You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2012/04/06 11:59:32 UTC
svn commit: r1310268 [35/42] - in /archiva/redback/redback-core/trunk: ./
redback-authentication/ redback-authentication/redback-authentication-api/
redback-authentication/redback-authentication-api/src/
redback-authentication/redback-authentication-ap...
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,171 @@
+package org.codehaus.plexus.redback.role;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+import java.net.URL;
+
+/**
+ * RoleProfileManager:
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleManager
+{
+
+ /**
+ * load the model and create/verify operations, resources, etc exist and make static roles
+ *
+ * @param resourceLocation
+ * @throws RoleManagerException
+ */
+ void loadRoleModel( URL resourceLocation )
+ throws RoleManagerException;
+
+ void loadRoleModel( RedbackRoleModel model )
+ throws RoleManagerException;
+
+ /**
+ * locate a role with the corresponding name and generate it with the given resource, ${resource}
+ * in the model will be replaced with this resource string, if this resource does not exist, it
+ * will be created.
+ *
+ * @param templateId
+ * @param resource
+ * @throws RoleManagerException
+ */
+ void createTemplatedRole( String templateId, String resource )
+ throws RoleManagerException;
+
+ /**
+ * removes a role corresponding to the role Id that was manufactured with the given resource
+ * <p/>
+ * it also removes any user assignments for that role
+ *
+ * @param templateId
+ * @param resource
+ * @throws RoleManagerException
+ */
+ void removeTemplatedRole( String templateId, String resource )
+ throws RoleManagerException;
+
+
+ /**
+ * allows for a role coming from a template to be renamed effectively swapping out the bits of it that
+ * were labeled with the oldResource with the newResource
+ * <p/>
+ * it also manages any user assignments for that role
+ *
+ * @param templateId
+ * @param oldResource
+ * @param newResource
+ * @throws RoleManagerException
+ */
+ void updateRole( String templateId, String oldResource, String newResource )
+ throws RoleManagerException;
+
+
+ /**
+ * Assigns the role indicated by the roleId to the given principal
+ *
+ * @param roleId
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void assignRole( String roleId, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Assigns the role indicated by the roleName to the given principal
+ *
+ * @param roleName
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void assignRoleByName( String roleName, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Assigns the templated role indicated by the templateId
+ * <p/>
+ * fails if the templated role has not been created
+ *
+ * @param templateId
+ * @param resource
+ * @param principal
+ */
+ void assignTemplatedRole( String templateId, String resource, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Unassigns the role indicated by the role id from the given principal
+ *
+ * @param roleId
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void unassignRole( String roleId, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Unassigns the role indicated by the role name from the given principal
+ *
+ * @param roleName
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void unassignRoleByName( String roleName, String principal )
+ throws RoleManagerException;
+
+ /**
+ * true of a role exists with the given roleId
+ *
+ * @param roleId
+ * @return
+ * @throws RoleManagerException
+ */
+ boolean roleExists( String roleId )
+ throws RoleManagerException;
+
+ /**
+ * true of a role exists with the given roleId
+ *
+ * @param templateId
+ * @param resource
+ * @return
+ * @throws RoleManagerException
+ */
+ boolean templatedRoleExists( String templateId, String resource )
+ throws RoleManagerException;
+
+ /**
+ * get the blessed model, the current operating instructions for all things role management
+ */
+ RedbackRoleModel getModel();
+
+ /**
+ * Check a role template is complete in the RBAC store.
+ *
+ * @param templateID the templated role
+ * @param resource the resource to verify
+ * @throws RoleManagerException
+ */
+ void verifyTemplatedRole( String templateID, String resource )
+ throws RoleManagerException;
+}
\ No newline at end of file
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManager.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,37 @@
+package org.codehaus.plexus.redback.role;
+
+/*
+ * Copyright 2005-2006 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * RoleProfileException:
+ *
+ * @author Jesse McConnell <jm...@apache.org>
+ * @version $Id$
+ */
+public class RoleManagerException
+ extends Exception
+{
+ public RoleManagerException( String string )
+ {
+ super( string );
+ }
+
+ public RoleManagerException( String string, Throwable throwable )
+ {
+ super( string, throwable );
+ }
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/RoleManagerException.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,310 @@
+package org.codehaus.plexus.redback.role.processor;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.rbac.Operation;
+import org.codehaus.plexus.redback.rbac.Permission;
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.rbac.RbacManagerException;
+import org.codehaus.plexus.redback.rbac.Resource;
+import org.codehaus.plexus.redback.rbac.Role;
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.util.RoleModelUtils;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "roleModelProcessor" )
+public class DefaultRoleModelProcessor
+ implements RoleModelProcessor
+{
+ private Logger log = LoggerFactory.getLogger( DefaultRoleModelProcessor.class );
+
+ @Inject
+ @Named( value = "rBACManager#cached" )
+ private RBACManager rbacManager;
+
+ private Map<String, Resource> resourceMap = new HashMap<String, Resource>();
+
+ private Map<String, Operation> operationMap = new HashMap<String, Operation>();
+
+ public void process( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ // must process resources and operations first, they are required for the
+ // permissions in the roles to add in correctly
+ processResources( model );
+ processOperations( model );
+
+ processRoles( model );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processResources( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource profileResource : (List<ModelResource>) application.getResources() )
+ {
+ try
+ {
+ if ( !rbacManager.resourceExists( profileResource.getName() ) )
+ {
+
+ Resource resource = rbacManager.createResource( profileResource.getName() );
+ resource.setPermanent( profileResource.isPermanent() );
+ resource = rbacManager.saveResource( resource );
+
+ // store for use in permission creation
+ resourceMap.put( profileResource.getId(), resource );
+
+ }
+ else
+ {
+ resourceMap.put( profileResource.getId(),
+ rbacManager.getResource( profileResource.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating resource '" + profileResource.getName() + "'", e );
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processOperations( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation profileOperation : (List<ModelOperation>) application.getOperations() )
+ {
+ try
+ {
+ if ( !rbacManager.operationExists( profileOperation.getName() ) )
+ {
+
+ Operation operation = rbacManager.createOperation( profileOperation.getName() );
+ operation.setPermanent( profileOperation.isPermanent() );
+ operation.setDescription( profileOperation.getDescription() );
+ operation = rbacManager.saveOperation( operation );
+
+ // store for use in permission creation
+ operationMap.put( profileOperation.getId(), operation );
+
+ }
+ else
+ {
+ operationMap.put( profileOperation.getId(),
+ rbacManager.getOperation( profileOperation.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating operation '" + profileOperation.getName() + "'",
+ e );
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processRoles( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ List<String> sortedGraph;
+ try
+ {
+ sortedGraph = RoleModelUtils.reverseTopologicalSortedRoleList( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ throw new RoleManagerException( "cycle detected: this should have been caught in validation", e );
+ }
+
+ for ( String roleId : sortedGraph )
+ {
+ ModelRole roleProfile = RoleModelUtils.getModelRole( model, roleId );
+
+ List<Permission> permissions = processPermissions( roleProfile.getPermissions() );
+
+ if ( !rbacManager.roleExists( roleProfile.getName() ) )
+ {
+ try
+ {
+ Role role = rbacManager.createRole( roleProfile.getName() );
+ role.setDescription( roleProfile.getDescription() );
+ role.setPermanent( roleProfile.isPermanent() );
+ role.setAssignable( roleProfile.isAssignable() );
+
+ // add any permissions associated with this role
+ for ( Permission permission : permissions )
+ {
+ role.addPermission( permission );
+ }
+
+ // add child roles to this role
+ if ( roleProfile.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) roleProfile.getChildRoles() )
+ {
+ ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
+ role.addChildRoleName( childRoleProfile.getName() );
+ }
+ }
+
+ rbacManager.saveRole( role );
+
+ // add link from parent roles to this new role
+ if ( roleProfile.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) roleProfile.getParentRoles() )
+ {
+ ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
+ Role parentRole = rbacManager.getRole( parentModelRole.getName() );
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating role '" + roleProfile.getName() + "'", e );
+ }
+ }
+ else
+ {
+ try
+ {
+ Role role = rbacManager.getRole( roleProfile.getName() );
+
+ boolean changed = false;
+ for ( Permission permission : permissions )
+ {
+ if ( !role.getPermissions().contains( permission ) )
+ {
+ log.info( "Adding new permission '" + permission.getName() + "' to role '" + role.getName()
+ + "'" );
+ role.addPermission( permission );
+ changed = true;
+ }
+ }
+
+ // Copy list to avoid concurrent modification [REDBACK-220]
+ List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
+ for ( Permission permission : oldPermissions )
+ {
+ if ( !permissions.contains( permission ) )
+ {
+ log.info(
+ "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
+ + "'" );
+ role.removePermission( permission );
+ changed = true;
+ }
+ }
+ if ( changed )
+ {
+ rbacManager.saveRole( role );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error updating role '" + roleProfile.getName() + "'", e );
+ }
+ }
+ }
+ }
+
+ private List<Permission> processPermissions( List<ModelPermission> permissions )
+ throws RoleManagerException
+ {
+ List<Permission> rbacPermissions = new ArrayList<Permission>( permissions.size() );
+
+ for ( ModelPermission profilePermission : permissions )
+ {
+ try
+ {
+ if ( !rbacManager.permissionExists( profilePermission.getName() ) )
+ {
+
+ Permission permission = rbacManager.createPermission( profilePermission.getName() );
+
+ // get the operation out of the map we stored it in when we created it _by_ the id in the model
+ Operation operation = (Operation) operationMap.get( profilePermission.getOperation() );
+ // same with resource
+ Resource resource = (Resource) resourceMap.get( profilePermission.getResource() );
+
+ permission.setOperation( operation );
+ permission.setResource( resource );
+ permission.setPermanent( profilePermission.isPermanent() );
+ permission.setDescription( profilePermission.getDescription() );
+
+ permission = rbacManager.savePermission( permission );
+
+ rbacPermissions.add( permission );
+
+ }
+ else
+ {
+ rbacPermissions.add( rbacManager.getPermission( profilePermission.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating permission '" + profilePermission.getName() + "'", e );
+ }
+ }
+ return rbacPermissions;
+ }
+
+ public RBACManager getRbacManager()
+ {
+ return rbacManager;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+}
+
+
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/DefaultRoleModelProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,33 @@
+package org.codehaus.plexus.redback.role.processor;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleModelProcessor
+{
+
+ void process( RedbackRoleModel model ) throws RoleManagerException;
+
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/processor/RoleModelProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,465 @@
+package org.codehaus.plexus.redback.role.template;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.rbac.Operation;
+import org.codehaus.plexus.redback.rbac.Permission;
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.rbac.RbacManagerException;
+import org.codehaus.plexus.redback.rbac.Resource;
+import org.codehaus.plexus.redback.rbac.Role;
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.util.RoleModelUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "roleTemplateProcessor" )
+public class DefaultRoleTemplateProcessor
+ implements RoleTemplateProcessor
+{
+ private Logger log = LoggerFactory.getLogger( DefaultRoleTemplateProcessor.class );
+
+ @Inject
+ @Named( value = "rBACManager#cached" )
+ private RBACManager rbacManager;
+
+ @SuppressWarnings( "unchecked" )
+ public void create( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ // resource can be special
+ processResource( template, resource );
+
+ // templates are roles that have yet to be paired with a resource for creation
+ processTemplate( model, template, resource );
+
+ return;
+ }
+ }
+ }
+
+ throw new RoleManagerException( "unknown template '" + templateId + "'" );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public void remove( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ removeTemplatedRole( model, template, resource );
+ return;
+ }
+ }
+ }
+
+ throw new RoleManagerException( "unknown template '" + templateId + "'" );
+ }
+
+ private void removeTemplatedRole( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ String roleName = template.getNamePrefix() + template.getDelimiter() + resource;
+
+ try
+ {
+ Role role = rbacManager.getRole( roleName );
+
+ if ( !role.isPermanent() )
+ {
+ // remove the role
+ rbacManager.removeRole( role );
+
+ // remove the permissions
+ // todo, do this in a better way too, permissions can be shared across multiple roles and that could blow chunks here.
+ //for ( Iterator i = template.getPermissions().iterator(); i.hasNext(); )
+ //{
+ // ModelPermission permission = (ModelPermission) i.next();
+ // if ( !permission.isPermanent() )
+ // {
+ // rbacManager.removePermission( permission.getName() + template.getDelimiter()
+ // + resolvePermissionResource( model, permission, resolvePermissionResource( model, permission, resource ) ) );
+ // }
+ //}
+
+ // check if we want to remove the resources
+ Resource rbacResource = rbacManager.getResource( resource );
+
+ if ( !rbacResource.isPermanent() )
+ {
+ //todo we need a better way of finding if a resource is unused anymore...probably a cleaning process in the db or something
+ //rbacManager.removeResource( rbacResource );
+ }
+
+ // todo find dangling child role references and smoke
+ }
+ else
+ {
+ throw new RoleManagerException( "unable to remove role, it is flagged permanent" );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "unable to remove templated role: " + roleName, e );
+ }
+ //catch ( RoleTemplateProcessorException e )
+ //{
+ // throw new RoleManagerException( "unable to remove templated role, error resolving resource: Role:" + roleName + " Resource: " + resource, e );
+ //}
+ }
+
+ private void processResource( ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ if ( !rbacManager.resourceExists( resource ) )
+ {
+ try
+ {
+ Resource res = rbacManager.createResource( resource );
+ res.setPermanent( template.isPermanentResource() );
+ rbacManager.saveResource( res );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating resource '" + resource + "'", e );
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processTemplate( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ String templateName = template.getNamePrefix() + template.getDelimiter() + resource;
+
+ List<Permission> permissions = processPermissions( model, template, resource );
+
+ if ( !rbacManager.roleExists( templateName ) )
+ {
+ try
+ {
+ Role role = rbacManager.createRole( templateName );
+ role.setDescription( template.getDescription() );
+ role.setPermanent( template.isPermanent() );
+ role.setAssignable( template.isAssignable() );
+
+ // add any permissions associated with this role
+ for ( Iterator j = permissions.iterator(); j.hasNext(); )
+ {
+ Permission permission = (Permission) j.next();
+
+ role.addPermission( permission );
+ }
+
+ // add child roles to this role
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) template.getChildRoles() )
+ {
+ ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
+ role.addChildRoleName( childRoleProfile.getName() );
+ }
+ }
+
+ // add child templates to this role, be nice and make them if they don't exist
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplateId : (List<String>) template.getChildTemplates() )
+ {
+ ModelTemplate childModelTemplate = RoleModelUtils.getModelTemplate( model, childTemplateId );
+
+ if ( childModelTemplate == null )
+ {
+ throw new RoleManagerException(
+ "error obtaining child template from model: template " + templateName
+ + " # child template: " + childTemplateId );
+ }
+
+ String childRoleName =
+ childModelTemplate.getNamePrefix() + childModelTemplate.getDelimiter() + resource;
+
+ // check if the role exists, if it does then add it as a child, otherwise make it and add it
+ // this should be safe since validation should protect us from template cycles
+ if ( rbacManager.roleExists( childRoleName ) )
+ {
+ role.addChildRoleName( childRoleName );
+ }
+ else
+ {
+ processTemplate( model, childModelTemplate, resource );
+
+ role.addChildRoleName( childRoleName );
+ }
+ }
+ }
+
+ // this role needs to be saved since it now needs to be added as a child role by
+ // another role
+ if ( !rbacManager.roleExists( role.getName() ) )
+ {
+ role = rbacManager.saveRole( role );
+ }
+
+ // add link from parent roles to this new role
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) template.getParentRoles() )
+ {
+ ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
+ Role parentRole = rbacManager.getRole( parentModelRole.getName() );
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+
+ // add child templates to this role, be nice and make them if they don't exist
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
+ {
+ ModelTemplate parentModelTemplate = RoleModelUtils.getModelTemplate( model, parentTemplateId );
+
+ if ( parentModelTemplate == null )
+ {
+ throw new RoleManagerException(
+ "error obtaining parent template from model: template " + templateName
+ + " # child template: " + parentTemplateId );
+ }
+
+ String parentRoleName =
+ parentModelTemplate.getNamePrefix() + parentModelTemplate.getDelimiter() + resource;
+
+ // check if the role exists, if it does then add it as a child, otherwise make it and add it
+ // this should be safe since validation should protect us from template cycles
+ if ( rbacManager.roleExists( parentRoleName ) )
+ {
+ Role parentRole = rbacManager.getRole( parentRoleName );
+
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ else
+ {
+ processTemplate( model, parentModelTemplate, resource );
+
+ Role parentRole = rbacManager.getRole( parentRoleName );
+
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+ }
+
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating role '" + templateName + "'", e );
+ }
+ }
+ else
+ {
+ try
+ {
+ Role role = rbacManager.getRole( templateName );
+
+ boolean changed = false;
+ for ( Permission permission : permissions )
+ {
+ if ( !role.getPermissions().contains( permission ) )
+ {
+ log.info(
+ "Adding new permission '" + permission.getName() + "' to role '" + role.getName() + "'" );
+ role.addPermission( permission );
+ changed = true;
+ }
+ }
+
+ // Copy list to avoid concurrent modifications
+ List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
+ for ( Permission permission : oldPermissions )
+ {
+ if ( !permissions.contains( permission ) )
+ {
+ log.info( "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
+ + "'" );
+ role.removePermission( permission );
+ changed = true;
+ }
+ }
+ if ( changed )
+ {
+ rbacManager.saveRole( role );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error updating role '" + templateName + "'", e );
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private List<Permission> processPermissions( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+
+ if ( template.getPermissions() != null )
+ {
+ // copy list to avoid concurrent modifications
+ List<ModelPermission> templatePermissions = new ArrayList<ModelPermission>( template.getPermissions() );
+ List<Permission> rbacPermissions = new ArrayList<Permission>( templatePermissions.size() );
+ for ( ModelPermission profilePermission : templatePermissions )
+ {
+ try
+ {
+ String permissionName =
+ profilePermission.getName() + template.getDelimiter() + resolvePermissionResource( model,
+ profilePermission,
+ resource );
+
+ if ( !rbacManager.permissionExists( permissionName ) )
+ {
+
+ Permission permission = rbacManager.createPermission( permissionName );
+
+ ModelOperation modelOperation =
+ RoleModelUtils.getModelOperation( model, profilePermission.getOperation() );
+ Operation rbacOperation = rbacManager.getOperation( modelOperation.getName() );
+
+ String permissionResource = resolvePermissionResource( model, profilePermission, resource );
+
+ Resource rbacResource = rbacManager.getResource( permissionResource );
+
+ permission.setOperation( rbacOperation );
+ permission.setResource( rbacResource );
+ permission.setPermanent( profilePermission.isPermanent() );
+ permission.setDescription( profilePermission.getDescription() );
+
+ permission = rbacManager.savePermission( permission );
+
+ rbacPermissions.add( permission );
+
+ }
+ else
+ {
+
+ rbacPermissions.add( rbacManager.getPermission( permissionName ) );
+
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ e.printStackTrace();
+ throw new RoleManagerException( "unable to generate templated role: " + e.getMessage(), e );
+ }
+ catch ( RoleTemplateProcessorException e )
+ {
+ e.printStackTrace();
+ throw new RoleManagerException( "unable to resolve resource: " + resource, e );
+ }
+ }
+ return rbacPermissions;
+ }
+
+ return Collections.emptyList();
+ }
+
+ private String resolvePermissionResource( RedbackRoleModel model, ModelPermission permission, String resource )
+ throws RoleTemplateProcessorException
+ {
+ String permissionResource = permission.getResource();
+
+ // if permission's resource is ${resource}, return the resource passed in
+ if ( permissionResource.startsWith( "${" ) )
+ {
+ String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
+
+ if ( "resource".equals( tempStr ) )
+ {
+ return resource;
+ }
+ }
+
+ // check if the resource resolves to declared operation
+ String declaredResource = resolveResource( model, permission.getResource() );
+ if ( declaredResource != null )
+ {
+ return declaredResource;
+ }
+ else
+ {
+ // either niether of the above apply, then its the resource.
+ return resource;
+ }
+ }
+
+ private String resolveResource( RedbackRoleModel model, String resource )
+ throws RoleTemplateProcessorException
+ {
+ ModelResource resolvedResource = RoleModelUtils.getModelResource( model, resource );
+
+ if ( resolvedResource != null )
+ {
+ return resolvedResource.getName();
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ public RBACManager getRbacManager()
+ {
+ return rbacManager;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,35 @@
+package org.codehaus.plexus.redback.role.template;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ */
+public interface RoleTemplateProcessor
+{
+
+ void create( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException;
+
+ void remove( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException;
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,37 @@
+package org.codehaus.plexus.redback.role.template;
+
+/*
+ * Copyright 2005-2006 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * RoleProfileException:
+ *
+ * @author Jesse McConnell <jm...@apache.org>
+ * @version $Id$
+ */
+public class RoleTemplateProcessorException
+ extends Exception
+{
+ public RoleTemplateProcessorException( String string )
+ {
+ super( string );
+ }
+
+ public RoleTemplateProcessorException( String string, Throwable throwable )
+ {
+ super( string, throwable );
+ }
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/template/RoleTemplateProcessorException.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,340 @@
+package org.codehaus.plexus.redback.role.util;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.codehaus.plexus.util.dag.DAG;
+import org.codehaus.plexus.util.dag.TopologicalSorter;
+
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * RoleModelUtils:
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+public class RoleModelUtils
+{
+
+ @SuppressWarnings( "unchecked" )
+ public static List<ModelRole> getRoles( RedbackRoleModel model )
+ {
+ List<ModelRole> roleList = new ArrayList<ModelRole>( );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ roleList.addAll( application.getRoles() );
+ }
+
+ return roleList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<ModelTemplate> getTemplates( RedbackRoleModel model )
+ {
+ List<ModelTemplate> templateList = new ArrayList<ModelTemplate>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ templateList.addAll( application.getTemplates() );
+ }
+
+ return templateList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getOperationIdList( RedbackRoleModel model )
+ {
+ List<String> operationsIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ operationsIdList.add( operation.getId() );
+ }
+ }
+
+ return operationsIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getResourceIdList( RedbackRoleModel model )
+ {
+ List<String> resourceIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ resourceIdList.add( resource.getId() );
+ }
+ }
+
+ return resourceIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getRoleIdList( RedbackRoleModel model )
+ {
+ List<String> roleIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ roleIdList.add( role.getId() );
+ }
+ }
+
+ return roleIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getTemplateIdList( RedbackRoleModel model )
+ {
+ List<String> templateIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ templateIdList.add( template.getId() );
+ }
+ }
+
+ return templateIdList;
+
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param roleId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelRole getModelRole( RedbackRoleModel model, String roleId )
+ {
+ ModelRole mrole = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( roleId.equals( role.getId() ) )
+ {
+ mrole = role;
+ }
+ }
+ }
+
+ return mrole;
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param templateId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelTemplate getModelTemplate( RedbackRoleModel model, String templateId )
+ {
+ ModelTemplate mtemplate = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ mtemplate = template;
+ }
+ }
+ }
+
+ return mtemplate;
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param operationId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelOperation getModelOperation( RedbackRoleModel model, String operationId )
+ {
+ ModelOperation moperation = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ if ( operationId.equals( operation.getId() ) )
+ {
+ moperation = operation;
+ }
+ }
+ }
+
+ return moperation;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static ModelResource getModelResource( RedbackRoleModel model, String resourceId )
+ {
+ ModelResource mresource = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ if ( resourceId.equals( resource.getId() ) )
+ {
+ mresource = resource;
+ }
+ }
+ }
+
+ return mresource;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static DAG generateRoleGraph( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ DAG roleGraph = new DAG();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ roleGraph.addVertex( role.getId() );
+
+ if ( role.getChildRoles() != null )
+ {
+ for ( String childRole : (List<String>) role.getChildRoles() )
+ {
+ roleGraph.addVertex( childRole );
+
+ roleGraph.addEdge( role.getId(), childRole );
+ }
+ }
+
+ if ( role.getParentRoles() != null )
+ {
+ for ( String parentRole : (List<String>) role.getParentRoles() )
+ {
+ roleGraph.addVertex( parentRole );
+
+ roleGraph.addEdge( parentRole, role.getId() );
+ }
+ }
+ }
+ }
+
+ return roleGraph;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static DAG generateTemplateGraph( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ DAG templateGraph = generateRoleGraph( model );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ templateGraph.addVertex( template.getId() );
+
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRole : (List<String>) template.getChildRoles() )
+ {
+ templateGraph.addVertex( childRole );
+
+ templateGraph.addEdge( template.getId(), childRole );
+ }
+ }
+
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRole : (List<String>) template.getParentRoles() )
+ {
+ templateGraph.addVertex( parentRole );
+
+ templateGraph.addEdge( parentRole, template.getId() );
+ }
+ }
+
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplate : (List<String>) template.getChildTemplates() )
+ {
+ templateGraph.addVertex( childTemplate );
+
+ templateGraph.addEdge( template.getId(), childTemplate );
+ }
+ }
+
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplate : (List<String>) template.getParentTemplates() )
+ {
+ templateGraph.addVertex( parentTemplate );
+
+ templateGraph.addEdge( parentTemplate, template.getId() );
+ }
+ }
+ }
+ }
+
+ return templateGraph;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> reverseTopologicalSortedRoleList( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ LinkedList<String> sortedGraph =
+ (LinkedList<String>) TopologicalSorter.sort( RoleModelUtils.generateRoleGraph( model ) );
+ List<String> resortedGraph = new LinkedList<String>();
+
+ while ( !sortedGraph.isEmpty() )
+ {
+ resortedGraph.add( sortedGraph.removeLast() );
+ }
+
+ return resortedGraph;
+ }
+
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/util/RoleModelUtils.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,450 @@
+package org.codehaus.plexus.redback.role.validator;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.util.RoleModelUtils;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.springframework.stereotype.Service;
+
+/**
+ * DefaultRoleModelValidator: validates completeness of the model
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ *
+ */
+@Service("roleModelValidator")
+public class DefaultRoleModelValidator
+ implements RoleModelValidator
+{
+ private List<String> validationErrors;
+
+ public boolean validate( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ validationErrors = null;
+
+ validateRequiredStructure( model );
+ validateResourceClosure( model );
+ validateOperationClosure( model );
+ validateChildRoleClosure( model );
+ validateParentRoleClosure( model );
+ validateTemplateClosure( model );
+ validateNoRoleCycles( model );
+ validateNoTemplateCycles( model );
+
+ if ( validationErrors == null )
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public List<String> getValidationErrors()
+ {
+ return validationErrors;
+ }
+
+ private void addValidationError( String error )
+ {
+ if ( validationErrors == null )
+ {
+ validationErrors = new ArrayList<String>(0);
+ }
+
+ validationErrors.add( error );
+ }
+
+ /**
+ * FIXME this should be taken care of by <required/> in modello, figure out why its not
+ * in the meantime, implement the basics
+ *
+ * @param model
+ */
+ @SuppressWarnings("unchecked")
+ private void validateRequiredStructure( RedbackRoleModel model )
+ {
+ // validate model has name
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ if ( application.getId() == null )
+ {
+ addValidationError( "model is missing application name" );
+ }
+
+ // validate model has version
+ if ( application.getVersion() == null )
+ {
+ addValidationError( application.getId() + " is missing version" );
+ }
+
+ // validate resource bits
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ if ( resource.getName() == null )
+ {
+ addValidationError( resource.toString() + " missing name" );
+ }
+
+ if ( resource.getId() == null )
+ {
+ addValidationError( resource.toString() + " missing id" );
+ }
+ }
+
+ // validate the operations
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ if ( operation.getName() == null )
+ {
+ addValidationError( operation.toString() + " missing name" );
+ }
+
+ if ( operation.getId() == null )
+ {
+ addValidationError( operation.toString() + " missing id" );
+ }
+ }
+
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getId() == null )
+ {
+ addValidationError( role.toString() + " missing id" );
+ }
+
+ if ( role.getName() == null )
+ {
+ addValidationError( role.toString() + " missing name" );
+ }
+
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( permission.getName() == null )
+ {
+ addValidationError( permission.toString() + " missing name" );
+ }
+
+ if ( permission.getId() == null )
+ {
+ addValidationError( permission.toString() + " missing id" );
+ }
+
+ if ( permission.getOperation() == null )
+ {
+ addValidationError( permission.toString() + " missing operations" );
+ }
+
+ if ( permission.getResource() == null )
+ {
+ addValidationError( permission.toString() + " missing resource" );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getId() == null )
+ {
+ addValidationError( template.toString() + " missing id" );
+ }
+
+ if ( template.getNamePrefix() == null )
+ {
+ addValidationError( template.toString() + " missing name prefix" );
+ }
+
+ if ( template.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
+ {
+ if ( permission.getName() == null )
+ {
+ addValidationError( permission.toString() + " missing name" );
+ }
+
+ if ( permission.getId() == null )
+ {
+ addValidationError( permission.toString() + " missing id" );
+ }
+
+ if ( permission.getOperation() == null )
+ {
+ addValidationError( permission.toString() + " missing operations" );
+ }
+
+ if ( permission.getResource() == null )
+ {
+ addValidationError( permission.toString() + " missing resource" );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * validate all operations in all declared permissions exist as declared in the operations section
+ *
+ * @param model
+ */
+ @SuppressWarnings("unchecked")
+ private void validateOperationClosure( RedbackRoleModel model )
+ {
+ List<String> operationIdList = RoleModelUtils.getOperationIdList( model );
+
+ // check the operations in role permissions
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( !operationIdList.contains( permission.getOperation() ) )
+ {
+ addValidationError( "missing operation: " + permission.getOperation() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+
+ // check the operations in template permissions
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
+ {
+ if ( !operationIdList.contains( permission.getOperation() ) )
+ {
+ addValidationError( "missing operation: " + permission.getOperation() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateResourceClosure( RedbackRoleModel model )
+ {
+ List<String> resourceIdList = RoleModelUtils.getResourceIdList( model );
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( !resourceIdList.contains( permission.getResource() ) )
+ {
+ addValidationError( "missing operation: " + permission.getResource() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateChildRoleClosure( RedbackRoleModel model )
+ {
+ List<String> roleIdList = RoleModelUtils.getRoleIdList( model );
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) role.getChildRoles() )
+ {
+ if ( !roleIdList.contains( childRoleId ) )
+ {
+ addValidationError( "missing role id: " + childRoleId + " in child roles of role "
+ + role.getId() );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) template.getChildRoles() )
+ {
+ if ( !roleIdList.contains( childRoleId ) )
+ {
+ addValidationError( "missing role id: " + childRoleId + " in child roles of template "
+ + template.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateParentRoleClosure( RedbackRoleModel model )
+ {
+ List roleIdList = RoleModelUtils.getRoleIdList( model );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) role.getParentRoles() )
+ {
+ if ( !roleIdList.contains( parentRoleId ) )
+ {
+ addValidationError( "missing role id: " + parentRoleId + " in parent roles of role "
+ + role.getId() );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) template.getParentRoles() )
+ {
+ if ( !roleIdList.contains( parentRoleId ) )
+ {
+ addValidationError( "missing role id: " + parentRoleId + " in parent roles of template "
+ + template.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateTemplateClosure( RedbackRoleModel model )
+ {
+ List templateIdList = RoleModelUtils.getTemplateIdList( model );
+
+ // template name prefix must be unique
+ List<String> templateNamePrefixList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
+ {
+ if ( !templateIdList.contains( parentTemplateId ) )
+ {
+ addValidationError( "missing template id: " + parentTemplateId
+ + " in parent templates of template " + template.getId() );
+ }
+ }
+ }
+
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplateId : (List<String>) template.getChildTemplates() )
+ {
+ if ( !templateIdList.contains( childTemplateId ) )
+ {
+ addValidationError( "missing template id: " + childTemplateId
+ + " in child templates of template " + template.getId() );
+ }
+ }
+ }
+
+ if ( !templateNamePrefixList.contains( template.getNamePrefix() ) )
+ {
+ templateNamePrefixList.add( template.getNamePrefix() );
+ }
+ else
+ {
+ addValidationError( "duplicate name prefix detected: " + template.getNamePrefix() );
+ }
+ }
+ }
+ }
+
+ /**
+ * We are not allowed to have cycles between roles, this method is to detect and raise a red flag when that happens.
+ *
+ * @param model
+ */
+ private void validateNoRoleCycles( RedbackRoleModel model )
+ {
+ try
+ {
+ RoleModelUtils.generateRoleGraph( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ addValidationError( "cycle detected: " + e.getMessage() );
+ }
+ }
+
+ /**
+ * We are not allowed to have cycles between template either, this method is to detect and
+ * raise a red flag when that happens. Templates are a bit more complex since they have both
+ * child and parent roles, as well as runtime parent and child templates
+ *
+ * the id should be sufficient to test cycles here even though in runtime the id's do not need to be
+ * unique since it is the binding of a namePrefix and a resource that makes them unique
+ *
+ * @param model
+ */
+ private void validateNoTemplateCycles( RedbackRoleModel model )
+ {
+ try
+ {
+ RoleModelUtils.generateTemplateGraph( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ addValidationError( "template cycle detected: " + e.getMessage() );
+ }
+ }
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/DefaultRoleModelValidator.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java
URL: http://svn.apache.org/viewvc/archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java?rev=1310268&view=auto
==============================================================================
--- archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java (added)
+++ archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java Fri Apr 6 09:58:14 2012
@@ -0,0 +1,37 @@
+package org.codehaus.plexus.redback.role.validator;
+
+/*
+ * Copyright 2005 The Codehaus.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+import java.util.List;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <je...@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleModelValidator
+{
+ List<String> getValidationErrors();
+
+ boolean validate( RedbackRoleModel model )
+ throws RoleManagerException;
+
+}
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: archiva/redback/redback-core/trunk/redback-rbac/redback-rbac-role-manager/src/main/java/org/codehaus/plexus/redback/role/validator/RoleModelValidator.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision