You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@clerezza.apache.org by re...@apache.org on 2010/07/15 16:40:52 UTC

svn commit: r964446 - /incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java

Author: reto
Date: Thu Jul 15 14:40:51 2010
New Revision: 964446

URL: http://svn.apache.org/viewvc?rev=964446&view=rev
Log:
CLEREZZA-253: added readwrite support

Modified:
    incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java

Modified: incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
URL: http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java?rev=964446&r1=964445&r2=964446&view=diff
==============================================================================
--- incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java (original)
+++ incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java Thu Jul 15 14:40:51 2010
@@ -59,6 +59,7 @@ public class TcAccessController {
 	//we can't rely on ontology plugin in rdf core
 	private String ontologyNamespace = "http://clerezza.apache.org/2010/07/10/graphpermssions#";
 	private final UriRef readPermissionListProperty = new UriRef(ontologyNamespace + "readPermissionList");
+	private final UriRef readWritePermissionListProperty = new UriRef(ontologyNamespace + "readWritePermissionList");
 	/**
 	 * The first item in the subject RDF list.
 	 */
@@ -68,7 +69,9 @@ public class TcAccessController {
 	 */
 	public static final UriRef rest = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest");
 	public static final UriRef rdfNil = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil");
-	private final Map<UriRef, Collection<Permission>> permissionCache =
+	private final Map<UriRef, Collection<Permission>> readPermissionCache =
+			Collections.synchronizedMap(new HashMap<UriRef, Collection<Permission>>());
+	private final Map<UriRef, Collection<Permission>> readWritePermissionCache =
 			Collections.synchronizedMap(new HashMap<UriRef, Collection<Permission>>());
 
 	/**
@@ -102,13 +105,25 @@ public class TcAccessController {
 	public void checkReadWritePermission(UriRef tripleCollectionUri) {
 		SecurityManager security = System.getSecurityManager();
 		if (security != null) {
-			AccessController.checkPermission(new TcPermission(
-					tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+			if (tripleCollectionUri.equals(permissionGraphName)) {
+				AccessController.checkPermission(new TcPermission(
+						tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+			} else {
+				Collection<Permission> perms = getRequiredReadWritePermissions(tripleCollectionUri);
+				if (perms.size() > 0) {
+					for (Permission permission : perms) {
+						AccessController.checkPermission(permission);
+					}
+				} else {
+					AccessController.checkPermission(new TcPermission(
+							tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+				}
+			}
 		}
 	}
 
 	/**
-	 * Set the set of permissions required to access a triple-collection, if
+	 * Set the set of permissions required for read access to a triple-collection, if
 	 * the set is non-empty the default TCPermisson is no longer required.
 	 *
 	 * @param tripleCollectionUri
@@ -116,7 +131,7 @@ public class TcAccessController {
 	 */
 	public void setRequiredReadPermissions(UriRef tripleCollectionUri,
 			Collection<String> permissionDescriptions) {
-		permissionCache.remove(tripleCollectionUri);
+		readPermissionCache.remove(tripleCollectionUri);
 		final LockableMGraph permissionMGraph = getOrCreatePermisionGraph();
 		Lock l = permissionMGraph.getLock().writeLock();
 		l.lock();
@@ -130,15 +145,52 @@ public class TcAccessController {
 		}
 	}
 
+	/**
+	 * Set the set of permissions required for read-write access to a
+	 * triple-collection, if
+	 * the set is non-empty the default TCPermisson is no longer required.
+	 *
+	 * @param tripleCollectionUri
+	 * @param permissionDescriptions
+	 */
+	public void setRequiredReadWritePermissions(UriRef tripleCollectionUri,
+			Collection<String> permissionDescriptions) {
+		readWritePermissionCache.remove(tripleCollectionUri);
+		final LockableMGraph permissionMGraph = getOrCreatePermisionGraph();
+		Lock l = permissionMGraph.getLock().writeLock();
+		l.lock();
+		try {
+			removeExistingRequiredReadPermissions(tripleCollectionUri, permissionMGraph);
+			final NonLiteral permissionList = createList(permissionDescriptions.iterator(), permissionMGraph);
+			permissionMGraph.add(new TripleImpl(tripleCollectionUri,
+					readWritePermissionListProperty, permissionList));
+		} finally {
+			l.unlock();
+		}
+	}
+
 	private Collection<Permission> getRequiredReadPermissions(UriRef tripleCollectionUri) {
-		Collection<Permission> result = permissionCache.get(tripleCollectionUri);
+		Collection<Permission> result = readPermissionCache.get(tripleCollectionUri);
 		if (result == null) {
 			result = new ArrayList<Permission>();
 			Collection<String> permissionStrings = getRequiredReadPermissionStrings(tripleCollectionUri);
 			for (String string : permissionStrings) {
 				result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
 			}
-			permissionCache.put(tripleCollectionUri, result);
+			readPermissionCache.put(tripleCollectionUri, result);
+		}
+		return result;
+	}
+
+	private Collection<Permission> getRequiredReadWritePermissions(UriRef tripleCollectionUri) {
+		Collection<Permission> result = readWritePermissionCache.get(tripleCollectionUri);
+		if (result == null) {
+			result = new ArrayList<Permission>();
+			Collection<String> permissionStrings = getRequiredReadWritePermissionStrings(tripleCollectionUri);
+			for (String string : permissionStrings) {
+				result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
+			}
+			readWritePermissionCache.put(tripleCollectionUri, result);
 		}
 		return result;
 	}
@@ -183,13 +235,19 @@ public class TcAccessController {
 		}
 	}
 
+	private Collection<String> getRequiredReadWritePermissionStrings(final UriRef tripleCollectionUri) {
+		return getRequiredPermissionStrings(tripleCollectionUri, readWritePermissionListProperty);
+	}
 	private Collection<String> getRequiredReadPermissionStrings(final UriRef tripleCollectionUri) {
+		return getRequiredPermissionStrings(tripleCollectionUri, readPermissionListProperty);
+	}
+	private Collection<String> getRequiredPermissionStrings(final UriRef tripleCollectionUri, UriRef property) {
 		try {
 			final LockableMGraph permissionMGraph = tcManager.getMGraph(permissionGraphName);
 			Lock l = permissionMGraph.getLock().readLock();
 			l.lock();
 			try {
-				Triple t = permissionMGraph.filter(tripleCollectionUri, readPermissionListProperty, null).next();
+				Triple t = permissionMGraph.filter(tripleCollectionUri, property, null).next();
 				NonLiteral list = (NonLiteral) t.getObject();
 				LinkedList<String> result = new LinkedList<String>();
 				readList(list, permissionMGraph, result);