolean checkOwnRights) {
+ if (disableContextChecks()) {
+ return true;
+ }
Set<MMObjectNode> groupsAndUsers = getGroupsAndUsers(contextNode,
operation);
if (checkOwnRights) {
- if (groupsAndUsers.contains(user.getNode())) return true;
+ if (groupsAndUsers.contains(userNode)) return true;
}
Iterator<MMObjectNode> iter = groupsAndUsers.iterator();
@@ -435,15 +446,15 @@
log.trace("checking group " + group);
}
- if(Groups.getBuilder().contains(group, user.getNode())) {
+ if(Groups.getBuilder().contains(group, userNode)) {
if (log.isDebugEnabled()) {
- log.debug("User " +
user.getNode().getStringValue("username") + " may " + operation + " according
to context " + contextNode);
+ log.debug("User " + userNode.getStringValue("username") +
" may " + operation + " according to context " + contextNode);
}
return true;
}
}
if (log.isDebugEnabled()) {
- log.debug("User " + user.getNode().getStringValue("username") + "
may not " + operation + " according to context " + contextNode);
+ log.debug("User " + userNode.getStringValue("username") + " may
not " + operation + " according to context " + contextNode);
}
return false;
@@ -561,7 +572,7 @@
if (userContext.getRank().getInt() >= Rank.ADMIN_INT) {
return Authorization.COMPLETE_CHECK;
} else {
- if (operation == Operation.READ && canReadAll()) {
+ if (operation == Operation.READ && (canReadAll() ||
disableContextChecks())) {
return Authorization.COMPLETE_CHECK;
} else if (operation == Operation.READ) {
AllowingContexts ac =
allowingContextsCache.get(userContext.getIdentifier());
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
