diff options
author | Eike Stepper | 2012-06-09 16:05:31 +0000 |
---|---|---|
committer | Eike Stepper | 2012-06-09 16:05:31 +0000 |
commit | 35d0aa26fb6f9142eaebec5a0240798b78a314e5 (patch) | |
tree | d2c7f780caf54951dca5a46df62f2cedcc0f62b3 /plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo | |
parent | 9945d9f9085226e122ead08990c100790977866c (diff) | |
download | cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.gz cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.xz cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.zip |
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo')
-rw-r--r-- | plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java | 84 |
1 files changed, 58 insertions, 26 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 61e8361b00..b56b0e18e8 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -18,7 +18,9 @@ import org.eclipse.emf.cdo.eresource.CDOResource; import org.eclipse.emf.cdo.net4j.CDONet4jSession; import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration; import org.eclipse.emf.cdo.net4j.CDONet4jUtil; +import org.eclipse.emf.cdo.security.Check; import org.eclipse.emf.cdo.security.Group; +import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Realm; import org.eclipse.emf.cdo.security.RealmUtil; import org.eclipse.emf.cdo.security.Role; @@ -248,40 +250,70 @@ public class SecurityManager implements ISecurityManager protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext, User user) { - EList<Role> userRoles = null; + CDOPermission result = CDOPermission.WRITE; - Set<Role> readRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.READ); - if (readRoles == null || !readRoles.isEmpty()) + for (Role role : user.getUnassignedRoles()) { - userRoles = user.getAllRoles(); - - for (Role readRole : readRoles) + for (Check check : role.getChecks()) { - if (!userRoles.contains(readRole)) + if (result == CDOPermission.WRITE) { - return CDOPermission.NONE; + if (check.isApplicable(revision, revisionProvider, securityContext)) + { + if (check.getPermission() == Permission.READ) + { + result = CDOPermission.READ; + } + } } - } - } - - Set<Role> writeRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.WRITE); - if (writeRoles == null || !writeRoles.isEmpty()) - { - if (userRoles == null) - { - userRoles = user.getAllRoles(); - } - - for (Role writeRole : writeRoles) - { - if (!userRoles.contains(writeRole)) + else { - return CDOPermission.READ; + // --> result == CDOPermission.READ + if (check.isApplicable(revision, revisionProvider, securityContext)) + { + if (check.getPermission() == Permission.READ) + { + result = CDOPermission.READ; + } + } } } } - return CDOPermission.WRITE; + // EList<Role> userRoles = null; + // + // Set<Role> readRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.READ); + // if (readRoles == null || !readRoles.isEmpty()) + // { + // userRoles = user.getAllRoles(); + // + // for (Role readRole : readRoles) + // { + // if (!userRoles.contains(readRole)) + // { + // return CDOPermission.NONE; + // } + // } + // } + // + // Set<Role> writeRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.WRITE); + // if (writeRoles == null || !writeRoles.isEmpty()) + // { + // if (userRoles == null) + // { + // userRoles = user.getAllRoles(); + // } + // + // for (Role writeRole : writeRoles) + // { + // if (!userRoles.contains(writeRole)) + // { + // return CDOPermission.READ; + // } + // } + // } + // + return result; } protected Set<Role> getNeededRoles(CDORevision revision, CDORevisionProvider revisionProvider, @@ -437,8 +469,8 @@ public class SecurityManager implements ISecurityManager checkRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects()); } - private void checkRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, - User user, InternalCDORevision[] revisions) + private void checkRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, User user, + InternalCDORevision[] revisions) { for (InternalCDORevision revision : revisions) { |