inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Backing out stuff that should have gone on its own branch.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6890 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2007-10-01 15:47:06 +00:00
parent 0911547299
commit 19d195c423
27 changed files with 119 additions and 2402 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
source/java/org/alfresco/repo/avm/util/RawServices.java
View File

@@ -1,5 +1,5 @@
/**
*
*
*/
package org.alfresco.repo.avm.util;
@@ -10,7 +10,6 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.MimetypeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
@@ -24,75 +23,70 @@ public class RawServices implements ApplicationContextAware
* The instance of RawServices
*/
private static RawServices fgInstance;
/**
* The Application Context.
*/
private ApplicationContext fContext;
private ApplicationContext fContext;
/**
* The AuthenticationComponent.
*/
private AuthenticationComponent fAuthenticationComponent;
/**
* The Content Service.
*/
private ContentService fContentService;
/**
* The Mimetype Service.
*/
private MimetypeService fMimetypeService;
/**
* The Dictionary Service.
*/
private DictionaryService fDictionaryService;
/**
* The Content Store.
*/
private ContentStore fContentStore;
/**
* The LookupCache.
*/
private LookupCache fLookupCache;
/**
* The Authority Service.
*/
private AuthorityService fAuthorityService;
/**
* The CapabilityRegistry.
*/
private AuthorityCapabilityRegistry fCapabilityRegistry;
/**
* Default constructor.
*/
public RawServices()
{
fgInstance = this;
fgInstance = this;
}
public static RawServices Instance()
{
return fgInstance;
}
public void setApplicationContext(ApplicationContext applicationContext)
{
fContext = applicationContext;
}
public AuthenticationComponent getAuthenticationComponent()
{
if (fAuthenticationComponent == null)
{
fAuthenticationComponent =
fAuthenticationComponent =
(AuthenticationComponent)fContext.getBean("authenticationComponent");
}
return fAuthenticationComponent;
@@ -102,7 +96,7 @@ public class RawServices implements ApplicationContextAware
{
if (fContentService == null)
{
fContentService =
fContentService =
(ContentService)fContext.getBean("contentService");
}
return fContentService;
@@ -112,12 +106,12 @@ public class RawServices implements ApplicationContextAware
{
if (fMimetypeService == null)
{
fMimetypeService =
fMimetypeService =
(MimetypeService)fContext.getBean("mimetypeService");
}
return fMimetypeService;
}
public DictionaryService getDictionaryService()
{
if (fDictionaryService == null)
@@ -127,7 +121,7 @@ public class RawServices implements ApplicationContextAware
}
return fDictionaryService;
}
public ContentStore getContentStore()
{
if (fContentStore == null)
@@ -137,7 +131,7 @@ public class RawServices implements ApplicationContextAware
}
return fContentStore;
}
public LookupCache getLookupCache()
{
if (fLookupCache == null)
@@ -146,7 +140,7 @@ public class RawServices implements ApplicationContextAware
}
return fLookupCache;
}
public AuthorityService getAuthorityService()
{
if (fAuthorityService == null)
@@ -157,15 +151,6 @@ public class RawServices implements ApplicationContextAware
return fAuthorityService;
}
public AuthorityCapabilityRegistry getAuthorityCapabilityRegistry()
{
if (fCapabilityRegistry == null)
{
fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
}
return fCapabilityRegistry;
}
public ApplicationContext getContext()
{
return fContext;

27
source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authentication;
@@ -61,7 +61,6 @@ import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext;
@@ -72,7 +71,7 @@ public class AuthenticationTest extends TestCase
private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
private NodeService nodeService;
private TenantService tenantService;
private SearchService searchService;
@@ -96,7 +95,7 @@ public class AuthenticationTest extends TestCase
private SaltSource saltSource;
private TicketComponent ticketComponent;
private SimpleCache<String, Ticket> ticketsCache;
private AuthenticationService authenticationService;
@@ -109,8 +108,6 @@ public class AuthenticationTest extends TestCase
private AuthenticationComponent authenticationComponentImpl;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthenticationTest()
{
super();
@@ -134,7 +131,6 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authorityCapabilityRegistry = (AuthorityCapabilityRegistry) ctx.getBean("authorityCapabilityRegistry");
// permissionServiceSPI = (PermissionServiceSPI)
// ctx.getBean("permissionService");
ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");
@@ -242,7 +238,7 @@ public class AuthenticationTest extends TestCase
{
authenticationService.authenticate("GUEST", "".toCharArray());
}
public void testCreateUsers()
{
authenticationService.createAuthentication("GUEST", "".toCharArray());
@@ -265,7 +261,7 @@ public class AuthenticationTest extends TestCase
{
// TODO - could create tenant domain 'chocolate.chip.cookie.com'
}
authenticationService.createAuthentication("Andy_Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_Woof/Domain", "".toCharArray());
assertEquals("Andy_Woof/Domain", authenticationService.getCurrentUserName());
@@ -273,7 +269,7 @@ public class AuthenticationTest extends TestCase
authenticationService.createAuthentication("Andy_ Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_ Woof/Domain", "".toCharArray());
assertEquals("Andy_ Woof/Domain", authenticationService.getCurrentUserName());
if (! tenantService.isEnabled())
{
authenticationService.createAuthentication("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", "".toCharArray());
@@ -295,7 +291,6 @@ public class AuthenticationTest extends TestCase
dao.setDictionaryService(dictionaryService);
dao.setNamespaceService(getNamespacePrefixReolsver(""));
dao.setPasswordEncoder(passwordEncoder);
dao.setAuthorityCapabilityRegistry(authorityCapabilityRegistry);
dao.createUser("Andy", "cabbage".toCharArray());
assertNotNull(dao.getUserOrNull("Andy"));
@@ -702,7 +697,7 @@ public class AuthenticationTest extends TestCase
tc.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy"), ticket);
dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy"));

26
source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authentication;
@@ -53,7 +53,6 @@ import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.dao.DataAccessException;
public class RepositoryAuthenticationDao implements MutableAuthenticationDao
@@ -71,8 +70,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
private SearchService searchService;
private PasswordEncoder passwordEncoder;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
private boolean userNamesAreCaseSensitive;
@@ -115,11 +112,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{
this.searchService = searchService;
}
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException,
DataAccessException
@@ -156,11 +148,11 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{
return null;
}
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("@usr\\:username:\"" + searchUserName + "\"");
try
{
sp.addStore(tenantService.getName(searchUserName, STOREREF_USERS));
@@ -219,7 +211,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
}
}
}
return returnRef;
}
finally
@@ -252,7 +244,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
properties);
authorityCapabilityRegistry.addAuthority(caseSensitiveUserName, null);
}
private NodeRef getUserFolderLocation(String caseSensitiveUserName)
@@ -312,7 +303,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
throw new AuthenticationException("User name does not exist: " + userName);
}
nodeService.deleteNode(userRef);
authorityCapabilityRegistry.removeAuthority(userName);
}
public Object getSalt(UserDetails userDetails)

22
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authority;
@@ -51,7 +51,6 @@ import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.util.ISO9075;
public class AuthorityDAOImpl implements AuthorityDAO
@@ -71,8 +70,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
private DictionaryService dictionaryService;
private SimpleCache<String, HashSet<String>> userToAuthorityCache;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthorityDAOImpl()
{
@@ -106,11 +103,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
this.userToAuthorityCache = userToAuthorityCache;
}
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public boolean authorityExists(String name)
{
NodeRef ref = getAuthorityOrNull(name);
@@ -150,7 +142,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new AlfrescoRuntimeException("Authorities of the type "
+ AuthorityType.getAuthorityType(childName) + " may not be added to other authorities");
}
authorityCapabilityRegistry.addAuthority(childName, parentName);
}
public void createAuthority(String parentName, String name)
@@ -173,7 +164,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name,
namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props);
}
authorityCapabilityRegistry.addAuthority(name, parentName);
}
public void deleteAuthority(String name)
@@ -185,7 +175,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
}
nodeService.deleteNode(nodeRef);
userToAuthorityCache.clear();
authorityCapabilityRegistry.removeAuthority(name);
}
public Set<String> getAllRootAuthorities(AuthorityType type)
@@ -256,7 +245,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.removeChild(parentRef, childRef);
userToAuthorityCache.clear();
}
authorityCapabilityRegistry.removeAuthorityChild(parentName, childName);
}
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)

425
source/java/org/alfresco/repo/simple/permission/ACLImpl.java
View File

@@ -1,425 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.avm.util.RawServices;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
/**
* Basic implementation of a simple ACL.
* @author britt
*/
public class ACLImpl implements ACL
{
private static final long serialVersionUID = -8720314753104805631L;
/**
* Map of capabilities to authorities allowed.
*/
private Map<String, Set<String>> fAllowed;
/**
* Map of capabilities to authorities denied.
*/
private Map<String, Set<String>> fDenied;
/**
* Should this ACL be inherited.
*/
private boolean fInherit;
/**
* String (compact) representation of ACL.
*/
private String fStringRep;
/**
* Reference to the capability registry.
*/
private transient AuthorityCapabilityRegistry fCapabilityRegistry;
/**
* Initialize a brand new one.
* @param inherit Should this ACL be inherited.
*/
public ACLImpl(boolean inherit)
{
fInherit = inherit;
fCapabilityRegistry = RawServices.Instance().getAuthorityCapabilityRegistry();
fAllowed = new HashMap<String, Set<String>>();
fDenied = new HashMap<String, Set<String>>();
fStringRep = null;
}
/**
* Initialize from an external string representation.
* @param rep
*/
public ACLImpl(String rep)
{
this(true);
fStringRep = rep;
}
public ACLImpl(ACL other)
{
this(true);
fStringRep = other.getStringRepresentation();
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#allow(java.lang.String, java.lang.String[])
*/
public void allow(String capability, String... authorities)
{
capability = capability.toLowerCase();
List<String> auths = new ArrayList<String>();
for (String auth : authorities)
{
auths.add(fCapabilityRegistry.normalizeAuthority(auth));
}
digest();
// First remove any explicit denies.
Set<String> denied = fDenied.get(capability);
if (denied != null)
{
for (String authority : auths)
{
denied.remove(authority);
}
}
// Add the authorities to the allowed list.
Set<String> allowed = fAllowed.get(capability);
if (allowed == null)
{
allowed = new HashSet<String>();
fAllowed.put(capability, allowed);
}
for (String authority : auths)
{
allowed.add(authority);
}
}
/**
* Helper to decode from the string representation.
*/
private void digest()
{
if (fStringRep == null)
{
return;
}
String[] segments = fStringRep.split("\\|");
fInherit = segments[0].equals("i");
digestMap(segments[1], fAllowed);
digestMap(segments[2], fDenied);
fStringRep = null;
}
/**
* Sub helper for decoding string representation.
* @param string The partial string representation.
* @param map The map to update.
*/
private void digestMap(String rep, Map<String, Set<String>> map)
{
String[] segments = rep.split(":");
if (segments.length == 0 || segments[0].equals(""))
{
// This means there are no explicit entries.
return;
}
for (String entryRep : segments)
{
String[] entryRegs = entryRep.split(";");
String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 32));
if (capability == null)
{
continue;
}
Set<String> authorities = new HashSet<String>();
map.put(capability, authorities);
for (int i = 1; i < entryRegs.length; ++i)
{
String authority = fCapabilityRegistry.getAuthorityName(Integer.parseInt(entryRegs[i], 32));
if (authority == null)
{
continue;
}
authorities.add(authority);
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#can(java.lang.String, boolean, java.lang.String)
*/
public boolean can(String authority, boolean isOwner, String capability)
{
authority = fCapabilityRegistry.normalizeAuthority(authority);
capability = capability.toLowerCase();
digest();
AuthorityType type = AuthorityType.getAuthorityType(authority);
// Admin trumps.
if (type == AuthorityType.ADMIN)
{
return true;
}
// Look for denies first.
Set<String> denied = fDenied.get(capability);
if (denied != null)
{
if (denied.contains(authority))
{
return false;
}
for (String auth : denied)
{
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return false;
}
}
}
// Now look for allows.
Set<String> allowed = fAllowed.get(capability);
if (allowed != null)
{
if (allowed.contains(authority))
{
return true;
}
for (String auth : allowed)
{
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return true;
}
}
}
return false;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#deny(java.lang.String, java.lang.String[])
*/
public void deny(String capability, String ... authorities)
{
capability = capability.toLowerCase();
List<String> auths = new ArrayList<String>();
for (String auth : authorities)
{
auths.add(fCapabilityRegistry.normalizeAuthority(auth));
}
digest();
// Remove corresponding explicit allows.
Set<String> allowed = fAllowed.get(capability);
if (allowed != null)
{
for (String authority : auths)
{
allowed.remove(authority);
}
}
// Now add denies.
Set<String> denied = fDenied.get(capability);
if (denied == null)
{
denied = new HashSet<String>();
fDenied.put(capability, denied);
}
for (String authority : auths)
{
if (AuthorityType.getAuthorityType(authority) == AuthorityType.ADMIN)
{
continue;
}
denied.add(authority);
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getAllowed(java.lang.String)
*/
public Set<String> getAllowed(String capability)
{
capability = capability.toLowerCase();
digest();
Set<String> allowed = new HashSet<String>();
allowed.add(AuthorityType.ADMIN.getFixedString());
// Add the explicitly allowed.
Set<String> expAllowed = fAllowed.get(capability);
if (expAllowed == null)
{
return allowed;
}
allowed.addAll(expAllowed);
for (String authority : expAllowed)
{
allowed.addAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
// Now remove based on denials.
Set<String> denied = fDenied.get(capability);
if (denied == null)
{
return allowed;
}
allowed.removeAll(denied);
// Now those that are indirectly denied.
for (String authority : denied)
{
allowed.removeAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
return allowed;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getCapabilities(java.lang.String, boolean)
*/
public Set<String> getCapabilities(String authority, boolean isOwner)
{
authority = fCapabilityRegistry.normalizeAuthority(authority);
digest();
AuthorityType type = AuthorityType.getAuthorityType(authority);
if (type == AuthorityType.ADMIN)
{
return fCapabilityRegistry.getAllCapabilities();
}
Set<String> capabilities = new HashSet<String>();
// First run through the allowed entries.
Set<String> containers = null;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{
if (entry.getValue().contains(authority))
{
capabilities.add(entry.getKey());
continue;
}
if (containers == null)
{
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
if (entry.getValue().contains(auth))
{
capabilities.add(entry.getKey());
break;
}
}
}
// Now go through the denials.
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{
if (!capabilities.contains(entry.getKey()))
{
continue;
}
Set<String> denied = entry.getValue();
if (denied.contains(authority))
{
capabilities.remove(entry.getKey());
continue;
}
if (containers == null)
{
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
if (denied.contains(auth))
{
capabilities.remove(entry.getKey());
break;
}
}
}
return capabilities;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getStringRepresentation()
*/
public String getStringRepresentation()
{
if (fStringRep != null)
{
return fStringRep;
}
StringBuilder builder = new StringBuilder();
builder.append(fInherit ? 'i' : 'n');
builder.append('|');
int count = 0;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fAllowed.size() - 1)
{
builder.append(':');
}
}
builder.append('|');
count = 0;
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fDenied.size() - 1)
{
builder.append(':');
}
}
return builder.toString();
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#inherits()
*/
public boolean inherits()
{
digest();
return fInherit;
}
}

175
source/java/org/alfresco/repo/simple/permission/ACLTest.java
View File

@@ -1,175 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import junit.framework.TestCase;
/**
* Rudimentary test of ACLs.
* @author britt
*/
public class ACLTest extends TestCase
{
private static FileSystemXmlApplicationContext fContext = null;
private static PersonService fPersonService;
private static AuthorityService fAuthorityService;
private static AuthenticationService fAuthenticationService;
private static AuthenticationComponent fAuthenticationComponent;
private static AuthorityCapabilityRegistry fCapabilityRegistry;
/* (non-Javadoc)
* @see junit.framework.TestCase#setUp()
*/
protected void setUp() throws Exception
{
if (fContext == null)
{
fContext = new FileSystemXmlApplicationContext("config/alfresco/application-context.xml");
fPersonService = (PersonService)fContext.getBean("PersonService");
fAuthorityService = (AuthorityService)fContext.getBean("AuthorityService");
fAuthenticationService = (AuthenticationService)fContext.getBean("AuthenticationService");
fAuthenticationComponent = (AuthenticationComponent)fContext.getBean("AuthenticationComponent");
fAuthenticationComponent.setSystemUserAsCurrentUser();
fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
}
// Set up sample users groups and roles.
try
{
fAuthenticationService.createAuthentication("Buffy", "Buffy".toCharArray());
fPersonService.getPerson("Buffy");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "Scoobies");
fAuthorityService.addAuthority("GROUP_Scoobies", "Buffy");
fAuthenticationService.createAuthentication("Willow", "Willow".toCharArray());
fPersonService.getPerson("Willow");
fAuthorityService.addAuthority("GROUP_Scoobies", "Willow");
fAuthenticationService.createAuthentication("Xander", "Xander".toCharArray());
fPersonService.getPerson("Xander");
fAuthorityService.addAuthority("GROUP_Scoobies", "Xander");
fAuthenticationService.createAuthentication("Tara", "Tara".toCharArray());
fPersonService.getPerson("Tara");
fAuthenticationService.createAuthentication("Spike", "Spike".toCharArray());
fPersonService.getPerson("Spike");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "vampires");
fAuthorityService.addAuthority("GROUP_vampires", "Spike");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "soulless");
fAuthorityService.addAuthority("GROUP_soulless", "Spike");
}
catch (Exception e)
{
tearDown();
setUp();
}
}
/* (non-Javadoc)
* @see junit.framework.TestCase#tearDown()
*/
protected void tearDown() throws Exception
{
fAuthenticationService.deleteAuthentication("Buffy");
fAuthenticationService.deleteAuthentication("Willow");
fAuthenticationService.deleteAuthentication("Xander");
fAuthenticationService.deleteAuthentication("Tara");
fAuthenticationService.deleteAuthentication("Spike");
fPersonService.deletePerson("Buffy");
fPersonService.deletePerson("Willow");
fPersonService.deletePerson("Tara");
fPersonService.deletePerson("Xander");
fPersonService.deletePerson("Spike");
fAuthorityService.deleteAuthority("GROUP_Scoobies");
fAuthorityService.deleteAuthority("GROUP_vampires");
fAuthorityService.deleteAuthority("GROUP_soulless");
}
public void testBasic()
{
try
{
Set<String> allCaps = fCapabilityRegistry.getAllCapabilities();
System.out.println(allCaps);
System.out.println(fCapabilityRegistry.getAllAuthorities());
ACL acl = new ACLImpl(true);
acl.allow("read", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("write", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("delete", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("shimmy", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("shake", "GROUP_vampires", "Tara");
acl.deny("delete", "Xander", "GROUP_soulless");
acl.deny("shake", "Spike");
checkEvaluation(allCaps, acl, "Spike");
checkEvaluation(allCaps, acl, "Tara");
checkEvaluation(allCaps, acl, "Xander");
checkEvaluation(allCaps, acl, "Buffy");
String stringRep = acl.getStringRepresentation();
System.out.println(stringRep);
ACL acl2 = new ACLImpl(stringRep);
System.out.println(acl2.getStringRepresentation());
checkEvaluation(allCaps, acl2, "Spike");
checkEvaluation(allCaps, acl2, "Tara");
checkEvaluation(allCaps, acl2, "Xander");
checkEvaluation(allCaps, acl2, "Buffy");
System.out.println(acl2.getStringRepresentation());
}
catch (Exception e)
{
e.printStackTrace();
fail();
}
}
private void checkEvaluation(Set<String> allCaps, ACL acl, String authority)
{
Set<String> caps = acl.getCapabilities(authority, false);
System.out.println(caps);
for (String cap : caps)
{
assertTrue(acl.can(authority, false, cap));
}
Set<String> inverse = new HashSet<String>(allCaps);
inverse.removeAll(caps);
for (String cap : inverse)
{
assertFalse(acl.can(authority, false, cap));
}
}
}

29
source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml
View File

@@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping package="org.alfresco.repo.simple.permission">
<!-- All the authorities and their containment relationships. -->
<class name="AuthorityEntryImpl" proxy="AuthorityEntry" optimistic-lock="version"
table="alf_authority_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
<set name="children" table="alf_auth_children" optimistic-lock="true"
sort="unsorted">
<key column="parent_id" foreign-key="fk_child_auth"/>
<many-to-many class="AuthorityEntryImpl" column="child_id" foreign-key="fk_auth_child"/>
</set>
</class>
<!-- All the capabilities. -->
<class name="CapabilityEntryImpl" proxy="CapabilityEntry" optimistic-lock="version"
table="alf_capability_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
</class>
</hibernate-mapping>

64
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java
View File

@@ -1,64 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import org.alfresco.util.AbstractLifecycleBean;
import org.springframework.context.ApplicationEvent;
/**
* Bootstrapping for the AuthorityCapabilityRegistry.
* @author britt
*/
public class AuthorityCapabilityBootstrap extends AbstractLifecycleBean
{
private AuthorityCapabilityRegistryImpl fRegistry;
public AuthorityCapabilityBootstrap()
{
}
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistryImpl registry)
{
fRegistry = registry;
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
fRegistry.bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onShutdown(ApplicationEvent event)
{
}
}

588
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java
View File

@@ -1,588 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.TransactionListener;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Implementation of a registry for Authorities and Capabilities.
* @author britt
*/
public class AuthorityCapabilityRegistryImpl implements
AuthorityCapabilityRegistry, TransactionListener
{
private static Log fgLogger = LogFactory.getLog(AuthorityCapabilityRegistryImpl.class);
private Map<String, Integer> fAuthorityToID;
private Map<Integer, String> fIDToAuthority;
private Map<String, Set<String>> fAuthorityToChild;
private Map<String, Set<String>> fChildToAuthority;
private Map<String, Integer> fCapabilityToID;
private Map<Integer, String> fIDToCapability;
private AuthorityEntryDAO fAuthorityEntryDAO;
private CapabilityEntryDAO fCapabilityEntryDAO;
private Set<String> fInitialCapabilities;
private RetryingTransactionHelper fTransactionHelper;
private AuthorityService fAuthorityService;
public AuthorityCapabilityRegistryImpl()
{
fAuthorityToID = new HashMap<String, Integer>();
fIDToAuthority = new HashMap<Integer, String>();
fAuthorityToChild = new HashMap<String, Set<String>>();
fChildToAuthority = new HashMap<String, Set<String>>();
fCapabilityToID = new HashMap<String, Integer>();
fIDToCapability = new HashMap<Integer, String>();
}
public void setAuthorityEntryDAO(AuthorityEntryDAO dao)
{
fAuthorityEntryDAO = dao;
}
public void setCapabilityEntryDAO(CapabilityEntryDAO dao)
{
fCapabilityEntryDAO = dao;
}
public void setCapabilities(Set<String> capabilities)
{
fInitialCapabilities = capabilities;
}
public void setRetryingTransactionHelper(RetryingTransactionHelper helper)
{
fTransactionHelper = helper;
}
public void setAuthorityService(AuthorityService service)
{
fAuthorityService = service;
}
public void bootstrap()
{
fTransactionHelper.doInTransaction(
new RetryingTransactionHelper.RetryingTransactionCallback<Object>()
{
public Object execute()
{
init();
return null;
}
});
}
public void init()
{
List<CapabilityEntry> entries = fCapabilityEntryDAO.getAll();
for (CapabilityEntry entry : entries)
{
String capability = entry.getName().toLowerCase();
fCapabilityToID.put(capability, entry.getId());
fIDToCapability.put(entry.getId(), capability);
}
for (String entry : fInitialCapabilities)
{
entry = entry.toLowerCase();
if (!fCapabilityToID.containsKey(entry))
{
CapabilityEntry newEntry = new CapabilityEntryImpl(entry);
fCapabilityEntryDAO.save(newEntry);
fCapabilityToID.put(entry, newEntry.getId());
fIDToCapability.put(newEntry.getId(), entry);
}
}
List<AuthorityEntry> authorities = fAuthorityEntryDAO.get();
for (AuthorityEntry entry : authorities)
{
String name = normalizeAuthority(entry.getName());
Integer id = entry.getId();
fAuthorityToID.put(name, id);
fIDToAuthority.put(id, name);
for (AuthorityEntry child : entry.getChildren())
{
String childName = normalizeAuthority(child.getName());
Set<String> children = fAuthorityToChild.get(name);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(name, children);
}
children.add(childName);
Set<String> parents = fChildToAuthority.get(childName);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(childName, parents);
}
parents.add(name);
}
}
// Now go to AuthorityService to fill anything that might be missing.
AuthorityType[] types = AuthorityType.values();
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
auth = normalizeAuthority(auth);
if (fAuthorityToID.containsKey(auth))
{
continue;
}
AuthorityEntry entry = new AuthorityEntryImpl(auth);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(auth, entry.getId());
fIDToAuthority.put(entry.getId(), auth);
}
}
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
AuthorityType aType = AuthorityType.getAuthorityType(auth);
if (aType == AuthorityType.ROLE || aType == AuthorityType.EVERYONE ||
aType == AuthorityType.GUEST)
{
continue;
}
Set<String> children = fAuthorityService.getContainedAuthorities(null, auth, true);
auth = normalizeAuthority(auth);
Set<String> found = fAuthorityToChild.get(auth);
if (found == null)
{
found = new HashSet<String>();
fAuthorityToChild.put(auth, found);
}
AuthorityEntry entry = null;
if (!fAuthorityToID.containsKey(auth))
{
entry = new AuthorityEntryImpl(auth);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(auth, entry.getId());
fIDToAuthority.put(entry.getId(), auth);
}
else
{
entry = fAuthorityEntryDAO.get(fAuthorityToID.get(auth));
}
for (String child : children)
{
child = normalizeAuthority(child);
if (found.contains(child))
{
continue;
}
AuthorityEntry childEntry = null;
if (!fAuthorityToID.containsKey(child))
{
childEntry = new AuthorityEntryImpl(child);
fAuthorityEntryDAO.save(childEntry);
fAuthorityToID.put(child, childEntry.getId());
fIDToAuthority.put(childEntry.getId(), child);
}
else
{
childEntry = fAuthorityEntryDAO.get(fAuthorityToID.get(child));
}
entry.getChildren().add(childEntry);
found.add(child);
Set<String> parents = fChildToAuthority.get(child);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(child, parents);
}
parents.add(auth);
}
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addAuthority(java.lang.String, java.lang.String)
*/
public synchronized void addAuthority(String authority, String parent)
{
authority = normalizeAuthority(authority);
parent = normalizeAuthority(parent);
AlfrescoTransactionSupport.bindListener(this);
AuthorityEntry entry = null;
if (!fAuthorityToID.containsKey(authority))
{
entry = new AuthorityEntryImpl(authority);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(authority, entry.getId());
fIDToAuthority.put(entry.getId(), authority);
}
if (parent != null)
{
if (entry == null)
{
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
entry = fAuthorityEntryDAO.get(id);
}
Integer id = fAuthorityToID.get(parent);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
AuthorityEntry pEntry = fAuthorityEntryDAO.get(id);
pEntry.getChildren().add(entry);
Set<String> children = fAuthorityToChild.get(parent);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(parent, children);
}
children.add(authority);
Set<String> parents = fChildToAuthority.get(authority);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(authority, parents);
}
parents.add(parent);
}
}
/**
* Get case normalized authority.
*/
public String normalizeAuthority(String authority)
{
if (authority == null)
{
return null;
}
AuthorityType type = AuthorityType.getAuthorityType(authority);
switch (type)
{
case ADMIN :
{
return authority;
}
case EVERYONE :
{
return PermissionService.ALL_AUTHORITIES;
}
case GROUP :
{
return PermissionService.GROUP_PREFIX + authority.substring(PermissionService.GROUP_PREFIX.length()).toLowerCase();
}
case USER :
case GUEST :
{
return authority.toLowerCase();
}
case OWNER :
{
return PermissionService.OWNER_AUTHORITY;
}
case ROLE :
{
return PermissionService.ROLE_PREFIX + authority.substring(PermissionService.ROLE_PREFIX.length()).toLowerCase();
}
default :
{
return null;
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthority(java.lang.String)
*/
public synchronized void removeAuthority(String authority)
{
authority = normalizeAuthority(authority);
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return;
}
AuthorityEntry entry = fAuthorityEntryDAO.get(id);
if (entry == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
List<AuthorityEntry> parents = fAuthorityEntryDAO.getParents(entry);
for (AuthorityEntry parent : parents)
{
parent.getChildren().remove(entry);
}
fAuthorityEntryDAO.delete(entry);
Set<String> pNames = fChildToAuthority.get(authority);
if (pNames != null)
{
for (String parent : pNames)
{
fAuthorityToChild.get(parent).remove(authority);
}
}
fChildToAuthority.remove(authority);
id = fAuthorityToID.remove(authority);
fIDToAuthority.remove(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthorityChild(java.lang.String, java.lang.String)
*/
public synchronized void removeAuthorityChild(String parent, String child)
{
parent = normalizeAuthority(parent);
child = normalizeAuthority(child);
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(child);
if (id == null)
{
return;
}
AuthorityEntry cEntry = fAuthorityEntryDAO.get(id);
id = fAuthorityToID.get(parent);
if (id == null)
{
return;
}
AuthorityEntry cParent = fAuthorityEntryDAO.get(parent);
cParent.getChildren().remove(cEntry);
fAuthorityToChild.get(parent).remove(child);
fChildToAuthority.get(child).remove(parent);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addCapability(java.lang.String)
*/
public synchronized void addCapability(String capability)
{
capability = capability.toLowerCase();
AlfrescoTransactionSupport.bindListener(this);
CapabilityEntry entry = fCapabilityEntryDAO.get(capability);
if (entry != null)
{
return;
}
entry = new CapabilityEntryImpl(capability);
fCapabilityEntryDAO.save(entry);
entry = fCapabilityEntryDAO.get(capability);
fCapabilityToID.put(capability, entry.getId());
fIDToCapability.put(entry.getId(), capability);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllAuthorities()
*/
public synchronized Set<String> getAllAuthorities()
{
return new HashSet<String>(fAuthorityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllCapabilities()
*/
public synchronized Set<String> getAllCapabilities()
{
return new HashSet<String>(fCapabilityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityID(java.lang.String)
*/
public synchronized int getAuthorityID(String authority)
{
authority = normalizeAuthority(authority);
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityName(int)
*/
public synchronized String getAuthorityName(int id)
{
return fIDToAuthority.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityID(java.lang.String)
*/
public synchronized int getCapabilityID(String capability)
{
capability = capability.toLowerCase();
Integer id = fCapabilityToID.get(capability);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityName(int)
*/
public synchronized String getCapabilityName(int id)
{
return fIDToCapability.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainedAuthorities(java.lang.String)
*/
public synchronized Set<String> getContainedAuthorities(String authority)
{
authority = normalizeAuthority(authority);
Set<String> contained = new HashSet<String>();
contained.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : contained)
{
Set<String> children = fAuthorityToChild.get(auth);
if (children != null)
{
more.addAll(children);
}
}
contained.addAll(more);
oldCount = count;
count = contained.size();
}
contained.remove(authority);
return contained;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainerAuthorities(java.lang.String)
*/
public Set<String> getContainerAuthorities(String authority)
{
authority = normalizeAuthority(authority);
Set<String> containers = new HashSet<String>();
containers.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : containers)
{
Set<String> parents = fChildToAuthority.get(auth);
if (parents != null)
{
more.addAll(parents);
}
}
containers.addAll(more);
oldCount = count;
count = containers.size();
}
containers.remove(authority);
return containers;
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterCommit()
*/
public void afterCommit()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterRollback()
*/
public synchronized void afterRollback()
{
fAuthorityToID.clear();
fIDToAuthority.clear();
fAuthorityToChild.clear();
fChildToAuthority.clear();
fCapabilityToID.clear();
fIDToCapability.clear();
bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCommit(boolean)
*/
public void beforeCommit(boolean readOnly)
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCompletion()
*/
public void beforeCompletion()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#flush()
*/
public void flush()
{
}
}

55
source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java
View File

@@ -1,55 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.io.Serializable;
import java.util.Set;
/**
* Interface for an Authority entry, an aggregate of an authority name, id,
* and a set of children.
* @author britt
*/
public interface AuthorityEntry extends Serializable
{
/**
* Get the Primary Key.
* @return The id.
*/
public int getId();
/**
* Get the name of the authority.
* @return The name.
*/
public String getName();
/**
* Get the children of this entry.
* @return The set of children.
*/
public Set<AuthorityEntry> getChildren();
}

74
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java
View File

@@ -1,74 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO interface for Authority Entries.
* @author britt
*/
public interface AuthorityEntryDAO
{
/**
* Save one. Recursive.
* @param entry The one to save.
*/
public void save(AuthorityEntry entry);
/**
* Get all the entries.
* @return What you asked for.
*/
public List<AuthorityEntry> get();
/**
* Get the parents of an authority.
* @param entry The child.
* @return The parents.
*/
public List<AuthorityEntry> getParents(AuthorityEntry entry);
/**
* Get one by name.
* @param name The authority name.
* @return The entry or null if not found.
*/
public AuthorityEntry get(String name);
/**
* Get one by primary key.
* @param id
* @return The entry or null if not found.
*/
public AuthorityEntry get(int id);
/**
* Delete an authority.
* @param entry The authority.
*/
public void delete(AuthorityEntry entry);
}

95
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java
View File

@@ -1,95 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate DAO for Authority Entries.
* @author britt
*/
public class AuthorityEntryDAOHibernate extends HibernateDaoSupport implements
AuthorityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(java.lang.String)
*/
public AuthorityEntry get(String name)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where ae.name = :name");
query.setString("name", name);
return (AuthorityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(int)
*/
public AuthorityEntry get(int id)
{
return (AuthorityEntry)getSession().get(AuthorityEntryImpl.class, id);
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getRoots()
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> get()
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae");
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#save(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void save(AuthorityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getParents(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> getParents(AuthorityEntry entry)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where :child in elements(ae.children)");
query.setEntity("child", entry);
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#delete(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void delete(AuthorityEntry entry)
{
getSession().delete(entry);
}
}

140
source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java
View File

@@ -1,140 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
/**
* Persistent Hibernate implementation of an AuthorityEntry.
* @author britt
*/
public class AuthorityEntryImpl implements AuthorityEntry
{
private static final long serialVersionUID = -3265592070954983948L;
private int fID;
private long fVersion;
private String fName;
private Set<AuthorityEntry> fChildren;
public AuthorityEntryImpl()
{
}
public AuthorityEntryImpl(String name)
{
fName = name;
fChildren = new HashSet<AuthorityEntry>();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getChildren()
*/
public Set<AuthorityEntry> getChildren()
{
return fChildren;
}
public void setChildren(Set<AuthorityEntry> children)
{
fChildren = children;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof AuthorityEntry))
{
return false;
}
return fID == ((AuthorityEntry)obj).getId();
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode()
{
return fID;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString()
{
return "[AuthorityEntry:" + fName + ":" + fID + "]";
}
}

47
source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java
View File

@@ -1,47 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.io.Serializable;
/**
* Interface for a capability entry.
* @author britt
*/
public interface CapabilityEntry extends Serializable
{
/**
* Get the primary key.
* @return The id.
*/
public int getId();
/**
* Get the name of the Capability.
* @return The name of the Capability.
*/
public String getName();
}

54
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java
View File

@@ -1,54 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO Interface for capability entries.
* @author britt
*/
public interface CapabilityEntryDAO
{
/**
* Save one.
* @param entry The one to save.
*/
public void save(CapabilityEntry entry);
/**
* Get all the CapabilityEntries.
* @return All of them.
*/
public List<CapabilityEntry> getAll();
/**
* Get an entry by name.
* @param name The name of the entry.
* @return The entry or null if it doesn't exist.
*/
public CapabilityEntry get(String name);
}

67
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java
View File

@@ -1,67 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate implementation of a CapabilityEntryDAO.
* @author britt
*/
public class CapabilityEntryDAOHibernate extends HibernateDaoSupport implements CapabilityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#get(java.lang.String)
*/
public CapabilityEntry get(String name)
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce where ce.name = :name");
query.setString("name", name);
return (CapabilityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#getAll()
*/
@SuppressWarnings("unchecked")
public List<CapabilityEntry> getAll()
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce");
return (List<CapabilityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#save(org.alfresco.repo.simple.permission.CapabilityEntry)
*/
public void save(CapabilityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
}

86
source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java
View File

@@ -1,86 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
/**
* Implementation of Capability Entry.
* @author britt
*/
public class CapabilityEntryImpl implements CapabilityEntry
{
private static final long serialVersionUID = 7235803886625308634L;
private int fID;
private String fName;
private long fVersion;
public CapabilityEntryImpl()
{
}
public CapabilityEntryImpl(String name)
{
fName = name;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
}

92
source/java/org/alfresco/service/simple/permission/ACL.java
View File

@@ -1,92 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.io.Serializable;
import java.util.Set;
/**
* Interface for ACLs. ACLs express the capabilities granted to
* different authorities (users, groups, or roles (one hopes that roles can go away as they are
* operationally just another name for a group)). ACLs contain explicit entries made of
* a capability and a list of agents plus an indication of whether the entry denies or allows
* the capability. Entries that deny override any entries that allow.
* @author britt
*/
public interface ACL extends Serializable
{
/**
* Insert an allow entry.
* Removes any denials explicitly for the authorities and capability given.
* @param capability The capability to grant.
* @param authorities The authorities granted the capability.
*/
public void allow(String capability, String ... authorities);
/**
* Insert a deny entry.
* Removes any allows explicitly for the authorities and capability given.
* @param capability The capability to deny.
* @param authorities The authorities to deny.
*/
public void deny(String capability, String ... authorities);
/**
* Does the given authority have the given capability
* @param authority The authority (user)
* @param isOwner Is the authority the owner of the controlled entity.
* @param capability The capability.
* @return Whether the authority can.
*/
public boolean can(String authority, boolean isOwner, String capability);
/**
* Get the capabilities for the given authority.
* @param authority The authority.
* @param isOwner is the authority the owner of the controlled entity.
* @return A set of capabilities.
*/
public Set<String> getCapabilities(String authority, boolean isOwner);
/**
* Get the authorities with the given capability.
* @param capability The capability under consideration.
* @return The set of authorities.
*/
public Set<String> getAllowed(String capability);
/**
* Get a string representation of this ACL, suitable for persistence.
* @return The string representation.
*/
public String getStringRepresentation();
/**
* Should this ACL be inherited.
* @return Whether it should.
*/
public boolean inherits();
}

121
source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java
View File

@@ -1,121 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.util.Set;
/**
* Interface for a registry of capabilities.
* @author britt
*/
public interface AuthorityCapabilityRegistry
{
/**
* Get all known capabilities.
* @return A list of all the capabilities.
*/
public Set<String> getAllCapabilities();
/**
* Get all authorities know to the system.
* @return
*/
public Set<String> getAllAuthorities();
/**
* Get the integer id corresponding to the given capability.
* @return The id.
*/
public int getCapabilityID(String capability);
/**
* Get the name of a capability from it's unique id.
* @param id
* @return The capability name or null if the id is invalid.
*/
public String getCapabilityName(int id);
/**
* Add a capability.
* @param capability
*/
public void addCapability(String capability);
/**
* Get the id for an authority.
* @param authority
* @return The id for the authority.
*/
public int getAuthorityID(String authority);
/**
* Get the name from an authority id.
* @param id The authority id.
* @return The authority name.
*/
public String getAuthorityName(int id);
/**
* Add a new authority.
* @param authority The authority name.
* @param parent The parent authority. May be null.
*/
public void addAuthority(String authority, String parent);
/**
* Remove an authority completely from the system.
* @param authority The authority to move.
*/
public void removeAuthority(String authority);
/**
* Remove a containment relationship.
* @param parent The parent.
* @param child The child.
*/
public void removeAuthorityChild(String parent, String child);
/**
* Get all authorities which are contained directly or transitively by the given authority.
* @param authority The authority to check.
* @return The contained authorities.
*/
public Set<String> getContainedAuthorities(String authority);
/**
* Get all authorities which directly or indirectly contain the given authority.
* @param authority The authority to check.
* @return The container authorities.
*/
public Set<String> getContainerAuthorities(String authority);
/**
* Get the case normalized version of authority.
* @param authority The authority.
* @return The case normalized version.
*/
public String normalizeAuthority(String authority);
}

73
source/java/org/alfresco/service/simple/permission/SimplePermissionService.java
View File

@@ -1,73 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.util.List;
/**
* Interface for a simple permission mechanism.
* Nothing but String valued capabilities, and ACLs.
* @author britt
*/
public interface SimplePermissionService
{
/**
* Can the current user perform the action indicated by the capability.
* @param capability The capability: marker for an ability to perform an action
* governed by an ACL.
* @param acl The ACL. If this is null then the permission is granted.
* @param owner The owner. The owner can always has the "changepermission" capability.
* @return Whether permission is granted.
*/
boolean can(String capability, ACL acl, String owner);
/**
* Can the user (agent) specified perform the action indicated by the capability.
* @param agent The agent (user) to check.
* @param capability The capability to check.
* @param acl The ACL. If this is null then the permission is granted.
* @param owner The owner.
* @return Whether permission is granted.
*/
boolean can(String agent, String capability, ACL acl, String owner);
/**
* Get the capabilities that this acl grants the current user.
* @param acl The ACL.
* @param owner The owner of the controlled entity.
* @return A list of capabilities.
*/
List<String> getCapabilities(ACL acl, String owner);
/**
* Get the capabilities that this agent grants the specifiec agent.
* @param agent The agent (user).
* @param acl The ACL.
* @param owner The owner of the controlled entity.
* @return A list of capabilities.
*/
List<String> getCapabilities(String agent, ACL acl, String owner);
}