You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by gk...@apache.org on 2017/12/07 16:03:26 UTC
svn commit: r1817388 - in /turbine/fulcrum/trunk/security:
api/src/test/org/apache/fulcrum/security/model/turbine/test/
torque/src/java/org/apache/fulcrum/security/torque/security/
torque/src/java/org/apache/fulcrum/security/torque/turbine/
Author: gk
Date: Thu Dec 7 16:03:25 2017
New Revision: 1817388
URL: http://svn.apache.org/viewvc?rev=1817388&view=rev
Log:
- delete relational in revoke
- add isEmpty check as guard against removal without replacement
- add test in api to show some more complex grant/revoke situations
Modified:
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/turbine/test/AbstractTurbineModelManagerTest.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/security/TorqueAbstractSecurityEntity.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineGroup.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbinePermission.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineRole.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineModelManagerImpl.java
Modified: turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/turbine/test/AbstractTurbineModelManagerTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/turbine/test/AbstractTurbineModelManagerTest.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/turbine/test/AbstractTurbineModelManagerTest.java (original)
+++ turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/turbine/test/AbstractTurbineModelManagerTest.java Thu Dec 7 16:03:25 2017
@@ -118,6 +118,33 @@ public abstract class AbstractTurbineMod
assertFalse(((TurbineRole) role).getPermissions().contains(permission));
}
@Test
+ public void testRevokeRolePermissionOneOfTwo() throws Exception
+ {
+ Permission permission = securityService.getPermissionManager().getPermissionInstance();
+ Permission permission2 = securityService.getPermissionManager().getPermissionInstance();
+ permission.setName("ANOTHER_SEND_SPAM"); // otherwise memory complains "does already exist
+ permission2.setName("ANOTHER_ANSWER_EMAIL");
+ // assign new db entities
+ permission = securityService.getPermissionManager().addPermission(permission);
+ permission2 = securityService.getPermissionManager().addPermission(permission2);
+ role = roleManager.getRoleInstance("ANOTHERSECRETARY");
+ role = roleManager.addRole(role);
+ modelManager.grant(role, permission);
+ modelManager.grant(role, permission2);
+ role = roleManager.getRoleById(role.getId());
+ PermissionSet permissions = ((TurbineRole) role).getPermissions();
+ assertEquals(2, permissions.size());
+ modelManager.revoke(role, permission);
+ role = roleManager.getRoleById(role.getId());
+ permissions = ((TurbineRole) role).getPermissions();
+ assertEquals(1, permissions.size());
+ assertFalse(((TurbineRole) role).getPermissions().contains(permission));
+ assertTrue(((TurbineRole) role).getPermissions().contains(permission2));
+ // to cleanup
+ modelManager.revoke(role, permission2);
+ assertFalse(((TurbineRole) role).getPermissions().contains(permission2));
+ }
+ @Test
public void testRevokeAllRole() throws Exception
{
Permission permission = securityService.getPermissionManager().getPermissionInstance();
@@ -146,10 +173,10 @@ public abstract class AbstractTurbineMod
securityService.getGroupManager().addGroup(group);
Role role = securityService.getRoleManager().getRoleInstance();
role.setName("TEST_REVOKEALLUSER_ROLE");
- securityService.getRoleManager().addRole(role);
+ role = securityService.getRoleManager().addRole(role);
User user = userManager.getUserInstance("calvin");
- userManager.addUser(user, "calvin");
+ user = userManager.addUser(user, "calvin");
modelManager.grant(user, group, role);
group = groupManager.getGroupById(group.getId());
@@ -163,8 +190,15 @@ public abstract class AbstractTurbineMod
assertEquals(0, ((TurbineGroup) group).getUserGroupRoleSet().size());
role = securityService.getRoleManager().getRoleByName("TEST_REVOKEALLUSER_ROLE");
- // assertFalse(((TurbineRole) role).getGroups().contains(group));
+ assertEquals(0,((TurbineRole) role).getUserGroupRoleSet().size());
+
+ assertTrue(((TurbineRole) role).getUserGroupRoleSet().isEmpty());
+
+ modelManager.grant(user, group, role);
+ assertEquals(1,((TurbineRole) role).getUserGroupRoleSet().size());
+ assertTrue(((TurbineRole) role).getUserGroupRoleSet().iterator().next().getGroup().equals( group ));
+
}
@Test
public void testGrantUserGroupRole() throws Exception
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/security/TorqueAbstractSecurityEntity.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/security/TorqueAbstractSecurityEntity.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/security/TorqueAbstractSecurityEntity.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/security/TorqueAbstractSecurityEntity.java Thu Dec 7 16:03:25 2017
@@ -76,7 +76,7 @@ public abstract class TorqueAbstractSecu
* @param con A database connection
*/
public abstract void update(Connection con) throws TorqueException;
-
+
/**
* Delete this entity
*
@@ -129,4 +129,5 @@ public abstract class TorqueAbstractSecu
setEntityName(name.toLowerCase());
}
}
+
}
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineGroup.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineGroup.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineGroup.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineGroup.java Thu Dec 7 16:03:25 2017
@@ -90,7 +90,7 @@ public abstract class DefaultAbstractTur
public void update(Connection con) throws TorqueException
{
Set<TurbineUserGroupRole> userGroupRoleSet = getUserGroupRoleSet();
- if (userGroupRoleSet != null)
+ if (userGroupRoleSet != null && !userGroupRoleSet.isEmpty())
{
Criteria criteria = new Criteria();
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbinePermission.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbinePermission.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbinePermission.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbinePermission.java Thu Dec 7 16:03:25 2017
@@ -159,7 +159,7 @@ public abstract class DefaultAbstractTur
@Override
public void update(Connection con) throws TorqueException
{
- if (roleSet != null)
+ if (roleSet != null && !roleSet.isEmpty())
{
Criteria criteria = new Criteria();
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineRole.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineRole.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineRole.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineRole.java Thu Dec 7 16:03:25 2017
@@ -188,14 +188,16 @@ public abstract class DefaultAbstractTur
setUserGroupRoleSet(userGroupRoleSet);
}
-
+
/**
* @see org.apache.fulcrum.security.torque.security.TorqueAbstractSecurityEntity#update(java.sql.Connection)
+ *
+ * use for grants only!
*/
@Override
public void update(Connection con) throws TorqueException
{
- if (permissionSet != null)
+ if (permissionSet != null && !permissionSet.isEmpty())
{
Criteria criteria = new Criteria();
@@ -213,7 +215,7 @@ public abstract class DefaultAbstractTur
}
Set<TurbineUserGroupRole> userGroupRoleSet = getUserGroupRoleSet();
- if (userGroupRoleSet != null)
+ if (userGroupRoleSet != null && !userGroupRoleSet.isEmpty())
{
Criteria criteria = new Criteria();
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java Thu Dec 7 16:03:25 2017
@@ -96,7 +96,7 @@ public abstract class DefaultAbstractTur
public void update(Connection con) throws TorqueException
{
Set<TurbineUserGroupRole> userGroupRoleSet = getUserGroupRoleSet();
- if (userGroupRoleSet != null)
+ if (userGroupRoleSet != null && !userGroupRoleSet.isEmpty())
{
Criteria criteria = new Criteria();
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineModelManagerImpl.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineModelManagerImpl.java?rev=1817388&r1=1817387&r2=1817388&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineModelManagerImpl.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineModelManagerImpl.java Thu Dec 7 16:03:25 2017
@@ -30,10 +30,13 @@ import org.apache.fulcrum.security.model
import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
import org.apache.fulcrum.security.model.turbine.entity.TurbineUser;
import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
+import org.apache.fulcrum.security.torque.om.TurbineRolePermissionPeer;
+import org.apache.fulcrum.security.torque.om.TurbineUserGroupRolePeer;
import org.apache.fulcrum.security.torque.security.TorqueAbstractSecurityEntity;
import org.apache.fulcrum.security.util.DataBackendException;
import org.apache.fulcrum.security.util.UnknownEntityException;
import org.apache.torque.TorqueException;
+import org.apache.torque.criteria.Criteria;
import org.apache.torque.util.Transaction;
/**
* This implementation persists to a database via Torque.
@@ -132,29 +135,17 @@ public class TorqueTurbineModelManagerIm
((TurbinePermission)permission).removeRole(role);
}
- Connection con = null;
-
try
{
- con = Transaction.begin();
-
- ((TorqueAbstractSecurityEntity)role).update(con);
- ((TorqueAbstractSecurityEntity)permission).update(con);
-
- Transaction.commit(con);
- con = null;
+ Criteria criteria = new Criteria();
+ criteria.where(TurbineRolePermissionPeer.ROLE_ID, role.getId());
+ criteria.where(TurbineRolePermissionPeer.PERMISSION_ID, (Integer)permission.getId());
+ TurbineRolePermissionPeer.doDelete(criteria);
}
catch (TorqueException e)
{
throw new DataBackendException("revoke('" + role.getName() + "', '" + permission.getName() + "') failed", e);
}
- finally
- {
- if (con != null)
- {
- Transaction.safeRollback(con);
- }
- }
return;
}
@@ -279,9 +270,11 @@ public class TorqueTurbineModelManagerIm
{
con = Transaction.begin();
- ((TorqueAbstractSecurityEntity)user).update(con);
- ((TorqueAbstractSecurityEntity)group).update(con);
- ((TorqueAbstractSecurityEntity)role).update(con);
+ Criteria criteria = new Criteria();
+ criteria.where(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ criteria.where(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ criteria.where(TurbineUserGroupRolePeer.USER_ID, user.getId());
+ TurbineUserGroupRolePeer.doDelete(criteria, con);
Transaction.commit(con);
con = null;