[417483] [Security] Issues in invalidation when missing write Permission

https://bugs.eclipse.org/bugs/show_bug.cgi?id=417483
author: Eike Stepper 2013-09-23 08:33:15 +0000
committer: Eike Stepper 2013-09-23 08:33:15 +0000
commit: 3899b0d02e1ec67674511c5cfbaf0605f538fa55 (patch)
tree: b40082fbfd5c097729feaa3fe5785b0592de634f /plugins/org.eclipse.emf.cdo.server.security
parent: dc8364330b7013c4edd54ef30b9d74f7ad9f234a (diff)
download: cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.gz
cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.xz
cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.zip
2 files changed, 21 insertions, 22 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 97a7a7d1c3..5a2d5715b9 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -25,7 +25,7 @@ import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
 import org.eclipse.emf.cdo.security.Access;
 import org.eclipse.emf.cdo.security.Directory;
 import org.eclipse.emf.cdo.security.Group;
-import org.eclipse.emf.cdo.security.Inclusion;
+import org.eclipse.emf.cdo.security.PatternStyle;
 import org.eclipse.emf.cdo.security.Permission;
 import org.eclipse.emf.cdo.security.Realm;
 import org.eclipse.emf.cdo.security.Role;
@@ -79,6 +79,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 {
   private static final Map<IRepository, InternalSecurityManager> SECURITY_MANAGERS = new HashMap<IRepository, InternalSecurityManager>();
 
+  private static final SecurityFactory SF = SecurityFactory.eINSTANCE;
+
   private final IListener repositoryListener = new LifecycleEventAdapter()
   {
     @Override
@@ -248,7 +250,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     {
       public void execute(Realm realm)
       {
-        UserPassword userPassword = SecurityFactory.eINSTANCE.createUserPassword();
+        UserPassword userPassword = SF.createUserPassword();
         userPassword.setEncrypted(new String(password));
 
         result[0] = realm.addUser(id);
@@ -528,9 +530,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
   protected Realm createRealm()
   {
-    final SecurityFactory factory = SecurityFactory.eINSTANCE;
-
-    Realm realm = factory.createRealm("Security Realm");
+    Realm realm = SF.createRealm("Security Realm");
     realm.setDefaultRoleDirectory(addDirectory(realm, "Roles"));
     realm.setDefaultGroupDirectory(addDirectory(realm, "Groups"));
     realm.setDefaultUserDirectory(addDirectory(realm, "Users"));
@@ -539,27 +539,25 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
     Role allReaderRole = realm.addRole("All Objects Reader");
     allReaderRole.getPermissions().add(
-        factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*", Inclusion.REGEX)));
+        SF.createFilterPermission(Access.READ, SF.createResourceFilter(".*", PatternStyle.REGEX)));
 
     Role allWriterRole = realm.addRole("All Objects Writer");
     allWriterRole.getPermissions().add(
-        factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*", Inclusion.REGEX)));
+        SF.createFilterPermission(Access.WRITE, SF.createResourceFilter(".*", PatternStyle.REGEX)));
 
     Role treeReaderRole = realm.addRole("Resource Tree Reader");
     treeReaderRole.getPermissions().add(
-        factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
+        SF.createFilterPermission(Access.READ, SF.createPackageFilter(EresourcePackage.eINSTANCE)));
 
     Role treeWriterRole = realm.addRole("Resource Tree Writer");
     treeWriterRole.getPermissions().add(
-        factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
+        SF.createFilterPermission(Access.WRITE, SF.createPackageFilter(EresourcePackage.eINSTANCE)));
 
     Role adminRole = realm.addRole("Administration");
-    adminRole.getPermissions()
-        .add(
-            factory.createFilterPermission(Access.WRITE,
-                factory.createResourceFilter(realmPath, Inclusion.EXACT_AND_DOWN)));
     adminRole.getPermissions().add(
-        factory.createFilterPermission(Access.READ, factory.createResourceFilter(realmPath, Inclusion.EXACT_AND_UP)));
+        SF.createFilterPermission(Access.WRITE, SF.createResourceFilter(realmPath, PatternStyle.EXACT, false)));
+    adminRole.getPermissions().add(
+        SF.createFilterPermission(Access.READ, SF.createResourceFilter(realmPath, PatternStyle.EXACT, true)));
 
     // Create groups
 
@@ -578,7 +576,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
   protected Directory addDirectory(Realm realm, String name)
   {
-    Directory directory = SecurityFactory.eINSTANCE.createDirectory(name);
+    Directory directory = SF.createDirectory(name);
     realm.getItems().add(directory);
     return directory;
   }
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
index e16756e9aa..bc25ea01c6 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
@@ -11,7 +11,7 @@
 package org.eclipse.emf.cdo.server.spi.security;
 
 import org.eclipse.emf.cdo.security.Access;
-import org.eclipse.emf.cdo.security.Inclusion;
+import org.eclipse.emf.cdo.security.PatternStyle;
 import org.eclipse.emf.cdo.security.Realm;
 import org.eclipse.emf.cdo.security.Role;
 import org.eclipse.emf.cdo.security.SecurityFactory;
@@ -43,6 +43,8 @@ public class HomeFolderHandler implements InternalSecurityManager.CommitHandler2
 {
   public static final String DEFAULT_HOME_FOLDER = "/home";
 
+  private static final SecurityFactory SF = SecurityFactory.eINSTANCE;
+
   private final String homeFolder;
 
   public HomeFolderHandler(String homeFolder)
@@ -80,12 +82,11 @@ public class HomeFolderHandler implements InternalSecurityManager.CommitHandler2
 
   protected void initRole(Role role)
   {
-    role.getPermissions().add(
-        SecurityFactory.eINSTANCE.createFilterPermission(Access.WRITE,
-            SecurityFactory.eINSTANCE.createResourceFilter(homeFolder + "/${user}", Inclusion.EXACT_AND_DOWN)));
-    role.getPermissions().add(
-        SecurityFactory.eINSTANCE.createFilterPermission(Access.READ,
-            SecurityFactory.eINSTANCE.createResourceFilter(homeFolder, Inclusion.EXACT_AND_UP)));
+    role.getPermissions().add(SF.createFilterPermission(Access.WRITE, //
+        SF.createResourceFilter(homeFolder + "/${user}", PatternStyle.TREE, false)));
+
+    role.getPermissions().add(SF.createFilterPermission(Access.READ, //
+        SF.createResourceFilter(homeFolder, PatternStyle.EXACT, true)));
   }
 
   public void handleCommit(final InternalSecurityManager securityManager, CommitContext commitContext, User user)
author	Eike Stepper	2013-09-23 08:33:15 +0000
committer	Eike Stepper	2013-09-23 08:33:15 +0000
commit	3899b0d02e1ec67674511c5cfbaf0605f538fa55 (patch)
tree	b40082fbfd5c097729feaa3fe5785b0592de634f /plugins/org.eclipse.emf.cdo.server.security
parent	dc8364330b7013c4edd54ef30b9d74f7ad9f234a (diff)
download	cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.gz cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.xz cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.zip