From 690a740cbfd0e120bbb886cef2495724b768559e Mon Sep 17 00:00:00 2001
From: Eike Stepper
Date: Mon, 28 May 2012 12:23:42 +0200
Subject: [380629] Design a default Security model
 https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629

---
 .../internal/security/AnnotationRoleProvider.java  | 64 +++++++++++++++++++++-
 .../server/internal/security/SecurityManager.java  |  5 ++
 .../emf/cdo/server/spi/security/IRoleProvider.java |  3 +
 3 files changed, 71 insertions(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
index d229efc6cf..95e8def2a0 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
@@ -15,12 +15,20 @@ import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.security.SecurityFactory;
+import org.eclipse.emf.cdo.security.SecurityItem;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
 import org.eclipse.emf.cdo.server.security.ISecurityManager;
 import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
+import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageInfo;
+import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
 
 import org.eclipse.net4j.util.factory.ProductCreationException;
 
+import org.eclipse.emf.common.util.EList;
 import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.EClassifier;
+import org.eclipse.emf.ecore.EPackage;
 import org.eclipse.emf.ecore.util.EcoreUtil;
 
 import java.util.Collections;
@@ -41,12 +49,38 @@ public class AnnotationRoleProvider implements IRoleProvider
 
   public static final String WRITE_KEY = "write";
 
+  public static final String DELIMITERS = " ,;|";
+
   private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
 
   public AnnotationRoleProvider()
   {
   }
 
+  public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
+  {
+    InternalCDOPackageUnit[] newPackageUnits = commitContext.getNewPackageUnits();
+    if (newPackageUnits != null && newPackageUnits.length != 0)
+    {
+      for (InternalCDOPackageUnit packageUnit : newPackageUnits)
+      {
+        for (InternalCDOPackageInfo packageInfo : packageUnit.getPackageInfos())
+        {
+          EPackage ePackage = packageInfo.getEPackage();
+          for (EClassifier eClassifier : ePackage.getEClassifiers())
+          {
+            if (eClassifier instanceof EClass)
+            {
+              EClass eClass = (EClass)eClassifier;
+              addMissingRoles(securityManager, eClass, READ_KEY);
+              addMissingRoles(securityManager, eClass, WRITE_KEY);
+            }
+          }
+        }
+      }
+    }
+  }
+
   public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
       CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
   {
@@ -99,7 +133,7 @@ public class AnnotationRoleProvider implements IRoleProvider
     }
 
     Set<Role> result = new HashSet<Role>();
-    StringTokenizer tokenizer = new StringTokenizer(annotation, " ,;|");
+    StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
     while (tokenizer.hasMoreTokens())
     {
       String token = tokenizer.nextToken();
@@ -113,6 +147,34 @@ public class AnnotationRoleProvider implements IRoleProvider
     return result;
   }
 
+  private void addMissingRoles(ISecurityManager securityManager, EClass eClass, String key)
+  {
+    String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
+    if (annotation == null || annotation.length() == 0)
+    {
+      return;
+    }
+
+    EList<SecurityItem> items = securityManager.getRealm().getItems();
+
+    StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
+    while (tokenizer.hasMoreTokens())
+    {
+      String token = tokenizer.nextToken();
+      if (token != null && token.length() != 0)
+      {
+        Role role = securityManager.getRole(token);
+        if (role == null)
+        {
+          role = SecurityFactory.eINSTANCE.createRole();
+          role.setId(token);
+
+          items.add(role);
+        }
+      }
+    }
+  }
+
   /**
    * @author Eike Stepper
    */
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 82f72a539d..265d1c7bdf 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -414,6 +414,11 @@ public class SecurityManager implements ISecurityManager
     public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext,
         OMMonitor monitor) throws RuntimeException
     {
+      for (IRoleProvider roleProvider : getRoleProviders())
+      {
+        roleProvider.handleCommit(SecurityManager.this, commitContext);
+      }
+
       CDOBranchPoint securityContext = commitContext.getBranchPoint();
       String userID = commitContext.getUserID();
       User user = getUser(userID);
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
index 4d385be6e7..269cb56382 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
@@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
 import org.eclipse.emf.cdo.server.security.ISecurityManager;
 
 import org.eclipse.net4j.util.factory.ProductCreationException;
@@ -26,6 +27,8 @@ import java.util.Set;
  */
 public interface IRoleProvider
 {
+  public void handleCommit(ISecurityManager securityManager, CommitContext commitContext);
+
   public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
       CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission);
 
-- 
cgit v1.2.3