Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2013-04-08 08:07:26 -0400
committerEike Stepper2013-04-08 08:07:26 -0400
commitfb8e32504f22ccd37a26669b406acc17661b04a8 (patch)
tree1f1e98117434701d0aaf3dd9c7aec902380a2bde
parent5aece33dc40ccff8d08a52cc242d5ff261c4600c (diff)
downloadcdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.gz
cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.xz
cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.zip
[401172] [Security] Support local permissions on objects
https://bugs.eclipse.org/bugs/show_bug.cgi?id=401172
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/plugin.properties1
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java117
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java2
-rw-r--r--plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF3
-rw-r--r--plugins/org.eclipse.emf.cdo.security/model/security.ecore1
-rw-r--r--plugins/org.eclipse.emf.cdo.security/model/security.ecorediag24
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java22
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java74
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java18
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java67
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java69
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java25
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java23
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java108
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters11
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java66
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java2
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java11
-rw-r--r--plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java9
19 files changed, 640 insertions, 13 deletions
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties b/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties
index e93e757184..3d6a4ee8b0 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties
+++ b/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties
@@ -90,3 +90,4 @@ _UI_SecurityItemProvider_type = Item Provider
_UI_Realm_defaultUserDirectory_feature = Default User Directory
_UI_Realm_defaultGroupDirectory_feature = Default Group Directory
_UI_Realm_defaultRoleDirectory_feature = Default Role Directory
+_UI_ObjectPermission_type = Object Permission
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java
new file mode 100644
index 0000000000..340799c0f1
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java
@@ -0,0 +1,117 @@
+/**
+ */
+package org.eclipse.emf.cdo.security.provider;
+
+import org.eclipse.emf.cdo.security.Access;
+import org.eclipse.emf.cdo.security.ObjectPermission;
+
+import org.eclipse.emf.common.notify.AdapterFactory;
+import org.eclipse.emf.common.notify.Notification;
+import org.eclipse.emf.edit.provider.IEditingDomainItemProvider;
+import org.eclipse.emf.edit.provider.IItemColorProvider;
+import org.eclipse.emf.edit.provider.IItemFontProvider;
+import org.eclipse.emf.edit.provider.IItemLabelProvider;
+import org.eclipse.emf.edit.provider.IItemPropertyDescriptor;
+import org.eclipse.emf.edit.provider.IItemPropertySource;
+import org.eclipse.emf.edit.provider.IStructuredItemContentProvider;
+import org.eclipse.emf.edit.provider.ITableItemColorProvider;
+import org.eclipse.emf.edit.provider.ITableItemFontProvider;
+import org.eclipse.emf.edit.provider.ITableItemLabelProvider;
+import org.eclipse.emf.edit.provider.ITreeItemContentProvider;
+
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * This is the item provider adapter for a {@link org.eclipse.emf.cdo.security.ObjectPermission} object.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @generated
+ */
+public class ObjectPermissionItemProvider extends PermissionItemProvider implements IEditingDomainItemProvider,
+ IStructuredItemContentProvider, ITreeItemContentProvider, IItemLabelProvider, IItemPropertySource,
+ ITableItemLabelProvider, ITableItemColorProvider, ITableItemFontProvider, IItemColorProvider, IItemFontProvider
+{
+ /**
+ * This constructs an instance from a factory and a notifier.
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ public ObjectPermissionItemProvider(AdapterFactory adapterFactory)
+ {
+ super(adapterFactory);
+ }
+
+ /**
+ * This returns the property descriptors for the adapted class.
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ public List<IItemPropertyDescriptor> getPropertyDescriptors(Object object)
+ {
+ if (itemPropertyDescriptors == null)
+ {
+ super.getPropertyDescriptors(object);
+
+ }
+ return itemPropertyDescriptors;
+ }
+
+ /**
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ protected boolean shouldComposeCreationImage()
+ {
+ return true;
+ }
+
+ /**
+ * This returns the label text for the adapted class.
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ public String getText(Object object)
+ {
+ Access labelValue = ((ObjectPermission)object).getAccess();
+ String label = labelValue == null ? null : labelValue.toString();
+ return label == null || label.length() == 0 ? getString("_UI_ObjectPermission_type") : //$NON-NLS-1$
+ getString("_UI_ObjectPermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$
+ }
+
+ /**
+ * This handles model notifications by calling {@link #updateChildren} to update any cached
+ * children and by creating a viewer notification, which it passes to {@link #fireNotifyChanged}.
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ public void notifyChanged(Notification notification)
+ {
+ updateChildren(notification);
+ super.notifyChanged(notification);
+ }
+
+ /**
+ * This adds {@link org.eclipse.emf.edit.command.CommandParameter}s describing the children
+ * that can be created under this object.
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ protected void collectNewChildDescriptors(Collection<Object> newChildDescriptors, Object object)
+ {
+ super.collectNewChildDescriptors(newChildDescriptors, object);
+ }
+
+}
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java
index 9ce0d8c817..ad93db006b 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java
+++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java
@@ -2,8 +2,8 @@
*/
package org.eclipse.emf.cdo.security.provider;
-import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Access;
+import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.common.notify.AdapterFactory;
diff --git a/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF
index a194192aca..333351c65e 100644
--- a/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF
@@ -7,7 +7,8 @@ Bundle-ClassPath: .
Bundle-Vendor: %providerName
Bundle-Localization: plugin
Bundle-RequiredExecutionEnvironment: J2SE-1.5
-Export-Package: org.eclipse.emf.cdo.security;version="4.2.0",
+Export-Package: org.eclipse.emf.cdo.internal.security;version="4.2.0";x-friends:="org.eclipse.emf.cdo.security.edit,org.eclipse.emf.cdo.security.editor,org.eclipse.emf.cdo.server.security",
+ org.eclipse.emf.cdo.security;version="4.2.0",
org.eclipse.emf.cdo.security.impl;version="4.2.0",
org.eclipse.emf.cdo.security.util;version="4.2.0"
Require-Bundle: org.eclipse.emf.cdo;bundle-version="[4.1.0,5.0.0)";visibility:=reexport
diff --git a/plugins/org.eclipse.emf.cdo.security/model/security.ecore b/plugins/org.eclipse.emf.cdo.security/model/security.ecore
index 5ac20dc9dd..160b49f153 100644
--- a/plugins/org.eclipse.emf.cdo.security/model/security.ecore
+++ b/plugins/org.eclipse.emf.cdo.security/model/security.ecore
@@ -101,6 +101,7 @@
<eClassifiers xsi:type="ecore:EClass" name="ResourcePermission" eSuperTypes="#//Permission">
<eStructuralFeatures xsi:type="ecore:EAttribute" name="pattern" eType="ecore:EDataType platform:/plugin/org.eclipse.emf.ecore/model/Ecore.ecore#//EString"/>
</eClassifiers>
+ <eClassifiers xsi:type="ecore:EClass" name="ObjectPermission" abstract="true" eSuperTypes="#//Permission"/>
<eClassifiers xsi:type="ecore:EEnum" name="Access">
<eLiterals name="READ"/>
<eLiterals name="WRITE" value="1"/>
diff --git a/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag b/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag
index 545ff09bb9..720b352608 100644
--- a/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag
+++ b/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag
@@ -296,6 +296,22 @@
<element xmi:type="ecore:EClass" href="security.ecore#//ResourcePermission"/>
<layoutConstraint xmi:type="notation:Bounds" xmi:id="_lcyeYv4cEeGpopUAItL9cQ" x="890" y="377" width="148"/>
</children>
+ <children xmi:type="notation:Node" xmi:id="_-P7GUaA6EeKe8MpC3pr_IA" type="1001">
+ <children xmi:type="notation:Node" xmi:id="_-P87gKA6EeKe8MpC3pr_IA" type="4001"/>
+ <children xmi:type="notation:Node" xmi:id="_-P9ikKA6EeKe8MpC3pr_IA" type="5001">
+ <styles xmi:type="notation:DrawerStyle" xmi:id="_-P9ikaA6EeKe8MpC3pr_IA"/>
+ <styles xmi:type="notation:SortingStyle" xmi:id="_-P9ikqA6EeKe8MpC3pr_IA"/>
+ <styles xmi:type="notation:FilteringStyle" xmi:id="_-P9ik6A6EeKe8MpC3pr_IA"/>
+ </children>
+ <children xmi:type="notation:Node" xmi:id="_-P9ilKA6EeKe8MpC3pr_IA" type="5002">
+ <styles xmi:type="notation:DrawerStyle" xmi:id="_-P9ilaA6EeKe8MpC3pr_IA"/>
+ <styles xmi:type="notation:SortingStyle" xmi:id="_-P9ilqA6EeKe8MpC3pr_IA"/>
+ <styles xmi:type="notation:FilteringStyle" xmi:id="_-P9il6A6EeKe8MpC3pr_IA"/>
+ </children>
+ <styles xmi:type="notation:ShapeStyle" xmi:id="_-P7GUqA6EeKe8MpC3pr_IA" fontColor="4210752" fontName="Segoe UI" fontHeight="10" fillColor="13761016" lineColor="8421504"/>
+ <element xmi:type="ecore:EClass" href="security.ecore#//ObjectPermission"/>
+ <layoutConstraint xmi:type="notation:Bounds" xmi:id="_-P7GU6A6EeKe8MpC3pr_IA" x="1060" y="377" width="138"/>
+ </children>
<styles xmi:type="notation:DiagramStyle" xmi:id="_BlsqIawpEeGqBf0LMO47dg"/>
<element xmi:type="ecore:EPackage" href="security.ecore#/"/>
<edges xmi:type="notation:Edge" xmi:id="_Bl4QUKwpEeGqBf0LMO47dg" type="3003" source="_BlxioqwpEeGqBf0LMO47dg" target="_BlvtcKwpEeGqBf0LMO47dg">
@@ -540,6 +556,12 @@
<styles xmi:type="notation:ConnectorStyle" xmi:id="_ldPKUf4cEeGpopUAItL9cQ" routing="Rectilinear" lineColor="4210752"/>
<styles xmi:type="notation:FontStyle" xmi:id="_ldPKUv4cEeGpopUAItL9cQ" fontName="Segoe UI"/>
<element xsi:nil="true"/>
- <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_ldPKU_4cEeGpopUAItL9cQ" points="[-2, -24, 153, 108]$[-2, -66, 153, 66]$[-155, -66, 0, 66]$[-155, -107, 0, 25]"/>
+ <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_ldPKU_4cEeGpopUAItL9cQ" points="[-2, -20, 153, 108]$[-2, -62, 153, 66]$[-155, -62, 0, 66]$[-155, -103, 0, 25]"/>
+ </edges>
+ <edges xmi:type="notation:Edge" xmi:id="_GfCc0KA7EeKe8MpC3pr_IA" type="3003" source="_-P7GUaA6EeKe8MpC3pr_IA" target="_PWGq0LIPEeGyraMqKGwiUw">
+ <styles xmi:type="notation:ConnectorStyle" xmi:id="_GfCc0aA7EeKe8MpC3pr_IA" routing="Rectilinear" lineColor="4210752"/>
+ <styles xmi:type="notation:FontStyle" xmi:id="_GfCc0qA7EeKe8MpC3pr_IA" fontName="Segoe UI"/>
+ <element xsi:nil="true"/>
+ <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_GfCc06A7EeKe8MpC3pr_IA" points="[-1, -20, 319, 108]$[-1, -62, 319, 66]$[-320, -62, 0, 66]$[-320, -103, 0, 25]"/>
</edges>
</notation:Diagram>
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java
new file mode 100644
index 0000000000..e99513b8d7
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.internal.security;
+
+import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.view.CDOView;
+
+/**
+ * @author Eike Stepper
+ */
+public interface ViewCreator
+{
+ public CDOView createView(CDORevisionProvider revisionProvider);
+}
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java
new file mode 100644
index 0000000000..f2468f6c07
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.internal.security;
+
+import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.view.CDOView;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author Eike Stepper
+ */
+public final class ViewUtil
+{
+ private static final ThreadLocal<ViewCreator> VIEW_CREATOR = new ThreadLocal<ViewCreator>();
+
+ private static final ThreadLocal<Map<CDORevisionProvider, CDOView>> VIEWS = new ThreadLocal<Map<CDORevisionProvider, CDOView>>();
+
+ private ViewUtil()
+ {
+ }
+
+ private static Map<CDORevisionProvider, CDOView> getViews()
+ {
+ Map<CDORevisionProvider, CDOView> views = VIEWS.get();
+ if (views == null)
+ {
+ views = new HashMap<CDORevisionProvider, CDOView>();
+ VIEWS.set(views);
+ }
+
+ return views;
+ }
+
+ public static CDOView getView(CDORevisionProvider revisionProvider)
+ {
+ Map<CDORevisionProvider, CDOView> views = getViews();
+
+ CDOView view = views.get(revisionProvider);
+ if (view == null)
+ {
+ ViewCreator viewCreator = VIEW_CREATOR.get();
+ if (viewCreator == null)
+ {
+ throw new IllegalStateException("No view creator available for " + revisionProvider);
+ }
+
+ view = viewCreator.createView(revisionProvider);
+ views.put(revisionProvider, view);
+ }
+
+ return view;
+ }
+
+ public static void initViewCreation(ViewCreator viewCreator)
+ {
+ VIEW_CREATOR.set(viewCreator);
+ }
+
+ public static void doneViewCreation()
+ {
+ VIEW_CREATOR.remove();
+ VIEWS.remove();
+ }
+}
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java
new file mode 100644
index 0000000000..5c98ce2e4b
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java
@@ -0,0 +1,18 @@
+/**
+ */
+package org.eclipse.emf.cdo.security;
+
+/**
+ * <!-- begin-user-doc -->
+ * A representation of the model object '<em><b>Object Permission</b></em>'.
+ * @since 4.2
+ * <!-- end-user-doc -->
+ *
+ *
+ * @see org.eclipse.emf.cdo.security.SecurityPackage#getObjectPermission()
+ * @model abstract="true"
+ * @generated
+ */
+public interface ObjectPermission extends Permission
+{
+} // ObjectPermission
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java
index 4a9338506e..78256cd37c 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java
@@ -862,6 +862,47 @@ public interface SecurityPackage extends EPackage
int RESOURCE_PERMISSION_FEATURE_COUNT = PERMISSION_FEATURE_COUNT + 1;
/**
+ * The meta object id for the '{@link org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl <em>Object Permission</em>}' class.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @see org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl
+ * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getObjectPermission()
+ * @generated
+ */
+ int OBJECT_PERMISSION = 13;
+
+ /**
+ * The feature id for the '<em><b>Role</b></em>' container reference.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @generated
+ * @ordered
+ */
+ int OBJECT_PERMISSION__ROLE = PERMISSION__ROLE;
+
+ /**
+ * The feature id for the '<em><b>Access</b></em>' attribute.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @generated
+ * @ordered
+ */
+ int OBJECT_PERMISSION__ACCESS = PERMISSION__ACCESS;
+
+ /**
+ * The number of structural features of the '<em>Object Permission</em>' class.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @generated
+ * @ordered
+ */
+ int OBJECT_PERMISSION_FEATURE_COUNT = PERMISSION_FEATURE_COUNT + 0;
+
+ /**
* The meta object id for the '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}' enum.
* <!-- begin-user-doc -->
* @noreference This field is not intended to be referenced by clients.
@@ -870,7 +911,7 @@ public interface SecurityPackage extends EPackage
* @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getAccess()
* @generated
*/
- int ACCESS = 13;
+ int ACCESS = 14;
/**
* The meta object id for the '<em>Access Object</em>' data type.
@@ -881,7 +922,7 @@ public interface SecurityPackage extends EPackage
* @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getAccessObject()
* @generated
*/
- int ACCESS_OBJECT = 14;
+ int ACCESS_OBJECT = 15;
/**
* Returns the meta object for class '{@link org.eclipse.emf.cdo.security.SecurityElement <em>Element</em>}'.
@@ -1479,6 +1520,17 @@ public interface SecurityPackage extends EPackage
EAttribute getResourcePermission_Pattern();
/**
+ * Returns the meta object for class '{@link org.eclipse.emf.cdo.security.ObjectPermission <em>Object Permission</em>}'.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @return the meta object for class '<em>Object Permission</em>'.
+ * @see org.eclipse.emf.cdo.security.ObjectPermission
+ * @generated
+ */
+ EClass getObjectPermission();
+
+ /**
* Returns the meta object for enum '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}'.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
@@ -1995,6 +2047,17 @@ public interface SecurityPackage extends EPackage
EAttribute RESOURCE_PERMISSION__PATTERN = eINSTANCE.getResourcePermission_Pattern();
/**
+ * The meta object literal for the '{@link org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl <em>Object Permission</em>}' class.
+ * <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @see org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl
+ * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getObjectPermission()
+ * @generated
+ */
+ EClass OBJECT_PERMISSION = eINSTANCE.getObjectPermission();
+
+ /**
* The meta object literal for the '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}' enum.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java
new file mode 100644
index 0000000000..5d47fa637e
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java
@@ -0,0 +1,69 @@
+/**
+ */
+package org.eclipse.emf.cdo.security.impl;
+
+import org.eclipse.emf.cdo.CDOObject;
+import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
+import org.eclipse.emf.cdo.common.id.CDOID;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
+import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.internal.security.ViewUtil;
+import org.eclipse.emf.cdo.security.ObjectPermission;
+import org.eclipse.emf.cdo.security.SecurityPackage;
+import org.eclipse.emf.cdo.view.CDOView;
+
+import org.eclipse.emf.ecore.EClass;
+
+/**
+ * <!-- begin-user-doc -->
+ * An implementation of the model object '<em><b>Object Permission</b></em>'.
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * <p>
+ * </p>
+ *
+ * @generated
+ */
+public abstract class ObjectPermissionImpl extends PermissionImpl implements ObjectPermission
+{
+ /**
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ protected ObjectPermissionImpl()
+ {
+ super();
+ }
+
+ /**
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ @Override
+ protected EClass eStaticClass()
+ {
+ return SecurityPackage.Literals.OBJECT_PERMISSION;
+ }
+
+ protected CDOView getView(CDORevisionProvider revisionProvider)
+ {
+ return ViewUtil.getView(revisionProvider);
+ }
+
+ /**
+ * @ADDED
+ */
+ public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
+ {
+ CDOView view = getView(revisionProvider);
+ CDOID id = revision.getID();
+
+ CDOObject object = view.getObject(id);
+ return isApplicable(object, securityContext);
+ }
+
+ protected abstract boolean isApplicable(CDOObject object, CDOBranchPoint securityContext);
+
+} // ObjectPermissionImpl
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java
index 0d87da97e2..9b5abf88cf 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java
@@ -16,6 +16,7 @@ import org.eclipse.emf.cdo.security.Assignee;
import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
+import org.eclipse.emf.cdo.security.ObjectPermission;
import org.eclipse.emf.cdo.security.PackagePermission;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
@@ -141,6 +142,13 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage
* <!-- end-user-doc -->
* @generated
*/
+ private EClass objectPermissionEClass = null;
+
+ /**
+ * <!-- begin-user-doc -->
+ * <!-- end-user-doc -->
+ * @generated
+ */
private EEnum accessEEnum = null;
/**
@@ -774,6 +782,17 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage
/**
* <!-- begin-user-doc -->
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @generated
+ */
+ public EClass getObjectPermission()
+ {
+ return objectPermissionEClass;
+ }
+
+ /**
+ * <!-- begin-user-doc -->
* <!-- end-user-doc -->
* @generated
*/
@@ -893,6 +912,8 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage
resourcePermissionEClass = createEClass(RESOURCE_PERMISSION);
createEAttribute(resourcePermissionEClass, RESOURCE_PERMISSION__PATTERN);
+ objectPermissionEClass = createEClass(OBJECT_PERMISSION);
+
// Create enums
accessEEnum = createEEnum(ACCESS);
@@ -947,6 +968,7 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage
classPermissionEClass.getESuperTypes().add(getPermission());
packagePermissionEClass.getESuperTypes().add(getPermission());
resourcePermissionEClass.getESuperTypes().add(getPermission());
+ objectPermissionEClass.getESuperTypes().add(getPermission());
// Initialize classes and features; add operations and parameters
initEClass(securityElementEClass, SecurityElement.class,
@@ -1179,6 +1201,9 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage
theEcorePackage.getEString(),
"pattern", null, 0, 1, ResourcePermission.class, !IS_TRANSIENT, !IS_VOLATILE, IS_CHANGEABLE, !IS_UNSETTABLE, !IS_ID, IS_UNIQUE, !IS_DERIVED, IS_ORDERED); //$NON-NLS-1$
+ initEClass(objectPermissionEClass, ObjectPermission.class,
+ "ObjectPermission", IS_ABSTRACT, !IS_INTERFACE, IS_GENERATED_INSTANCE_CLASS); //$NON-NLS-1$
+
// Initialize enums and add enum literals
initEEnum(accessEEnum, Access.class, "Access"); //$NON-NLS-1$
addEEnumLiteral(accessEEnum, Access.READ);
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java
index cc40afb786..7211f1d403 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java
@@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.security.Assignee;
import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
+import org.eclipse.emf.cdo.security.ObjectPermission;
import org.eclipse.emf.cdo.security.PackagePermission;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
@@ -174,6 +175,12 @@ public class SecurityAdapterFactory extends AdapterFactoryImpl
}
@Override
+ public Adapter caseObjectPermission(ObjectPermission object)
+ {
+ return createObjectPermissionAdapter();
+ }
+
+ @Override
public Adapter caseModelElement(ModelElement object)
{
return createModelElementAdapter();
@@ -396,6 +403,22 @@ public class SecurityAdapterFactory extends AdapterFactoryImpl
}
/**
+ * Creates a new adapter for an object of class '{@link org.eclipse.emf.cdo.security.ObjectPermission <em>Object Permission</em>}'.
+ * <!-- begin-user-doc -->
+ * This default implementation returns null so that we can easily ignore cases;
+ * it's useful to ignore a case when inheritance will catch all the cases anyway.
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @return the new adapter.
+ * @see org.eclipse.emf.cdo.security.ObjectPermission
+ * @generated
+ */
+ public Adapter createObjectPermissionAdapter()
+ {
+ return null;
+ }
+
+ /**
* Creates a new adapter for an object of class '{@link org.eclipse.emf.cdo.etypes.ModelElement <em>Model Element</em>}'.
* <!-- begin-user-doc -->
* This default implementation returns null so that we can easily ignore cases;
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java
index bb490c8f7f..4d7150dfeb 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java
@@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.security.Assignee;
import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
+import org.eclipse.emf.cdo.security.ObjectPermission;
import org.eclipse.emf.cdo.security.PackagePermission;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
@@ -118,9 +119,13 @@ public class SecuritySwitch<T>
SecurityElement securityElement = (SecurityElement)theEObject;
T result = caseSecurityElement(securityElement);
if (result == null)
+ {
result = caseModelElement(securityElement);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.SECURITY_ITEM:
@@ -128,11 +133,17 @@ public class SecuritySwitch<T>
SecurityItem securityItem = (SecurityItem)theEObject;
T result = caseSecurityItem(securityItem);
if (result == null)
+ {
result = caseSecurityElement(securityItem);
+ }
if (result == null)
+ {
result = caseModelElement(securityItem);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.REALM:
@@ -140,11 +151,17 @@ public class SecuritySwitch<T>
Realm realm = (Realm)theEObject;
T result = caseRealm(realm);
if (result == null)
+ {
result = caseSecurityElement(realm);
+ }
if (result == null)
+ {
result = caseModelElement(realm);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.DIRECTORY:
@@ -152,13 +169,21 @@ public class SecuritySwitch<T>
Directory directory = (Directory)theEObject;
T result = caseDirectory(directory);
if (result == null)
+ {
result = caseSecurityItem(directory);
+ }
if (result == null)
+ {
result = caseSecurityElement(directory);
+ }
if (result == null)
+ {
result = caseModelElement(directory);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.ROLE:
@@ -166,13 +191,21 @@ public class SecuritySwitch<T>
Role role = (Role)theEObject;
T result = caseRole(role);
if (result == null)
+ {
result = caseSecurityItem(role);
+ }
if (result == null)
+ {
result = caseSecurityElement(role);
+ }
if (result == null)
+ {
result = caseModelElement(role);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.ASSIGNEE:
@@ -180,13 +213,21 @@ public class SecuritySwitch<T>
Assignee assignee = (Assignee)theEObject;
T result = caseAssignee(assignee);
if (result == null)
+ {
result = caseSecurityItem(assignee);
+ }
if (result == null)
+ {
result = caseSecurityElement(assignee);
+ }
if (result == null)
+ {
result = caseModelElement(assignee);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.GROUP:
@@ -194,15 +235,25 @@ public class SecuritySwitch<T>
Group group = (Group)theEObject;
T result = caseGroup(group);
if (result == null)
+ {
result = caseAssignee(group);
+ }
if (result == null)
+ {
result = caseSecurityItem(group);
+ }
if (result == null)
+ {
result = caseSecurityElement(group);
+ }
if (result == null)
+ {
result = caseModelElement(group);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.USER:
@@ -210,15 +261,25 @@ public class SecuritySwitch<T>
User user = (User)theEObject;
T result = caseUser(user);
if (result == null)
+ {
result = caseAssignee(user);
+ }
if (result == null)
+ {
result = caseSecurityItem(user);
+ }
if (result == null)
+ {
result = caseSecurityElement(user);
+ }
if (result == null)
+ {
result = caseModelElement(user);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.USER_PASSWORD:
@@ -226,7 +287,9 @@ public class SecuritySwitch<T>
UserPassword userPassword = (UserPassword)theEObject;
T result = caseUserPassword(userPassword);
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.PERMISSION:
@@ -234,7 +297,9 @@ public class SecuritySwitch<T>
Permission permission = (Permission)theEObject;
T result = casePermission(permission);
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.CLASS_PERMISSION:
@@ -242,9 +307,13 @@ public class SecuritySwitch<T>
ClassPermission classPermission = (ClassPermission)theEObject;
T result = caseClassPermission(classPermission);
if (result == null)
+ {
result = casePermission(classPermission);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.PACKAGE_PERMISSION:
@@ -252,9 +321,13 @@ public class SecuritySwitch<T>
PackagePermission packagePermission = (PackagePermission)theEObject;
T result = casePackagePermission(packagePermission);
if (result == null)
+ {
result = casePermission(packagePermission);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
return result;
}
case SecurityPackage.RESOURCE_PERMISSION:
@@ -262,9 +335,27 @@ public class SecuritySwitch<T>
ResourcePermission resourcePermission = (ResourcePermission)theEObject;
T result = caseResourcePermission(resourcePermission);
if (result == null)
+ {
result = casePermission(resourcePermission);
+ }
if (result == null)
+ {
result = defaultCase(theEObject);
+ }
+ return result;
+ }
+ case SecurityPackage.OBJECT_PERMISSION:
+ {
+ ObjectPermission objectPermission = (ObjectPermission)theEObject;
+ T result = caseObjectPermission(objectPermission);
+ if (result == null)
+ {
+ result = casePermission(objectPermission);
+ }
+ if (result == null)
+ {
+ result = defaultCase(theEObject);
+ }
return result;
}
default:
@@ -481,6 +572,23 @@ public class SecuritySwitch<T>
}
/**
+ * Returns the result of interpreting the object as an instance of '<em>Object Permission</em>'.
+ * <!-- begin-user-doc -->
+ * This implementation returns null;
+ * returning a non-null result will terminate the switch.
+ * @since 4.2
+ * <!-- end-user-doc -->
+ * @param object the target of the switch.
+ * @return the result of interpreting the object as an instance of '<em>Object Permission</em>'.
+ * @see #doSwitch(org.eclipse.emf.ecore.EObject) doSwitch(EObject)
+ * @generated
+ */
+ public T caseObjectPermission(ObjectPermission object)
+ {
+ return null;
+ }
+
+ /**
* Returns the result of interpreting the object as an instance of '<em>Model Element</em>'.
* <!-- begin-user-doc -->
* This implementation returns null;
diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
new file mode 100644
index 0000000000..56e0dd3b62
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<component id="org.eclipse.emf.cdo.server.security" version="2">
+ <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager">
+ <filter id="574619656">
+ <message_arguments>
+ <message_argument value="IPermissionManager"/>
+ <message_argument value="PermissionManager"/>
+ </message_arguments>
+ </filter>
+ </resource>
+</component>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 980a7ccabd..419f6d851b 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -18,6 +18,8 @@ import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.eresource.CDOResource;
import org.eclipse.emf.cdo.eresource.EresourcePackage;
+import org.eclipse.emf.cdo.internal.security.ViewCreator;
+import org.eclipse.emf.cdo.internal.security.ViewUtil;
import org.eclipse.emf.cdo.net4j.CDONet4jSession;
import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
@@ -32,8 +34,10 @@ import org.eclipse.emf.cdo.security.SecurityFactory;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.security.UserPassword;
+import org.eclipse.emf.cdo.server.CDOServerUtil;
import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.IRepository;
+import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.ITransaction;
import org.eclipse.emf.cdo.server.internal.security.bundle.OM;
@@ -535,7 +539,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
}
protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider,
- CDOBranchPoint securityContext, User user)
+ CDOBranchPoint securityContext, ISession session, User user)
{
CDOPermission result = convertPermission(user.getDefaultAccess());
if (result == CDOPermission.WRITE)
@@ -615,6 +619,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
*/
private final class PermissionManager implements IPermissionManager
{
+ public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session)
+ {
+ String userID = session.getUserID();
+ if (SYSTEM_USER_ID.equals(userID))
+ {
+ // TODO Should we also check for access to the /security resource (the realm)?
+ return CDOPermission.WRITE;
+ }
+
+ return doGetPermission(revision, securityContext, session, userID);
+ }
+
+ @Deprecated
public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
{
if (SYSTEM_USER_ID.equals(userID))
@@ -623,12 +640,33 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
return CDOPermission.WRITE;
}
+ return doGetPermission(revision, securityContext, null, userID);
+ }
+
+ private CDOPermission doGetPermission(CDORevision revision, final CDOBranchPoint securityContext,
+ final ISession session, String userID)
+ {
User user = getUser(userID);
InternalCDORevisionManager revisionManager = repository.getRevisionManager();
CDORevisionProvider revisionProvider = new ManagedRevisionProvider(revisionManager, securityContext);
- return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, user);
+ ViewUtil.initViewCreation(new ViewCreator()
+ {
+ public CDOView createView(CDORevisionProvider revisionProvider)
+ {
+ return CDOServerUtil.openView(session, securityContext, revisionProvider);
+ }
+ });
+
+ try
+ {
+ return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, session, user);
+ }
+ finally
+ {
+ ViewUtil.doneViewCreation();
+ }
}
}
@@ -637,7 +675,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
*/
private final class WriteAccessHandler implements IRepository.WriteAccessHandler
{
- public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext,
+ public void handleTransactionBeforeCommitting(ITransaction transaction, final CommitContext commitContext,
OMMonitor monitor) throws RuntimeException
{
if (transaction.getSessionID() == session.getSessionID())
@@ -651,16 +689,32 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
handleCommit(commitContext, user);
- permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects());
- permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
+ ViewUtil.initViewCreation(new ViewCreator()
+ {
+ public CDOView createView(CDORevisionProvider revisionProvider)
+ {
+ return CDOServerUtil.openView(commitContext);
+ }
+ });
+
+ try
+ {
+ permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects());
+ permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
+ }
+ finally
+ {
+ ViewUtil.doneViewCreation();
+ }
}
private void permissionRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext,
User user, InternalCDORevision[] revisions)
{
+ ISession session = commitContext.getTransaction().getSession();
for (InternalCDORevision revision : revisions)
{
- CDOPermission permission = getPermission(revision, commitContext, securityContext, user);
+ CDOPermission permission = getPermission(revision, commitContext, securityContext, session, user);
if (permission != CDOPermission.WRITE)
{
throw new SecurityException("User " + user + " is not allowed to write to " + revision);
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java
index 42eaeb98b1..bdc502deac 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java
@@ -361,7 +361,7 @@ public class Session extends Container<IView> implements InternalSession
IPermissionManager permissionManager = manager.getPermissionManager();
if (permissionManager != null)
{
- return permissionManager.getPermission(revision, securityContext, userID);
+ return permissionManager.getPermission(revision, securityContext, this);
}
return CDORevision.PERMISSION_PROVIDER.getPermission(revision, securityContext);
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java
index 7ef3e8f8b6..7a91cf80ce 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java
@@ -19,8 +19,19 @@ import org.eclipse.emf.cdo.common.security.CDOPermission;
*
* @author Eike Stepper
* @since 4.1
+ * @noextend This interface is not intended to be extended by clients.
+ * @noimplement This interface is not intended to be implemented by clients.
*/
public interface IPermissionManager
{
+ /**
+ * @deprecated As of 4.2 call {@link #getPermission(CDORevision, CDOBranchPoint, ISession)}.
+ */
+ @Deprecated
public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID);
+
+ /**
+ * @since 4.2
+ */
+ public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session);
}
diff --git a/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java b/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java
index b3b01e9fca..519993a950 100644
--- a/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java
+++ b/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java
@@ -16,6 +16,7 @@ import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.common.security.NoPermissionException;
import org.eclipse.emf.cdo.eresource.CDOResource;
import org.eclipse.emf.cdo.server.IPermissionManager;
+import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.session.CDOSession;
import org.eclipse.emf.cdo.tests.AbstractCDOTest;
import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesAfter;
@@ -60,7 +61,7 @@ public class Bugzilla_343084_Test extends AbstractCDOTest
IPermissionManager permissionManager = new IPermissionManager()
{
- public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
+ public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session)
{
EClass eClass = revision.getEClass();
CDOPermission permission = permissions.get(eClass);
@@ -71,6 +72,12 @@ public class Bugzilla_343084_Test extends AbstractCDOTest
return CDOPermission.WRITE;
}
+
+ @Deprecated
+ public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
+ {
+ throw new UnsupportedOperationException();
+ }
};
getTestProperties().put(RepositoryConfig.PROP_TEST_AUTHENTICATOR, userManager);

Back to the top