You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ca...@apache.org on 2006/09/10 09:14:33 UTC
svn commit: r441920 - in /maven/shared/trunk/maven-user:
maven-user-acegi/src/main/java/org/apache/maven/user/acegi/
maven-user-acegi/src/test/java/org/apache/maven/user/acegi/
maven-user-model/src/main/java/org/apache/maven/user/model/
maven-user-mode...
Author: carlos
Date: Sun Sep 10 00:14:32 2006
New Revision: 441920
URL: http://svn.apache.org/viewvc?view=rev&rev=441920
Log:
Add functionality to store ACLs and rework of other ACL code
Modified:
maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AcegiUserManager.java
maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AclManager.java
maven/shared/trunk/maven-user/maven-user-acegi/src/test/java/org/apache/maven/user/acegi/AcegiUserManagerTest.java
maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/InstancePermissions.java
maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/UserManager.java
maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/impl/DefaultUserManager.java
Modified: maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AcegiUserManager.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AcegiUserManager.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AcegiUserManager.java (original)
+++ maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AcegiUserManager.java Sun Sep 10 00:14:32 2006
@@ -16,6 +16,7 @@
* limitations under the License.
*/
+import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -75,59 +76,12 @@
public List getUsersInstancePermissions( Class clazz, Object id )
{
List userPermissions = getUserManager().getUsersInstancePermissions( clazz, id );
-
- BasicAclEntry[] acls = getAclManager().getAcls( clazz, id );
-
- /* put ACLs in a map indexed by username, transforming from BasicAclEntry to InstancePermissions */
- Map aclsByUserName = new HashMap();
- for ( int i = 0; i < acls.length; i++ )
- {
- BasicAclEntry acl = acls[i];
- String recipient = (String) acl.getRecipient();
-
- BasicAclEntry p = (BasicAclEntry) aclsByUserName.get( recipient );
- if ( p != null )
- {
- throw new IllegalStateException( "There is more than one ACL for user '" + recipient + "': " + p
- + " and " + acl );
- }
-
- aclsByUserName.put( recipient, p );
- }
-
- /* add permissions to each user, and then return a List with permissions */
- Iterator it = userPermissions.iterator();
- while ( it.hasNext() )
- {
- InstancePermissions p = (InstancePermissions) it.next();
- BasicAclEntry acl = (BasicAclEntry) aclsByUserName.get( p.getUser().getUsername() );
- if ( acl != null )
- {
- aclToPermission( acl, p );
- }
- }
- return userPermissions;
+ return getAclManager().getUsersInstancePermissions( clazz, id, userPermissions );
}
- private InstancePermissions aclToPermission( BasicAclEntry acl, InstancePermissions p )
+ public void setUsersInstancePermissions( Class clazz, Object id, Collection permissions )
{
- if ( acl.isPermitted( SimpleAclEntry.CREATE ) )
- {
- p.setBuild( true );
- }
- if ( acl.isPermitted( SimpleAclEntry.DELETE ) )
- {
- p.setDelete( true );
- }
- if ( acl.isPermitted( SimpleAclEntry.READ ) )
- {
- p.setView( true );
- }
- if ( acl.isPermitted( SimpleAclEntry.WRITE ) )
- {
- p.setEdit( true );
- }
- return p;
+ getAclManager().setUsersInstancePermissions( clazz, id, permissions );
}
//-----------------------------------------------------------------------
Modified: maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AclManager.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AclManager.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AclManager.java (original)
+++ maven/shared/trunk/maven-user/maven-user-acegi/src/main/java/org/apache/maven/user/acegi/AclManager.java Sun Sep 10 00:14:32 2006
@@ -16,11 +16,17 @@
* limitations under the License.
*/
-import org.acegisecurity.acl.basic.AclObjectIdentity;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
import org.acegisecurity.acl.basic.BasicAclEntry;
import org.acegisecurity.acl.basic.BasicAclExtendedDao;
import org.acegisecurity.acl.basic.NamedEntityObjectIdentity;
import org.acegisecurity.acl.basic.SimpleAclEntry;
+import org.apache.maven.user.model.InstancePermissions;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
import org.springframework.beans.factory.InitializingBean;
@@ -50,58 +56,188 @@
return aclDao;
}
- protected void create( BasicAclEntry aclEntry )
- {
- getAclDao().create( aclEntry );
- }
-
- protected void delete( Class clazz, Object id )
- {
- getAclDao().delete( createObjectIdentity( clazz, id ) );
- }
-
protected NamedEntityObjectIdentity createObjectIdentity( Class clazz, Object id )
{
return new NamedEntityObjectIdentity( clazz.getName(), id.toString() );
}
- public BasicAclEntry[] getAcls( Class clazz, Object id )
+ private BasicAclEntry[] getAcls( Class clazz, Object id )
{
NamedEntityObjectIdentity objectIdentity = createObjectIdentity( clazz, id );
BasicAclEntry[] acls = getAclDao().getAcls( objectIdentity );
return acls;
}
- public BasicAclEntry getAcl( Class clazz, Object id, String userName )
+ private BasicAclEntry getAcl( Class clazz, Object id, String userName )
{
BasicAclEntry[] acls = getAcls( clazz, id );
- for ( int i = 0; i < acls.length; i++ )
+ if ( acls != null )
{
- if ( acls[i].getRecipient().equals( userName ) )
+ /* TODO optimize this, probably the results come ordered in some way */
+ for ( int i = 0; i < acls.length; i++ )
{
- return acls[i];
+ if ( acls[i].getRecipient().equals( userName ) )
+ {
+ return acls[i];
+ }
}
}
return null;
}
- public void setPermissions( Class clazz, Object id, String userName, int permissions, AclObjectIdentity parentAclId )
+ /**
+ * Get the instance permissions for each user and object ( identified by its class and id )
+ *
+ * @param clazz {@link Class} of the object
+ * @param id identifier of the object
+ * @param userPermissions {@link List} < {@link InstancePermissions} >
+ * @return {@link List} < {@link InstancePermissions} >
+ */
+ public List getUsersInstancePermissions( Class clazz, Object id, List userPermissions )
{
- BasicAclEntry acl = getAcl( clazz, id, userName );
- NamedEntityObjectIdentity objectIdentity = createObjectIdentity( clazz, id );
+ BasicAclEntry[] acls = getAcls( clazz, id );
+
+ /* put ACLs in a map indexed by username */
+ Map aclsByUserName = new HashMap();
+ for ( int i = 0; i < acls.length; i++ )
+ {
+ BasicAclEntry acl = acls[i];
+ String recipient = (String) acl.getRecipient();
+
+ BasicAclEntry p = (BasicAclEntry) aclsByUserName.get( recipient );
+ if ( p != null )
+ {
+ throw new IllegalStateException( "There is more than one ACL for user '" + recipient + "': " + p
+ + " and " + acl );
+ }
- if ( acl == null )
+ aclsByUserName.put( recipient, p );
+ }
+
+ /* add permissions to each user, and then return a List with permissions */
+ Iterator it = userPermissions.iterator();
+ while ( it.hasNext() )
+ {
+ InstancePermissions p = (InstancePermissions) it.next();
+ BasicAclEntry acl = (BasicAclEntry) aclsByUserName.get( p.getUser().getUsername() );
+ if ( acl != null )
+ {
+ aclToPermission( acl, p );
+ }
+ }
+ return userPermissions;
+ }
+
+ /**
+ * Updates a list of permissions at the same time. If the permission didn't exist it's created.
+ *
+ * @param clazz
+ * @param id
+ * @param permissions {@link Collection} <{@link InstancePermissions}> .
+ * Each {@link InstancePermissions}.user only needs to have username, no other properties are required.
+ */
+ public void setUsersInstancePermissions( Class clazz, Object id, Collection permissions )
+ {
+ Iterator it = permissions.iterator();
+ while ( it.hasNext() )
+ {
+ InstancePermissions p = (InstancePermissions) it.next();
+ String userName = p.getUser().getUsername();
+
+ BasicAclEntry acl = getAcl( clazz, id, userName );
+
+ if ( acl == null )
+ {
+ NamedEntityObjectIdentity objectIdentity = createObjectIdentity( clazz, id );
+ acl = new SimpleAclEntry();
+ acl.setAclObjectIdentity( objectIdentity );
+ //acl.setAclObjectParentIdentity( parentAclId );
+ permissionToAcl( p, acl );
+
+ /* create the ACL only if it has any permission */
+ if ( acl.getMask() != SimpleAclEntry.NOTHING )
+ {
+ getAclDao().create( acl );
+ }
+ }
+ else
+ {
+ permissionToAcl( p, acl );
+
+ /* delete the ACL if it has no permissions */
+ if ( acl.getMask() != SimpleAclEntry.NOTHING )
+ {
+ getAclDao().changeMask( acl.getAclObjectIdentity(), userName, new Integer( acl.getMask() ) );
+ }
+ else
+ {
+ getAclDao().delete( acl.getAclObjectIdentity(), userName );
+ }
+ }
+ }
+ }
+
+ private void permissionToAcl( InstancePermissions p, BasicAclEntry basicAcl )
+ {
+ if ( !( basicAcl instanceof SimpleAclEntry ) )
+ {
+ throw new IllegalArgumentException( "Can't create ACLs other than " + SimpleAclEntry.class );
+ }
+
+ SimpleAclEntry acl = (SimpleAclEntry) basicAcl;
+
+ acl.setRecipient( p.getUser().getUsername() );
+ acl.setMask( SimpleAclEntry.NOTHING );
+
+ if ( p.isExecute() )
+ {
+ acl.addPermission( SimpleAclEntry.CREATE );
+ }
+ if ( p.isDelete() )
+ {
+ acl.addPermission( SimpleAclEntry.DELETE );
+ }
+ if ( p.isRead() )
+ {
+ acl.addPermission( SimpleAclEntry.READ );
+ }
+ if ( p.isWrite() )
+ {
+ acl.addPermission( SimpleAclEntry.WRITE );
+ }
+ if ( p.isAdminister() )
+ {
+ acl.addPermission( SimpleAclEntry.ADMINISTRATION );
+ }
+ }
+
+ /**
+ * This method translates Acegi {@link BasicAclEntry} to Maven {@link InstancePermissions}.
+ *
+ * @param acl Permissions in Acegi world
+ * @param p Permissions in Maven world
+ */
+ private void aclToPermission( BasicAclEntry acl, InstancePermissions p )
+ {
+ if ( acl.isPermitted( SimpleAclEntry.CREATE ) )
+ {
+ p.setExecute( true );
+ }
+ if ( acl.isPermitted( SimpleAclEntry.DELETE ) )
+ {
+ p.setDelete( true );
+ }
+ if ( acl.isPermitted( SimpleAclEntry.READ ) )
+ {
+ p.setRead( true );
+ }
+ if ( acl.isPermitted( SimpleAclEntry.WRITE ) )
{
- SimpleAclEntry aclEntry = new SimpleAclEntry();
- aclEntry.setAclObjectIdentity( objectIdentity );
- aclEntry.setRecipient( userName );
- aclEntry.setAclObjectParentIdentity( parentAclId );
- aclEntry.addPermission( permissions );
- create( aclEntry );
+ p.setWrite( true );
}
- else
+ if ( acl.isPermitted( SimpleAclEntry.ADMINISTRATION ) )
{
- getAclDao().changeMask( objectIdentity, userName, new Integer( permissions ) );
+ p.setAdminister( true );
}
}
Modified: maven/shared/trunk/maven-user/maven-user-acegi/src/test/java/org/apache/maven/user/acegi/AcegiUserManagerTest.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-acegi/src/test/java/org/apache/maven/user/acegi/AcegiUserManagerTest.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-acegi/src/test/java/org/apache/maven/user/acegi/AcegiUserManagerTest.java (original)
+++ maven/shared/trunk/maven-user/maven-user-acegi/src/test/java/org/apache/maven/user/acegi/AcegiUserManagerTest.java Sun Sep 10 00:14:32 2006
@@ -39,8 +39,12 @@
{
private AcegiUserManager manager;
+ AclManager aclManager;
+
private Mock delegate, dao;
+ private User user;
+
protected void setUp()
throws Exception
{
@@ -50,16 +54,18 @@
manager.setUserManager( (UserManager) delegate.proxy() );
dao = mock( BasicAclExtendedDao.class );
- AclManager aclManager = new AclManager();
+ aclManager = new AclManager();
aclManager.setAclDao( (BasicAclExtendedDao) dao.proxy() );
manager.setAclManager( aclManager );
+
+ user = new User();
+ user.setUsername( "myuser" );
}
public void testGetUsersInstancePermissions()
{
List users = new ArrayList();
- User u = new User();
- InstancePermissions p = new InstancePermissions( u );
+ InstancePermissions p = new InstancePermissions( user );
users.add( p );
delegate.expects( once() ).method( "getUsersInstancePermissions" ).will( returnValue( users ) );
@@ -74,11 +80,61 @@
p = (InstancePermissions) usersInstancePermissions.iterator().next();
- assertEquals( u, p.getUser() );
- assertFalse( p.isBuild() );
+ assertEquals( user, p.getUser() );
+ assertFalse( p.isExecute() );
assertFalse( p.isDelete() );
- assertFalse( p.isEdit() );
- assertFalse( p.isView() );
+ assertFalse( p.isWrite() );
+ assertFalse( p.isRead() );
+ assertFalse( p.isAdminister() );
}
+ public void testSetUsersInstancePermissions()
+ {
+ List users = new ArrayList();
+ InstancePermissions p = new InstancePermissions( user );
+ users.add( p );
+
+ BasicAclEntry[] acls = new BasicAclEntry[1];
+ BasicAclEntry acl = new SimpleAclEntry();
+ acl.setRecipient( user.getUsername() );
+ acl.setAclObjectIdentity( aclManager.createObjectIdentity( User.class, new Integer( 1 ) ) );
+ acls[0] = acl;
+
+ /* *************************************** old ACL *************************************** */
+
+ dao.expects( atLeastOnce() ).method( "getAcls" ).will( returnValue( acls ) );
+
+ /* no permissions */
+ dao.expects( once() ).method( "delete" ).with( ANYTHING, eq( user.getUsername() ) );
+
+ manager.setUsersInstancePermissions( User.class, new Integer( 1 ), users );
+ dao.verify();
+
+ /* read permission */
+ p.setRead( true );
+ dao.expects( once() ).method( "changeMask" )
+ .with( ANYTHING, eq( user.getUsername() ), eq( SimpleAclEntry.READ ) );
+
+ manager.setUsersInstancePermissions( User.class, new Integer( 1 ), users );
+ dao.verify();
+
+ /* *************************************** new ACL *************************************** */
+
+ dao.expects( atLeastOnce() ).method( "getAcls" ).will( returnValue( new BasicAclEntry[0] ) );
+
+ /* no permissions */
+ p.setRead( false );
+
+ manager.setUsersInstancePermissions( User.class, new Integer( 1 ), users );
+ dao.verify();
+
+ /* read permission */
+ p.setRead( true );
+ acl.setMask( SimpleAclEntry.READ );
+ dao.expects( once() ).method( "create" ).with( hasProperty( "mask", eq( SimpleAclEntry.READ ) ) );
+
+ manager.setUsersInstancePermissions( User.class, new Integer( 1 ), users );
+ dao.verify();
+
+ }
}
Modified: maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/InstancePermissions.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/InstancePermissions.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/InstancePermissions.java (original)
+++ maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/InstancePermissions.java Sun Sep 10 00:14:32 2006
@@ -25,39 +25,25 @@
{
private User user;
- private boolean view;
-
- private boolean edit;
-
- private boolean delete;
-
- private boolean build;
+ private boolean read, write, delete, execute, administer;
public InstancePermissions()
{
- this.view = false;
- this.edit = false;
- this.delete = false;
- this.build = false;
}
public InstancePermissions( User user )
{
this.user = user;
- this.view = false;
- this.edit = false;
- this.delete = false;
- this.build = false;
}
- public boolean isBuild()
+ public boolean isExecute()
{
- return build;
+ return execute;
}
- public void setBuild( boolean build )
+ public void setExecute( boolean execute )
{
- this.build = build;
+ this.execute = execute;
}
public boolean isDelete()
@@ -70,24 +56,34 @@
this.delete = delete;
}
- public boolean isEdit()
+ public boolean isWrite()
+ {
+ return write;
+ }
+
+ public void setWrite( boolean write )
+ {
+ this.write = write;
+ }
+
+ public boolean isRead()
{
- return edit;
+ return read;
}
- public void setEdit( boolean edit )
+ public void setRead( boolean read )
{
- this.edit = edit;
+ this.read = read;
}
- public boolean isView()
+ public boolean isAdminister()
{
- return view;
+ return administer;
}
- public void setView( boolean view )
+ public void setAdminister( boolean administer )
{
- this.view = view;
+ this.administer = administer;
}
public User getUser()
@@ -106,25 +102,49 @@
sb.append( getUser().getUsername() );
sb.append( ": " );
- char[] permissions = "----".toCharArray();
- if ( isView() )
+ char[] permissions = "-----".toCharArray();
+ if ( isRead() )
{
- permissions[0] = 'v';
+ permissions[0] = 'r';
}
- if ( isEdit() )
+ if ( isWrite() )
{
- permissions[1] = 'e';
+ permissions[1] = 'w';
}
if ( isDelete() )
{
permissions[2] = 'd';
}
- if ( isBuild() )
+ if ( isExecute() )
{
- permissions[3] = 'b';
+ permissions[3] = 'x';
+ }
+ if ( isAdminister() )
+ {
+ permissions[4] = 'a';
}
sb.append( permissions );
return sb.toString();
+ }
+
+ public boolean equals( Object other )
+ {
+ if ( this == other )
+ {
+ return true;
+ }
+ if ( !( other instanceof InstancePermissions ) )
+ {
+ return false;
+ }
+ InstancePermissions that = (InstancePermissions) other;
+ boolean result = getUser().equals( that.getUser() );
+ result &= isRead() == that.isRead();
+ result &= isWrite() == that.isWrite();
+ result &= isDelete() == that.isDelete();
+ result &= isExecute() == that.isExecute();
+ result &= isAdminister() == that.isAdminister();
+ return result;
}
}
Modified: maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/UserManager.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/UserManager.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/UserManager.java (original)
+++ maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/UserManager.java Sun Sep 10 00:14:32 2006
@@ -16,6 +16,7 @@
* limitations under the License.
*/
+import java.util.Collection;
import java.util.List;
/**
@@ -218,19 +219,28 @@
Permission addPermission( Permission perm );
/**
- * Get the instance permissions for each user and object ( identified by its class and id )
+ * Get all users instance permissions for an object ( identified by its class and id )
+ *
* @param clazz {@link Class} of the object
* @param id identifier of the object
- *
* @return {@link List} < {@link InstancePermissions} >
*/
List getUsersInstancePermissions( Class clazz, Object id );
/**
+ * Set all users instance permissions for an object
+ *
+ * @param clazz {@link Class} of the object
+ * @param id identifier of the object
+ * @param permissions {@link Collection} <{@link InstancePermissions}> .
+ * Each {@link InstancePermissions}.user only needs to have username, no other properties are required.
+ */
+ void setUsersInstancePermissions( Class clazz, Object id, Collection permissions );
+
+ /**
* Get current user
*
* @return null if the user doesn't exist
*/
User getMyUser();
-
}
Modified: maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/impl/DefaultUserManager.java
URL: http://svn.apache.org/viewvc/maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/impl/DefaultUserManager.java?view=diff&rev=441920&r1=441919&r2=441920
==============================================================================
--- maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/impl/DefaultUserManager.java (original)
+++ maven/shared/trunk/maven-user/maven-user-model/src/main/java/org/apache/maven/user/model/impl/DefaultUserManager.java Sun Sep 10 00:14:32 2006
@@ -17,6 +17,7 @@
*/
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@@ -329,6 +330,13 @@
permissions.add( new InstancePermissions( user ) );
}
return permissions;
+ }
+
+ /**
+ * Do nothing
+ */
+ public void setUsersInstancePermissions( Class clazz, Object id, Collection permissions )
+ {
}
public User getMyUser()