[380629] Design a default Security model

https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
author: Eike Stepper 2012-06-09 16:05:31 +0000
committer: Eike Stepper 2012-06-09 16:05:31 +0000
commit: 35d0aa26fb6f9142eaebec5a0240798b78a314e5 (patch)
tree: d2c7f780caf54951dca5a46df62f2cedcc0f62b3 /plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo
parent: 9945d9f9085226e122ead08990c100790977866c (diff)
download: cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.gz
cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.xz
cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.zip
1 files changed, 58 insertions, 26 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 61e8361b00..b56b0e18e8 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -18,7 +18,9 @@ import org.eclipse.emf.cdo.eresource.CDOResource;
 import org.eclipse.emf.cdo.net4j.CDONet4jSession;
 import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
 import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
+import org.eclipse.emf.cdo.security.Check;
 import org.eclipse.emf.cdo.security.Group;
+import org.eclipse.emf.cdo.security.Permission;
 import org.eclipse.emf.cdo.security.Realm;
 import org.eclipse.emf.cdo.security.RealmUtil;
 import org.eclipse.emf.cdo.security.Role;
@@ -248,40 +250,70 @@ public class SecurityManager implements ISecurityManager
   protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider,
       CDOBranchPoint securityContext, User user)
   {
-    EList<Role> userRoles = null;
+    CDOPermission result = CDOPermission.WRITE;
 
-    Set<Role> readRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.READ);
-    if (readRoles == null || !readRoles.isEmpty())
+    for (Role role : user.getUnassignedRoles())
     {
-      userRoles = user.getAllRoles();
-
-      for (Role readRole : readRoles)
+      for (Check check : role.getChecks())
       {
-        if (!userRoles.contains(readRole))
+        if (result == CDOPermission.WRITE)
         {
-          return CDOPermission.NONE;
+          if (check.isApplicable(revision, revisionProvider, securityContext))
+          {
+            if (check.getPermission() == Permission.READ)
+            {
+              result = CDOPermission.READ;
+            }
+          }
         }
-      }
-    }
-
-    Set<Role> writeRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.WRITE);
-    if (writeRoles == null || !writeRoles.isEmpty())
-    {
-      if (userRoles == null)
-      {
-        userRoles = user.getAllRoles();
-      }
-
-      for (Role writeRole : writeRoles)
-      {
-        if (!userRoles.contains(writeRole))
+        else
         {
-          return CDOPermission.READ;
+          // --> result == CDOPermission.READ
+          if (check.isApplicable(revision, revisionProvider, securityContext))
+          {
+            if (check.getPermission() == Permission.READ)
+            {
+              result = CDOPermission.READ;
+            }
+          }
         }
       }
     }
 
-    return CDOPermission.WRITE;
+    // EList<Role> userRoles = null;
+    //
+    // Set<Role> readRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.READ);
+    // if (readRoles == null || !readRoles.isEmpty())
+    // {
+    // userRoles = user.getAllRoles();
+    //
+    // for (Role readRole : readRoles)
+    // {
+    // if (!userRoles.contains(readRole))
+    // {
+    // return CDOPermission.NONE;
+    // }
+    // }
+    // }
+    //
+    // Set<Role> writeRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.WRITE);
+    // if (writeRoles == null || !writeRoles.isEmpty())
+    // {
+    // if (userRoles == null)
+    // {
+    // userRoles = user.getAllRoles();
+    // }
+    //
+    // for (Role writeRole : writeRoles)
+    // {
+    // if (!userRoles.contains(writeRole))
+    // {
+    // return CDOPermission.READ;
+    // }
+    // }
+    // }
+    //
+    return result;
   }
 
   protected Set<Role> getNeededRoles(CDORevision revision, CDORevisionProvider revisionProvider,
@@ -437,8 +469,8 @@ public class SecurityManager implements ISecurityManager
       checkRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
     }
 
-    private void checkRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext,
-        User user, InternalCDORevision[] revisions)
+    private void checkRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, User user,
+        InternalCDORevision[] revisions)
     {
       for (InternalCDORevision revision : revisions)
       {
author	Eike Stepper	2012-06-09 16:05:31 +0000
committer	Eike Stepper	2012-06-09 16:05:31 +0000
commit	35d0aa26fb6f9142eaebec5a0240798b78a314e5 (patch)
tree	d2c7f780caf54951dca5a46df62f2cedcc0f62b3 /plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo
parent	9945d9f9085226e122ead08990c100790977866c (diff)
download	cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.gz cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.tar.xz cdo-35d0aa26fb6f9142eaebec5a0240798b78a314e5.zip