From fb81fb447039362f673f8ffc981ec138267334ad Mon Sep 17 00:00:00 2001 From: Britt Park Date: Fri, 14 Sep 2007 12:39:07 +0000 Subject: [PATCH] Checkpoint of light weight ACLs. This is a fairly brute force strategy that allows permissions evalutations with essentially no db access. It does a number of 'bad' things and I may rip it out completely. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../authentication-services-context.xml | 3 + .../alfresco/authority-services-context.xml | 3 + config/alfresco/bootstrap-context.xml | 9 +- config/alfresco/hibernate-context.xml | 3 +- .../alfresco/simple-permissions-context.xml | 28 +- config/alfresco/version.properties | 2 +- .../alfresco/repo/avm/util/RawServices.java | 8 +- .../loader/FileFolderRemoteLoader.java | 3 +- .../authentication/AuthenticationTest.java | 6 +- .../RepositoryAuthenticationDao.java | 11 +- .../security/authority/AuthorityDAOImpl.java | 14 +- .../repo/simple/permission/ACLImpl.java | 48 +- .../repo/simple/permission/ACLTest.java | 45 +- .../permission/AuthorityCapability.hbm.xml | 29 + .../AuthorityCapabilityBootstrap.java | 64 +++ .../AuthorityCapabilityRegistryImpl.java | 506 ++++++++++++++++++ .../simple/permission/AuthorityEntry.java} | 37 +- .../simple/permission/AuthorityEntryDAO.java | 74 +++ .../AuthorityEntryDAOHibernate.java | 95 ++++ .../simple/permission/AuthorityEntryImpl.java | 140 +++++ .../simple/permission/CapabilityEntry.java | 47 ++ .../simple/permission/CapabilityEntryDAO.java | 54 ++ .../CapabilityEntryDAOHibernate.java | 67 +++ .../permission/CapabilityEntryImpl.java | 86 +++ .../permission/CapabilityRegistryImpl.java | 108 ---- .../AuthorityCapabilityRegistry.java | 114 ++++ 26 files changed, 1424 insertions(+), 180 deletions(-) create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java rename source/java/org/alfresco/{service/simple/permission/CapabilityRegistry.java => repo/simple/permission/AuthorityEntry.java} (62%) create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java create mode 100644 source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java create mode 100644 source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java create mode 100644 source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java create mode 100644 source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java create mode 100644 source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java delete mode 100644 source/java/org/alfresco/repo/simple/permission/CapabilityRegistryImpl.java create mode 100644 source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java diff --git a/config/alfresco/authentication-services-context.xml b/config/alfresco/authentication-services-context.xml index 0504dfc5e4..e1c71a6898 100644 --- a/config/alfresco/authentication-services-context.xml +++ b/config/alfresco/authentication-services-context.xml @@ -95,6 +95,9 @@ + + + diff --git a/config/alfresco/authority-services-context.xml b/config/alfresco/authority-services-context.xml index f4880d53ce..c6af6b9f48 100644 --- a/config/alfresco/authority-services-context.xml +++ b/config/alfresco/authority-services-context.xml @@ -72,6 +72,9 @@ + + + diff --git a/config/alfresco/bootstrap-context.xml b/config/alfresco/bootstrap-context.xml index 989ed85871..5b13075c2c 100644 --- a/config/alfresco/bootstrap-context.xml +++ b/config/alfresco/bootstrap-context.xml @@ -274,6 +274,13 @@ + + + + + + + @@ -300,7 +307,7 @@ - + diff --git a/config/alfresco/hibernate-context.xml b/config/alfresco/hibernate-context.xml index 7c417efaa2..b12c77277d 100644 --- a/config/alfresco/hibernate-context.xml +++ b/config/alfresco/hibernate-context.xml @@ -46,7 +46,8 @@ org/alfresco/repo/domain/hibernate/AppliedPatch.hbm.xml org/alfresco/repo/domain/hibernate/Permission.hbm.xml org/alfresco/repo/avm/hibernate/AVM.hbm.xml - org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml + org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml + org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml diff --git a/config/alfresco/simple-permissions-context.xml b/config/alfresco/simple-permissions-context.xml index 7b24feb515..6956ab4675 100644 --- a/config/alfresco/simple-permissions-context.xml +++ b/config/alfresco/simple-permissions-context.xml @@ -1,7 +1,26 @@ - + + + + + + + + + + + + + + + + + + + + read @@ -11,5 +30,12 @@ shake + + + + + + + diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties index ebff9289bb..c0f6811559 100644 --- a/config/alfresco/version.properties +++ b/config/alfresco/version.properties @@ -19,4 +19,4 @@ version.build=@build-number@ # Schema number -version.schema=106 +version.schema=107 diff --git a/source/java/org/alfresco/repo/avm/util/RawServices.java b/source/java/org/alfresco/repo/avm/util/RawServices.java index 1f3f1c1629..44ab0ac473 100644 --- a/source/java/org/alfresco/repo/avm/util/RawServices.java +++ b/source/java/org/alfresco/repo/avm/util/RawServices.java @@ -10,7 +10,7 @@ import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.MimetypeService; import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.simple.permission.CapabilityRegistry; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; @@ -68,7 +68,7 @@ public class RawServices implements ApplicationContextAware /** * The CapabilityRegistry. */ - private CapabilityRegistry fCapabilityRegistry; + private AuthorityCapabilityRegistry fCapabilityRegistry; /** * Default constructor. @@ -157,11 +157,11 @@ public class RawServices implements ApplicationContextAware return fAuthorityService; } - public CapabilityRegistry getCapabilityRegistry() + public AuthorityCapabilityRegistry getAuthorityCapabilityRegistry() { if (fCapabilityRegistry == null) { - fCapabilityRegistry = (CapabilityRegistry)fContext.getBean("capabilityRegistry"); + fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry"); } return fCapabilityRegistry; } diff --git a/source/java/org/alfresco/repo/model/filefolder/loader/FileFolderRemoteLoader.java b/source/java/org/alfresco/repo/model/filefolder/loader/FileFolderRemoteLoader.java index 760ccb6427..89bc63b20c 100644 --- a/source/java/org/alfresco/repo/model/filefolder/loader/FileFolderRemoteLoader.java +++ b/source/java/org/alfresco/repo/model/filefolder/loader/FileFolderRemoteLoader.java @@ -211,8 +211,9 @@ public class FileFolderRemoteLoader { ArrayList threads = new ArrayList(3); // Iterate over the properties and pick out the thread descriptors - for (String propertyName : properties.stringPropertyNames()) + for (Object o : properties.keySet()) { + String propertyName = (String)o; if (!propertyName.startsWith("test.load.")) { continue; diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java index 7e28fa99aa..179d470718 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java @@ -61,6 +61,7 @@ import org.alfresco.service.namespace.DynamicNamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; import org.alfresco.service.transaction.TransactionService; import org.alfresco.util.ApplicationContextHelper; import org.springframework.context.ApplicationContext; @@ -108,6 +109,8 @@ public class AuthenticationTest extends TestCase private AuthenticationComponent authenticationComponentImpl; + private AuthorityCapabilityRegistry authorityCapabilityRegistry; + public AuthenticationTest() { super(); @@ -131,6 +134,7 @@ public class AuthenticationTest extends TestCase pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService"); authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent"); + authorityCapabilityRegistry = (AuthorityCapabilityRegistry) ctx.getBean("authorityCapabilityRegistry"); // permissionServiceSPI = (PermissionServiceSPI) // ctx.getBean("permissionService"); ticketsCache = (SimpleCache) ctx.getBean("ticketsCache"); @@ -291,7 +295,7 @@ public class AuthenticationTest extends TestCase dao.setDictionaryService(dictionaryService); dao.setNamespaceService(getNamespacePrefixReolsver("")); dao.setPasswordEncoder(passwordEncoder); - + dao.setAuthorityCapabilityRegistry(authorityCapabilityRegistry); dao.createUser("Andy", "cabbage".toCharArray()); assertNotNull(dao.getUserOrNull("Andy")); diff --git a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java index d15726c165..6f8d0f87c4 100644 --- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java +++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java @@ -53,6 +53,7 @@ import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; import org.springframework.dao.DataAccessException; public class RepositoryAuthenticationDao implements MutableAuthenticationDao @@ -70,6 +71,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao private SearchService searchService; private PasswordEncoder passwordEncoder; + + private AuthorityCapabilityRegistry authorityCapabilityRegistry; private boolean userNamesAreCaseSensitive; @@ -112,6 +115,11 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao { this.searchService = searchService; } + + public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry) + { + this.authorityCapabilityRegistry = registry; + } public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, DataAccessException @@ -244,7 +252,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER, properties); - + authorityCapabilityRegistry.addAuthority(caseSensitiveUserName, null); } private NodeRef getUserFolderLocation(String caseSensitiveUserName) @@ -304,6 +312,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao throw new AuthenticationException("User name does not exist: " + userName); } nodeService.deleteNode(userRef); + authorityCapabilityRegistry.removeAuthority(userName); } public Object getSalt(UserDetails userDetails) diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java index 368a8fbcdb..a0a3317d82 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java @@ -51,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; import org.alfresco.util.ISO9075; public class AuthorityDAOImpl implements AuthorityDAO @@ -70,6 +71,8 @@ public class AuthorityDAOImpl implements AuthorityDAO private DictionaryService dictionaryService; private SimpleCache> userToAuthorityCache; + + private AuthorityCapabilityRegistry authorityCapabilityRegistry; public AuthorityDAOImpl() { @@ -103,6 +106,11 @@ public class AuthorityDAOImpl implements AuthorityDAO this.userToAuthorityCache = userToAuthorityCache; } + public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry) + { + this.authorityCapabilityRegistry = registry; + } + public boolean authorityExists(String name) { NodeRef ref = getAuthorityOrNull(name); @@ -142,7 +150,7 @@ public class AuthorityDAOImpl implements AuthorityDAO throw new AlfrescoRuntimeException("Authorities of the type " + AuthorityType.getAuthorityType(childName) + " may not be added to other authorities"); } - + authorityCapabilityRegistry.addAuthority(childName, parentName); } public void createAuthority(String parentName, String name) @@ -165,6 +173,7 @@ public class AuthorityDAOImpl implements AuthorityDAO nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name, namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props); } + authorityCapabilityRegistry.addAuthority(name, parentName); } public void deleteAuthority(String name) @@ -176,6 +185,7 @@ public class AuthorityDAOImpl implements AuthorityDAO } nodeService.deleteNode(nodeRef); userToAuthorityCache.clear(); + authorityCapabilityRegistry.removeAuthority(name); } public Set getAllRootAuthorities(AuthorityType type) @@ -246,7 +256,7 @@ public class AuthorityDAOImpl implements AuthorityDAO nodeService.removeChild(parentRef, childRef); userToAuthorityCache.clear(); } - + authorityCapabilityRegistry.removeAuthorityChild(parentName, childName); } public Set getContainingAuthorities(AuthorityType type, String name, boolean immediate) diff --git a/source/java/org/alfresco/repo/simple/permission/ACLImpl.java b/source/java/org/alfresco/repo/simple/permission/ACLImpl.java index 4cd732e4dd..ca51b5ba37 100644 --- a/source/java/org/alfresco/repo/simple/permission/ACLImpl.java +++ b/source/java/org/alfresco/repo/simple/permission/ACLImpl.java @@ -31,10 +31,9 @@ import java.util.Map; import java.util.Set; import org.alfresco.repo.avm.util.RawServices; -import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.simple.permission.ACL; -import org.alfresco.service.simple.permission.CapabilityRegistry; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; /** * Basic implementation of a simple ACL. @@ -64,15 +63,10 @@ public class ACLImpl implements ACL */ private String fStringRep; - /** - * Reference to the authority service. - */ - private transient AuthorityService fAuthorityService; - /** * Reference to the capability registry. */ - private transient CapabilityRegistry fCapabilityRegistry; + private transient AuthorityCapabilityRegistry fCapabilityRegistry; /** * Initialize a brand new one. @@ -81,8 +75,7 @@ public class ACLImpl implements ACL public ACLImpl(boolean inherit) { fInherit = inherit; - fAuthorityService = RawServices.Instance().getAuthorityService(); - fCapabilityRegistry = RawServices.Instance().getCapabilityRegistry(); + fCapabilityRegistry = RawServices.Instance().getAuthorityCapabilityRegistry(); fAllowed = new HashMap>(); fDenied = new HashMap>(); fStringRep = null; @@ -164,12 +157,21 @@ public class ACLImpl implements ACL for (String entryRep : segments) { String[] entryRegs = entryRep.split(";"); - String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 16)); + String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 32)); + if (capability == null) + { + continue; + } Set authorities = new HashSet(); map.put(capability, authorities); for (int i = 1; i < entryRegs.length; ++i) { - authorities.add(entryRegs[i]); + String authority = fCapabilityRegistry.getAuthorityName(Integer.parseInt(entryRegs[i], 32)); + if (authority == null) + { + continue; + } + authorities.add(authority); } } } @@ -196,7 +198,7 @@ public class ACLImpl implements ACL } for (String auth : denied) { - if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority)) + if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority)) { return false; } @@ -212,7 +214,7 @@ public class ACLImpl implements ACL } for (String auth : allowed) { - if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority)) + if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority)) { return true; } @@ -270,7 +272,7 @@ public class ACLImpl implements ACL allowed.addAll(expAllowed); for (String authority : expAllowed) { - allowed.addAll(fAuthorityService.getContainedAuthorities(null, authority, false)); + allowed.addAll(fCapabilityRegistry.getContainedAuthorities(authority)); } // Now remove based on denials. Set denied = fDenied.get(capability); @@ -282,7 +284,7 @@ public class ACLImpl implements ACL // Now those that are indirectly denied. for (String authority : denied) { - allowed.removeAll(fAuthorityService.getContainedAuthorities(null, authority, false)); + allowed.removeAll(fCapabilityRegistry.getContainedAuthorities(authority)); } return allowed; } @@ -296,7 +298,7 @@ public class ACLImpl implements ACL AuthorityType type = AuthorityType.getAuthorityType(authority); if (type == AuthorityType.ADMIN) { - return fCapabilityRegistry.getAll(); + return fCapabilityRegistry.getAllCapabilities(); } Set capabilities = new HashSet(); // First run through the allowed entries. @@ -310,7 +312,7 @@ public class ACLImpl implements ACL } if (containers == null) { - containers = fAuthorityService.getContainingAuthorities(null, authority, false); + containers = fCapabilityRegistry.getContainerAuthorities(authority); } for (String auth : containers) { @@ -336,7 +338,7 @@ public class ACLImpl implements ACL } if (containers == null) { - containers = fAuthorityService.getContainingAuthorities(null, authority, false); + containers = fCapabilityRegistry.getContainerAuthorities(authority); } for (String auth : containers) { @@ -365,11 +367,11 @@ public class ACLImpl implements ACL int count = 0; for (Map.Entry> entry : fAllowed.entrySet()) { - builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16)); + builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32)); for (String authority : entry.getValue()) { builder.append(';'); - builder.append(authority); + builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32)); } if (count++ < fAllowed.size() - 1) { @@ -380,11 +382,11 @@ public class ACLImpl implements ACL count = 0; for (Map.Entry> entry : fDenied.entrySet()) { - builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16)); + builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32)); for (String authority : entry.getValue()) { builder.append(';'); - builder.append(authority); + builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32)); } if (count++ < fDenied.size() - 1) { diff --git a/source/java/org/alfresco/repo/simple/permission/ACLTest.java b/source/java/org/alfresco/repo/simple/permission/ACLTest.java index d27cf93a37..944820bd69 100644 --- a/source/java/org/alfresco/repo/simple/permission/ACLTest.java +++ b/source/java/org/alfresco/repo/simple/permission/ACLTest.java @@ -25,13 +25,16 @@ package org.alfresco.repo.simple.permission; +import java.util.HashSet; +import java.util.Set; + import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.simple.permission.ACL; -import org.alfresco.service.simple.permission.CapabilityRegistry; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; import org.springframework.context.support.FileSystemXmlApplicationContext; import junit.framework.TestCase; @@ -52,7 +55,7 @@ public class ACLTest extends TestCase private static AuthenticationComponent fAuthenticationComponent; - private static CapabilityRegistry fCapabilityRegistry; + private static AuthorityCapabilityRegistry fCapabilityRegistry; /* (non-Javadoc) * @see junit.framework.TestCase#setUp() @@ -67,7 +70,7 @@ public class ACLTest extends TestCase fAuthenticationService = (AuthenticationService)fContext.getBean("AuthenticationService"); fAuthenticationComponent = (AuthenticationComponent)fContext.getBean("AuthenticationComponent"); fAuthenticationComponent.setSystemUserAsCurrentUser(); - fCapabilityRegistry = (CapabilityRegistry)fContext.getBean("capabilityRegistry"); + fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry"); } // Set up sample users groups and roles. fAuthenticationService.createAuthentication("Buffy", "Buffy".toCharArray()); @@ -114,7 +117,9 @@ public class ACLTest extends TestCase { try { - System.out.println(fCapabilityRegistry.getAll()); + Set allCaps = fCapabilityRegistry.getAllCapabilities(); + System.out.println(allCaps); + System.out.println(fCapabilityRegistry.getAllAuthorities()); ACL acl = new ACLImpl(true); acl.allow("read", "GROUP_Scoobies", "GROUP_vampires"); acl.allow("write", "GROUP_Scoobies", "GROUP_vampires"); @@ -123,18 +128,18 @@ public class ACLTest extends TestCase acl.allow("shake", "GROUP_vampires", "Tara"); acl.deny("delete", "Xander", "GROUP_soulless"); acl.deny("shake", "Spike"); - System.out.println(acl.getCapabilities("Spike", false)); - System.out.println(acl.getCapabilities("Tara", false)); - System.out.println(acl.getCapabilities("Xander", false)); - System.out.println(acl.getCapabilities("Buffy", false)); + checkEvaluation(allCaps, acl, "Spike"); + checkEvaluation(allCaps, acl, "Tara"); + checkEvaluation(allCaps, acl, "Xander"); + checkEvaluation(allCaps, acl, "Buffy"); String stringRep = acl.getStringRepresentation(); System.out.println(stringRep); ACL acl2 = new ACLImpl(stringRep); System.out.println(acl2.getStringRepresentation()); - System.out.println(acl2.getCapabilities("Spike", false)); - System.out.println(acl2.getCapabilities("Tara", false)); - System.out.println(acl2.getCapabilities("Xander", false)); - System.out.println(acl2.getCapabilities("Buffy", false)); + checkEvaluation(allCaps, acl2, "Spike"); + checkEvaluation(allCaps, acl2, "Tara"); + checkEvaluation(allCaps, acl2, "Xander"); + checkEvaluation(allCaps, acl2, "Buffy"); System.out.println(acl2.getStringRepresentation()); } catch (Exception e) @@ -143,4 +148,20 @@ public class ACLTest extends TestCase fail(); } } + + private void checkEvaluation(Set allCaps, ACL acl, String authority) + { + Set caps = acl.getCapabilities(authority, false); + System.out.println(caps); + for (String cap : caps) + { + assertTrue(acl.can(authority, false, cap)); + } + Set inverse = new HashSet(allCaps); + inverse.removeAll(caps); + for (String cap : inverse) + { + assertFalse(acl.can(authority, false, cap)); + } + } } diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml b/source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml new file mode 100644 index 0000000000..5a731883c1 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java b/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java new file mode 100644 index 0000000000..1ec03921c3 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import org.alfresco.util.AbstractLifecycleBean; +import org.springframework.context.ApplicationEvent; + +/** + * Bootstrapping for the AuthorityCapabilityRegistry. + * @author britt + */ +public class AuthorityCapabilityBootstrap extends AbstractLifecycleBean +{ + private AuthorityCapabilityRegistryImpl fRegistry; + + public AuthorityCapabilityBootstrap() + { + } + + public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistryImpl registry) + { + fRegistry = registry; + } + + /* (non-Javadoc) + * @see org.alfresco.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent) + */ + @Override + protected void onBootstrap(ApplicationEvent event) + { + fRegistry.bootstrap(); + } + + /* (non-Javadoc) + * @see org.alfresco.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent) + */ + @Override + protected void onShutdown(ApplicationEvent event) + { + } +} diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java b/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java new file mode 100644 index 0000000000..fd09dac9a3 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java @@ -0,0 +1,506 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.alfresco.repo.transaction.AlfrescoTransactionSupport; +import org.alfresco.repo.transaction.RetryingTransactionHelper; +import org.alfresco.repo.transaction.TransactionListener; +import org.alfresco.service.cmr.security.AuthorityService; +import org.alfresco.service.cmr.security.AuthorityType; +import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * Implementation of a registry for Authorities and Capabilities. + * @author britt + */ +public class AuthorityCapabilityRegistryImpl implements + AuthorityCapabilityRegistry, TransactionListener +{ + private static Log fgLogger = LogFactory.getLog(AuthorityCapabilityRegistryImpl.class); + + private Map fAuthorityToID; + + private Map fIDToAuthority; + + private Map> fAuthorityToChild; + + private Map> fChildToAuthority; + + private Map fCapabilityToID; + + private Map fIDToCapability; + + private AuthorityEntryDAO fAuthorityEntryDAO; + + private CapabilityEntryDAO fCapabilityEntryDAO; + + private Set fInitialCapabilities; + + private RetryingTransactionHelper fTransactionHelper; + + private AuthorityService fAuthorityService; + + public AuthorityCapabilityRegistryImpl() + { + fAuthorityToID = new HashMap(); + fIDToAuthority = new HashMap(); + fAuthorityToChild = new HashMap>(); + fChildToAuthority = new HashMap>(); + fCapabilityToID = new HashMap(); + fIDToCapability = new HashMap(); + } + + public void setAuthorityEntryDAO(AuthorityEntryDAO dao) + { + fAuthorityEntryDAO = dao; + } + + public void setCapabilityEntryDAO(CapabilityEntryDAO dao) + { + fCapabilityEntryDAO = dao; + } + + public void setCapabilities(Set capabilities) + { + fInitialCapabilities = capabilities; + } + + public void setRetryingTransactionHelper(RetryingTransactionHelper helper) + { + fTransactionHelper = helper; + } + + public void setAuthorityService(AuthorityService service) + { + fAuthorityService = service; + } + + public void bootstrap() + { + fTransactionHelper.doInTransaction( + new RetryingTransactionHelper.RetryingTransactionCallback() + { + public Object execute() + { + init(); + return null; + } + }); + } + + public void init() + { + List entries = fCapabilityEntryDAO.getAll(); + for (CapabilityEntry entry : entries) + { + fCapabilityToID.put(entry.getName(), entry.getId()); + fIDToCapability.put(entry.getId(), entry.getName()); + } + for (String entry : fInitialCapabilities) + { + if (!fCapabilityToID.containsKey(entry)) + { + CapabilityEntry newEntry = new CapabilityEntryImpl(entry); + fCapabilityEntryDAO.save(newEntry); + fCapabilityToID.put(entry, newEntry.getId()); + fIDToCapability.put(newEntry.getId(), entry); + } + } + List authorities = fAuthorityEntryDAO.get(); + for (AuthorityEntry entry : authorities) + { + String name = entry.getName(); + Integer id = entry.getId(); + fAuthorityToID.put(name, id); + fIDToAuthority.put(id, name); + for (AuthorityEntry child : entry.getChildren()) + { + String childName = child.getName(); + Set children = fAuthorityToChild.get(name); + if (children == null) + { + children = new HashSet(); + fAuthorityToChild.put(name, children); + } + children.add(childName); + Set parents = fChildToAuthority.get(childName); + if (parents == null) + { + parents = new HashSet(); + fChildToAuthority.put(childName, parents); + } + parents.add(name); + } + } + // Now go to AuthorityService to fill anything that might be missing. + AuthorityType[] types = AuthorityType.values(); + for (AuthorityType type : types) + { + Set auths = fAuthorityService.getAllAuthorities(type); + for (String auth : auths) + { + if (fAuthorityToID.containsKey(auth)) + { + continue; + } + AuthorityEntry entry = new AuthorityEntryImpl(auth); + fAuthorityEntryDAO.save(entry); + fAuthorityToID.put(auth, entry.getId()); + fIDToAuthority.put(entry.getId(), auth); + } + } + for (AuthorityType type : types) + { + Set auths = fAuthorityService.getAllAuthorities(type); + for (String auth : auths) + { + AuthorityType aType = AuthorityType.getAuthorityType(auth); + if (aType == AuthorityType.ROLE || aType == AuthorityType.EVERYONE || + aType == AuthorityType.GUEST) + { + continue; + } + Set children = fAuthorityService.getContainedAuthorities(null, auth, true); + Set found = fAuthorityToChild.get(auth); + if (found == null) + { + found = new HashSet(); + fAuthorityToChild.put(auth, found); + } + AuthorityEntry entry = fAuthorityEntryDAO.get(fAuthorityToID.get(auth)); + for (String child : children) + { + if (found.contains(child)) + { + continue; + } + AuthorityEntry childEntry = fAuthorityEntryDAO.get(fAuthorityToID.get(child)); + entry.getChildren().add(childEntry); + found.add(child); + Set parents = fChildToAuthority.get(child); + if (parents == null) + { + parents = new HashSet(); + fChildToAuthority.put(child, parents); + } + parents.add(auth); + } + } + } + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addAuthority(java.lang.String, java.lang.String) + */ + public synchronized void addAuthority(String authority, String parent) + { + AlfrescoTransactionSupport.bindListener(this); + AuthorityEntry entry = null; + if (!fAuthorityToID.containsKey(authority)) + { + entry = new AuthorityEntryImpl(authority); + fAuthorityEntryDAO.save(entry); + fAuthorityToID.put(authority, entry.getId()); + fIDToAuthority.put(entry.getId(), authority); + } + if (parent != null) + { + if (entry == null) + { + Integer id = fAuthorityToID.get(authority); + if (id == null) + { + fgLogger.error("Authority Doesn't exist: " + authority, new Exception()); + return; + } + entry = fAuthorityEntryDAO.get(id); + } + Integer id = fAuthorityToID.get(parent); + if (id == null) + { + fgLogger.error("Authority Doesn't exist: " + authority, new Exception()); + return; + } + AuthorityEntry pEntry = fAuthorityEntryDAO.get(id); + pEntry.getChildren().add(entry); + Set children = fAuthorityToChild.get(parent); + if (children == null) + { + children = new HashSet(); + fAuthorityToChild.put(parent, children); + } + children.add(authority); + Set parents = fChildToAuthority.get(authority); + if (parents == null) + { + parents = new HashSet(); + fChildToAuthority.put(authority, parents); + } + parents.add(parent); + } + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthority(java.lang.String) + */ + public synchronized void removeAuthority(String authority) + { + AlfrescoTransactionSupport.bindListener(this); + Integer id = fAuthorityToID.get(authority); + if (id == null) + { + return; + } + AuthorityEntry entry = fAuthorityEntryDAO.get(id); + if (entry == null) + { + fgLogger.error("Authority Doesn't exist: " + authority, new Exception()); + return; + } + List parents = fAuthorityEntryDAO.getParents(entry); + for (AuthorityEntry parent : parents) + { + parent.getChildren().remove(entry); + } + fAuthorityEntryDAO.delete(entry); + Set pNames = fChildToAuthority.get(authority); + if (pNames != null) + { + for (String parent : pNames) + { + fAuthorityToChild.get(parent).remove(authority); + } + } + fChildToAuthority.remove(authority); + id = fAuthorityToID.remove(authority); + fIDToAuthority.remove(id); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthorityChild(java.lang.String, java.lang.String) + */ + public synchronized void removeAuthorityChild(String parent, String child) + { + AlfrescoTransactionSupport.bindListener(this); + Integer id = fAuthorityToID.get(child); + if (id == null) + { + return; + } + AuthorityEntry cEntry = fAuthorityEntryDAO.get(id); + id = fAuthorityToID.get(parent); + if (id == null) + { + return; + } + AuthorityEntry cParent = fAuthorityEntryDAO.get(parent); + cParent.getChildren().remove(cEntry); + fAuthorityToChild.get(parent).remove(child); + fChildToAuthority.get(child).remove(parent); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addCapability(java.lang.String) + */ + public synchronized void addCapability(String capability) + { + AlfrescoTransactionSupport.bindListener(this); + CapabilityEntry entry = fCapabilityEntryDAO.get(capability); + if (entry != null) + { + return; + } + entry = new CapabilityEntryImpl(capability); + fCapabilityEntryDAO.save(entry); + entry = fCapabilityEntryDAO.get(capability); + fCapabilityToID.put(capability, entry.getId()); + fIDToCapability.put(entry.getId(), capability); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllAuthorities() + */ + public synchronized Set getAllAuthorities() + { + return new HashSet(fAuthorityToID.keySet()); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllCapabilities() + */ + public synchronized Set getAllCapabilities() + { + return new HashSet(fCapabilityToID.keySet()); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityID(java.lang.String) + */ + public synchronized int getAuthorityID(String authority) + { + Integer id = fAuthorityToID.get(authority); + if (id == null) + { + return -1; + } + return id; + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityName(int) + */ + public synchronized String getAuthorityName(int id) + { + return fIDToAuthority.get(id); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityID(java.lang.String) + */ + public synchronized int getCapabilityID(String capability) + { + Integer id = fCapabilityToID.get(capability); + if (id == null) + { + return -1; + } + return id; + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityName(int) + */ + public synchronized String getCapabilityName(int id) + { + return fIDToCapability.get(id); + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainedAuthorities(java.lang.String) + */ + public synchronized Set getContainedAuthorities(String authority) + { + Set contained = new HashSet(); + contained.add(authority); + int count = 1; + int oldCount = -1; + while (count != oldCount) + { + Set more = new HashSet(); + for (String auth : contained) + { + Set children = fAuthorityToChild.get(auth); + if (children != null) + { + more.addAll(children); + } + } + contained.addAll(more); + oldCount = count; + count = contained.size(); + } + contained.remove(authority); + return contained; + } + + /* (non-Javadoc) + * @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainerAuthorities(java.lang.String) + */ + public Set getContainerAuthorities(String authority) + { + Set containers = new HashSet(); + containers.add(authority); + int count = 1; + int oldCount = -1; + while (count != oldCount) + { + Set more = new HashSet(); + for (String auth : containers) + { + Set parents = fChildToAuthority.get(auth); + if (parents != null) + { + more.addAll(parents); + } + } + containers.addAll(more); + oldCount = count; + count = containers.size(); + } + containers.remove(authority); + return containers; + } + + /* (non-Javadoc) + * @see org.alfresco.repo.transaction.TransactionListener#afterCommit() + */ + public void afterCommit() + { + } + + /* (non-Javadoc) + * @see org.alfresco.repo.transaction.TransactionListener#afterRollback() + */ + public synchronized void afterRollback() + { + fAuthorityToID.clear(); + fIDToAuthority.clear(); + fAuthorityToChild.clear(); + fChildToAuthority.clear(); + fCapabilityToID.clear(); + fIDToCapability.clear(); + bootstrap(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.transaction.TransactionListener#beforeCommit(boolean) + */ + public void beforeCommit(boolean readOnly) + { + } + + /* (non-Javadoc) + * @see org.alfresco.repo.transaction.TransactionListener#beforeCompletion() + */ + public void beforeCompletion() + { + } + + /* (non-Javadoc) + * @see org.alfresco.repo.transaction.TransactionListener#flush() + */ + public void flush() + { + } +} diff --git a/source/java/org/alfresco/service/simple/permission/CapabilityRegistry.java b/source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java similarity index 62% rename from source/java/org/alfresco/service/simple/permission/CapabilityRegistry.java rename to source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java index fa4994f028..ba7e8d18f6 100644 --- a/source/java/org/alfresco/service/simple/permission/CapabilityRegistry.java +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java @@ -23,44 +23,33 @@ * http://www.alfresco.com/legal/licensing */ -package org.alfresco.service.simple.permission; +package org.alfresco.repo.simple.permission; +import java.io.Serializable; import java.util.Set; /** - * Interface for a registry of capabilities. + * Interface for an Authority entry, an aggregate of an authority name, id, + * and a set of children. * @author britt */ -public interface CapabilityRegistry +public interface AuthorityEntry extends Serializable { /** - * Get all known capabilities. - * @return A list of all the capabilities. - */ - public Set getAll(); - - /** - * Get the integer id corresponding to the given capability. + * Get the Primary Key. * @return The id. */ - public int getCapabilityID(String capability); + public int getId(); /** - * Get the name of a capability from it's unique id. - * @param id - * @return The capability name or null if the id is invalid. + * Get the name of the authority. + * @return The name. */ - public String getCapabilityName(int id); + public String getName(); /** - * Add a capability. - * @param capability + * Get the children of this entry. + * @return The set of children. */ - public void addCapability(String capability); - - /** - * Remove a capability from the system. - * @param capability - */ - public void removeCapability(String capability); + public Set getChildren(); } diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java new file mode 100644 index 0000000000..e2d8e56d3f --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.List; + +/** + * DAO interface for Authority Entries. + * @author britt + */ +public interface AuthorityEntryDAO +{ + /** + * Save one. Recursive. + * @param entry The one to save. + */ + public void save(AuthorityEntry entry); + + /** + * Get all the entries. + * @return What you asked for. + */ + public List get(); + + /** + * Get the parents of an authority. + * @param entry The child. + * @return The parents. + */ + public List getParents(AuthorityEntry entry); + + /** + * Get one by name. + * @param name The authority name. + * @return The entry or null if not found. + */ + public AuthorityEntry get(String name); + + /** + * Get one by primary key. + * @param id + * @return The entry or null if not found. + */ + public AuthorityEntry get(int id); + + /** + * Delete an authority. + * @param entry The authority. + */ + public void delete(AuthorityEntry entry); +} diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java new file mode 100644 index 0000000000..6ab227e503 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.List; + +import org.hibernate.Query; +import org.springframework.orm.hibernate3.support.HibernateDaoSupport; + +/** + * Hibernate DAO for Authority Entries. + * @author britt + */ +public class AuthorityEntryDAOHibernate extends HibernateDaoSupport implements + AuthorityEntryDAO +{ + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(java.lang.String) + */ + public AuthorityEntry get(String name) + { + Query query = getSession().createQuery("from AuthorityEntryImpl ae where ae.name = :name"); + query.setString("name", name); + return (AuthorityEntry)query.uniqueResult(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(int) + */ + public AuthorityEntry get(int id) + { + return (AuthorityEntry)getSession().get(AuthorityEntryImpl.class, id); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getRoots() + */ + @SuppressWarnings("unchecked") + public List get() + { + Query query = getSession().createQuery("from AuthorityEntryImpl ae"); + return (List)query.list(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#save(org.alfresco.repo.simple.permission.AuthorityEntry) + */ + public void save(AuthorityEntry entry) + { + getSession().save(entry); + getSession().flush(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getParents(org.alfresco.repo.simple.permission.AuthorityEntry) + */ + @SuppressWarnings("unchecked") + public List getParents(AuthorityEntry entry) + { + Query query = getSession().createQuery("from AuthorityEntryImpl ae where :child in elements(ae.children)"); + query.setEntity("child", entry); + return (List)query.list(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#delete(org.alfresco.repo.simple.permission.AuthorityEntry) + */ + public void delete(AuthorityEntry entry) + { + getSession().delete(entry); + } +} diff --git a/source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java new file mode 100644 index 0000000000..1f6426e6a0 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.HashSet; +import java.util.Set; + +/** + * Persistent Hibernate implementation of an AuthorityEntry. + * @author britt + */ +public class AuthorityEntryImpl implements AuthorityEntry +{ + private static final long serialVersionUID = -3265592070954983948L; + + private int fID; + + private long fVersion; + + private String fName; + + private Set fChildren; + + public AuthorityEntryImpl() + { + } + + public AuthorityEntryImpl(String name) + { + fName = name; + fChildren = new HashSet(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntry#getChildren() + */ + public Set getChildren() + { + return fChildren; + } + + public void setChildren(Set children) + { + fChildren = children; + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntry#getId() + */ + public int getId() + { + return fID; + } + + public void setId(int id) + { + fID = id; + } + + public long getVersion() + { + return fVersion; + } + + public void setVersion(long version) + { + fVersion = version; + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.AuthorityEntry#getName() + */ + public String getName() + { + return fName; + } + + public void setName(String name) + { + fName = name; + } + + /* (non-Javadoc) + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) + { + if (this == obj) + { + return true; + } + if (!(obj instanceof AuthorityEntry)) + { + return false; + } + return fID == ((AuthorityEntry)obj).getId(); + } + + /* (non-Javadoc) + * @see java.lang.Object#hashCode() + */ + @Override + public int hashCode() + { + return fID; + } + + /* (non-Javadoc) + * @see java.lang.Object#toString() + */ + @Override + public String toString() + { + return "[AuthorityEntry:" + fName + ":" + fID + "]"; + } +} diff --git a/source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java b/source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java new file mode 100644 index 0000000000..132b8d34ee --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.io.Serializable; + +/** + * Interface for a capability entry. + * @author britt + */ +public interface CapabilityEntry extends Serializable +{ + /** + * Get the primary key. + * @return The id. + */ + public int getId(); + + /** + * Get the name of the Capability. + * @return The name of the Capability. + */ + public String getName(); +} diff --git a/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java new file mode 100644 index 0000000000..fc1ee6db6b --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.List; + +/** + * DAO Interface for capability entries. + * @author britt + */ +public interface CapabilityEntryDAO +{ + /** + * Save one. + * @param entry The one to save. + */ + public void save(CapabilityEntry entry); + + /** + * Get all the CapabilityEntries. + * @return All of them. + */ + public List getAll(); + + /** + * Get an entry by name. + * @param name The name of the entry. + * @return The entry or null if it doesn't exist. + */ + public CapabilityEntry get(String name); +} diff --git a/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java new file mode 100644 index 0000000000..41b1b42a25 --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +import java.util.List; + +import org.hibernate.Query; +import org.springframework.orm.hibernate3.support.HibernateDaoSupport; + +/** + * Hibernate implementation of a CapabilityEntryDAO. + * @author britt + */ +public class CapabilityEntryDAOHibernate extends HibernateDaoSupport implements CapabilityEntryDAO +{ + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#get(java.lang.String) + */ + public CapabilityEntry get(String name) + { + Query query = getSession().createQuery("from CapabilityEntryImpl ce where ce.name = :name"); + query.setString("name", name); + return (CapabilityEntry)query.uniqueResult(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#getAll() + */ + @SuppressWarnings("unchecked") + public List getAll() + { + Query query = getSession().createQuery("from CapabilityEntryImpl ce"); + return (List)query.list(); + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#save(org.alfresco.repo.simple.permission.CapabilityEntry) + */ + public void save(CapabilityEntry entry) + { + getSession().save(entry); + getSession().flush(); + } +} diff --git a/source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java new file mode 100644 index 0000000000..a9d0a1576a --- /dev/null +++ b/source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.repo.simple.permission; + +/** + * Implementation of Capability Entry. + * @author britt + */ +public class CapabilityEntryImpl implements CapabilityEntry +{ + private static final long serialVersionUID = 7235803886625308634L; + + private int fID; + + private String fName; + + private long fVersion; + + public CapabilityEntryImpl() + { + } + + public CapabilityEntryImpl(String name) + { + fName = name; + } + + public long getVersion() + { + return fVersion; + } + + public void setVersion(long version) + { + fVersion = version; + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.CapabilityEntry#getId() + */ + public int getId() + { + return fID; + } + + public void setId(int id) + { + fID = id; + } + + /* (non-Javadoc) + * @see org.alfresco.repo.simple.permission.CapabilityEntry#getName() + */ + public String getName() + { + return fName; + } + + public void setName(String name) + { + fName = name; + } +} diff --git a/source/java/org/alfresco/repo/simple/permission/CapabilityRegistryImpl.java b/source/java/org/alfresco/repo/simple/permission/CapabilityRegistryImpl.java deleted file mode 100644 index 27ee8f0762..0000000000 --- a/source/java/org/alfresco/repo/simple/permission/CapabilityRegistryImpl.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (C) 2005-2007 Alfresco Software Limited. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - * As a special exception to the terms and conditions of version 2.0 of - * the GPL, you may redistribute this Program in connection with Free/Libre - * and Open Source Software ("FLOSS") applications as described in Alfresco's - * FLOSS exception. You should have recieved a copy of the text describing - * the FLOSS exception, and it is also available here: - * http://www.alfresco.com/legal/licensing - */ - -package org.alfresco.repo.simple.permission; - -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.alfresco.service.simple.permission.CapabilityRegistry; - -/** - * Basic implementation of a capability registry. - * @author britt - */ -public class CapabilityRegistryImpl implements CapabilityRegistry -{ - private Map fIDToCapability; - - private Map fCapabilityToID; - - public CapabilityRegistryImpl() - { - fIDToCapability = new HashMap(); - fCapabilityToID = new HashMap(); - } - - public void setCapabilities(Set capabilities) - { - int count = 0; - for (String cap : capabilities) - { - Integer id = count++; - fIDToCapability.put(id, cap); - fCapabilityToID.put(cap, id); - } - } - - /* (non-Javadoc) - * @see org.alfresco.service.simple.permission.CapabilityRegistry#addCapability(java.lang.String) - */ - public synchronized void addCapability(String capability) - { - // TODO Make this do something in the future. - } - - /* (non-Javadoc) - * @see org.alfresco.service.simple.permission.CapabilityRegistry#getAll() - */ - public synchronized Set getAll() - { - return new HashSet(fCapabilityToID.keySet()); - } - - /* (non-Javadoc) - * @see org.alfresco.service.simple.permission.CapabilityRegistry#getCapabilityID(java.lang.String) - */ - public synchronized int getCapabilityID(String capability) - { - Integer id = fCapabilityToID.get(capability); - if (id == null) - { - return -1; - } - return id; - } - - /* (non-Javadoc) - * @see org.alfresco.service.simple.permission.CapabilityRegistry#getCapabilityName(int) - */ - public synchronized String getCapabilityName(int id) - { - return fIDToCapability.get(id); - } - - /* (non-Javadoc) - * @see org.alfresco.service.simple.permission.CapabilityRegistry#removeCapability(java.lang.String) - */ - public synchronized void removeCapability(String capability) - { - // TODO Make this persistent. - Integer removed = fCapabilityToID.remove(capability); - fIDToCapability.remove(removed); - } -} diff --git a/source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java b/source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java new file mode 100644 index 0000000000..bcf02612d1 --- /dev/null +++ b/source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2005-2007 Alfresco Software Limited. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have recieved a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing + */ + +package org.alfresco.service.simple.permission; + +import java.util.Set; + +/** + * Interface for a registry of capabilities. + * @author britt + */ +public interface AuthorityCapabilityRegistry +{ + /** + * Get all known capabilities. + * @return A list of all the capabilities. + */ + public Set getAllCapabilities(); + + /** + * Get all authorities know to the system. + * @return + */ + public Set getAllAuthorities(); + + /** + * Get the integer id corresponding to the given capability. + * @return The id. + */ + public int getCapabilityID(String capability); + + /** + * Get the name of a capability from it's unique id. + * @param id + * @return The capability name or null if the id is invalid. + */ + public String getCapabilityName(int id); + + /** + * Add a capability. + * @param capability + */ + public void addCapability(String capability); + + /** + * Get the id for an authority. + * @param authority + * @return The id for the authority. + */ + public int getAuthorityID(String authority); + + /** + * Get the name from an authority id. + * @param id The authority id. + * @return The authority name. + */ + public String getAuthorityName(int id); + + /** + * Add a new authority. + * @param authority The authority name. + * @param parent The parent authority. May be null. + */ + public void addAuthority(String authority, String parent); + + /** + * Remove an authority completely from the system. + * @param authority The authority to move. + */ + public void removeAuthority(String authority); + + /** + * Remove a containment relationship. + * @param parent The parent. + * @param child The child. + */ + public void removeAuthorityChild(String parent, String child); + + /** + * Get all authorities which are contained directly or transitively by the given authority. + * @param authority The authority to check. + * @return The contained authorities. + */ + public Set getContainedAuthorities(String authority); + + /** + * Get all authorities which directly or indirectly contain the given authority. + * @param authority The authority to check. + * @return The container authorities. + */ + public Set getContainerAuthorities(String authority); +}