You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Blake Day <bl...@charter.net> on 2002/04/26 18:34:33 UTC
potential problem with extend user and ACL
I have (successfully?) extended the TurbineUser by adding more columns to
the TURBINE_USER table and actually removing the LOGIN_NAME column. I want
to use the EMAIL column for usernames.
I have no problems until I start trying to use ACLs. Somewhere in the code,
the LOGIN_NAME column is mentioned, because the generated query to fetch the
roles tries to use it. The following snippet of code from
org.apache.turbine.om.security.peer.RolePeer generates the incorrect query:
public static RoleSet retrieveSet( User user, Group group )
throws Exception
{
Criteria criteria = new Criteria();
/*
* Peer specific methods should absolutely NOT be part
* of any of the generic interfaces in the security system.
* this is not good.
*
* UserPeer up = TurbineSecurity.getUserPeerInstance();
*/
UserPeer up = ((DBSecurityService)TurbineSecurity.getService())
.getUserPeerInstance();
criteria.add(up.getFullColumnName(UserPeer.USERNAME),
user.getUserName());
criteria.add(UserGroupRolePeer.GROUP_ID,
((Persistent)group).getPrimaryKey());
criteria.addJoin(up.getFullColumnName(UserPeer.USER_ID),
UserGroupRolePeer.USER_ID);
criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
return retrieveSet(criteria);
}
The query is:
SELECT TURBINE_ROLE.ROLE_ID, TURBINE_ROLE.ROLE_NAME, TURBINE_ROLE.OBJECTDATA
FROM TURBINE_ROLE, TURBINE_USER, TURBINE_USER_GROUP_ROLE WHERE
(TURBINE_USER.LOGIN_NAME='blake@artistrystudios.net') AND
(TURBINE_USER_GROUP_ROLE.GROUP_ID=1) AND
TURBINE_USER.USER_ID=TURBINE_USER_GROUP_ROLE.USER_ID AND
TURBINE_USER_GROUP_ROLE.ROLE_ID=TURBINE_ROLE.ROLE_ID ORDER BY
UPPER(TURBINE_ROLE.ROLE_NAME) ASC
Now, I would be SOL if there was no way around adding the UserPeer.USERNAME
column to the criteria; however, the UserPeer.USERNAME column is not even
necessary. In fact, it's inefficient as it leads to an extraneous table
join. Why aren't we using the UserPeer.USER_ID column to narrow down the
returned TURBINE_USER rows? We could remove the join to TURBINE_USER
altogether and the query would become as follows:
SELECT TURBINE_ROLE.ROLE_ID, TURBINE_ROLE.ROLE_NAME, TURBINE_ROLE.OBJECTDATA
FROM TURBINE_ROLE, TURBINE_USER_GROUP_ROLE WHERE
(TURBINE_USER_GROUP_ROLE.USER_ID=x) AND (TURBINE_USER_GROUP_ROLE.GROUP_ID=1)
AND TURBINE_USER_GROUP_ROLE.ROLE_ID=TURBINE_ROLE.ROLE_ID ORDER BY
UPPER(TURBINE_ROLE.ROLE_NAME) ASC
Michael Blake Day
Artistry Studios - e-commerce design, implementation and hosting
email: mday@artistrystudios.net
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>