diff options
11 files changed, 306 insertions, 94 deletions
diff --git a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java index d16d1ba5f1..b5a8cd9364 100644 --- a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java +++ b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java @@ -53,7 +53,7 @@ import java.util.StringTokenizer; /** * Various static helper methods for dealing with {@link CDORevision revisions}. - * + * * @author Eike Stepper * @apiviz.exclude */ @@ -61,13 +61,15 @@ public final class CDORevisionUtil { public static final Object UNINITIALIZED = new Uninitialized(); + private static EAttribute resourceNodeNameAttribute; + private CDORevisionUtil() { } /** * Creates and returns a new memory sensitive revision cache. - * + * * @since 4.0 */ public static CDORevisionCache createRevisionCache(boolean supportingAudits, boolean supportingBranches) @@ -304,35 +306,72 @@ public final class CDORevisionUtil */ public static String getResourceNodePath(CDORevision revision, CDORevisionProvider provider) { - EAttribute nameFeature = (EAttribute)revision.getEClass().getEStructuralFeature("name"); - StringBuilder builder = new StringBuilder(); - getResourceNodePath((InternalCDORevision)revision, provider, nameFeature, builder); - - builder.insert(0, "/"); - return builder.toString(); + getResourceNodePath((InternalCDORevision)revision, provider, builder); + String string = builder.toString(); + System.out.println("Path: " + revision + " --> " + string); + return string; } private static void getResourceNodePath(InternalCDORevision revision, CDORevisionProvider provider, - EAttribute nameFeature, StringBuilder result) + StringBuilder result) { - String name = (String)revision.get(nameFeature, 0); - if (name != null) + InternalCDORevision container = getParentRevision(revision, provider); + if (container != null) { - if (result.length() != 0) + getResourceNodePath(container, provider, result); + } + + EAttribute attribute = getResourceNodeNameAttribute(revision); + if (attribute != null) + { + int length = result.length(); + if (length == 0 || result.charAt(length - 1) != '/') + { + result.append("/"); + } + + String name = (String)revision.get(attribute, 0); + if (name != null) // Exclude root resource { - result.insert(0, "/"); + result.append(name); } + } + } - result.insert(0, name); + private static InternalCDORevision getParentRevision(InternalCDORevision revision, CDORevisionProvider provider) + { + CDOID parentID = (CDOID)revision.getContainerID(); + if (CDOIDUtil.isNull(parentID)) + { + parentID = revision.getResourceID(); + if (CDOIDUtil.isNull(parentID)) + { + return null; + } + else if (parentID.equals(revision.getID())) + { + // This must be the root resource! + return null; + } } - CDOID folder = (CDOID)revision.getContainerID(); - if (!CDOIDUtil.isNull(folder)) + return (InternalCDORevision)provider.getRevision(parentID); + } + + private static EAttribute getResourceNodeNameAttribute(CDORevision revision) + { + if (revision.isResourceNode()) { - InternalCDORevision container = (InternalCDORevision)provider.getRevision(folder); - getResourceNodePath(container, provider, nameFeature, result); + if (CDORevisionUtil.resourceNodeNameAttribute == null) + { + CDORevisionUtil.resourceNodeNameAttribute = (EAttribute)revision.getEClass().getEStructuralFeature("name"); + } + + return CDORevisionUtil.resourceNodeNameAttribute; } + + return null; } /** @@ -357,7 +396,7 @@ public final class CDORevisionUtil /** * Dumps {@link CDORevision revisions}, sorted and grouped by {@link CDOBranch branch}, to various output formats and * targets. Concrete output formats and targets are implemented by subclasses. - * + * * @since 4.0 * @apiviz.exclude */ @@ -412,7 +451,7 @@ public final class CDORevisionUtil /** * A {@link AllRevisionsDumper revision dumper} that directs all output to a stream. The concrete output format is * implemented by subclasses. - * + * * @author Eike Stepper * @apiviz.exclude */ @@ -433,7 +472,7 @@ public final class CDORevisionUtil /** * A {@link Stream revision dumper} that directs all output as plain text to a stream. - * + * * @author Eike Stepper * @apiviz.exclude */ @@ -483,7 +522,7 @@ public final class CDORevisionUtil /** * A {@link Stream revision dumper} that directs all output as HTML text to a stream. - * + * * @author Eike Stepper * @apiviz.exclude */ @@ -554,7 +593,7 @@ public final class CDORevisionUtil /** * Compares {@link CDORevisionKey revision keys} by {@link CDORevision#getID() ID} and * {@link CDORevision#getVersion() version}. - * + * * @author Eike Stepper * @since 4.0 * @apiviz.exclude diff --git a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java index 916add9ead..57b71e4ab0 100644 --- a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java +++ b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java @@ -79,6 +79,11 @@ public abstract class BaseCDORevision extends AbstractCDORevision private static final byte SET_NOT_NULL_OPCODE = 2; + /** + * private static final byte READ_PERMISSION_FLAG = 0x01; + * + * private static final byte WRITE_PERMISSION_FLAG = 0x02; + */ private static final byte FROZEN_FLAG = 0x04; private static final byte UNCHUNKED_FLAG = 0x08; diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java index 5e43cf1e75..0dfd407256 100644 --- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java +++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java @@ -2,13 +2,16 @@ */ package org.eclipse.emf.cdo.security.provider; +import org.eclipse.emf.cdo.common.model.CDOPackageInfo; import org.eclipse.emf.cdo.security.Access; import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.SecurityPackage; +import org.eclipse.emf.cdo.view.CDOView; import org.eclipse.emf.common.notify.AdapterFactory; import org.eclipse.emf.common.notify.Notification; import org.eclipse.emf.ecore.EClass; +import org.eclipse.emf.ecore.EClassifier; import org.eclipse.emf.edit.provider.ComposeableAdapterFactory; import org.eclipse.emf.edit.provider.IEditingDomainItemProvider; import org.eclipse.emf.edit.provider.IItemColorProvider; @@ -21,8 +24,12 @@ import org.eclipse.emf.edit.provider.ITableItemColorProvider; import org.eclipse.emf.edit.provider.ITableItemFontProvider; import org.eclipse.emf.edit.provider.ITableItemLabelProvider; import org.eclipse.emf.edit.provider.ITreeItemContentProvider; +import org.eclipse.emf.edit.provider.ItemPropertyDescriptor; +import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; import java.util.List; /** @@ -68,17 +75,59 @@ public class ClassPermissionItemProvider extends PermissionItemProvider implemen * This adds a property descriptor for the Applicable Class feature. * <!-- begin-user-doc --> * <!-- end-user-doc --> - * @generated + * @generated NOT */ protected void addApplicableClassPropertyDescriptor(Object object) { - itemPropertyDescriptors - .add(createItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory).getRootAdapterFactory(), - getResourceLocator(), - getString("_UI_ClassPermission_applicableClass_feature"), //$NON-NLS-1$ - getString( - "_UI_PropertyDescriptor_description", "_UI_ClassPermission_applicableClass_feature", "_UI_ClassPermission_type"), //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, true, false, true, null, null, null)); + itemPropertyDescriptors.add(new ItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory) + .getRootAdapterFactory(), getResourceLocator(), getString("_UI_ClassPermission_applicableClass_feature"), + getString("_UI_PropertyDescriptor_description", "_UI_ClassPermission_applicableClass_feature", + "_UI_ClassPermission_type"), SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, true, false, + true, null, null, null) + { + @Override + public Collection<?> getChoiceOfValues(Object object) + { + if (object instanceof ClassPermission) + { + ClassPermission classPermission = (ClassPermission)object; + CDOView view = classPermission.cdoView(); + if (view != null) + { + List<EClass> result = new ArrayList<EClass>(); + for (CDOPackageInfo packageInfo : view.getSession().getPackageRegistry().getPackageInfos()) + { + for (EClassifier classifier : packageInfo.getEPackage().getEClassifiers()) + { + if (classifier instanceof EClass) + { + result.add((EClass)classifier); + + } + } + } + + Collections.sort(result, new Comparator<EClass>() + { + public int compare(EClass c1, EClass c2) + { + int comparison = c1.getName().compareTo(c2.getName()); + if (comparison == 0) + { + comparison = c1.getEPackage().getNsURI().compareTo(c2.getEPackage().getNsURI()); + } + + return comparison; + } + }); + + return result; + } + } + + return super.getChoiceOfValues(object); + } + }); } /** diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java index 98b1126a61..de517979a3 100644 --- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java +++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java @@ -2,12 +2,15 @@ */ package org.eclipse.emf.cdo.security.provider; -import org.eclipse.emf.cdo.security.PackagePermission; +import org.eclipse.emf.cdo.common.model.CDOPackageInfo; import org.eclipse.emf.cdo.security.Access; +import org.eclipse.emf.cdo.security.PackagePermission; import org.eclipse.emf.cdo.security.SecurityPackage; +import org.eclipse.emf.cdo.view.CDOView; import org.eclipse.emf.common.notify.AdapterFactory; import org.eclipse.emf.common.notify.Notification; +import org.eclipse.emf.ecore.EPackage; import org.eclipse.emf.edit.provider.ComposeableAdapterFactory; import org.eclipse.emf.edit.provider.IEditingDomainItemProvider; import org.eclipse.emf.edit.provider.IItemColorProvider; @@ -20,8 +23,12 @@ import org.eclipse.emf.edit.provider.ITableItemColorProvider; import org.eclipse.emf.edit.provider.ITableItemFontProvider; import org.eclipse.emf.edit.provider.ITableItemLabelProvider; import org.eclipse.emf.edit.provider.ITreeItemContentProvider; +import org.eclipse.emf.edit.provider.ItemPropertyDescriptor; +import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; import java.util.List; /** @@ -67,17 +74,46 @@ public class PackagePermissionItemProvider extends PermissionItemProvider implem * This adds a property descriptor for the Applicable Package feature. * <!-- begin-user-doc --> * <!-- end-user-doc --> - * @generated + * @generated NOT */ protected void addApplicablePackagePropertyDescriptor(Object object) { - itemPropertyDescriptors - .add(createItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory).getRootAdapterFactory(), - getResourceLocator(), - getString("_UI_PackagePermission_applicablePackage_feature"), //$NON-NLS-1$ - getString( - "_UI_PropertyDescriptor_description", "_UI_PackagePermission_applicablePackage_feature", "_UI_PackagePermission_type"), //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, true, false, true, null, null, null)); + itemPropertyDescriptors.add(new ItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory) + .getRootAdapterFactory(), getResourceLocator(), getString("_UI_PackagePermission_applicablePackage_feature"), + getString("_UI_PropertyDescriptor_description", "_UI_PackagePermission_applicablePackage_feature", + "_UI_PackagePermission_type"), SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, true, + false, true, null, null, null) + { + @Override + public Collection<?> getChoiceOfValues(Object object) + { + if (object instanceof PackagePermission) + { + PackagePermission packagePermission = (PackagePermission)object; + CDOView view = packagePermission.cdoView(); + if (view != null) + { + List<EPackage> result = new ArrayList<EPackage>(); + for (CDOPackageInfo packageInfo : view.getSession().getPackageRegistry().getPackageInfos()) + { + result.add(packageInfo.getEPackage()); + } + + Collections.sort(result, new Comparator<EPackage>() + { + public int compare(EPackage p1, EPackage p2) + { + return p1.getNsURI().compareTo(p2.getNsURI()); + } + }); + + return result; + } + } + + return super.getChoiceOfValues(object); + } + }); } /** @@ -107,15 +143,21 @@ public class PackagePermissionItemProvider extends PermissionItemProvider implem * This returns the label text for the adapted class. * <!-- begin-user-doc --> * <!-- end-user-doc --> - * @generated + * @generated NOT */ @Override public String getText(Object object) { Access labelValue = ((PackagePermission)object).getAccess(); - String label = labelValue == null ? null : labelValue.toString(); - return label == null || label.length() == 0 ? getString("_UI_PackagePermission_type") : //$NON-NLS-1$ - getString("_UI_PackagePermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$ + EPackage applicablePackage = ((PackagePermission)object).getApplicablePackage(); + String label = labelValue == null ? "?" : labelValue.toString(); //$NON-NLS-1$ + + if (applicablePackage != null) + { + label += " " + applicablePackage.getName(); //$NON-NLS-1$ + } + + return label == null || label.length() == 0 ? getString("_UI_PackagePermission_type") : label; //$NON-NLS-1$ } /** diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java index 15383a360c..03ee1c1b47 100644 --- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java +++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java @@ -111,15 +111,21 @@ public class ResourcePermissionItemProvider extends PermissionItemProvider imple * This returns the label text for the adapted class. * <!-- begin-user-doc --> * <!-- end-user-doc --> - * @generated + * @generated NOT */ @Override public String getText(Object object) { Access labelValue = ((ResourcePermission)object).getAccess(); - String label = labelValue == null ? null : labelValue.toString(); - return label == null || label.length() == 0 ? getString("_UI_ResourcePermission_type") : //$NON-NLS-1$ - getString("_UI_ResourcePermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$ + String pattern = ((ResourcePermission)object).getPattern(); + String label = labelValue == null ? "?" : labelValue.toString(); //$NON-NLS-1$ + + if (pattern != null) + { + label += " " + pattern; //$NON-NLS-1$ + } + + return label == null || label.length() == 0 ? getString("_UI_ResourcePermission_type") : label; //$NON-NLS-1$ } /** diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java index 9e8fece2a3..6e871dcabe 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java @@ -74,6 +74,9 @@ public class ClassPermissionImpl extends PermissionImpl implements ClassPermissi eSet(SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, newApplicableClass); } + /** + * @ADDED + */ public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext) { EClass actualClass = revision.getEClass(); diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java index 5144a2de10..717986e5fa 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java @@ -75,6 +75,9 @@ public class PackagePermissionImpl extends PermissionImpl implements PackagePerm eSet(SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, newApplicablePackage); } + /** + * @ADDED + */ public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext) { EPackage actualPackage = revision.getEClass().getEPackage(); diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java index 037ad10bd2..f8e26b42a2 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java @@ -18,7 +18,6 @@ import org.eclipse.emf.cdo.security.ResourcePermission; import org.eclipse.emf.cdo.security.SecurityPackage; import org.eclipse.emf.ecore.EClass; -import org.eclipse.emf.ecore.EStructuralFeature; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -39,6 +38,14 @@ import java.util.regex.PatternSyntaxException; */ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePermission { + /** + * @ADDED + */ + private static final Pattern OMNI_PATTERN = Pattern.compile(".*"); + + /** + * @ADDED + */ private Pattern pattern; /** @@ -82,17 +89,41 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe eSet(SecurityPackage.Literals.RESOURCE_PERMISSION__PATTERN, newPattern); } - @Override - public void eSet(EStructuralFeature eFeature, Object newValue) + /** + * @ADDED + */ + public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext) { - super.eSet(eFeature, newValue); - if (eFeature == SecurityPackage.Literals.RESOURCE_PERMISSION__PATTERN) + if (pattern == null) + { + String str = getPattern(); + pattern = compilePattern(str); + + if (pattern == null) + { + return false; + } + } + + if (pattern == OMNI_PATTERN) + { + return true; + } + + if (revisionProvider == null) { - String value = (String)newValue; - pattern = compilePattern(value); + return false; } + + String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider); + + Matcher matcher = pattern.matcher(path); + return matcher.matches(); } + /** + * @ADDED + */ private Pattern compilePattern(String value) { if (value == null) @@ -100,6 +131,11 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe return null; } + if (value.equals(OMNI_PATTERN.pattern())) + { + return OMNI_PATTERN; + } + try { return Pattern.compile(value); @@ -110,22 +146,4 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe } } - public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext) - { - if (pattern == null) - { - return false; - } - - if (revisionProvider == null) - { - return false; - } - - String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider); - - Matcher matcher = pattern.matcher(path); - return matcher.matches(); - } - } // ResourcePermissionImpl diff --git a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF index 4f15b1b5df..7cdd9de33a 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF +++ b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-SymbolicName: org.eclipse.emf.cdo.server.security;singleton:=true Bundle-Name: %pluginName -Bundle-Version: 4.1.100.qualifier +Bundle-Version: 4.2.0.qualifier Bundle-ClassPath: . Bundle-Vendor: %providerName Bundle-Localization: plugin @@ -12,15 +12,15 @@ Require-Bundle: org.eclipse.core.runtime;bundle-version="[3.4.0,4.0.0)", org.eclipse.emf.cdo.security;bundle-version="[4.1.0,5.0.0)", org.eclipse.emf.cdo.net4j;bundle-version="[4.1.0,5.0.0)", org.eclipse.net4j.jvm;bundle-version="[4.1.0,5.0.0)" -Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.1.100"; +Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.2.0"; x-friends:="org.eclipse.emf.cdo.tests, org.eclipse.emf.cdo.tests.db, org.eclipse.emf.cdo.tests.db4o, org.eclipse.emf.cdo.tests.hibernate, org.eclipse.emf.cdo.tests.mongodb, org.eclipse.emf.cdo.tests.objectivity", - org.eclipse.emf.cdo.server.internal.security.bundle;version="4.1.100";x-internal:=true, - org.eclipse.emf.cdo.server.security;version="4.1.100", - org.eclipse.emf.cdo.server.spi.security;version="4.1.100" + org.eclipse.emf.cdo.server.internal.security.bundle;version="4.2.0";x-internal:=true, + org.eclipse.emf.cdo.server.security;version="4.2.0", + org.eclipse.emf.cdo.server.spi.security;version="4.2.0" Bundle-ActivationPolicy: lazy Bundle-Activator: org.eclipse.emf.cdo.server.internal.security.bundle.OM$Activator diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index a86ee4d351..980a7ccabd 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -11,6 +11,7 @@ package org.eclipse.emf.cdo.server.internal.security; import org.eclipse.emf.cdo.common.branch.CDOBranchPoint; +import org.eclipse.emf.cdo.common.commit.CDOCommitInfo; import org.eclipse.emf.cdo.common.model.EMFUtil; import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; @@ -44,6 +45,7 @@ import org.eclipse.emf.cdo.spi.server.InternalRepository; import org.eclipse.emf.cdo.spi.server.InternalSessionManager; import org.eclipse.emf.cdo.transaction.CDOTransaction; import org.eclipse.emf.cdo.util.CommitException; +import org.eclipse.emf.cdo.view.CDOView; import org.eclipse.net4j.Net4jUtil; import org.eclipse.net4j.acceptor.IAcceptor; @@ -58,10 +60,12 @@ import org.eclipse.net4j.util.lifecycle.LifecycleUtil; import org.eclipse.net4j.util.om.monitor.OMMonitor; import org.eclipse.net4j.util.security.IAuthenticator; +import org.eclipse.emf.common.util.EList; import org.eclipse.emf.ecore.EClass; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -98,7 +102,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage private final IManagedContainer container; - private final Map<String, User> users = new HashMap<String, User>(); + private final Map<String, User> users = Collections.synchronizedMap(new HashMap<String, User>()); private InternalRepository repository; @@ -108,7 +112,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage private CDONet4jSession session; - private CDOTransaction transaction; + private CDOView view; private Realm realm; @@ -171,22 +175,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage public User getUser(String id) { - synchronized (users) + User item = users.get(id); + if (item == null) { - User item = users.get(id); + item = realm.getUser(id); if (item == null) { - item = realm.getUser(id); - if (item == null) - { - throw new SecurityException("User " + id + " not found"); - } - - users.put(id, item); + throw new SecurityException("User " + id + " not found"); } - return item; + users.put(id, item); } + + return item; } public Role addRole(final String id) @@ -291,8 +292,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return result[0]; } + public void read(RealmOperation operation) + { + checkActive(); + operation.execute(realm); + } + public void modify(RealmOperation operation) { + modify(operation, false); + } + + public void modify(RealmOperation operation, boolean waitUntilReadable) + { checkActive(); CDOTransaction transaction = session.openTransaction(); @@ -300,7 +312,12 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage { Realm transactionRealm = transaction.getObject(realm); operation.execute(transactionRealm); - transaction.commit(); + CDOCommitInfo commit = transaction.commit(); + + if (waitUntilReadable) + { + view.waitForUpdate(commit.getTimeStamp()); + } } catch (CommitException ex) { @@ -401,9 +418,10 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage CDONet4jSessionConfiguration config = CDONet4jUtil.createNet4jSessionConfiguration(); config.setConnector(connector); config.setRepositoryName(repositoryName); + config.setUserID(SYSTEM_USER_ID); session = config.openNet4jSession(); - transaction = session.openTransaction(); + CDOTransaction transaction = session.openTransaction(); boolean firstTime = !transaction.hasResource(realmPath); if (firstTime) @@ -428,6 +446,13 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage { throw WrappedException.wrap(ex); } + finally + { + transaction.close(); + } + + view = session.openView(); + realm = view.getObject(realm); InternalSessionManager sessionManager = repository.getSessionManager(); sessionManager.setAuthenticator(authenticator); @@ -518,7 +543,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return result; } - for (Permission permission : user.getAllPermissions()) + EList<Permission> allPermissions = user.getAllPermissions(); + for (Permission permission : allPermissions) { CDOPermission p = convertPermission(permission.getAccess()); if (p.ordinal() <= result.ordinal()) @@ -555,7 +581,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage session.close(); session = null; - transaction = null; + view = null; connector.close(); connector = null; @@ -591,6 +617,12 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage { public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID) { + if (SYSTEM_USER_ID.equals(userID)) + { + // TODO Should we also check for access to the /security resource (the realm)? + return CDOPermission.WRITE; + } + User user = getUser(userID); InternalCDORevisionManager revisionManager = repository.getRevisionManager(); diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java index 53118d3c31..889b2ff2c3 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java @@ -24,13 +24,28 @@ import org.eclipse.emf.cdo.server.IRepository; */ public interface ISecurityManager extends SecurityItemContainer { + /** + * @since 4.2 + */ + public static final String SYSTEM_USER_ID = IRepository.SYSTEM_USER_ID; + public IRepository getRepository(); public Realm getRealm(); + /** + * @since 4.2 + */ + public void read(RealmOperation operation); + public void modify(RealmOperation operation); /** + * @since 4.2 + */ + public void modify(RealmOperation operation, boolean waitUntilReadable); + + /** * Modifies a security {@link Realm realm} in a safe transaction. * * @author Eike Stepper |