diff options
author | Eike Stepper | 2013-04-08 12:07:26 +0000 |
---|---|---|
committer | Eike Stepper | 2013-04-08 12:07:26 +0000 |
commit | fb8e32504f22ccd37a26669b406acc17661b04a8 (patch) | |
tree | 1f1e98117434701d0aaf3dd9c7aec902380a2bde /plugins/org.eclipse.emf.cdo.server.security | |
parent | 5aece33dc40ccff8d08a52cc242d5ff261c4600c (diff) | |
download | cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.gz cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.tar.xz cdo-fb8e32504f22ccd37a26669b406acc17661b04a8.zip |
[401172] [Security] Support local permissions on objects
https://bugs.eclipse.org/bugs/show_bug.cgi?id=401172
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server.security')
2 files changed, 71 insertions, 6 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters new file mode 100644 index 0000000000..56e0dd3b62 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<component id="org.eclipse.emf.cdo.server.security" version="2"> + <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager"> + <filter id="574619656"> + <message_arguments> + <message_argument value="IPermissionManager"/> + <message_argument value="PermissionManager"/> + </message_arguments> + </filter> + </resource> +</component> diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 980a7ccabd..419f6d851b 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -18,6 +18,8 @@ import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.eresource.CDOResource; import org.eclipse.emf.cdo.eresource.EresourcePackage; +import org.eclipse.emf.cdo.internal.security.ViewCreator; +import org.eclipse.emf.cdo.internal.security.ViewUtil; import org.eclipse.emf.cdo.net4j.CDONet4jSession; import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration; import org.eclipse.emf.cdo.net4j.CDONet4jUtil; @@ -32,8 +34,10 @@ import org.eclipse.emf.cdo.security.SecurityFactory; import org.eclipse.emf.cdo.security.SecurityPackage; import org.eclipse.emf.cdo.security.User; import org.eclipse.emf.cdo.security.UserPassword; +import org.eclipse.emf.cdo.server.CDOServerUtil; import org.eclipse.emf.cdo.server.IPermissionManager; import org.eclipse.emf.cdo.server.IRepository; +import org.eclipse.emf.cdo.server.ISession; import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext; import org.eclipse.emf.cdo.server.ITransaction; import org.eclipse.emf.cdo.server.internal.security.bundle.OM; @@ -535,7 +539,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage } protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider, - CDOBranchPoint securityContext, User user) + CDOBranchPoint securityContext, ISession session, User user) { CDOPermission result = convertPermission(user.getDefaultAccess()); if (result == CDOPermission.WRITE) @@ -615,6 +619,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage */ private final class PermissionManager implements IPermissionManager { + public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session) + { + String userID = session.getUserID(); + if (SYSTEM_USER_ID.equals(userID)) + { + // TODO Should we also check for access to the /security resource (the realm)? + return CDOPermission.WRITE; + } + + return doGetPermission(revision, securityContext, session, userID); + } + + @Deprecated public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID) { if (SYSTEM_USER_ID.equals(userID)) @@ -623,12 +640,33 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return CDOPermission.WRITE; } + return doGetPermission(revision, securityContext, null, userID); + } + + private CDOPermission doGetPermission(CDORevision revision, final CDOBranchPoint securityContext, + final ISession session, String userID) + { User user = getUser(userID); InternalCDORevisionManager revisionManager = repository.getRevisionManager(); CDORevisionProvider revisionProvider = new ManagedRevisionProvider(revisionManager, securityContext); - return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, user); + ViewUtil.initViewCreation(new ViewCreator() + { + public CDOView createView(CDORevisionProvider revisionProvider) + { + return CDOServerUtil.openView(session, securityContext, revisionProvider); + } + }); + + try + { + return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, session, user); + } + finally + { + ViewUtil.doneViewCreation(); + } } } @@ -637,7 +675,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage */ private final class WriteAccessHandler implements IRepository.WriteAccessHandler { - public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext, + public void handleTransactionBeforeCommitting(ITransaction transaction, final CommitContext commitContext, OMMonitor monitor) throws RuntimeException { if (transaction.getSessionID() == session.getSessionID()) @@ -651,16 +689,32 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage handleCommit(commitContext, user); - permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects()); - permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects()); + ViewUtil.initViewCreation(new ViewCreator() + { + public CDOView createView(CDORevisionProvider revisionProvider) + { + return CDOServerUtil.openView(commitContext); + } + }); + + try + { + permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects()); + permissionRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects()); + } + finally + { + ViewUtil.doneViewCreation(); + } } private void permissionRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, User user, InternalCDORevision[] revisions) { + ISession session = commitContext.getTransaction().getSession(); for (InternalCDORevision revision : revisions) { - CDOPermission permission = getPermission(revision, commitContext, securityContext, user); + CDOPermission permission = getPermission(revision, commitContext, securityContext, session, user); if (permission != CDOPermission.WRITE) { throw new SecurityException("User " + user + " is not allowed to write to " + revision); |