[farcry-dev] Re: Permissions and policy groups

Thu, 10 Jun 2004 12:10:18 -0700 

Thanks Kyle,
 
I'm attaching a patch for the authorisation.cfc which seems to fix the
problem for Oracle. The patch is against the latest version of the core
available on the public CVS server. I don't have MySQL or SQL server
running to test against, but I did test on Oracle and, after a clean
install, policyGroupIDs in the DMPOLICYGROUP table match those in the
farcry_core\admin\install\dmSec_files\policyGroups.wddx file.

Basically, if createPolicyGroup is called with the policyGroupID
attribute we drop the DMPOLICYGROUP_SEQ and add a new DMPOLICYGROUP_SEQ
with the minimum value set to the MAX(policyGroupID) + 1.

One thing I noticed is that this method assumes the Policy Store is in
the same type of DB as the FarCry application. While I'm sure this is
usually the case, It seems to me that if the Policy Store is in another
datasource it is possible that that it could be in another type of DB as
well. You could add a key to the Application.dmSec.PolicyStore structure
to hold the database type, but I'm not sure how much of the core this
would affect. I'm not sure this type of change is a good idea, it is
really just an observation...

Below is what the new createPolicyGroup method looks like. I
de-cfscripted a lot of the code to make use of a transaction around the
queries that get the max policyGroupID and drop and add the sequence...
 
 
<cffunction name="createPolicyGroup" hint="Creates a new policy group in
the datastore" returntype="struct" output="No">
  <cfargument name="policyGroupName" required="true">
  <cfargument name="policyGroupNotes" required="false" default="">
  <cfargument name="policyGroupID">
  <cfscript>
   stPolicyGroup =
getPolicyGroup(policyGroupName=arguments.policyGroupName);
   stPolicyStore = getPolicyStore();
   stResult = structNew();
  </cfscript>
  <cfif NOT structIsEmpty(stPolicyGroup)>
   <cfscript>
    stResult.bSuccess = false;
    stResult.message = "Policy Group already exists";   
   </cfscript>  
  <cfelse> 
   <cfswitch expression="#application.dbType#"> 
    <cfcase value="ora">
     <!--- clean up the dmpolicygroup_seq --->
     <cftransaction>
      <cftry>
      <cfquery name="q" datasource="#stPolicyStore.datasource#">
       INSERT INTO 
        #application.dbowner##stPolicyStore.PolicyGroupTable# 
        ( policyGroupID, 
         policyGroupName,
         policyGroupNotes 
        )
       VALUES
        (
         <cfif
isDefined("arguments.policyGroupID")>#arguments.policyGroupId#<cfelse>DM
POLICYGROUP_SEQ.nextval</cfif>,
         '#arguments.PolicyGroupName#',
         '#arguments.PolicyGroupNotes#'
        )        
      </cfquery>
      <cfquery name="getMaxID">
       SELECT MAX (policyGroupID) AS MaxID
       FROM #application.dbowner##stPolicyStore.PolicyGroupTable#
      </cfquery>
      <cfquery name="dropSequence">
       DROP SEQUENCE DMPOLICYGROUP_SEQ
      </cfquery>
      <cfquery name="createSequence">
       CREATE SEQUENCE DMPOLICYGROUP_SEQ MINVALUE #Val(getMaxID.MaxID +
1)#
      </cfquery> 
       <cfcatch>
        <cftransaction action="ROLLBACK">
        <cfset bSuccess = false>
       </cfcatch>
      </cftry>
     </cftransaction>   
    </cfcase>
    <cfcase value="mysql">
     <cfscript>
      sql = "
      INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable#
( policyGroupName,policyGroupNotes ";
      if (isDefined("arguments.policyGroupId"))
       sql = sql & ",policyGroupId";
      sql = sql & ") 
      VALUES
      ('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
      if (isDefined("arguments.policyGroupId"))
       sql = sql & ",#arguments.policyGroupId#";
      sql = sql & ")"; 
      query(sql=sql,dsn=stPolicyStore.datasource);
      bSuccess = true;
     </cfscript>    
    </cfcase>
    <cfdefalutcase>
     <cfscript>
      sql = "
      INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable#
( policyGroupName,policyGroupNotes ";
      if (isDefined("arguments.policyGroupId"))
       sql = sql & ",policyGroupId";
      sql = sql & ") 
      VALUES
      ('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
      if (isDefined("arguments.policyGroupId"))
       sql = sql & ",#arguments.policyGroupId#";
      sql = sql & ")"; 
      query(sql=sql,dsn=stPolicyStore.datasource);
      bSuccess = true;
     </cfscript>
    </cfdefalutcase>
   </cfswitch> 
   <cfscript>
    if bSuccess {
     stResult.bSuccess = true;
     stResult.message = "Policy group successfully added";
     oAuthentication =
createObject("component","#application.securitypackagepath#.authenticati
on");
     oAudit =
createObject("component","#application.packagepath#.farcry.audit");
     stuser = oAuthentication.getUserAuthenticationData();
      if(stUser.bLoggedIn)
       oaudit.logActivity(auditType="dmSec.createPolicyGroup",
username=Stuser.userlogin, location=cgi.remote_host, note="policy group
#arguments.policygroupname# created"); 
    } else {
     stResult.bSuccess = false;
     stResult.message = "Policy Group not added";    
    }
   </cfscript>
  </cfif>
  <cfreturn stResult>
 </cffunction>

Attachment: authorisation.patch
Description: authorisation.patch

---
You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]


Aussie Macromedia Developers: http://lists.daemon.com.au/

Reply via email to