You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2009/04/29 23:28:00 UTC
svn commit: r769943 - in /ofbiz/trunk/framework/widget/src/org/ofbiz/widget:
cache/WidgetContextCacheKey.java menu/ModelMenuCondition.java
screen/ModelScreen.java screen/ModelScreenCondition.java
screen/ScreenRenderer.java tree/ModelTreeCondition.java
Author: jaz
Date: Wed Apr 29 21:27:59 2009
New Revision: 769943
URL: http://svn.apache.org/viewvc?rev=769943&view=rev
Log:
integration with new Authz API - JIRA OFBIZ-2381
NOTE: when using the action="" the old API is always used; when no action is specified the new API is used
Modified:
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/cache/WidgetContextCacheKey.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuCondition.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenCondition.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTreeCondition.java
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/cache/WidgetContextCacheKey.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/cache/WidgetContextCacheKey.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/cache/WidgetContextCacheKey.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/cache/WidgetContextCacheKey.java Wed Apr 29 21:27:59 2009
@@ -40,6 +40,7 @@
fieldNamesToSkip.add("globalContext");
fieldNamesToSkip.add("delegator");
fieldNamesToSkip.add("dispatcher");
+ fieldNamesToSkip.add("authz");
fieldNamesToSkip.add("security");
fieldNamesToSkip.add("webSiteId");
fieldNamesToSkip.add("userLogin");
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuCondition.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuCondition.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuCondition.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuCondition.java Wed Apr 29 21:27:59 2009
@@ -43,6 +43,7 @@
import org.ofbiz.entityext.permission.EntityPermissionChecker;
import org.ofbiz.minilang.operation.BaseCompare;
import org.ofbiz.security.Security;
+import org.ofbiz.security.authz.Authorization;
import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.GenericServiceException;
import org.ofbiz.service.LocalDispatcher;
@@ -308,15 +309,17 @@
String permission = permissionExdr.expandString(context);
String action = actionExdr.expandString(context);
+ Authorization authz = (Authorization) context.get("authz");
Security security = (Security) context.get("security");
if (action != null && action.length() > 0) {
+ //Debug.logWarning("Deprecated method hasEntityPermission() was called; the action field should no longer be used", module);
// run hasEntityPermission
if (security.hasEntityPermission(permission, action, userLogin)) {
return true;
}
} else {
// run hasPermission
- if (security.hasPermission(permission, userLogin)) {
+ if (authz.hasPermission(userLogin.getString("userLoginId"), permission, context, true)) {
return true;
}
}
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java Wed Apr 29 21:27:59 2009
@@ -336,7 +336,7 @@
* - autoUserLogin (if a user is automatically logged in, ie no password has been entered)
* - formStringRenderer
* - request, response, session, application (special case, only in HTML contexts, etc)
- * - delegator, dispatcher, security
+ * - delegator, dispatcher, authz, security
* - null (represents a null field value for entity operations)
* - sections (used for decorators to reference the sections to be decorated and render them)
* @param screenStringRenderer An implementation of the ScreenStringRenderer
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenCondition.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenCondition.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenCondition.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenCondition.java Wed Apr 29 21:27:59 2009
@@ -45,6 +45,7 @@
import org.ofbiz.entityext.permission.EntityPermissionChecker;
import org.ofbiz.minilang.operation.BaseCompare;
import org.ofbiz.security.Security;
+import org.ofbiz.security.authz.Authorization;
import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.GenericServiceException;
import org.ofbiz.service.LocalDispatcher;
@@ -304,15 +305,17 @@
String permission = permissionExdr.expandString(context);
String action = actionExdr.expandString(context);
+ Authorization authz = (Authorization) context.get("authz");
Security security = (Security) context.get("security");
if (action != null && action.length() > 0) {
+ //Debug.logWarning("Deprecated method hasEntityPermission() was called; the action field should no longer be used", module);
// run hasEntityPermission
if (security.hasEntityPermission(permission, action, userLogin)) {
return true;
}
} else {
// run hasPermission
- if (security.hasPermission(permission, userLogin)) {
+ if (authz.hasPermission(userLogin.getString("userLoginId"), permission, context, true)) {
return true;
}
}
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java Wed Apr 29 21:27:59 2009
@@ -47,6 +47,7 @@
import org.ofbiz.entity.GenericEntity;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.security.Security;
+import org.ofbiz.security.authz.Authorization;
import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.LocalDispatcher;
import org.ofbiz.webapp.control.LoginWorker;
@@ -139,11 +140,11 @@
return this.screenStringRenderer;
}
- public void populateBasicContext(Map<String, Object> parameters, GenericDelegator delegator, LocalDispatcher dispatcher, Security security, Locale locale, GenericValue userLogin) {
- populateBasicContext(context, this, parameters, delegator, dispatcher, security, locale, userLogin);
+ public void populateBasicContext(Map<String, Object> parameters, GenericDelegator delegator, LocalDispatcher dispatcher, Authorization authz, Security security, Locale locale, GenericValue userLogin) {
+ populateBasicContext(context, this, parameters, delegator, dispatcher, authz, security, locale, userLogin);
}
- public static void populateBasicContext(MapStack<String> context, ScreenRenderer screens, Map<String, Object> parameters, GenericDelegator delegator, LocalDispatcher dispatcher, Security security, Locale locale, GenericValue userLogin) {
+ public static void populateBasicContext(MapStack<String> context, ScreenRenderer screens, Map<String, Object> parameters, GenericDelegator delegator, LocalDispatcher dispatcher, Authorization authz, Security security, Locale locale, GenericValue userLogin) {
// ========== setup values that should always be in a screen context
// include an object to more easily render screens
context.put("screens", screens);
@@ -157,6 +158,7 @@
context.put("parameters", parameters);
context.put("delegator", delegator);
context.put("dispatcher", dispatcher);
+ context.put("authz", authz);
context.put("security", security);
context.put("locale", locale);
context.put("userLogin", userLogin);
@@ -179,14 +181,14 @@
HttpSession session = request.getSession();
// attribute names to skip for session and application attributes; these are all handled as special cases, duplicating results and causing undesired messages
- Set<String> attrNamesToSkip = UtilMisc.toSet("delegator", "dispatcher", "security", "webSiteId");
+ Set<String> attrNamesToSkip = UtilMisc.toSet("delegator", "dispatcher", "authz", "security", "webSiteId");
Map<String, Object> parameterMap = UtilHttp.getCombinedMap(request, attrNamesToSkip);
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
populateBasicContext(context, screens, parameterMap, (GenericDelegator) request.getAttribute("delegator"),
- (LocalDispatcher) request.getAttribute("dispatcher"), (Security) request.getAttribute("security"),
- UtilHttp.getLocale(request), userLogin);
+ (LocalDispatcher) request.getAttribute("dispatcher"), (Authorization) request.getAttribute("authz"),
+ (Security) request.getAttribute("security"), UtilHttp.getLocale(request), userLogin);
context.put("autoUserLogin", session.getAttribute("autoUserLogin"));
context.put("person", session.getAttribute("person"));
@@ -296,7 +298,7 @@
}
public void populateContextForService(DispatchContext dctx, Map<String, Object> serviceContext) {
- this.populateBasicContext(serviceContext, dctx.getDelegator(), dctx.getDispatcher(), dctx.getSecurity(),
- (Locale) serviceContext.get("locale"), (GenericValue) serviceContext.get("userLogin"));
+ this.populateBasicContext(serviceContext, dctx.getDelegator(), dctx.getDispatcher(), dctx.getAuthorization(),
+ dctx.getSecurity(), (Locale) serviceContext.get("locale"), (GenericValue) serviceContext.get("userLogin"));
}
}
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTreeCondition.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTreeCondition.java?rev=769943&r1=769942&r2=769943&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTreeCondition.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTreeCondition.java Wed Apr 29 21:27:59 2009
@@ -42,6 +42,7 @@
import org.ofbiz.entityext.permission.EntityPermissionChecker;
import org.ofbiz.minilang.operation.BaseCompare;
import org.ofbiz.security.Security;
+import org.ofbiz.security.authz.Authorization;
import org.w3c.dom.Element;
/**
@@ -209,15 +210,17 @@
String permission = permissionExdr.expandString(context);
String action = actionExdr.expandString(context);
+ Authorization authz = (Authorization) context.get("authorization");
Security security = (Security) context.get("security");
if (action != null && action.length() > 0) {
+ //Debug.logWarning("Deprecated method hasEntityPermission() was called; the action field should no longer be used", module);
// run hasEntityPermission
if (security.hasEntityPermission(permission, action, userLogin)) {
return true;
}
} else {
// run hasPermission
- if (security.hasPermission(permission, userLogin)) {
+ if (authz.hasPermission(userLogin.getString("userLoginId"), permission, context, true)) {
return true;
}
}