inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Checkpoint of light weight ACLs.

Browse Source 
This is a fairly brute force strategy that allows permissions evalutations
with essentially no db access. It does a number of 'bad' things and I may
rip it out completely.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2007-09-14 12:39:07 +00:00
parent d9590d3677
commit fb81fb4470
26 changed files with 1424 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/authentication-services-context.xml
View File

@@ -96,6 +96,9 @@
<property name="passwordEncoder"> <property name="passwordEncoder">
<ref bean="passwordEncoder" /> <ref bean="passwordEncoder" />
</property> </property>
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean> </bean>
<!-- The DAO also acts as a salt provider. --> <!-- The DAO also acts as a salt provider. -->

3
config/alfresco/authority-services-context.xml
View File

@@ -73,6 +73,9 @@
<property name="userToAuthorityCache"> <property name="userToAuthorityCache">
<ref bean="userToAuthorityCache" /> <ref bean="userToAuthorityCache" />
</property> </property>
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean> </bean>
</beans> </beans>

7
config/alfresco/bootstrap-context.xml
View File

@@ -274,6 +274,13 @@
</property> </property>
</bean> </bean>
<!-- Bootstrap for the authorityCapabilityRegistry -->
<bean id="authorityCapabilityBootstrap" class="org.alfresco.repo.simple.permission.AuthorityCapabilityBootstrap">
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean>
<!-- Bootstrap any extensions --> <!-- Bootstrap any extensions -->
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" /> <import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />

1
config/alfresco/hibernate-context.xml
View File

@@ -47,6 +47,7 @@
<value>org/alfresco/repo/domain/hibernate/Permission.hbm.xml</value> <value>org/alfresco/repo/domain/hibernate/Permission.hbm.xml</value>
<value>org/alfresco/repo/avm/hibernate/AVM.hbm.xml</value> <value>org/alfresco/repo/avm/hibernate/AVM.hbm.xml</value>
<value>org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml</value> <value>org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml</value>
<value>org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml</value>
<!-- Audit config --> <!-- Audit config -->
<!-- TODO: Move into org/alfresco/repo/domain/hibernate/ --> <!-- TODO: Move into org/alfresco/repo/domain/hibernate/ -->

28
config/alfresco/simple-permissions-context.xml
View File

@@ -1,7 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
<beans> <beans>
<bean id="capabilityRegistry" class="org.alfresco.repo.simple.permission.CapabilityRegistryImpl">
<bean id="authorityEntryDAO" class="org.alfresco.repo.simple.permission.AuthorityEntryDAOHibernate">
<property name="sessionFactory">
<ref bean="sessionFactory"/>
</property>
</bean>
<bean id="capabilityEntryDAO" class="org.alfresco.repo.simple.permission.CapabilityEntryDAOHibernate">
<property name="sessionFactory">
<ref bean="sessionFactory"/>
</property>
</bean>
<bean id="authorityCapabilityRegistry" class="org.alfresco.repo.simple.permission.AuthorityCapabilityRegistryImpl">
<property name="authorityEntryDAO">
<ref bean="authorityEntryDAO"/>
</property>
<property name="capabilityEntryDAO">
<ref bean="capabilityEntryDAO"/>
</property>
<property name="capabilities"> <property name="capabilities">
<set> <set>
<value>read</value> <value>read</value>
@@ -11,5 +30,12 @@
<value>shake</value> <value>shake</value>
</set> </set>
</property> </property>
<property name="retryingTransactionHelper">
<ref bean="retryingTransactionHelper"/>
</property>
<property name="authorityService">
<ref bean="authorityService"/>
</property>
</bean> </bean>
</beans> </beans>

2
config/alfresco/version.properties
View File

@@ -19,4 +19,4 @@ version.build=@build-number@
# Schema number # Schema number
version.schema=106 version.schema=107

8
source/java/org/alfresco/repo/avm/util/RawServices.java
View File

@@ -10,7 +10,7 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.MimetypeService; import org.alfresco.service.cmr.repository.MimetypeService;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.simple.permission.CapabilityRegistry; import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware; import org.springframework.context.ApplicationContextAware;
@@ -68,7 +68,7 @@ public class RawServices implements ApplicationContextAware
/** /**
* The CapabilityRegistry. * The CapabilityRegistry.
*/ */
private CapabilityRegistry fCapabilityRegistry; private AuthorityCapabilityRegistry fCapabilityRegistry;
/** /**
* Default constructor. * Default constructor.
@@ -157,11 +157,11 @@ public class RawServices implements ApplicationContextAware
return fAuthorityService; return fAuthorityService;
} }
public CapabilityRegistry getCapabilityRegistry() public AuthorityCapabilityRegistry getAuthorityCapabilityRegistry()
{ {
if (fCapabilityRegistry == null) if (fCapabilityRegistry == null)
{ {
fCapabilityRegistry = (CapabilityRegistry)fContext.getBean("capabilityRegistry"); fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
} }
return fCapabilityRegistry; return fCapabilityRegistry;
} }

3
source/java/org/alfresco/repo/model/filefolder/loader/FileFolderRemoteLoader.java
View File

@@ -211,8 +211,9 @@ public class FileFolderRemoteLoader
{ {
ArrayList<AbstractLoaderThread> threads = new ArrayList<AbstractLoaderThread>(3); ArrayList<AbstractLoaderThread> threads = new ArrayList<AbstractLoaderThread>(3);
// Iterate over the properties and pick out the thread descriptors // Iterate over the properties and pick out the thread descriptors
for (String propertyName : properties.stringPropertyNames()) for (Object o : properties.keySet())
{ {
String propertyName = (String)o;
if (!propertyName.startsWith("test.load.")) if (!propertyName.startsWith("test.load."))
{ {
continue; continue;

6
source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -61,6 +61,7 @@ import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.service.transaction.TransactionService; import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper; import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
@@ -108,6 +109,8 @@ public class AuthenticationTest extends TestCase
private AuthenticationComponent authenticationComponentImpl; private AuthenticationComponent authenticationComponentImpl;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthenticationTest() public AuthenticationTest()
{ {
super(); super();
@@ -131,6 +134,7 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService"); pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authorityCapabilityRegistry = (AuthorityCapabilityRegistry) ctx.getBean("authorityCapabilityRegistry");
// permissionServiceSPI = (PermissionServiceSPI) // permissionServiceSPI = (PermissionServiceSPI)
// ctx.getBean("permissionService"); // ctx.getBean("permissionService");
ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache"); ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");
@@ -291,7 +295,7 @@ public class AuthenticationTest extends TestCase
dao.setDictionaryService(dictionaryService); dao.setDictionaryService(dictionaryService);
dao.setNamespaceService(getNamespacePrefixReolsver("")); dao.setNamespaceService(getNamespacePrefixReolsver(""));
dao.setPasswordEncoder(passwordEncoder); dao.setPasswordEncoder(passwordEncoder);
dao.setAuthorityCapabilityRegistry(authorityCapabilityRegistry);
dao.createUser("Andy", "cabbage".toCharArray()); dao.createUser("Andy", "cabbage".toCharArray());
assertNotNull(dao.getUserOrNull("Andy")); assertNotNull(dao.getUserOrNull("Andy"));

11
source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
View File

@@ -53,6 +53,7 @@ import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
public class RepositoryAuthenticationDao implements MutableAuthenticationDao public class RepositoryAuthenticationDao implements MutableAuthenticationDao
@@ -71,6 +72,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
private boolean userNamesAreCaseSensitive; private boolean userNamesAreCaseSensitive;
public boolean getUserNamesAreCaseSensitive() public boolean getUserNamesAreCaseSensitive()
@@ -113,6 +116,11 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
this.searchService = searchService; this.searchService = searchService;
} }
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException,
DataAccessException DataAccessException
{ {
@@ -244,7 +252,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER, nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
properties); properties);
authorityCapabilityRegistry.addAuthority(caseSensitiveUserName, null);
} }
private NodeRef getUserFolderLocation(String caseSensitiveUserName) private NodeRef getUserFolderLocation(String caseSensitiveUserName)
@@ -304,6 +312,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
throw new AuthenticationException("User name does not exist: " + userName); throw new AuthenticationException("User name does not exist: " + userName);
} }
nodeService.deleteNode(userRef); nodeService.deleteNode(userRef);
authorityCapabilityRegistry.removeAuthority(userName);
} }
public Object getSalt(UserDetails userDetails) public Object getSalt(UserDetails userDetails)

14
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -51,6 +51,7 @@ import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.util.ISO9075; import org.alfresco.util.ISO9075;
public class AuthorityDAOImpl implements AuthorityDAO public class AuthorityDAOImpl implements AuthorityDAO
@@ -71,6 +72,8 @@ public class AuthorityDAOImpl implements AuthorityDAO
private SimpleCache<String, HashSet<String>> userToAuthorityCache; private SimpleCache<String, HashSet<String>> userToAuthorityCache;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthorityDAOImpl() public AuthorityDAOImpl()
{ {
super(); super();
@@ -103,6 +106,11 @@ public class AuthorityDAOImpl implements AuthorityDAO
this.userToAuthorityCache = userToAuthorityCache; this.userToAuthorityCache = userToAuthorityCache;
} }
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public boolean authorityExists(String name) public boolean authorityExists(String name)
{ {
NodeRef ref = getAuthorityOrNull(name); NodeRef ref = getAuthorityOrNull(name);
@@ -142,7 +150,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new AlfrescoRuntimeException("Authorities of the type " throw new AlfrescoRuntimeException("Authorities of the type "
+ AuthorityType.getAuthorityType(childName) + " may not be added to other authorities"); + AuthorityType.getAuthorityType(childName) + " may not be added to other authorities");
} }
authorityCapabilityRegistry.addAuthority(childName, parentName);
} }
public void createAuthority(String parentName, String name) public void createAuthority(String parentName, String name)
@@ -165,6 +173,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name, nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name,
namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props); namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props);
} }
authorityCapabilityRegistry.addAuthority(name, parentName);
} }
public void deleteAuthority(String name) public void deleteAuthority(String name)
@@ -176,6 +185,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
} }
nodeService.deleteNode(nodeRef); nodeService.deleteNode(nodeRef);
userToAuthorityCache.clear(); userToAuthorityCache.clear();
authorityCapabilityRegistry.removeAuthority(name);
} }
public Set<String> getAllRootAuthorities(AuthorityType type) public Set<String> getAllRootAuthorities(AuthorityType type)
@@ -246,7 +256,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.removeChild(parentRef, childRef); nodeService.removeChild(parentRef, childRef);
userToAuthorityCache.clear(); userToAuthorityCache.clear();
} }
authorityCapabilityRegistry.removeAuthorityChild(parentName, childName);
} }
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate) public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)

48
source/java/org/alfresco/repo/simple/permission/ACLImpl.java
View File

@@ -31,10 +31,9 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import org.alfresco.repo.avm.util.RawServices; import org.alfresco.repo.avm.util.RawServices;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.simple.permission.ACL; import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.CapabilityRegistry; import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
/** /**
* Basic implementation of a simple ACL. * Basic implementation of a simple ACL.
@@ -64,15 +63,10 @@ public class ACLImpl implements ACL
*/ */
private String fStringRep; private String fStringRep;
/**
* Reference to the authority service.
*/
private transient AuthorityService fAuthorityService;
/** /**
* Reference to the capability registry. * Reference to the capability registry.
*/ */
private transient CapabilityRegistry fCapabilityRegistry; private transient AuthorityCapabilityRegistry fCapabilityRegistry;
/** /**
* Initialize a brand new one. * Initialize a brand new one.
@@ -81,8 +75,7 @@ public class ACLImpl implements ACL
public ACLImpl(boolean inherit) public ACLImpl(boolean inherit)
{ {
fInherit = inherit; fInherit = inherit;
fAuthorityService = RawServices.Instance().getAuthorityService(); fCapabilityRegistry = RawServices.Instance().getAuthorityCapabilityRegistry();
fCapabilityRegistry = RawServices.Instance().getCapabilityRegistry();
fAllowed = new HashMap<String, Set<String>>(); fAllowed = new HashMap<String, Set<String>>();
fDenied = new HashMap<String, Set<String>>(); fDenied = new HashMap<String, Set<String>>();
fStringRep = null; fStringRep = null;
@@ -164,12 +157,21 @@ public class ACLImpl implements ACL
for (String entryRep : segments) for (String entryRep : segments)
{ {
String[] entryRegs = entryRep.split(";"); String[] entryRegs = entryRep.split(";");
String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 16)); String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 32));
if (capability == null)
{
continue;
}
Set<String> authorities = new HashSet<String>(); Set<String> authorities = new HashSet<String>();
map.put(capability, authorities); map.put(capability, authorities);
for (int i = 1; i < entryRegs.length; ++i) for (int i = 1; i < entryRegs.length; ++i)
{ {
authorities.add(entryRegs[i]); String authority = fCapabilityRegistry.getAuthorityName(Integer.parseInt(entryRegs[i], 32));
if (authority == null)
{
continue;
}
authorities.add(authority);
} }
} }
} }
@@ -196,7 +198,7 @@ public class ACLImpl implements ACL
} }
for (String auth : denied) for (String auth : denied)
{ {
if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority)) if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{ {
return false; return false;
} }
@@ -212,7 +214,7 @@ public class ACLImpl implements ACL
} }
for (String auth : allowed) for (String auth : allowed)
{ {
if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority)) if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{ {
return true; return true;
} }
@@ -270,7 +272,7 @@ public class ACLImpl implements ACL
allowed.addAll(expAllowed); allowed.addAll(expAllowed);
for (String authority : expAllowed) for (String authority : expAllowed)
{ {
allowed.addAll(fAuthorityService.getContainedAuthorities(null, authority, false)); allowed.addAll(fCapabilityRegistry.getContainedAuthorities(authority));
} }
// Now remove based on denials. // Now remove based on denials.
Set<String> denied = fDenied.get(capability); Set<String> denied = fDenied.get(capability);
@@ -282,7 +284,7 @@ public class ACLImpl implements ACL
// Now those that are indirectly denied. // Now those that are indirectly denied.
for (String authority : denied) for (String authority : denied)
{ {
allowed.removeAll(fAuthorityService.getContainedAuthorities(null, authority, false)); allowed.removeAll(fCapabilityRegistry.getContainedAuthorities(authority));
} }
return allowed; return allowed;
} }
@@ -296,7 +298,7 @@ public class ACLImpl implements ACL
AuthorityType type = AuthorityType.getAuthorityType(authority); AuthorityType type = AuthorityType.getAuthorityType(authority);
if (type == AuthorityType.ADMIN) if (type == AuthorityType.ADMIN)
{ {
return fCapabilityRegistry.getAll(); return fCapabilityRegistry.getAllCapabilities();
} }
Set<String> capabilities = new HashSet<String>(); Set<String> capabilities = new HashSet<String>();
// First run through the allowed entries. // First run through the allowed entries.
@@ -310,7 +312,7 @@ public class ACLImpl implements ACL
} }
if (containers == null) if (containers == null)
{ {
containers = fAuthorityService.getContainingAuthorities(null, authority, false); containers = fCapabilityRegistry.getContainerAuthorities(authority);
} }
for (String auth : containers) for (String auth : containers)
{ {
@@ -336,7 +338,7 @@ public class ACLImpl implements ACL
} }
if (containers == null) if (containers == null)
{ {
containers = fAuthorityService.getContainingAuthorities(null, authority, false); containers = fCapabilityRegistry.getContainerAuthorities(authority);
} }
for (String auth : containers) for (String auth : containers)
{ {
@@ -365,11 +367,11 @@ public class ACLImpl implements ACL
int count = 0; int count = 0;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet()) for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{ {
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16)); builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue()) for (String authority : entry.getValue())
{ {
builder.append(';'); builder.append(';');
builder.append(authority); builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
} }
if (count++ < fAllowed.size() - 1) if (count++ < fAllowed.size() - 1)
{ {
@@ -380,11 +382,11 @@ public class ACLImpl implements ACL
count = 0; count = 0;
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet()) for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{ {
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16)); builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue()) for (String authority : entry.getValue())
{ {
builder.append(';'); builder.append(';');
builder.append(authority); builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
} }
if (count++ < fDenied.size() - 1) if (count++ < fDenied.size() - 1)
{ {

45
source/java/org/alfresco/repo/simple/permission/ACLTest.java
View File

@@ -25,13 +25,16 @@
package org.alfresco.repo.simple.permission; package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.simple.permission.ACL; import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.CapabilityRegistry; import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.support.FileSystemXmlApplicationContext; import org.springframework.context.support.FileSystemXmlApplicationContext;
import junit.framework.TestCase; import junit.framework.TestCase;
@@ -52,7 +55,7 @@ public class ACLTest extends TestCase
private static AuthenticationComponent fAuthenticationComponent; private static AuthenticationComponent fAuthenticationComponent;
private static CapabilityRegistry fCapabilityRegistry; private static AuthorityCapabilityRegistry fCapabilityRegistry;
/* (non-Javadoc) /* (non-Javadoc)
* @see junit.framework.TestCase#setUp() * @see junit.framework.TestCase#setUp()
@@ -67,7 +70,7 @@ public class ACLTest extends TestCase
fAuthenticationService = (AuthenticationService)fContext.getBean("AuthenticationService"); fAuthenticationService = (AuthenticationService)fContext.getBean("AuthenticationService");
fAuthenticationComponent = (AuthenticationComponent)fContext.getBean("AuthenticationComponent"); fAuthenticationComponent = (AuthenticationComponent)fContext.getBean("AuthenticationComponent");
fAuthenticationComponent.setSystemUserAsCurrentUser(); fAuthenticationComponent.setSystemUserAsCurrentUser();
fCapabilityRegistry = (CapabilityRegistry)fContext.getBean("capabilityRegistry"); fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
} }
// Set up sample users groups and roles. // Set up sample users groups and roles.
fAuthenticationService.createAuthentication("Buffy", "Buffy".toCharArray()); fAuthenticationService.createAuthentication("Buffy", "Buffy".toCharArray());
@@ -114,7 +117,9 @@ public class ACLTest extends TestCase
{ {
try try
{ {
System.out.println(fCapabilityRegistry.getAll()); Set<String> allCaps = fCapabilityRegistry.getAllCapabilities();
System.out.println(allCaps);
System.out.println(fCapabilityRegistry.getAllAuthorities());
ACL acl = new ACLImpl(true); ACL acl = new ACLImpl(true);
acl.allow("read", "GROUP_Scoobies", "GROUP_vampires"); acl.allow("read", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("write", "GROUP_Scoobies", "GROUP_vampires"); acl.allow("write", "GROUP_Scoobies", "GROUP_vampires");
@@ -123,18 +128,18 @@ public class ACLTest extends TestCase
acl.allow("shake", "GROUP_vampires", "Tara"); acl.allow("shake", "GROUP_vampires", "Tara");
acl.deny("delete", "Xander", "GROUP_soulless"); acl.deny("delete", "Xander", "GROUP_soulless");
acl.deny("shake", "Spike"); acl.deny("shake", "Spike");
System.out.println(acl.getCapabilities("Spike", false)); checkEvaluation(allCaps, acl, "Spike");
System.out.println(acl.getCapabilities("Tara", false)); checkEvaluation(allCaps, acl, "Tara");
System.out.println(acl.getCapabilities("Xander", false)); checkEvaluation(allCaps, acl, "Xander");
System.out.println(acl.getCapabilities("Buffy", false)); checkEvaluation(allCaps, acl, "Buffy");
String stringRep = acl.getStringRepresentation(); String stringRep = acl.getStringRepresentation();
System.out.println(stringRep); System.out.println(stringRep);
ACL acl2 = new ACLImpl(stringRep); ACL acl2 = new ACLImpl(stringRep);
System.out.println(acl2.getStringRepresentation()); System.out.println(acl2.getStringRepresentation());
System.out.println(acl2.getCapabilities("Spike", false)); checkEvaluation(allCaps, acl2, "Spike");
System.out.println(acl2.getCapabilities("Tara", false)); checkEvaluation(allCaps, acl2, "Tara");
System.out.println(acl2.getCapabilities("Xander", false)); checkEvaluation(allCaps, acl2, "Xander");
System.out.println(acl2.getCapabilities("Buffy", false)); checkEvaluation(allCaps, acl2, "Buffy");
System.out.println(acl2.getStringRepresentation()); System.out.println(acl2.getStringRepresentation());
} }
catch (Exception e) catch (Exception e)
@@ -143,4 +148,20 @@ public class ACLTest extends TestCase
fail(); fail();
} }
} }
private void checkEvaluation(Set<String> allCaps, ACL acl, String authority)
{
Set<String> caps = acl.getCapabilities(authority, false);
System.out.println(caps);
for (String cap : caps)
{
assertTrue(acl.can(authority, false, cap));
}
Set<String> inverse = new HashSet<String>(allCaps);
inverse.removeAll(caps);
for (String cap : inverse)
{
assertFalse(acl.can(authority, false, cap));
}
}
} }

29
source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml Normal file
View File

@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping package="org.alfresco.repo.simple.permission">
<!-- All the authorities and their containment relationships. -->
<class name="AuthorityEntryImpl" proxy="AuthorityEntry" optimistic-lock="version"
table="alf_authority_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
<set name="children" table="alf_auth_children" optimistic-lock="true"
sort="unsorted">
<key column="parent_id" foreign-key="fk_child_auth"/>
<many-to-many class="AuthorityEntryImpl" column="child_id" foreign-key="fk_auth_child"/>
</set>
</class>
<!-- All the capabilities. -->
<class name="CapabilityEntryImpl" proxy="CapabilityEntry" optimistic-lock="version"
table="alf_capability_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
</class>
</hibernate-mapping>

64
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import org.alfresco.util.AbstractLifecycleBean;
import org.springframework.context.ApplicationEvent;
/**
* Bootstrapping for the AuthorityCapabilityRegistry.
* @author britt
*/
public class AuthorityCapabilityBootstrap extends AbstractLifecycleBean
{
private AuthorityCapabilityRegistryImpl fRegistry;
public AuthorityCapabilityBootstrap()
{
}
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistryImpl registry)
{
fRegistry = registry;
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
fRegistry.bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onShutdown(ApplicationEvent event)
{
}
}

506
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java Normal file
View File

@@ -0,0 +1,506 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.TransactionListener;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Implementation of a registry for Authorities and Capabilities.
* @author britt
*/
public class AuthorityCapabilityRegistryImpl implements
AuthorityCapabilityRegistry, TransactionListener
{
private static Log fgLogger = LogFactory.getLog(AuthorityCapabilityRegistryImpl.class);
private Map<String, Integer> fAuthorityToID;
private Map<Integer, String> fIDToAuthority;
private Map<String, Set<String>> fAuthorityToChild;
private Map<String, Set<String>> fChildToAuthority;
private Map<String, Integer> fCapabilityToID;
private Map<Integer, String> fIDToCapability;
private AuthorityEntryDAO fAuthorityEntryDAO;
private CapabilityEntryDAO fCapabilityEntryDAO;
private Set<String> fInitialCapabilities;
private RetryingTransactionHelper fTransactionHelper;
private AuthorityService fAuthorityService;
public AuthorityCapabilityRegistryImpl()
{
fAuthorityToID = new HashMap<String, Integer>();
fIDToAuthority = new HashMap<Integer, String>();
fAuthorityToChild = new HashMap<String, Set<String>>();
fChildToAuthority = new HashMap<String, Set<String>>();
fCapabilityToID = new HashMap<String, Integer>();
fIDToCapability = new HashMap<Integer, String>();
}
public void setAuthorityEntryDAO(AuthorityEntryDAO dao)
{
fAuthorityEntryDAO = dao;
}
public void setCapabilityEntryDAO(CapabilityEntryDAO dao)
{
fCapabilityEntryDAO = dao;
}
public void setCapabilities(Set<String> capabilities)
{
fInitialCapabilities = capabilities;
}
public void setRetryingTransactionHelper(RetryingTransactionHelper helper)
{
fTransactionHelper = helper;
}
public void setAuthorityService(AuthorityService service)
{
fAuthorityService = service;
}
public void bootstrap()
{
fTransactionHelper.doInTransaction(
new RetryingTransactionHelper.RetryingTransactionCallback<Object>()
{
public Object execute()
{
init();
return null;
}
});
}
public void init()
{
List<CapabilityEntry> entries = fCapabilityEntryDAO.getAll();
for (CapabilityEntry entry : entries)
{
fCapabilityToID.put(entry.getName(), entry.getId());
fIDToCapability.put(entry.getId(), entry.getName());
}
for (String entry : fInitialCapabilities)
{
if (!fCapabilityToID.containsKey(entry))
{
CapabilityEntry newEntry = new CapabilityEntryImpl(entry);
fCapabilityEntryDAO.save(newEntry);
fCapabilityToID.put(entry, newEntry.getId());
fIDToCapability.put(newEntry.getId(), entry);
}
}
List<AuthorityEntry> authorities = fAuthorityEntryDAO.get();
for (AuthorityEntry entry : authorities)
{
String name = entry.getName();
Integer id = entry.getId();
fAuthorityToID.put(name, id);
fIDToAuthority.put(id, name);
for (AuthorityEntry child : entry.getChildren())
{
String childName = child.getName();
Set<String> children = fAuthorityToChild.get(name);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(name, children);
}
children.add(childName);
Set<String> parents = fChildToAuthority.get(childName);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(childName, parents);
}
parents.add(name);
}
}
// Now go to AuthorityService to fill anything that might be missing.
AuthorityType[] types = AuthorityType.values();
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
if (fAuthorityToID.containsKey(auth))
{
continue;
}
AuthorityEntry entry = new AuthorityEntryImpl(auth);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(auth, entry.getId());
fIDToAuthority.put(entry.getId(), auth);
}
}
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
AuthorityType aType = AuthorityType.getAuthorityType(auth);
if (aType == AuthorityType.ROLE || aType == AuthorityType.EVERYONE ||
aType == AuthorityType.GUEST)
{
continue;
}
Set<String> children = fAuthorityService.getContainedAuthorities(null, auth, true);
Set<String> found = fAuthorityToChild.get(auth);
if (found == null)
{
found = new HashSet<String>();
fAuthorityToChild.put(auth, found);
}
AuthorityEntry entry = fAuthorityEntryDAO.get(fAuthorityToID.get(auth));
for (String child : children)
{
if (found.contains(child))
{
continue;
}
AuthorityEntry childEntry = fAuthorityEntryDAO.get(fAuthorityToID.get(child));
entry.getChildren().add(childEntry);
found.add(child);
Set<String> parents = fChildToAuthority.get(child);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(child, parents);
}
parents.add(auth);
}
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addAuthority(java.lang.String, java.lang.String)
*/
public synchronized void addAuthority(String authority, String parent)
{
AlfrescoTransactionSupport.bindListener(this);
AuthorityEntry entry = null;
if (!fAuthorityToID.containsKey(authority))
{
entry = new AuthorityEntryImpl(authority);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(authority, entry.getId());
fIDToAuthority.put(entry.getId(), authority);
}
if (parent != null)
{
if (entry == null)
{
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
entry = fAuthorityEntryDAO.get(id);
}
Integer id = fAuthorityToID.get(parent);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
AuthorityEntry pEntry = fAuthorityEntryDAO.get(id);
pEntry.getChildren().add(entry);
Set<String> children = fAuthorityToChild.get(parent);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(parent, children);
}
children.add(authority);
Set<String> parents = fChildToAuthority.get(authority);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(authority, parents);
}
parents.add(parent);
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthority(java.lang.String)
*/
public synchronized void removeAuthority(String authority)
{
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return;
}
AuthorityEntry entry = fAuthorityEntryDAO.get(id);
if (entry == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
List<AuthorityEntry> parents = fAuthorityEntryDAO.getParents(entry);
for (AuthorityEntry parent : parents)
{
parent.getChildren().remove(entry);
}
fAuthorityEntryDAO.delete(entry);
Set<String> pNames = fChildToAuthority.get(authority);
if (pNames != null)
{
for (String parent : pNames)
{
fAuthorityToChild.get(parent).remove(authority);
}
}
fChildToAuthority.remove(authority);
id = fAuthorityToID.remove(authority);
fIDToAuthority.remove(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthorityChild(java.lang.String, java.lang.String)
*/
public synchronized void removeAuthorityChild(String parent, String child)
{
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(child);
if (id == null)
{
return;
}
AuthorityEntry cEntry = fAuthorityEntryDAO.get(id);
id = fAuthorityToID.get(parent);
if (id == null)
{
return;
}
AuthorityEntry cParent = fAuthorityEntryDAO.get(parent);
cParent.getChildren().remove(cEntry);
fAuthorityToChild.get(parent).remove(child);
fChildToAuthority.get(child).remove(parent);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addCapability(java.lang.String)
*/
public synchronized void addCapability(String capability)
{
AlfrescoTransactionSupport.bindListener(this);
CapabilityEntry entry = fCapabilityEntryDAO.get(capability);
if (entry != null)
{
return;
}
entry = new CapabilityEntryImpl(capability);
fCapabilityEntryDAO.save(entry);
entry = fCapabilityEntryDAO.get(capability);
fCapabilityToID.put(capability, entry.getId());
fIDToCapability.put(entry.getId(), capability);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllAuthorities()
*/
public synchronized Set<String> getAllAuthorities()
{
return new HashSet<String>(fAuthorityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllCapabilities()
*/
public synchronized Set<String> getAllCapabilities()
{
return new HashSet<String>(fCapabilityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityID(java.lang.String)
*/
public synchronized int getAuthorityID(String authority)
{
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityName(int)
*/
public synchronized String getAuthorityName(int id)
{
return fIDToAuthority.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityID(java.lang.String)
*/
public synchronized int getCapabilityID(String capability)
{
Integer id = fCapabilityToID.get(capability);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityName(int)
*/
public synchronized String getCapabilityName(int id)
{
return fIDToCapability.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainedAuthorities(java.lang.String)
*/
public synchronized Set<String> getContainedAuthorities(String authority)
{
Set<String> contained = new HashSet<String>();
contained.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : contained)
{
Set<String> children = fAuthorityToChild.get(auth);
if (children != null)
{
more.addAll(children);
}
}
contained.addAll(more);
oldCount = count;
count = contained.size();
}
contained.remove(authority);
return contained;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainerAuthorities(java.lang.String)
*/
public Set<String> getContainerAuthorities(String authority)
{
Set<String> containers = new HashSet<String>();
containers.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : containers)
{
Set<String> parents = fChildToAuthority.get(auth);
if (parents != null)
{
more.addAll(parents);
}
}
containers.addAll(more);
oldCount = count;
count = containers.size();
}
containers.remove(authority);
return containers;
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterCommit()
*/
public void afterCommit()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterRollback()
*/
public synchronized void afterRollback()
{
fAuthorityToID.clear();
fIDToAuthority.clear();
fAuthorityToChild.clear();
fChildToAuthority.clear();
fCapabilityToID.clear();
fIDToCapability.clear();
bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCommit(boolean)
*/
public void beforeCommit(boolean readOnly)
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCompletion()
*/
public void beforeCompletion()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#flush()
*/
public void flush()
{
}
}

37
source/java/org/alfresco/service/simple/permission/CapabilityRegistry.java → source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java
View File

@@ -23,44 +23,33 @@
* http://www.alfresco.com/legal/licensing * http://www.alfresco.com/legal/licensing
*/ */
package org.alfresco.service.simple.permission; package org.alfresco.repo.simple.permission;
import java.io.Serializable;
import java.util.Set; import java.util.Set;
/** /**
* Interface for a registry of capabilities. * Interface for an Authority entry, an aggregate of an authority name, id,
* and a set of children.
* @author britt * @author britt
*/ */
public interface CapabilityRegistry public interface AuthorityEntry extends Serializable
{ {
/** /**
* Get all known capabilities. * Get the Primary Key.
* @return A list of all the capabilities.
*/
public Set<String> getAll();
/**
* Get the integer id corresponding to the given capability.
* @return The id. * @return The id.
*/ */
public int getCapabilityID(String capability); public int getId();
/** /**
* Get the name of a capability from it's unique id. * Get the name of the authority.
* @param id * @return The name.
* @return The capability name or null if the id is invalid.
*/ */
public String getCapabilityName(int id); public String getName();
/** /**
* Add a capability. * Get the children of this entry.
* @param capability * @return The set of children.
*/ */
public void addCapability(String capability); public Set<AuthorityEntry> getChildren();
/**
* Remove a capability from the system.
* @param capability
*/
public void removeCapability(String capability);
} }

74
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java Normal file
View File

@@ -0,0 +1,74 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO interface for Authority Entries.
* @author britt
*/
public interface AuthorityEntryDAO
{
/**
* Save one. Recursive.
* @param entry The one to save.
*/
public void save(AuthorityEntry entry);
/**
* Get all the entries.
* @return What you asked for.
*/
public List<AuthorityEntry> get();
/**
* Get the parents of an authority.
* @param entry The child.
* @return The parents.
*/
public List<AuthorityEntry> getParents(AuthorityEntry entry);
/**
* Get one by name.
* @param name The authority name.
* @return The entry or null if not found.
*/
public AuthorityEntry get(String name);
/**
* Get one by primary key.
* @param id
* @return The entry or null if not found.
*/
public AuthorityEntry get(int id);
/**
* Delete an authority.
* @param entry The authority.
*/
public void delete(AuthorityEntry entry);
}

95
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate DAO for Authority Entries.
* @author britt
*/
public class AuthorityEntryDAOHibernate extends HibernateDaoSupport implements
AuthorityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(java.lang.String)
*/
public AuthorityEntry get(String name)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where ae.name = :name");
query.setString("name", name);
return (AuthorityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(int)
*/
public AuthorityEntry get(int id)
{
return (AuthorityEntry)getSession().get(AuthorityEntryImpl.class, id);
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getRoots()
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> get()
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae");
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#save(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void save(AuthorityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getParents(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> getParents(AuthorityEntry entry)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where :child in elements(ae.children)");
query.setEntity("child", entry);
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#delete(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void delete(AuthorityEntry entry)
{
getSession().delete(entry);
}
}

140
source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java Normal file
View File

@@ -0,0 +1,140 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
/**
* Persistent Hibernate implementation of an AuthorityEntry.
* @author britt
*/
public class AuthorityEntryImpl implements AuthorityEntry
{
private static final long serialVersionUID = -3265592070954983948L;
private int fID;
private long fVersion;
private String fName;
private Set<AuthorityEntry> fChildren;
public AuthorityEntryImpl()
{
}
public AuthorityEntryImpl(String name)
{
fName = name;
fChildren = new HashSet<AuthorityEntry>();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getChildren()
*/
public Set<AuthorityEntry> getChildren()
{
return fChildren;
}
public void setChildren(Set<AuthorityEntry> children)
{
fChildren = children;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof AuthorityEntry))
{
return false;
}
return fID == ((AuthorityEntry)obj).getId();
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode()
{
return fID;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString()
{
return "[AuthorityEntry:" + fName + ":" + fID + "]";
}
}

47
source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.io.Serializable;
/**
* Interface for a capability entry.
* @author britt
*/
public interface CapabilityEntry extends Serializable
{
/**
* Get the primary key.
* @return The id.
*/
public int getId();
/**
* Get the name of the Capability.
* @return The name of the Capability.
*/
public String getName();
}

54
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO Interface for capability entries.
* @author britt
*/
public interface CapabilityEntryDAO
{
/**
* Save one.
* @param entry The one to save.
*/
public void save(CapabilityEntry entry);
/**
* Get all the CapabilityEntries.
* @return All of them.
*/
public List<CapabilityEntry> getAll();
/**
* Get an entry by name.
* @param name The name of the entry.
* @return The entry or null if it doesn't exist.
*/
public CapabilityEntry get(String name);
}

67
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java Normal file
View File

@@ -0,0 +1,67 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate implementation of a CapabilityEntryDAO.
* @author britt
*/
public class CapabilityEntryDAOHibernate extends HibernateDaoSupport implements CapabilityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#get(java.lang.String)
*/
public CapabilityEntry get(String name)
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce where ce.name = :name");
query.setString("name", name);
return (CapabilityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#getAll()
*/
@SuppressWarnings("unchecked")
public List<CapabilityEntry> getAll()
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce");
return (List<CapabilityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#save(org.alfresco.repo.simple.permission.CapabilityEntry)
*/
public void save(CapabilityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
}

86
source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java Normal file
View File

@@ -0,0 +1,86 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
/**
* Implementation of Capability Entry.
* @author britt
*/
public class CapabilityEntryImpl implements CapabilityEntry
{
private static final long serialVersionUID = 7235803886625308634L;
private int fID;
private String fName;
private long fVersion;
public CapabilityEntryImpl()
{
}
public CapabilityEntryImpl(String name)
{
fName = name;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
}

108
source/java/org/alfresco/repo/simple/permission/CapabilityRegistryImpl.java
View File

@@ -1,108 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.simple.permission.CapabilityRegistry;
/**
* Basic implementation of a capability registry.
* @author britt
*/
public class CapabilityRegistryImpl implements CapabilityRegistry
{
private Map<Integer, String> fIDToCapability;
private Map<String, Integer> fCapabilityToID;
public CapabilityRegistryImpl()
{
fIDToCapability = new HashMap<Integer, String>();
fCapabilityToID = new HashMap<String, Integer>();
}
public void setCapabilities(Set<String> capabilities)
{
int count = 0;
for (String cap : capabilities)
{
Integer id = count++;
fIDToCapability.put(id, cap);
fCapabilityToID.put(cap, id);
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.CapabilityRegistry#addCapability(java.lang.String)
*/
public synchronized void addCapability(String capability)
{
// TODO Make this do something in the future.
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.CapabilityRegistry#getAll()
*/
public synchronized Set<String> getAll()
{
return new HashSet<String>(fCapabilityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.CapabilityRegistry#getCapabilityID(java.lang.String)
*/
public synchronized int getCapabilityID(String capability)
{
Integer id = fCapabilityToID.get(capability);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.CapabilityRegistry#getCapabilityName(int)
*/
public synchronized String getCapabilityName(int id)
{
return fIDToCapability.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.CapabilityRegistry#removeCapability(java.lang.String)
*/
public synchronized void removeCapability(String capability)
{
// TODO Make this persistent.
Integer removed = fCapabilityToID.remove(capability);
fIDToCapability.remove(removed);
}
}

114
source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java Normal file
View File

@@ -0,0 +1,114 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.util.Set;
/**
* Interface for a registry of capabilities.
* @author britt
*/
public interface AuthorityCapabilityRegistry
{
/**
* Get all known capabilities.
* @return A list of all the capabilities.
*/
public Set<String> getAllCapabilities();
/**
* Get all authorities know to the system.
* @return
*/
public Set<String> getAllAuthorities();
/**
* Get the integer id corresponding to the given capability.
* @return The id.
*/
public int getCapabilityID(String capability);
/**
* Get the name of a capability from it's unique id.
* @param id
* @return The capability name or null if the id is invalid.
*/
public String getCapabilityName(int id);
/**
* Add a capability.
* @param capability
*/
public void addCapability(String capability);
/**
* Get the id for an authority.
* @param authority
* @return The id for the authority.
*/
public int getAuthorityID(String authority);
/**
* Get the name from an authority id.
* @param id The authority id.
* @return The authority name.
*/
public String getAuthorityName(int id);
/**
* Add a new authority.
* @param authority The authority name.
* @param parent The parent authority. May be null.
*/
public void addAuthority(String authority, String parent);
/**
* Remove an authority completely from the system.
* @param authority The authority to move.
*/
public void removeAuthority(String authority);
/**
* Remove a containment relationship.
* @param parent The parent.
* @param child The child.
*/
public void removeAuthorityChild(String parent, String child);
/**
* Get all authorities which are contained directly or transitively by the given authority.
* @param authority The authority to check.
* @return The contained authorities.
*/
public Set<String> getContainedAuthorities(String authority);
/**
* Get all authorities which directly or indirectly contain the given authority.
* @param authority The authority to check.
* @return The container authorities.
*/
public Set<String> getContainerAuthorities(String authority);
}