3 files changed, 168 insertions, 31 deletions

diff --git a/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerChkPoint.java b/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerChkPoint.java
new file mode 100644
index 00000000000..6c546dfd395
--- /dev/null
+++ b/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerChkPoint.java
@@ -0,0 +1,42 @@
+/*******************************************************************************

+ * Copyright (c) 2004, 2007 Boeing.

+ * All rights reserved. This program and the accompanying materials

+ * are made available under the terms of the Eclipse Public License v1.0

+ * which accompanies this distribution, and is available at

+ * http://www.eclipse.org/legal/epl-v10.html

+ *

+ * Contributors:

+ *     Boeing - initial API and implementation

+ *******************************************************************************/

+package org.eclipse.osee.framework.lifecycle.access;

+

+import java.util.Collection;

+import org.eclipse.osee.framework.core.model.IBasicArtifact;

+import org.eclipse.osee.framework.lifecycle.AbstractLifecyclePoint;

+

+/**

+ * @author Jeff C. Phillips

+ */

+public class AccessManagerChkPoint extends AbstractLifecyclePoint<AccessManagerHandler> {

+

+   public static final Type<AccessManagerHandler> TYPE = new Type<AccessManagerHandler>();

+   private final IBasicArtifact<?> userArtifact;

+   private final Collection<IBasicArtifact<?>> artsToCheck;

+

+   public AccessManagerChkPoint(IBasicArtifact<?> userArtifact, Collection<IBasicArtifact<?>> artsToCheck) {

+      super();

+      this.userArtifact = userArtifact;

+      this.artsToCheck = artsToCheck;

+   }

+

+   @Override

+   protected void initializeHandlerData(AccessManagerHandler handler) {

+      handler.setData(userArtifact, artsToCheck);

+   }

+

+   @Override

+   public Type<AccessManagerHandler> getAssociatedType() {

+      return TYPE;

+   }

+

+}

diff --git a/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerHandler.java b/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerHandler.java
new file mode 100644
index 00000000000..91b3cbb0bf4
--- /dev/null
+++ b/plugins/org.eclipse.osee.framework.lifecycle/src/org/eclipse/osee/framework/lifecycle/access/AccessManagerHandler.java
@@ -0,0 +1,62 @@
+/*******************************************************************************

+ * Copyright (c) 2004, 2007 Boeing.

+ * All rights reserved. This program and the accompanying materials

+ * are made available under the terms of the Eclipse Public License v1.0

+ * which accompanies this distribution, and is available at

+ * http://www.eclipse.org/legal/epl-v10.html

+ *

+ * Contributors:

+ *     Boeing - initial API and implementation

+ *******************************************************************************/

+package org.eclipse.osee.framework.lifecycle.access;

+

+import java.util.Collection;

+import org.eclipse.core.runtime.IProgressMonitor;

+import org.eclipse.core.runtime.IStatus;

+import org.eclipse.core.runtime.Status;

+import org.eclipse.osee.framework.core.model.IBasicArtifact;

+import org.eclipse.osee.framework.lifecycle.Activator;

+import org.eclipse.osee.framework.lifecycle.LifecycleOpHandler;

+

+/**

+ * @author Jeff C. Phillips

+ */

+public class AccessManagerHandler implements LifecycleOpHandler {

+   private final IStatus status = Status.OK_STATUS;

+   private IBasicArtifact<?> userArtifact;

+   private Collection<IBasicArtifact<?>> artsToCheck;

+   private final IAccessCheckProvider accessCheckProvider;

+

+   public AccessManagerHandler(IAccessCheckProvider accessCheckProvider) {

+      this.accessCheckProvider = accessCheckProvider;

+   }

+

+   public void setData(IBasicArtifact<?> userArtifact, Collection<IBasicArtifact<?>> artsToCheck) {

+      this.userArtifact = userArtifact;

+      this.artsToCheck = artsToCheck;

+   }

+

+   @Override

+   public IStatus onCheck(IProgressMonitor monitor) {

+      IStatus statusToReturn = status;

+

+      for (IBasicArtifact<?> artifactToChk : artsToCheck) {

+         if (!accessCheckProvider.canEdit(userArtifact, artifactToChk)) {

+            statusToReturn = new Status(IStatus.ERROR, Activator.PLUGIN_ID, "Error");

+            break;

+         }

+      }

+      return statusToReturn;

+   }

+

+   @Override

+   public IStatus onPostCondition(IProgressMonitor monitor) {

+      return status;

+   }

+

+   @Override

+   public IStatus onPreCondition(IProgressMonitor monitor) {

+      return status;

+   }

+

+}

diff --git a/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/access/AccessControlManager.java b/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/access/AccessControlManager.java
index be21a0f327c..e67647747c7 100644
--- a/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/access/AccessControlManager.java
+++ b/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/access/AccessControlManager.java
@@ -23,6 +23,8 @@ import java.util.List;
 import java.util.Map;

 import java.util.Set;

 import java.util.logging.Level;

+import org.eclipse.core.runtime.IProgressMonitor;

+import org.eclipse.core.runtime.IStatus;

 import org.eclipse.osee.framework.core.enums.CoreArtifactTypes;

 import org.eclipse.osee.framework.core.enums.CoreRelationTypes;

 import org.eclipse.osee.framework.core.enums.PermissionEnum;

@@ -31,11 +33,16 @@ import org.eclipse.osee.framework.core.exception.OseeCoreException;
 import org.eclipse.osee.framework.core.exception.OseeDataStoreException;

 import org.eclipse.osee.framework.core.model.Branch;

 import org.eclipse.osee.framework.core.model.type.ArtifactType;

+import org.eclipse.osee.framework.core.operation.LogProgressMonitor;

+import org.eclipse.osee.framework.core.operation.Operations;

 import org.eclipse.osee.framework.database.core.ConnectionHandler;

 import org.eclipse.osee.framework.database.core.IOseeStatement;

 import org.eclipse.osee.framework.database.core.OseeConnection;

 import org.eclipse.osee.framework.jdk.core.type.DoubleKeyHashMap;

 import org.eclipse.osee.framework.jdk.core.type.HashCollection;

+import org.eclipse.osee.framework.lifecycle.AbstractLifecycleOperation;

+import org.eclipse.osee.framework.lifecycle.ILifecycleService;

+import org.eclipse.osee.framework.lifecycle.access.AccessManagerChkPoint;

 import org.eclipse.osee.framework.logging.OseeLog;

 import org.eclipse.osee.framework.skynet.core.SystemGroup;

 import org.eclipse.osee.framework.skynet.core.UserManager;

@@ -61,7 +68,7 @@ import org.eclipse.osee.framework.skynet.core.utility.LoadedArtifacts;
 

 /**

  * Provides access control for OSEE. <REM2>

- *

+ * 

  * @author Jeff C. Phillips

  */

 

@@ -239,7 +246,7 @@ public class AccessControlManager {
       return hasPermission(UserManager.getUser(), object, permission);

    }

 

-   public static PermissionEnum getObjectPermission(Artifact subject, Object object) {

+   public static PermissionEnum getObjectPermission(Artifact subject, Object object) throws OseeCoreException {

       for (PermissionEnum permissionEnum : PermissionEnum.values()) {

          boolean result = hasPermission(subject, object, permissionEnum);

          System.out.println("subject " + subject + " object " + object + " permission " + permissionEnum.name() + " -> " + result);

@@ -250,35 +257,12 @@ public class AccessControlManager {
       return FULLACCESS;

    }

 

-   private static boolean hasPermission(Artifact subject, Object object, PermissionEnum permission) {

-      PermissionEnum userPermission = null;

-      PermissionEnum branchPermission = null;

-      Branch branch = null;

-

-      if (object instanceof Artifact) {

-         Artifact artifact = (Artifact) object;

-         branch = artifact.getBranch();

-         userPermission = getArtifactPermission(subject, (Artifact) object, permission);

-      } else if (object instanceof Branch) {

-         branch = (Branch) object;

-      } else {

-         throw new IllegalStateException("Unhandled object type for access control - " + object);

-      }

-

-      branchPermission = getBranchPermission(subject, branch, permission);

-

-      if (branchPermission == DENY || userPermission == null) {

-         userPermission = branchPermission;

-      }

-

-      if (permission == READ && userPermission == LOCK) {

-         return true;

-      }

-

-      if (userPermission == null || userPermission == LOCK) {

-         return false;

-      }

-      return userPermission.getRank() >= permission.getRank() && !userPermission.equals(DENY);

+   private static boolean hasPermission(Artifact subject, Object object, PermissionEnum permission) throws OseeCoreException {

+      ILifecycleService service = Activator.getInstance().getLifecycleServices();

+      AccessCheckOperation accessCheckOperation = new AccessCheckOperation(service, subject, object, permission);

+      Operations.executeWork(accessCheckOperation, new LogProgressMonitor(), -1.0);

+      IStatus status = accessCheckOperation.getStatus();

+      return accessCheckOperation.hasPermission();

    }

 

    private static PermissionEnum getBranchPermission(Artifact subject, Branch branch, PermissionEnum permission) {

@@ -716,4 +700,53 @@ public class AccessControlManager {
       }

    }

 

+   private static class AccessCheckOperation extends AbstractLifecycleOperation {

+      private boolean hasPermission;

+      private final Artifact subject;

+      private final Object object;

+      private final PermissionEnum permission;

+

+      public AccessCheckOperation(ILifecycleService service, Artifact subject, Object object, PermissionEnum permission) {

+         super(service, new AccessManagerChkPoint(null, null), "Check access control", Activator.PLUGIN_ID);

+         this.hasPermission = false;

+         this.subject = subject;

+         this.object = object;

+         this.permission = permission;

+      }

+

+      public boolean hasPermission() {

+         return hasPermission;

+      }

+

+      @Override

+      protected void doCoreWork(IProgressMonitor monitor) throws Exception {

+         PermissionEnum userPermission = null;

+         PermissionEnum branchPermission = null;

+         Branch branch = null;

+

+         if (object instanceof Artifact) {

+            Artifact artifact = (Artifact) object;

+            branch = artifact.getBranch();

+            userPermission = getArtifactPermission(subject, (Artifact) object, permission);

+         } else if (object instanceof Branch) {

+            branch = (Branch) object;

+         } else {

+            throw new IllegalStateException("Unhandled object type for access control - " + object);

+         }

+

+         branchPermission = getBranchPermission(subject, branch, permission);

+

+         if (branchPermission == DENY || userPermission == null) {

+            userPermission = branchPermission;

+         }

+

+         if (permission == READ && userPermission == LOCK) {

+            hasPermission = true;

+         } else if (userPermission == null || userPermission == LOCK) {

+            hasPermission = false;

+         } else {

+            hasPermission = userPermission.getRank() >= permission.getRank() && !userPermission.equals(DENY);

+         }

+      }

+   }

 }