diff options
author | Eike Stepper | 2013-04-08 12:07:26 +0000 |
---|---|---|
committer | Eike Stepper | 2013-04-08 12:07:26 +0000 |
commit | fb8e32504f22ccd37a26669b406acc17661b04a8 (patch) | |
tree | 1f1e98117434701d0aaf3dd9c7aec902380a2bde | |
parent | 5aece33dc40ccff8d08a52cc242d5ff261c4600c (diff) | |
download | cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.gz cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.xz cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.zip |
[401172] [Security] Support local permissions on objects
https://bugs.eclipse.org/bugs/show_bug.cgi?id=401172
19 files changed, 640 insertions, 13 deletions
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties b/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties index e93e757184..3d6a4ee8b0 100644 --- a/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties +++ b/plugins/org.eclipse.emf.cdo.security.edit/plugin.properties @@ -90,3 +90,4 @@ _UI_SecurityItemProvider_type = Item Provider _UI_Realm_defaultUserDirectory_feature = Default User Directory _UI_Realm_defaultGroupDirectory_feature = Default Group Directory _UI_Realm_defaultRoleDirectory_feature = Default Role Directory +_UI_ObjectPermission_type = Object Permission diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java new file mode 100644 index 0000000000..340799c0f1 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ObjectPermissionItemProvider.java @@ -0,0 +1,117 @@ +/** + */ +package org.eclipse.emf.cdo.security.provider; + +import org.eclipse.emf.cdo.security.Access; +import org.eclipse.emf.cdo.security.ObjectPermission; + +import org.eclipse.emf.common.notify.AdapterFactory; +import org.eclipse.emf.common.notify.Notification; +import org.eclipse.emf.edit.provider.IEditingDomainItemProvider; +import org.eclipse.emf.edit.provider.IItemColorProvider; +import org.eclipse.emf.edit.provider.IItemFontProvider; +import org.eclipse.emf.edit.provider.IItemLabelProvider; +import org.eclipse.emf.edit.provider.IItemPropertyDescriptor; +import org.eclipse.emf.edit.provider.IItemPropertySource; +import org.eclipse.emf.edit.provider.IStructuredItemContentProvider; +import org.eclipse.emf.edit.provider.ITableItemColorProvider; +import org.eclipse.emf.edit.provider.ITableItemFontProvider; +import org.eclipse.emf.edit.provider.ITableItemLabelProvider; +import org.eclipse.emf.edit.provider.ITreeItemContentProvider; + +import java.util.Collection; +import java.util.List; + +/** + * This is the item provider adapter for a {@link org.eclipse.emf.cdo.security.ObjectPermission} object. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @generated + */ +public class ObjectPermissionItemProvider extends PermissionItemProvider implements IEditingDomainItemProvider, + IStructuredItemContentProvider, ITreeItemContentProvider, IItemLabelProvider, IItemPropertySource, + ITableItemLabelProvider, ITableItemColorProvider, ITableItemFontProvider, IItemColorProvider, IItemFontProvider +{ + /** + * This constructs an instance from a factory and a notifier. + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + public ObjectPermissionItemProvider(AdapterFactory adapterFactory) + { + super(adapterFactory); + } + + /** + * This returns the property descriptors for the adapted class. + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + public List<IItemPropertyDescriptor> getPropertyDescriptors(Object object) + { + if (itemPropertyDescriptors == null) + { + super.getPropertyDescriptors(object); + + } + return itemPropertyDescriptors; + } + + /** + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + protected boolean shouldComposeCreationImage() + { + return true; + } + + /** + * This returns the label text for the adapted class. + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + public String getText(Object object) + { + Access labelValue = ((ObjectPermission)object).getAccess(); + String label = labelValue == null ? null : labelValue.toString(); + return label == null || label.length() == 0 ? getString("_UI_ObjectPermission_type") : //$NON-NLS-1$ + getString("_UI_ObjectPermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$ + } + + /** + * This handles model notifications by calling {@link #updateChildren} to update any cached + * children and by creating a viewer notification, which it passes to {@link #fireNotifyChanged}. + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + public void notifyChanged(Notification notification) + { + updateChildren(notification); + super.notifyChanged(notification); + } + + /** + * This adds {@link org.eclipse.emf.edit.command.CommandParameter}s describing the children + * that can be created under this object. + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + protected void collectNewChildDescriptors(Collection<Object> newChildDescriptors, Object object) + { + super.collectNewChildDescriptors(newChildDescriptors, object); + } + +} diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java index 9ce0d8c817..ad93db006b 100644 --- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java +++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PermissionItemProvider.java @@ -2,8 +2,8 @@ */ package org.eclipse.emf.cdo.security.provider; -import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Access; +import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.SecurityPackage; import org.eclipse.emf.common.notify.AdapterFactory; diff --git a/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF index a194192aca..333351c65e 100644 --- a/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF +++ b/plugins/org.eclipse.emf.cdo.security/META-INF/MANIFEST.MF @@ -7,7 +7,8 @@ Bundle-ClassPath: . Bundle-Vendor: %providerName Bundle-Localization: plugin Bundle-RequiredExecutionEnvironment: J2SE-1.5 -Export-Package: org.eclipse.emf.cdo.security;version="4.2.0", +Export-Package: org.eclipse.emf.cdo.internal.security;version="4.2.0";x-friends:="org.eclipse.emf.cdo.security.edit,org.eclipse.emf.cdo.security.editor,org.eclipse.emf.cdo.server.security", + org.eclipse.emf.cdo.security;version="4.2.0", org.eclipse.emf.cdo.security.impl;version="4.2.0", org.eclipse.emf.cdo.security.util;version="4.2.0" Require-Bundle: org.eclipse.emf.cdo;bundle-version="[4.1.0,5.0.0)";visibility:=reexport diff --git a/plugins/org.eclipse.emf.cdo.security/model/security.ecore b/plugins/org.eclipse.emf.cdo.security/model/security.ecore index 5ac20dc9dd..160b49f153 100644 --- a/plugins/org.eclipse.emf.cdo.security/model/security.ecore +++ b/plugins/org.eclipse.emf.cdo.security/model/security.ecore @@ -101,6 +101,7 @@ <eClassifiers xsi:type="ecore:EClass" name="ResourcePermission" eSuperTypes="#//Permission"> <eStructuralFeatures xsi:type="ecore:EAttribute" name="pattern" eType="ecore:EDataType platform:/plugin/org.eclipse.emf.ecore/model/Ecore.ecore#//EString"/> </eClassifiers> + <eClassifiers xsi:type="ecore:EClass" name="ObjectPermission" abstract="true" eSuperTypes="#//Permission"/> <eClassifiers xsi:type="ecore:EEnum" name="Access"> <eLiterals name="READ"/> <eLiterals name="WRITE" value="1"/> diff --git a/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag b/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag index 545ff09bb9..720b352608 100644 --- a/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag +++ b/plugins/org.eclipse.emf.cdo.security/model/security.ecorediag @@ -296,6 +296,22 @@ <element xmi:type="ecore:EClass" href="security.ecore#//ResourcePermission"/> <layoutConstraint xmi:type="notation:Bounds" xmi:id="_lcyeYv4cEeGpopUAItL9cQ" x="890" y="377" width="148"/> </children> + <children xmi:type="notation:Node" xmi:id="_-P7GUaA6EeKe8MpC3pr_IA" type="1001"> + <children xmi:type="notation:Node" xmi:id="_-P87gKA6EeKe8MpC3pr_IA" type="4001"/> + <children xmi:type="notation:Node" xmi:id="_-P9ikKA6EeKe8MpC3pr_IA" type="5001"> + <styles xmi:type="notation:DrawerStyle" xmi:id="_-P9ikaA6EeKe8MpC3pr_IA"/> + <styles xmi:type="notation:SortingStyle" xmi:id="_-P9ikqA6EeKe8MpC3pr_IA"/> + <styles xmi:type="notation:FilteringStyle" xmi:id="_-P9ik6A6EeKe8MpC3pr_IA"/> + </children> + <children xmi:type="notation:Node" xmi:id="_-P9ilKA6EeKe8MpC3pr_IA" type="5002"> + <styles xmi:type="notation:DrawerStyle" xmi:id="_-P9ilaA6EeKe8MpC3pr_IA"/> + <styles xmi:type="notation:SortingStyle" xmi:id="_-P9ilqA6EeKe8MpC3pr_IA"/> + <styles xmi:type="notation:FilteringStyle" xmi:id="_-P9il6A6EeKe8MpC3pr_IA"/> + </children> + <styles xmi:type="notation:ShapeStyle" xmi:id="_-P7GUqA6EeKe8MpC3pr_IA" fontColor="4210752" fontName="Segoe UI" fontHeight="10" fillColor="13761016" lineColor="8421504"/> + <element xmi:type="ecore:EClass" href="security.ecore#//ObjectPermission"/> + <layoutConstraint xmi:type="notation:Bounds" xmi:id="_-P7GU6A6EeKe8MpC3pr_IA" x="1060" y="377" width="138"/> + </children> <styles xmi:type="notation:DiagramStyle" xmi:id="_BlsqIawpEeGqBf0LMO47dg"/> <element xmi:type="ecore:EPackage" href="security.ecore#/"/> <edges xmi:type="notation:Edge" xmi:id="_Bl4QUKwpEeGqBf0LMO47dg" type="3003" source="_BlxioqwpEeGqBf0LMO47dg" target="_BlvtcKwpEeGqBf0LMO47dg"> @@ -540,6 +556,12 @@ <styles xmi:type="notation:ConnectorStyle" xmi:id="_ldPKUf4cEeGpopUAItL9cQ" routing="Rectilinear" lineColor="4210752"/> <styles xmi:type="notation:FontStyle" xmi:id="_ldPKUv4cEeGpopUAItL9cQ" fontName="Segoe UI"/> <element xsi:nil="true"/> - <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_ldPKU_4cEeGpopUAItL9cQ" points="[-2, -24, 153, 108]$[-2, -66, 153, 66]$[-155, -66, 0, 66]$[-155, -107, 0, 25]"/> + <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_ldPKU_4cEeGpopUAItL9cQ" points="[-2, -20, 153, 108]$[-2, -62, 153, 66]$[-155, -62, 0, 66]$[-155, -103, 0, 25]"/> + </edges> + <edges xmi:type="notation:Edge" xmi:id="_GfCc0KA7EeKe8MpC3pr_IA" type="3003" source="_-P7GUaA6EeKe8MpC3pr_IA" target="_PWGq0LIPEeGyraMqKGwiUw"> + <styles xmi:type="notation:ConnectorStyle" xmi:id="_GfCc0aA7EeKe8MpC3pr_IA" routing="Rectilinear" lineColor="4210752"/> + <styles xmi:type="notation:FontStyle" xmi:id="_GfCc0qA7EeKe8MpC3pr_IA" fontName="Segoe UI"/> + <element xsi:nil="true"/> + <bendpoints xmi:type="notation:RelativeBendpoints" xmi:id="_GfCc06A7EeKe8MpC3pr_IA" points="[-1, -20, 319, 108]$[-1, -62, 319, 66]$[-320, -62, 0, 66]$[-320, -103, 0, 25]"/> </edges> </notation:Diagram> diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java new file mode 100644 index 0000000000..e99513b8d7 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewCreator.java @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Eike Stepper - initial API and implementation + */ +package org.eclipse.emf.cdo.internal.security; + +import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; +import org.eclipse.emf.cdo.view.CDOView; + +/** + * @author Eike Stepper + */ +public interface ViewCreator +{ + public CDOView createView(CDORevisionProvider revisionProvider); +} diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java new file mode 100644 index 0000000000..f2468f6c07 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/internal/security/ViewUtil.java @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Eike Stepper - initial API and implementation + */ +package org.eclipse.emf.cdo.internal.security; + +import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; +import org.eclipse.emf.cdo.view.CDOView; + +import java.util.HashMap; +import java.util.Map; + +/** + * @author Eike Stepper + */ +public final class ViewUtil +{ + private static final ThreadLocal<ViewCreator> VIEW_CREATOR = new ThreadLocal<ViewCreator>(); + + private static final ThreadLocal<Map<CDORevisionProvider, CDOView>> VIEWS = new ThreadLocal<Map<CDORevisionProvider, CDOView>>(); + + private ViewUtil() + { + } + + private static Map<CDORevisionProvider, CDOView> getViews() + { + Map<CDORevisionProvider, CDOView> views = VIEWS.get(); + if (views == null) + { + views = new HashMap<CDORevisionProvider, CDOView>(); + VIEWS.set(views); + } + + return views; + } + + public static CDOView getView(CDORevisionProvider revisionProvider) + { + Map<CDORevisionProvider, CDOView> views = getViews(); + + CDOView view = views.get(revisionProvider); + if (view == null) + { + ViewCreator viewCreator = VIEW_CREATOR.get(); + if (viewCreator == null) + { + throw new IllegalStateException("No view creator available for " + revisionProvider); + } + + view = viewCreator.createView(revisionProvider); + views.put(revisionProvider, view); + } + + return view; + } + + public static void initViewCreation(ViewCreator viewCreator) + { + VIEW_CREATOR.set(viewCreator); + } + + public static void doneViewCreation() + { + VIEW_CREATOR.remove(); + VIEWS.remove(); + } +} diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java new file mode 100644 index 0000000000..5c98ce2e4b --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/ObjectPermission.java @@ -0,0 +1,18 @@ +/** + */ +package org.eclipse.emf.cdo.security; + +/** + * <!-- begin-user-doc --> + * A representation of the model object '<em><b>Object Permission</b></em>'. + * @since 4.2 + * <!-- end-user-doc --> + * + * + * @see org.eclipse.emf.cdo.security.SecurityPackage#getObjectPermission() + * @model abstract="true" + * @generated + */ +public interface ObjectPermission extends Permission +{ +} // ObjectPermission diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java index 4a9338506e..78256cd37c 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/SecurityPackage.java @@ -862,6 +862,47 @@ public interface SecurityPackage extends EPackage int RESOURCE_PERMISSION_FEATURE_COUNT = PERMISSION_FEATURE_COUNT + 1; /** + * The meta object id for the '{@link org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl <em>Object Permission</em>}' class. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @see org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl + * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getObjectPermission() + * @generated + */ + int OBJECT_PERMISSION = 13; + + /** + * The feature id for the '<em><b>Role</b></em>' container reference. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @generated + * @ordered + */ + int OBJECT_PERMISSION__ROLE = PERMISSION__ROLE; + + /** + * The feature id for the '<em><b>Access</b></em>' attribute. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @generated + * @ordered + */ + int OBJECT_PERMISSION__ACCESS = PERMISSION__ACCESS; + + /** + * The number of structural features of the '<em>Object Permission</em>' class. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @generated + * @ordered + */ + int OBJECT_PERMISSION_FEATURE_COUNT = PERMISSION_FEATURE_COUNT + 0; + + /** * The meta object id for the '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}' enum. * <!-- begin-user-doc --> * @noreference This field is not intended to be referenced by clients. @@ -870,7 +911,7 @@ public interface SecurityPackage extends EPackage * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getAccess() * @generated */ - int ACCESS = 13; + int ACCESS = 14; /** * The meta object id for the '<em>Access Object</em>' data type. @@ -881,7 +922,7 @@ public interface SecurityPackage extends EPackage * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getAccessObject() * @generated */ - int ACCESS_OBJECT = 14; + int ACCESS_OBJECT = 15; /** * Returns the meta object for class '{@link org.eclipse.emf.cdo.security.SecurityElement <em>Element</em>}'. @@ -1479,6 +1520,17 @@ public interface SecurityPackage extends EPackage EAttribute getResourcePermission_Pattern(); /** + * Returns the meta object for class '{@link org.eclipse.emf.cdo.security.ObjectPermission <em>Object Permission</em>}'. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @return the meta object for class '<em>Object Permission</em>'. + * @see org.eclipse.emf.cdo.security.ObjectPermission + * @generated + */ + EClass getObjectPermission(); + + /** * Returns the meta object for enum '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}'. * <!-- begin-user-doc --> * <!-- end-user-doc --> @@ -1995,6 +2047,17 @@ public interface SecurityPackage extends EPackage EAttribute RESOURCE_PERMISSION__PATTERN = eINSTANCE.getResourcePermission_Pattern(); /** + * The meta object literal for the '{@link org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl <em>Object Permission</em>}' class. + * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @see org.eclipse.emf.cdo.security.impl.ObjectPermissionImpl + * @see org.eclipse.emf.cdo.security.impl.SecurityPackageImpl#getObjectPermission() + * @generated + */ + EClass OBJECT_PERMISSION = eINSTANCE.getObjectPermission(); + + /** * The meta object literal for the '{@link org.eclipse.emf.cdo.security.Access <em>Access</em>}' enum. * <!-- begin-user-doc --> * <!-- end-user-doc --> diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java new file mode 100644 index 0000000000..5d47fa637e --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ObjectPermissionImpl.java @@ -0,0 +1,69 @@ +/** + */ +package org.eclipse.emf.cdo.security.impl; + +import org.eclipse.emf.cdo.CDOObject; +import org.eclipse.emf.cdo.common.branch.CDOBranchPoint; +import org.eclipse.emf.cdo.common.id.CDOID; +import org.eclipse.emf.cdo.common.revision.CDORevision; +import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; +import org.eclipse.emf.cdo.internal.security.ViewUtil; +import org.eclipse.emf.cdo.security.ObjectPermission; +import org.eclipse.emf.cdo.security.SecurityPackage; +import org.eclipse.emf.cdo.view.CDOView; + +import org.eclipse.emf.ecore.EClass; + +/** + * <!-- begin-user-doc --> + * An implementation of the model object '<em><b>Object Permission</b></em>'. + * @since 4.2 + * <!-- end-user-doc --> + * <p> + * </p> + * + * @generated + */ +public abstract class ObjectPermissionImpl extends PermissionImpl implements ObjectPermission +{ + /** + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + protected ObjectPermissionImpl() + { + super(); + } + + /** + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ + @Override + protected EClass eStaticClass() + { + return SecurityPackage.Literals.OBJECT_PERMISSION; + } + + protected CDOView getView(CDORevisionProvider revisionProvider) + { + return ViewUtil.getView(revisionProvider); + } + + /** + * @ADDED + */ + public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext) + { + CDOView view = getView(revisionProvider); + CDOID id = revision.getID(); + + CDOObject object = view.getObject(id); + return isApplicable(object, securityContext); + } + + protected abstract boolean isApplicable(CDOObject object, CDOBranchPoint securityContext); + +} // ObjectPermissionImpl diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java index 0d87da97e2..9b5abf88cf 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/SecurityPackageImpl.java @@ -16,6 +16,7 @@ import org.eclipse.emf.cdo.security.Assignee; import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; +import org.eclipse.emf.cdo.security.ObjectPermission; import org.eclipse.emf.cdo.security.PackagePermission; import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Realm; @@ -141,6 +142,13 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage * <!-- end-user-doc --> * @generated */ + private EClass objectPermissionEClass = null; + + /** + * <!-- begin-user-doc --> + * <!-- end-user-doc --> + * @generated + */ private EEnum accessEEnum = null; /** @@ -774,6 +782,17 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage /** * <!-- begin-user-doc --> + * @since 4.2 + * <!-- end-user-doc --> + * @generated + */ + public EClass getObjectPermission() + { + return objectPermissionEClass; + } + + /** + * <!-- begin-user-doc --> * <!-- end-user-doc --> * @generated */ @@ -893,6 +912,8 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage resourcePermissionEClass = createEClass(RESOURCE_PERMISSION); createEAttribute(resourcePermissionEClass, RESOURCE_PERMISSION__PATTERN); + objectPermissionEClass = createEClass(OBJECT_PERMISSION); + // Create enums accessEEnum = createEEnum(ACCESS); @@ -947,6 +968,7 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage classPermissionEClass.getESuperTypes().add(getPermission()); packagePermissionEClass.getESuperTypes().add(getPermission()); resourcePermissionEClass.getESuperTypes().add(getPermission()); + objectPermissionEClass.getESuperTypes().add(getPermission()); // Initialize classes and features; add operations and parameters initEClass(securityElementEClass, SecurityElement.class, @@ -1179,6 +1201,9 @@ public class SecurityPackageImpl extends EPackageImpl implements SecurityPackage theEcorePackage.getEString(), "pattern", null, 0, 1, ResourcePermission.class, !IS_TRANSIENT, !IS_VOLATILE, IS_CHANGEABLE, !IS_UNSETTABLE, !IS_ID, IS_UNIQUE, !IS_DERIVED, IS_ORDERED); //$NON-NLS-1$ + initEClass(objectPermissionEClass, ObjectPermission.class, + "ObjectPermission", IS_ABSTRACT, !IS_INTERFACE, IS_GENERATED_INSTANCE_CLASS); //$NON-NLS-1$ + // Initialize enums and add enum literals initEEnum(accessEEnum, Access.class, "Access"); //$NON-NLS-1$ addEEnumLiteral(accessEEnum, Access.READ); diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java index cc40afb786..7211f1d403 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecurityAdapterFactory.java @@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.security.Assignee; import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; +import org.eclipse.emf.cdo.security.ObjectPermission; import org.eclipse.emf.cdo.security.PackagePermission; import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Realm; @@ -174,6 +175,12 @@ public class SecurityAdapterFactory extends AdapterFactoryImpl } @Override + public Adapter caseObjectPermission(ObjectPermission object) + { + return createObjectPermissionAdapter(); + } + + @Override public Adapter caseModelElement(ModelElement object) { return createModelElementAdapter(); @@ -396,6 +403,22 @@ public class SecurityAdapterFactory extends AdapterFactoryImpl } /** + * Creates a new adapter for an object of class '{@link org.eclipse.emf.cdo.security.ObjectPermission <em>Object Permission</em>}'. + * <!-- begin-user-doc --> + * This default implementation returns null so that we can easily ignore cases; + * it's useful to ignore a case when inheritance will catch all the cases anyway. + * @since 4.2 + * <!-- end-user-doc --> + * @return the new adapter. + * @see org.eclipse.emf.cdo.security.ObjectPermission + * @generated + */ + public Adapter createObjectPermissionAdapter() + { + return null; + } + + /** * Creates a new adapter for an object of class '{@link org.eclipse.emf.cdo.etypes.ModelElement <em>Model Element</em>}'. * <!-- begin-user-doc --> * This default implementation returns null so that we can easily ignore cases; diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java index bb490c8f7f..4d7150dfeb 100644 --- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java +++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/util/SecuritySwitch.java @@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.security.Assignee; import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; +import org.eclipse.emf.cdo.security.ObjectPermission; import org.eclipse.emf.cdo.security.PackagePermission; import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Realm; @@ -118,9 +119,13 @@ public class SecuritySwitch<T> SecurityElement securityElement = (SecurityElement)theEObject; T result = caseSecurityElement(securityElement); if (result == null) + { result = caseModelElement(securityElement); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.SECURITY_ITEM: @@ -128,11 +133,17 @@ public class SecuritySwitch<T> SecurityItem securityItem = (SecurityItem)theEObject; T result = caseSecurityItem(securityItem); if (result == null) + { result = caseSecurityElement(securityItem); + } if (result == null) + { result = caseModelElement(securityItem); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.REALM: @@ -140,11 +151,17 @@ public class SecuritySwitch<T> Realm realm = (Realm)theEObject; T result = caseRealm(realm); if (result == null) + { result = caseSecurityElement(realm); + } if (result == null) + { result = caseModelElement(realm); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.DIRECTORY: @@ -152,13 +169,21 @@ public class SecuritySwitch<T> Directory directory = (Directory)theEObject; T result = caseDirectory(directory); if (result == null) + { result = caseSecurityItem(directory); + } if (result == null) + { result = caseSecurityElement(directory); + } if (result == null) + { result = caseModelElement(directory); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.ROLE: @@ -166,13 +191,21 @@ public class SecuritySwitch<T> Role role = (Role)theEObject; T result = caseRole(role); if (result == null) + { result = caseSecurityItem(role); + } if (result == null) + { result = caseSecurityElement(role); + } if (result == null) + { result = caseModelElement(role); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.ASSIGNEE: @@ -180,13 +213,21 @@ public class SecuritySwitch<T> Assignee assignee = (Assignee)theEObject; T result = caseAssignee(assignee); if (result == null) + { result = caseSecurityItem(assignee); + } if (result == null) + { result = caseSecurityElement(assignee); + } if (result == null) + { result = caseModelElement(assignee); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.GROUP: @@ -194,15 +235,25 @@ public class SecuritySwitch<T> Group group = (Group)theEObject; T result = caseGroup(group); if (result == null) + { result = caseAssignee(group); + } if (result == null) + { result = caseSecurityItem(group); + } if (result == null) + { result = caseSecurityElement(group); + } if (result == null) + { result = caseModelElement(group); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.USER: @@ -210,15 +261,25 @@ public class SecuritySwitch<T> User user = (User)theEObject; T result = caseUser(user); if (result == null) + { result = caseAssignee(user); + } if (result == null) + { result = caseSecurityItem(user); + } if (result == null) + { result = caseSecurityElement(user); + } if (result == null) + { result = caseModelElement(user); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.USER_PASSWORD: @@ -226,7 +287,9 @@ public class SecuritySwitch<T> UserPassword userPassword = (UserPassword)theEObject; T result = caseUserPassword(userPassword); if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.PERMISSION: @@ -234,7 +297,9 @@ public class SecuritySwitch<T> Permission permission = (Permission)theEObject; T result = casePermission(permission); if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.CLASS_PERMISSION: @@ -242,9 +307,13 @@ public class SecuritySwitch<T> ClassPermission classPermission = (ClassPermission)theEObject; T result = caseClassPermission(classPermission); if (result == null) + { result = casePermission(classPermission); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.PACKAGE_PERMISSION: @@ -252,9 +321,13 @@ public class SecuritySwitch<T> PackagePermission packagePermission = (PackagePermission)theEObject; T result = casePackagePermission(packagePermission); if (result == null) + { result = casePermission(packagePermission); + } if (result == null) + { result = defaultCase(theEObject); + } return result; } case SecurityPackage.RESOURCE_PERMISSION: @@ -262,9 +335,27 @@ public class SecuritySwitch<T> ResourcePermission resourcePermission = (ResourcePermission)theEObject; T result = caseResourcePermission(resourcePermission); if (result == null) + { result = casePermission(resourcePermission); + } if (result == null) + { result = defaultCase(theEObject); + } + return result; + } + case SecurityPackage.OBJECT_PERMISSION: + { + ObjectPermission objectPermission = (ObjectPermission)theEObject; + T result = caseObjectPermission(objectPermission); + if (result == null) + { + result = casePermission(objectPermission); + } + if (result == null) + { + result = defaultCase(theEObject); + } return result; } default: @@ -481,6 +572,23 @@ public class SecuritySwitch<T> } /** + * Returns the result of interpreting the object as an instance of '<em>Object Permission</em>'. + * <!-- begin-user-doc --> + * This implementation returns null; + * returning a non-null result will terminate the switch. + * @since 4.2 + * <!-- end-user-doc --> + * @param object the target of the switch. + * @return the result of interpreting the object as an instance of '<em>Object Permission</em>'. + * @see #doSwitch(org.eclipse.emf.ecore.EObject) doSwitch(EObject) + * @generated + */ + public T caseObjectPermission(ObjectPermission object) + { + return null; + } + + /** * Returns the result of interpreting the object as an instance of '<em>Model Element</em>'. * <!-- begin-user-doc --> * This implementation returns null; diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters new file mode 100644 index 0000000000..56e0dd3b62 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<component id="org.eclipse.emf.cdo.server.security" version="2"> + <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager"> + <filter id="574619656"> + <message_arguments> + <message_argument value="IPermissionManager"/> + <message_argument value="PermissionManager"/> + </message_arguments> + </filter> + </resource> +</component> diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 980a7ccabd..419f6d851b 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -18,6 +18,8 @@ import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.eresource.CDOResource; import org.eclipse.emf.cdo.eresource.EresourcePackage; +import org.eclipse.emf.cdo.internal.security.ViewCreator; +import org.eclipse.emf.cdo.internal.security.ViewUtil; import org.eclipse.emf.cdo.net4j.CDONet4jSession; import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration; import org.eclipse.emf.cdo.net4j.CDONet4jUtil; @@ -32,8 +34,10 @@ import org.eclipse.emf.cdo.security.SecurityFactory; import org.eclipse.emf.cdo.security.SecurityPackage; import org.eclipse.emf.cdo.security.User; import org.eclipse.emf.cdo.security.UserPassword; +import org.eclipse.emf.cdo.server.CDOServerUtil; import org.eclipse.emf.cdo.server.IPermissionManager; import org.eclipse.emf.cdo.server.IRepository; +import org.eclipse.emf.cdo.server.ISession; import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext; import org.eclipse.emf.cdo.server.ITransaction; import org.eclipse.emf.cdo.server.internal.security.bundle.OM; @@ -535,7 +539,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage } protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider, - CDOBranchPoint securityContext, User user) + CDOBranchPoint securityContext, ISession session, User user) { CDOPermission result = convertPermission(user.getDefaultAccess()); if (result == CDOPermission.WRITE) @@ -615,6 +619,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage */ private final class PermissionManager implements IPermissionManager { + public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session) + { + String userID = session.getUserID(); + if (SYSTEM_USER_ID.equals(userID)) + { + // TODO Should we also check for access to the /security resource (the realm)? + return CDOPermission.WRITE; + } + + return doGetPermission(revision, securityContext, session, userID); + } + + @Deprecated public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID) { if (SYSTEM_USER_ID.equals(userID)) @@ -623,12 +640,33 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return CDOPermission.WRITE; } + return doGetPermission(revision, securityContext, null, userID); + } + + private CDOPermission doGetPermission(CDORevision revision, final CDOBranchPoint securityContext, + final ISession session, String userID) + { User user = getUser(userID); InternalCDORevisionManager revisionManager = repository.getRevisionManager(); CDORevisionProvider revisionProvider = new ManagedRevisionProvider(revisionManager, securityContext); - return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, user); + ViewUtil.initViewCreation(new ViewCreator() + { + public CDOView createView(CDORevisionProvider revisionProvider) + { + return CDOServerUtil.openView(session, securityContext, revisionProvider); + } + }); + + try + { + return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, session, user); + } + finally + { + ViewUtil.doneViewCreation(); + } } } @@ -637,7 +675,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage */ private final class WriteAccessHandler implements IRepository.WriteAccessHandler { - public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext, + public void handleTransactionBeforeCommitting(ITransaction transaction, final CommitContext commitContext, OMMonitor monitor) throws RuntimeException { if (transaction.getSessionID() == session.getSessionID()) @@ -651,16 +689,32 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage handleCommit(commitContext, user); - permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects()); - permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects()); + ViewUtil.initViewCreation(new ViewCreator() + { + public CDOView createView(CDORevisionProvider revisionProvider) + { + return CDOServerUtil.openView(commitContext); + } + }); + + try + { + permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects()); + permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects()); + } + finally + { + ViewUtil.doneViewCreation(); + } } private void permissionRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, User user, InternalCDORevision[] revisions) { + ISession session = commitContext.getTransaction().getSession(); for (InternalCDORevision revision : revisions) { - CDOPermission permission = getPermission(revision, commitContext, securityContext, user); + CDOPermission permission = getPermission(revision, commitContext, securityContext, session, user); if (permission != CDOPermission.WRITE) { throw new SecurityException("User " + user + " is not allowed to write to " + revision); diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java index 42eaeb98b1..bdc502deac 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/Session.java @@ -361,7 +361,7 @@ public class Session extends Container<IView> implements InternalSession IPermissionManager permissionManager = manager.getPermissionManager(); if (permissionManager != null) { - return permissionManager.getPermission(revision, securityContext, userID); + return permissionManager.getPermission(revision, securityContext, this); } return CDORevision.PERMISSION_PROVIDER.getPermission(revision, securityContext); diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java index 7ef3e8f8b6..7a91cf80ce 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IPermissionManager.java @@ -19,8 +19,19 @@ import org.eclipse.emf.cdo.common.security.CDOPermission; * * @author Eike Stepper * @since 4.1 + * @noextend This interface is not intended to be extended by clients. + * @noimplement This interface is not intended to be implemented by clients. */ public interface IPermissionManager { + /** + * @deprecated As of 4.2 call {@link #getPermission(CDORevision, CDOBranchPoint, ISession)}. + */ + @Deprecated public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID); + + /** + * @since 4.2 + */ + public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session); } diff --git a/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java b/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java index b3b01e9fca..519993a950 100644 --- a/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java +++ b/plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_343084_Test.java @@ -16,6 +16,7 @@ import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.common.security.NoPermissionException; import org.eclipse.emf.cdo.eresource.CDOResource; import org.eclipse.emf.cdo.server.IPermissionManager; +import org.eclipse.emf.cdo.server.ISession; import org.eclipse.emf.cdo.session.CDOSession; import org.eclipse.emf.cdo.tests.AbstractCDOTest; import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesAfter; @@ -60,7 +61,7 @@ public class Bugzilla_343084_Test extends AbstractCDOTest IPermissionManager permissionManager = new IPermissionManager() { - public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID) + public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session) { EClass eClass = revision.getEClass(); CDOPermission permission = permissions.get(eClass); @@ -71,6 +72,12 @@ public class Bugzilla_343084_Test extends AbstractCDOTest return CDOPermission.WRITE; } + + @Deprecated + public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID) + { + throw new UnsupportedOperationException(); + } }; getTestProperties().put(RepositoryConfig.PROP_TEST_AUTHENTICATOR, userManager); |