Author: keith
Date: Wed Apr 23 04:13:23 2008
New Revision: 16053
Log:
Need to set the permissions before adding resources to the registry
Modified:
trunk/mashup/java/modules/javascriptdeployer/src/org/wso2/mashup/deployer/JSDeployer.java
Modified:
trunk/mashup/java/modules/javascriptdeployer/src/org/wso2/mashup/deployer/JSDeployer.java
==============================================================================
---
trunk/mashup/java/modules/javascriptdeployer/src/org/wso2/mashup/deployer/JSDeployer.java
(original)
+++
trunk/mashup/java/modules/javascriptdeployer/src/org/wso2/mashup/deployer/JSDeployer.java
Wed Apr 23 04:13:23 2008
@@ -916,7 +916,7 @@
boolean createPrimary;
String primaryName = null;
String primaryPassword;
- UserRegistry userRegistry;
+ UserRegistry systemRegistry;
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
@@ -1013,6 +1013,80 @@
// Assign system user the 'admin' role.
us.addUserToRole(MashupConstants.SYSTEM_USER,
RegistryConstants.ADMIN_ROLE);
+
+ AccessControlAdmin ac = realm.getAccessControlAdmin();
+
+ // Setting permissions for the admin role on user resources
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.ADD);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.READ);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.EDIT);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role on role resources
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.ADD);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.READ);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.EDIT);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role on setting
permissions
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.READ);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.ADD);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.EDIT);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role to GET, PUT and
DELETE data from any part
+ // of the registry
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.PUT);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.DELETE);
+ ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ AccessControlConstants.AUTHORIZE);
+
+ // Setting permissions for the everyone role to GET data from
any part
+ // of the registry
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+
+ // Setting permissions for the everyone role to READ and EDIT
user resources
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.USER_RESOURCE,
AccessControlConstants.READ);
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.USER_RESOURCE,
AccessControlConstants.EDIT);
+
+ // Setting permissions for the everyone role to READ
permissions
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
AccessControlConstants.READ);
+ ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.READ);
+
+ // Setting permissions for the everyone role to READ all
mashups and queries
+ ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
MashupConstants.ALL_MASHUPS_PATH,
+ AccessControlConstants.READ);
+ ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
+ MashupConstants.ALL_MASHUPS_QUERY_PATH,
+ AccessControlConstants.READ);
}
createPrimary = Boolean.parseBoolean(
@@ -1044,18 +1118,17 @@
// Instantiating a secure registry using the system account, in
order to create user
// profiles.
- userRegistry = RegistryUtils.createUserRegistry(
- MashupConstants.SYSTEM_USER,
MashupConstants.SYSTEM_USER_PASSWORD, embeddedRegistry);
+ systemRegistry = embeddedRegistry.getSystemRegistry();
- if
(!userRegistry.resourceExists(MashupConstants.QUERYSTORE_QUERY_PATH)) {
+ if
(!systemRegistry.resourceExists(MashupConstants.QUERYSTORE_QUERY_PATH)) {
// Create an area in the registry to add queries
- Collection queryCollection = userRegistry.newCollection();
- userRegistry.put(MashupConstants.QUERYSTORE_QUERY_PATH,
queryCollection);
+ Collection queryCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.QUERYSTORE_QUERY_PATH,
queryCollection);
// All mashups query
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.ALL_MASHUPS_QUERY_PATH,
"SELECT PATH FROM ARTIFACTS WHERE STATE=100 AND
(MEDIA_TYPE='" +
MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
@@ -1065,7 +1138,7 @@
// Mashups from a specific user
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.MY_MASHUPS_QUERY_PATH,
"SELECT PATH FROM ARTIFACTS WHERE STATE=100 AND
AUTHOR=? AND " +
"(MEDIA_TYPE='" +
MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
@@ -1075,7 +1148,7 @@
// Mashups rated 4.0 or better, sorted by rating.
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.TOP_MASHUPS_QUERY_PATH,
"SELECT A.PATH FROM ARTIFACTS A, RATINGS R WHERE
A.STATE=100 AND " +
"A.AID=R.AID AND (A.MEDIA_TYPE='" +
@@ -1087,7 +1160,7 @@
// Mashups from a specific user rated 4.0 or better, sorted by
rating.
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.MY_TOP_MASHUPS_QUERY_PATH,
"SELECT A.PATH FROM ARTIFACTS A, RATINGS R WHERE
A.STATE=100 AND " +
"A.AID=R.AID AND A.AUTHOR=? AND
(A.MEDIA_TYPE='" +
@@ -1098,30 +1171,30 @@
);
// Create a collection for users. All user related data will
go in here
- Collection usersCollection = userRegistry.newCollection();
- userRegistry.put("/users", usersCollection);
+ Collection usersCollection = systemRegistry.newCollection();
+ systemRegistry.put("/users", usersCollection);
// Create a collection for profiles. All user profiles data
will go in here
- Collection profileCollection = userRegistry.newCollection();
- userRegistry.put("/users/profile", profileCollection);
+ Collection profileCollection = systemRegistry.newCollection();
+ systemRegistry.put("/users/profile", profileCollection);
// Create a collection for system. All system related data
will go in here
- Collection systemCollection = userRegistry.newCollection();
- userRegistry.put("/system", systemCollection);
+ Collection systemCollection = systemRegistry.newCollection();
+ systemRegistry.put("/system", systemCollection);
// Create a collection for /system/queries. All system queries
will go in here
- Collection queriesCollection = userRegistry.newCollection();
- userRegistry.put("/system/queries", queriesCollection);
+ Collection queriesCollection = systemRegistry.newCollection();
+ systemRegistry.put("/system/queries", queriesCollection);
// Create a collection for mashups. All mashup related data
will go in here
- Collection mashupsCollection = userRegistry.newCollection();
- userRegistry.put("/mashups", mashupsCollection);
+ Collection mashupsCollection = systemRegistry.newCollection();
+ systemRegistry.put("/mashups", mashupsCollection);
// This query accepts a resource path, a username, and a tag
name, and returns the
// resource path if that user applied that tag to the resource.
// Used for checking whether the current user should be
allowed to delete the tag.
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.USER_TAGS_QUERY_PATH,
"SELECT A.PATH FROM ARTIFACTS A, TAGS T WHERE
A.STATE=100 AND A.PATH=? " +
"AND T.TAG_NAME=? AND T.AID=A.AID AND
T.USER_ID=? AND " +
@@ -1133,7 +1206,7 @@
// Query for mashups based on tag, description, or title
// todo: queries aren't case insensitive
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.CUSTOM_QUERY_PATH,
"SELECT DISTINCT A.PATH FROM ARTIFACTS A, TAGS T WHERE
A.STATE=100 AND " +
"(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
@@ -1145,7 +1218,7 @@
// Query for mashups from a specific user based on tag,
description, or title
// todo: queries aren't case insensitive
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.MY_CUSTOM_QUERY_PATH,
"SELECT DISTINCT A.PATH FROM ARTIFACTS A, TAGS T WHERE
A.STATE=100 AND " +
"(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
@@ -1157,7 +1230,7 @@
// Query for comments
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.COMMENTS_QUERY_PATH,
"SELECT C.CM_ID FROM COMMENTS C, ARTIFACTS A WHERE
C.COMMENT_TEXT " +
"LIKE ? AND C.AID=A.AID AND A.STATE=100 AND
(A.MEDIA_TYPE='" +
@@ -1168,7 +1241,7 @@
// Query for comments by a particular user
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.MY_COMMENTS_QUERY_PATH,
"SELECT C.CM_ID FROM COMMENTS C, ARTIFACTS A WHERE
C.COMMENT_TEXT " +
"LIKE ? AND C.USER_ID=? AND C.AID=A.AID AND
A.STATE=100 AND " +
@@ -1179,7 +1252,7 @@
// Query for all comments by a particular user
addQuery(
- userRegistry,
+ systemRegistry,
MashupConstants.USERS_COMMENTS_QUERY_PATH,
"SELECT C.CM_ID FROM COMMENTS C, ARTIFACTS A WHERE
C.USER_ID=? AND " +
"C.AID=A.AID AND A.STATE=100 AND
(A.MEDIA_TYPE='" +
@@ -1188,91 +1261,17 @@
RegistryConstants.COMMENTS_RESULT_TYPE
);
- AccessControlAdmin ac = realm.getAccessControlAdmin();
-
- // Setting permissions for the admin role on user resources
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role on role resources
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role on setting
permissions
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role to GET, PUT and
DELETE data from any part
- // of the registry
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.PUT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.DELETE);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- AccessControlConstants.AUTHORIZE);
-
- // Setting permissions for the everyone role to GET data from
any part
- // of the registry
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
-
- // Setting permissions for the everyone role to READ and EDIT
user resources
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.USER_RESOURCE,
AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.USER_RESOURCE,
AccessControlConstants.EDIT);
-
- // Setting permissions for the everyone role to READ
permissions
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.ROLE_RESOURCE,
AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.READ);
-
- // Setting permissions for the everyone role to READ all
mashups and queries
- ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
MashupConstants.ALL_MASHUPS_PATH,
- AccessControlConstants.READ);
- ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
- MashupConstants.ALL_MASHUPS_QUERY_PATH,
- AccessControlConstants.READ);
-
// Create the anonymous user profile.
- RegistryUtils.createUser(userRegistry,
+ RegistryUtils.createUser(systemRegistry,
RegistryConstants.ANONYMOUS_USER,
"Visitor", "none",
"Anonymous user");
// Create the system user profile.
- RegistryUtils.createUser(userRegistry,
MashupConstants.SYSTEM_USER,
+ RegistryUtils.createUser(systemRegistry,
MashupConstants.SYSTEM_USER,
"System", "none", "System User");
// Create the samples user and profile.
- RegistryUtils.createUser(userRegistry,
MashupConstants.SAMPLES_USER,
+ RegistryUtils.createUser(systemRegistry,
MashupConstants.SAMPLES_USER,
"Samples", "none", "Samples User");
}
@@ -1280,7 +1279,7 @@
if (createPrimary && !MashupUtils.isInitialSetupComplete()) {
//Create the admin profile using information from a config
file.
RegistryUtils
- .createUser(userRegistry, primaryName, primaryName,
"none",
+ .createUser(systemRegistry, primaryName, primaryName,
"none",
"System Administrator");
// Assign system user the 'admin' role and make primary.
us.addUserToRole(primaryName, RegistryConstants.ADMIN_ROLE);
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
