Wikitty-commits
Threads by month
- ----- 2026 -----
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
October 2010
- 7 participants
- 86 discussions
r394 - trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform
by bpoussin@users.nuiton.org 08 Oct '10
by bpoussin@users.nuiton.org 08 Oct '10
08 Oct '10
Author: bpoussin
Date: 2010-10-08 17:39:47 +0200 (Fri, 08 Oct 2010)
New Revision: 394
Url: http://nuiton.org/repositories/revision/wikitty/394
Log:
correction test on export: test work
Modified:
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/ImportExportTest.java
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/ImportExportTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/ImportExportTest.java 2010-10-08 15:39:29 UTC (rev 393)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/ImportExportTest.java 2010-10-08 15:39:47 UTC (rev 394)
@@ -42,6 +42,7 @@
@Test
public void testExport() throws Exception {
+ ws.clear(null); // Database must be clean before create and export
final List<Wikitty> wikitties = createSampleWikitty(ws);
Criteria criteria = Search.query().eq(Element.ELT_EXTENSION, AbstractTestConformance.EXTNAME).criteria();
@@ -65,8 +66,11 @@
assertEquals( "wikittyExt", attrs.get("name") );
} else if ( "object".equals(nodeName) ) {
Wikitty wikitty = null;
+ String id = attrs.get("id");
for ( Wikitty w : wikitties ) {
- if ( w.getId().equals(attrs.get("id")) ) { wikitty = w; break; }
+ if ( w.getId().equals(id) ) {
+ wikitty = w; break;
+ }
}
assertNotNull( wikitty );
assertEquals( "1.0", attrs.get("version") );
1
0
r393 - trunk/wikitty-api/src/test/java/org/nuiton/wikitty/api
by bpoussin@users.nuiton.org 08 Oct '10
by bpoussin@users.nuiton.org 08 Oct '10
08 Oct '10
Author: bpoussin
Date: 2010-10-08 17:39:29 +0200 (Fri, 08 Oct 2010)
New Revision: 393
Url: http://nuiton.org/repositories/revision/wikitty/393
Log:
correction test on date: test work
Modified:
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/api/CommonTest.java
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/api/CommonTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/api/CommonTest.java 2010-10-08 14:57:16 UTC (rev 392)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/api/CommonTest.java 2010-10-08 15:39:29 UTC (rev 393)
@@ -192,7 +192,7 @@
Assert.assertEquals(intValue, w.getFieldAsInt(StorageTest.EXTNAME, "fieldName1") );
Date dateValue = new Date();
- w.setField(StorageTest.EXTNAME, "fieldName2", new Date() );
+ w.setField(StorageTest.EXTNAME, "fieldName2", dateValue);
Assert.assertEquals(dateValue, w.getFieldAsDate(StorageTest.EXTNAME, "fieldName2") );
// null or empty assignment ...
1
0
r392 - trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform
by bleny@users.nuiton.org 08 Oct '10
by bleny@users.nuiton.org 08 Oct '10
08 Oct '10
Author: bleny
Date: 2010-10-08 16:57:16 +0200 (Fri, 08 Oct 2010)
New Revision: 392
Url: http://nuiton.org/repositories/revision/wikitty/392
Log:
renaming non-test class to be ignored by test-runner
Added:
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceBenchMark.java
Removed:
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceTest.java
Copied: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceBenchMark.java (from rev 391, trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceTest.java)
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceBenchMark.java (rev 0)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceBenchMark.java 2010-10-08 14:57:16 UTC (rev 392)
@@ -0,0 +1,97 @@
+/* *##%
+ * Copyright (c) 2009 ruchaud. All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *##%*/
+
+package org.nuiton.wikitty.conform;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Random;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.nuiton.wikitty.FieldType;
+import org.nuiton.wikitty.Wikitty;
+import org.nuiton.wikitty.WikittyExtension;
+import org.nuiton.wikitty.WikittyImpl;
+import org.nuiton.wikitty.WikittyService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+/**
+ * This class is <strong>NOT</strong> a test. It's a benchlark that
+ * computes values and log them. This class is named properly to
+ * prevent any test Runner to run it.
+ *
+ * @author ruchaud
+ * @version $Revision$
+ *
+ * Last update: $Date$
+ * by : $Author$
+ */
+(a)RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations="classpath:META-INF/spring/wikitty-test.xml")
+public class PerformanceBenchMark {
+
+ protected final static Log log = LogFactory.getLog(PerformanceBenchMark.class);
+
+ protected final static int WIKITTY_SIZE = 10000;
+
+ @Autowired
+ protected WikittyService wikittyService;
+
+ @Test
+ public void testPerformanceWikitty() throws Exception {
+ testPerformanceWikitty(3);
+ testPerformanceWikitty(50);
+ testPerformanceWikitty(100);
+ }
+
+ protected void testPerformanceWikitty(int fieldSize) {
+ WikittyExtension extension = new WikittyExtension("Performance" + fieldSize);
+ for (int i = 0; i < fieldSize; i++) {
+ FieldType fieldType = new FieldType(FieldType.TYPE.STRING, 1, 1);
+ extension.addField("field" + i, fieldType);
+ }
+ wikittyService.storeExtension(null, extension);
+
+ Collection<Wikitty> wikitties = new ArrayList<Wikitty>(WIKITTY_SIZE);
+ for (int i = 0; i < WIKITTY_SIZE; i++) {
+ Wikitty wikitty = new WikittyImpl("Performance" + fieldSize + "id" + i);
+ wikitty.addExtension(extension);
+ for (int j = 0; j < fieldSize; j++) {
+ wikitty.setField("Performance" + fieldSize, "field" + j, "value" + j);
+ }
+ wikitties.add(wikitty);
+ }
+ long start = System.currentTimeMillis();
+ wikittyService.store(null, wikitties);
+ long end = System.currentTimeMillis();
+ log.info("[Performance" + fieldSize + "] Write times : " + ((end - start) / 1000) + "s");
+
+ Random random = new Random();
+ start = System.currentTimeMillis();
+ for (int i = 0; i < WIKITTY_SIZE; i++) {
+ int nextInt = random.nextInt(WIKITTY_SIZE);
+ wikittyService.restore(null, "Performance" + fieldSize + "id" + nextInt);
+ }
+ end = System.currentTimeMillis();
+ log.info("[Performance" + fieldSize + "] Read times : " + ((end - start) / 1000) + "s");
+ }
+}
Property changes on: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceBenchMark.java
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision HeadURL
Deleted: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceTest.java 2010-10-06 17:42:23 UTC (rev 391)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/conform/PerformanceTest.java 2010-10-08 14:57:16 UTC (rev 392)
@@ -1,93 +0,0 @@
-/* *##%
- * Copyright (c) 2009 ruchaud. All rights reserved.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *##%*/
-
-package org.nuiton.wikitty.conform;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Random;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.nuiton.wikitty.FieldType;
-import org.nuiton.wikitty.Wikitty;
-import org.nuiton.wikitty.WikittyExtension;
-import org.nuiton.wikitty.WikittyImpl;
-import org.nuiton.wikitty.WikittyService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-/**
- * @author ruchaud
- * @version $Revision$
- *
- * Last update: $Date$
- * by : $Author$
- */
-(a)RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(locations="classpath:META-INF/spring/wikitty-test.xml")
-public class PerformanceTest {
-
- protected final static Log log = LogFactory.getLog(PerformanceTest.class);
-
- protected final static int WIKITTY_SIZE = 10000;
-
- @Autowired
- protected WikittyService wikittyService;
-
- @Test
- public void testPerformanceWikitty() throws Exception {
- testPerformanceWikitty(3);
- testPerformanceWikitty(50);
- testPerformanceWikitty(100);
- }
-
- protected void testPerformanceWikitty(int fieldSize) {
- WikittyExtension extension = new WikittyExtension("Performance" + fieldSize);
- for (int i = 0; i < fieldSize; i++) {
- FieldType fieldType = new FieldType(FieldType.TYPE.STRING, 1, 1);
- extension.addField("field" + i, fieldType);
- }
- wikittyService.storeExtension(null, extension);
-
- Collection<Wikitty> wikitties = new ArrayList<Wikitty>(WIKITTY_SIZE);
- for (int i = 0; i < WIKITTY_SIZE; i++) {
- Wikitty wikitty = new WikittyImpl("Performance" + fieldSize + "id" + i);
- wikitty.addExtension(extension);
- for (int j = 0; j < fieldSize; j++) {
- wikitty.setField("Performance" + fieldSize, "field" + j, "value" + j);
- }
- wikitties.add(wikitty);
- }
- long start = System.currentTimeMillis();
- wikittyService.store(null, wikitties);
- long end = System.currentTimeMillis();
- log.info("[Performance" + fieldSize + "] Write times : " + ((end - start) / 1000) + "s");
-
- Random random = new Random();
- start = System.currentTimeMillis();
- for (int i = 0; i < WIKITTY_SIZE; i++) {
- int nextInt = random.nextInt(WIKITTY_SIZE);
- wikittyService.restore(null, "Performance" + fieldSize + "id" + nextInt);
- }
- end = System.currentTimeMillis();
- log.info("[Performance" + fieldSize + "] Read times : " + ((end - start) / 1000) + "s");
- }
-}
1
0
r391 - in trunk: src/site wikitty-api/src/main/java/org/nuiton/wikitty wikitty-generators/src/main/java/org/nuiton/wikitty/generator
by bleny@users.nuiton.org 06 Oct '10
by bleny@users.nuiton.org 06 Oct '10
06 Oct '10
Author: bleny
Date: 2010-10-06 19:42:23 +0200 (Wed, 06 Oct 2010)
New Revision: 391
Url: http://nuiton.org/repositories/revision/wikitty/391
Log:
code style ; javadoc
Modified:
trunk/src/site/site.xml
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java
trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java
Modified: trunk/src/site/site.xml
===================================================================
--- trunk/src/site/site.xml 2010-10-05 17:40:50 UTC (rev 390)
+++ trunk/src/site/site.xml 2010-10-06 17:42:23 UTC (rev 391)
@@ -17,6 +17,8 @@
<item name="TODO" href="todo.html"/>
</menu>
+ <menu ref="modules"/>
+
<menu ref="reports"/>
</body>
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java 2010-10-05 17:40:50 UTC (rev 390)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/Wikitty.java 2010-10-06 17:42:23 UTC (rev 391)
@@ -36,27 +36,24 @@
void addExtension(List<WikittyExtension> exts);
- /**
- * check that the wikitty has a metaExtension about a given extension
- * @param metaExtension the metaExtension to be checked
- * @param extension an extension already added to the wikitty
+ /** check that the wikitty has a metaExtension about a given extension.
+ * @param metaExtensionName the metaExtension to be checked
+ * @param extensionName an extension already added to the wikitty
* @since 2.2.0
*/
boolean hasMetaExtension(String metaExtensionName,
String extensionName);
- /**
- * add a meta-extension about the given extension to this wikitty
+ /** add a meta-extension about the given extension to this wikitty.
* @param metaExtension the metaExtension to add
* @param extension an extension already added to the wikitty
* @since 2.1
*/
void addMetaExtension(WikittyExtension metaExtension,
WikittyExtension extension);
-
- /**
- * add a meta-extension on the given extension to this wikitty
+
+ /** add a meta-extension on the given extension to this wikitty.
* @param metaExtension the metaExtension to add
* @param extensionFqn the name of the extension already added to the wikitty
* @since 2.1
@@ -162,6 +159,7 @@
Set<String> fieldNames();
+ /** get the value of and field given its fqn */
Object getFqField(String fqFieldName);
String getVersion();
@@ -178,25 +176,22 @@
* @since 2.2.0
*/
Set<String> getDirty();
-
- /**
- * Server only used
- * @param version
- */
+
+ /** clear the lists of modified field since last restore. */
void clearDirty();
- /**
- * Server only used
+ /** set the value of a field given is fqn.
* @param fieldName fqn (ex: extensionName.fieldName)
* @param value new value
*/
void setFqField(String fieldName, Object value);
boolean isEmpty();
-
+
+ /**
+ * @see Cloneable#clone()
+ */
Wikitty clone() throws CloneNotSupportedException;
-
-
}
\ No newline at end of file
Modified: trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java
===================================================================
--- trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java 2010-10-05 17:40:50 UTC (rev 390)
+++ trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java 2010-10-06 17:42:23 UTC (rev 391)
@@ -38,7 +38,7 @@
* for the string "abc{foo|bar}defrzeg{uvw|xyz}oeira"
* will match {foo|bar} and {uvw|xyz} with groups for foo, bar, uvw and xyz
*/
- protected Pattern p = Pattern.compile("\\{(([^|}])*)(?:\\|([^}]*))?\\}");
+ protected Pattern toStringTagValuePattern = Pattern.compile("\\{(([^|}])*)(?:\\|([^}]*))?\\}");
/** map "Client.name" to "getName()" or any getter to read this attribute
* those getter names are stored while generating in order to be found
@@ -406,7 +406,7 @@
// "hello {Person.name|unknow} employe of {Company.name|unknow}"
//
- Matcher matcher = p.matcher(toStringPattern);
+ Matcher matcher = toStringTagValuePattern.matcher(toStringPattern);
while (matcher.find()) {
String wholeMatch = matcher.group(0); // "{foo|bar}"
1
0
r388 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 18:34:28 +0200 (Tue, 05 Oct 2010)
New Revision: 388
Url: http://nuiton.org/repositories/revision/wikitty/388
Log:
removing dead code ; refactoring ; some javadoc
Modified:
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 14:23:14 UTC (rev 387)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 16:34:28 UTC (rev 388)
@@ -39,31 +39,6 @@
public WikittyServiceSecurity(WikittyService ws) {
this.ws = ws;
-
-// Wikitty appAdminGroup = getAppAdminGroup(null);
-//
-// if (WikittyGroupHelper.getMembers(appAdminGroup) == null) {
-// // first time boot
-// ws.storeExtension(null, WikittyUserAbstract.extensions);
-// ws.storeExtension(null, SecurityTokenAbstract.extensions);
-// ws.storeExtension(null, WikittyGroupAbstract.extensions);
-//
-// // create the appAdmin account
-// Wikitty appAdmin = new WikittyImpl();
-// WikittyUserHelper.addExtension(appAdmin);
-// WikittyUserHelper.setLogin(appAdmin, APPADMIN_LOGIN);
-// WikittyUserHelper.setPassword(appAdmin, APPADMIN_PASSWORD);
-// ws.store(null, appAdmin);
-//
-
-//
-// // login as admin to add some security polices
-// String adminToken = login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
-//
-// // FIXME 20100923 bleny make all tokens unwritable, except for app admin
-//
-// logout(adminToken);
-// }
}
@Override
@@ -121,10 +96,20 @@
}
}
+ /**
+ * @return a wikitty id
+ */
protected String extensionToWikittySecurityId(String extensionName) {
return String.format("WikittySecurity:%s", extensionName);
}
+ /** create an new account.
+ * create a new account, require to be appAdmin or anonymous if security
+ * is not yet enabled
+ * @param securityToken token (null for anonymous, or a token of an appAdmin)
+ * @param login the login of the account to be created
+ * @param password the password of the account to be created
+ */
public void createAccount(String securityToken, String login, String password) {
String userId = getUserId(securityToken);
boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId);
@@ -149,6 +134,12 @@
}
}
+ /** get the id of a user given his login.
+ *
+ * @param securityToken a token
+ * @param login the login of the user to search for
+ * @return a wikitty id
+ */
public String getUserWikittyId(String securityToken, String login) {
getUserId(securityToken);
String userWikittyId = null;
@@ -160,9 +151,33 @@
return userWikittyId;
}
- /** */
- public Wikitty addWikittyAuthorisation(String securityToken,
+ /** if app-admin group exists, return true if given userId is app-admin
+ * if app-admin group doesn't exists, return true if user is anonymous
+ */
+ protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) {
+ boolean userIsAnonymousOrAppAdmin = false;
+
+ if (getAppAdminGroup(securityToken) == null) {
+ if (securityToken == null) {
+ // user is anonymous
+ userIsAnonymousOrAppAdmin = true;
+ }
+ } else {
+ if (isAppAdmin(securityToken, userId)) {
+ // user is appAdmin
+ userIsAnonymousOrAppAdmin = true;
+ }
+ }
+
+ return userIsAnonymousOrAppAdmin;
+ }
+
+ /** add a <strong>level 2</strong> security policy on the given extension. */
+ public Wikitty addExtensionAuthorisation(String securityToken,
WikittyExtension extension) {
+
+ // TODO 20101005 bleny merge into storeExtensionAuthorisation by adding an extension paramater ?
+
String userId = getUserId(securityToken);
boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId);
@@ -186,37 +201,6 @@
}
}
- protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) {
- boolean userIsAnonymousOrAppAdmin = false;
- /*
- if (securityToken == null) {
- // user is anonymous
- userIsAnonymousOrAppAdmin = true;
- } else {
- if (getAppAdminGroup(securityToken) != null) {
- if ( isAppAdmin(securityToken, userId)) {
- // user is appAdmin
- userIsAnonymousOrAppAdmin = true;
- }
- }
- }
- */
-
- if (getAppAdminGroup(securityToken) == null) {
- if (securityToken == null) {
- // user is anonymous
- userIsAnonymousOrAppAdmin = true;
- }
- } else {
- if (isAppAdmin(securityToken, userId)) {
- // user is appAdmin
- userIsAnonymousOrAppAdmin = true;
- }
- }
-
- return userIsAnonymousOrAppAdmin;
- }
-
/** restore the wikitty authorisation attached to given extension.
*
* @return a wikitty with WikittyAuthorisation extension, or null if given
@@ -250,44 +234,33 @@
}
return wikittyAuthorisation;
}
-
+
+ /**
+ *
+ * @param securityToken token with rights to modify extension
+ * @param extensionRights a wikitty that has extension WikittyAuthorisation
+ */
public void storeExtensionAuthorisation(String securityToken,
- Wikitty wikitty) {
+ Wikitty extensionRights) {
String userId = getUserId(securityToken);
- Wikitty oldVersion = ws.restore(securityToken, wikitty.getId());
+ Wikitty oldVersion = ws.restore(securityToken, extensionRights.getId());
- // check that the wikitty does not have
- if (WikittyAuthorisationHelper.hasExtension(wikitty)) {
+ // check that the extensionRights does not have
+ if (WikittyAuthorisationHelper.hasExtension(extensionRights)) {
if (oldVersion == null) {
- // if this exception is raised, you should use addWikittyAuthorisation()
+ // if this exception is raised, you should use addExtensionAuthorisation()
throw new IllegalArgumentException("you can't store an authorisation for the fist time");
} else {
if ( userIsAnonymousOrAppAdmin(securityToken, userId) ||
- canAdmin(securityToken, userId, null, oldVersion) ) {
-//
-// if (isAdmin(securityToken, userId, oldVersion, null)) {
-// // admin can't change owner, admin or parent
-// // putting back old values
-// Object oldValue = oldVersion.getFieldAsObject(
-// WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
-// WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER);
-// wikitty.setField(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
-// WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER,
-// oldValue);
-//
-// WikittyAuthorisationHelper.setOwner(wikitty,
-// WikittyAuthorisationHelper.getOwner(oldVersion));
-// WikittyAuthorisationHelper.setParent(wikitty,
-// WikittyAuthorisationHelper.getParent(oldVersion));
-//
-// }
+ canAdmin(securityToken, userId, null, oldVersion) ) {
- ws.store(securityToken, wikitty);
+ ws.store(securityToken, extensionRights);
+
} else {
throw new SecurityException(String.format(
"user %s can't admin rights for this extension", userId));
@@ -295,8 +268,8 @@
}
} else {
throw new IllegalArgumentException(String.format(
- "wikitty %s is not a wikittyAuthorisation. It misses the extension",
- wikitty));
+ "extensionRights %s is not a wikittyAuthorisation. It misses the extension",
+ extensionRights));
}
}
@@ -337,7 +310,7 @@
// usual case, a user want to store a wikitty
Wikitty oldVersion = ws.restore(securityToken, wikitty.getId());
- Collection<String> newExtensions = wikitty.getExtensionNames();
+ Collection<String> newExtensions = new ArrayList<String>(wikitty.getExtensionNames());
if (oldVersion != null) {
// we already checked the rights for those extension
// re-do the check has too much cost, avoid it
@@ -368,8 +341,16 @@
fqFieldDirtyName, concernedExtensionName));
}
- boolean canChange;
- if (WikittyAuthorisation.EXT_WIKITTYAUTHORISATION.equals(concernedExtensionName)) {
+ boolean fieldRequireAdminRights = // true if field is a field of WikittyAuthorisation
+ // concerned extension is "WikittyAuthorisation"
+ WikittyAuthorisation.EXT_WIKITTYAUTHORISATION.equals(concernedExtensionName)
+ // or concerned extension is something like "AnyExtension:WikittyAuthorisation"
+ || WikittyAuthorisation.EXT_WIKITTYAUTHORISATION.equals(
+ WikittyUtil.getMetaExtensionNameFromFQMetaExtensionName(concernedExtensionName));
+
+ boolean canChange; // will be true if user can modify the value of this field
+ // according to his level of rights
+ if (fieldRequireAdminRights) {
canChange = canAdmin(securityToken, userId, concernedExtensionName, wikitty);
} else {
canChange = canWrite(securityToken, userId, concernedExtensionName, wikitty);
@@ -579,8 +560,12 @@
if ( ! userIsAnonymousOrAppAdmin(securityToken, userId)) {
for (WikittyExtension extension : exts) {
Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName());
- if ( ! canWrite(securityToken, userId, null, extensionAuthorisation)) {
- throw new SecurityException(_("user %s don't have write right for extension %s", userId, extension));
+ if (extensionAuthorisation != null) {
+ // canWrite is true if this user can modify the field for this extension
+ boolean canWrite = canWrite(securityToken, userId, null, extensionAuthorisation);
+ if ( ! canWrite) {
+ throw new SecurityException(_("user %s don't have write right for extension %s", userId, extension));
+ }
}
}
}
@@ -757,11 +742,9 @@
// Method helper to check right
//
- /**
- * Recupere l'identifiant de l'utilisateur associe au securityToken
- *
- * @param securityToken
- * @return l'identifiant de l'utilisateur, ou null si le token est invalide
+ /** tell who own a token (who got this token after login).
+ * @param securityToken the token whose owner will be returned
+ * @return a wikitty Id (wikitty has extension WikittyUser)
*/
protected String getUserId(String securityToken) {
String result = null;
@@ -830,7 +813,7 @@
return result;
}
- /**
+ /** true if given user is owner
*
* @param securityToken
* @param userId
@@ -857,12 +840,26 @@
}
return isOwner;
}
-
+
+ /** {@link #isMember(String, String, Wikitty, String, boolean)} with default value */
protected boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName) {
- // by default, user is considered not member if she is not in the group, so passing "false"
+ // by default, user is considered not member if he is not in the group, so passing "false"
return isMember(securityToken, userId, extensionRights, fqFieldName, false);
}
+ /** check if a user is listed in a level of rights
+ *
+ * @param securityToken
+ * @param userId the userId to look for
+ * @param extensionRights a wikitty with WikittyAuthorisation as extension <strong>OR</strong> meta-extension
+ * @param fqFieldName the field to look into, it should be one of the field of extension WikittyAuthorisation
+ * it has to be a FQN and may contain an extension-name if using meta-extension
+ * @param considerEmptyGroupAsMembership if true, an empty field value will be considered as
+ * "every-one is in the group". Most of the time, it will be false but true should be
+ * passed for "reader" level because user has right to read if he belongs to "reader" OR
+ * if reader is empty
+ * @return true if userId appear in the single/list of group/user of given field
+ */
protected boolean isMember(String securityToken, String userId,
Wikitty extensionRights, String fqFieldName, boolean considerEmptyGroupAsMembership) {
@@ -891,44 +888,7 @@
return isMember;
}
-// /**
-// * Par defaut un objet est lisible par tous, sauf s'il a l'extension
-// * d'autorisation et que la liste des readers existe et n'est pas vide
-// *
-// * @param userId
-// * @param w
-// * @return true si l'utilisateur est dans la liste des reader (ou que cette
-// * liste n'existe pas ce qui indique que tout le monde est reader)
-// */
-// @Deprecated
-// protected boolean isReader(String securityToken, String userId, Wikitty w) {
-// boolean result = true;
-// if (WikittyAuthorisationHelper.isExtension(w)) {
-// Set<String> groupOrUser = WikittyAuthorisationHelper.getReader(w);
-// if (groupOrUser == null || groupOrUser.size() == 0) {
-// // il n'y a pas de reader sur l'objet actuel, il faut regarder
-// // sur le parent s'il y en a
-// String parentId = WikittyAuthorisationHelper.getParent(w);
-// if (parentId != null) {
-// Wikitty parent = ws.restore(securityToken, parentId);
-// result = isReader(securityToken, userId, parent);
-// }
-// } else {
-// // il y a des readers sur l'objet actuel, il faut donc checker
-// // comme pour les autres droits en parent aussi les parents
-// result = isMember(
-// securityToken, userId, w, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_READER);
-// }
-// }
-// return result;
-// }
-
- /**
- * Verifie si l'utilisateur est considere comme un AppAdmin
- *
- * @param userId
- * @return
- */
+ /** check if a given user belong to the group of app-admins. */
protected boolean isAppAdmin(String securityToken, String userId) {
Wikitty group = getAppAdminGroup(securityToken);
Set<String> ids = WikittyGroupHelper.getMembers(group);
@@ -962,6 +922,7 @@
}
}
+ /** get the wikitty with extension WikittyGroup that contains all app-admin. */
protected Wikitty getAppAdminGroup(String securityToken) {
Wikitty group;
if (appAdminGroupId == null) {
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 14:23:14 UTC (rev 387)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 16:34:28 UTC (rev 388)
@@ -10,12 +10,8 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
import org.nuiton.wikitty.FieldType;
-import org.nuiton.wikitty.FieldType.TYPE;
-import org.nuiton.wikitty.SecurityToken;
-import org.nuiton.wikitty.TreeNodeAbstract;
import org.nuiton.wikitty.Wikitty;
import org.nuiton.wikitty.WikittyAuthorisation;
import org.nuiton.wikitty.WikittyAuthorisationAbstract;
@@ -62,7 +58,7 @@
securityService.createAccount(token, "admin", "");
securityService.createAccount(token, "owner", "");
- Wikitty authorizations = securityService.addWikittyAuthorisation(token, extension);
+ Wikitty authorizations = securityService.addExtensionAuthorisation(token, extension);
WikittyAuthorisationHelper.addReader(authorizations, securityService.getUserWikittyId(token, "reader"));
WikittyAuthorisationHelper.addWriter(authorizations, securityService.getUserWikittyId(token, "writer"));
WikittyAuthorisationHelper.addAdmin(authorizations, securityService.getUserWikittyId(token, "admin"));
3
3
r390 - trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 19:40:50 +0200 (Tue, 05 Oct 2010)
New Revision: 390
Url: http://nuiton.org/repositories/revision/wikitty/390
Log:
refactoring generated code about adding a meta-extension to a wikity
Modified:
trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java
trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyContractGenerator.java
trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java
Modified: trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java
===================================================================
--- trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java 2010-10-05 16:46:42 UTC (rev 389)
+++ trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyAbstractGenerator.java 2010-10-05 17:40:50 UTC (rev 390)
@@ -16,7 +16,6 @@
import org.nuiton.eugene.models.object.ObjectModel;
import org.nuiton.eugene.models.object.ObjectModelAttribute;
import org.nuiton.eugene.models.object.ObjectModelClass;
-import org.nuiton.eugene.models.object.ObjectModelInterface;
import org.nuiton.eugene.models.object.ObjectModelModifier;
import org.nuiton.eugene.models.object.ObjectModelOperation;
@@ -455,13 +454,12 @@
ObjectModelAttribute extension = addAttribute(abstractClassForThisMetaExtension, "extensionForMetaExtension", WikittyTransformerUtil.WIKITTY_EXTENSION_CLASS_FQN);
setDocumentation(extension, "the metaExtension operations target this extension, may be null");
- ObjectModelOperation addMetaExtension = addOperation(abstractClassForThisMetaExtension, "addMetaExtension", "void");
- addAnnotation(abstractClassForThisMetaExtension, addMetaExtension, "Override");
- addParameter(addMetaExtension, WikittyTransformerUtil.WIKITTY_EXTENSION_CLASS_FQN, "extension");
- setDocumentation(addMetaExtension, String.format(
+ ObjectModelOperation setExtensionForMetaExtension = addOperation(abstractClassForThisMetaExtension, "setExtensionForMetaExtension", "void");
+ addParameter(setExtensionForMetaExtension, WikittyTransformerUtil.WIKITTY_EXTENSION_CLASS_FQN, "extension");
+ setDocumentation(setExtensionForMetaExtension, String.format(
"add %s meta-extension on given extension to this entity",
metaExtension.getName()));
- setOperationBody(addMetaExtension, ""
+ setOperationBody(setExtensionForMetaExtension, ""
/*{
extensionForMetaExtension = extension;
<%=helperClassName%>.addMetaExtension(extension, getWikitty());
Modified: trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyContractGenerator.java
===================================================================
--- trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyContractGenerator.java 2010-10-05 16:46:42 UTC (rev 389)
+++ trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyContractGenerator.java 2010-10-05 17:40:50 UTC (rev 390)
@@ -237,16 +237,6 @@
/** add stuff if input model element is stereotyped as "meta" */
protected void processMetaExtension(ObjectModelClass metaExtension) {
- log.debug("processing meta-extension : " + metaExtension.getPackageName() +
- "." + metaExtension.getName());
-
- ObjectModelInterface contract = prepareOutputClass(metaExtension);
-
- ObjectModelOperation addMetaExtension = addOperation(contract, "addMetaExtension", "void");
- addParameter(addMetaExtension, WikittyTransformerUtil.WIKITTY_EXTENSION_CLASS_FQN, "extension");
- setDocumentation(addMetaExtension, String.format(
- "add %s meta-extension on given extension to this entity",
- metaExtension.getName()));
-
+ // nothing to do
}
}
Modified: trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java
===================================================================
--- trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java 2010-10-05 16:46:42 UTC (rev 389)
+++ trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java 2010-10-05 17:40:50 UTC (rev 390)
@@ -36,16 +36,14 @@
}
protected ObjectModelClass prepareImplementation(ObjectModelClass clazz) {
- ObjectModelClass implementation;
+ ObjectModelClass implementation = processedClasses.get(clazz);
- if (processedClasses.containsKey(clazz)) {
- // class has been already processed, return the implementation
- implementation = processedClasses.get(clazz);
- } else {
+ if (implementation == null) {
+
implementation = createClass(
WikittyTransformerUtil.businessEntityToImplementationName(clazz),
clazz.getPackageName());
-
+
// TODO 20100811 bleny remove unused imports
addImport(implementation, WikittyTransformerUtil.BUSINESS_ENTITY_CLASS_FQN);
addImport(implementation, WikittyTransformerUtil.BUSINESS_ENTITY_WIKITTY_CLASS_FQN);
@@ -65,9 +63,9 @@
addImport(implementation, java.util.Set.class);
addImport(implementation, java.util.Date.class);
addImport(implementation, java.util.LinkedHashSet.class);
-
+
setSuperClass(implementation, WikittyTransformerUtil.businessEntityToAbstractName(clazz));
-
+
// adding a generated serialVersionUID
Random random = new Random();
Long serialVersionUIDs = random.nextLong();
@@ -76,7 +74,8 @@
"long",
serialVersionUIDs.toString() + "L",
ObjectModelModifier.PRIVATE);
-
+
+ processedClasses.put(clazz, implementation);
}
return implementation;
@@ -118,9 +117,8 @@
String contractName = WikittyTransformerUtil.businessEntityToContractName(metaExtension);
setOperationBody(constructor, ""
/*{
- this.extensionForMetaExtension = extension;
this.wikitty = wikitty;
- addMetaExtension(extension<%=contractName%>, extension);
+ setExtensionForMetaExtension(extension);
}*/);
}
}
1
0
r389 - trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 18:46:42 +0200 (Tue, 05 Oct 2010)
New Revision: 389
Url: http://nuiton.org/repositories/revision/wikitty/389
Log:
bug fixes ; missing instructions in meta-extension constructors
Modified:
trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java
Modified: trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java
===================================================================
--- trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java 2010-10-05 16:34:28 UTC (rev 388)
+++ trunk/wikitty-generators/src/main/java/org/nuiton/wikitty/generator/WikittyImplementationGenerator.java 2010-10-05 16:46:42 UTC (rev 389)
@@ -29,7 +29,7 @@
processBusinessEntity(clazz, implementation);
}
- if ( WikittyTransformerUtil.isBusinessEntity(clazz) ) {
+ if ( WikittyTransformerUtil.isMetaExtension(clazz) ) {
ObjectModelClass implementation = prepareImplementation(clazz);
processMetaExtension(clazz, implementation);
}
@@ -118,6 +118,7 @@
String contractName = WikittyTransformerUtil.businessEntityToContractName(metaExtension);
setOperationBody(constructor, ""
/*{
+ this.extensionForMetaExtension = extension;
this.wikitty = wikitty;
addMetaExtension(extension<%=contractName%>, extension);
}*/);
1
0
r387 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 16:23:14 +0200 (Tue, 05 Oct 2010)
New Revision: 387
Url: http://nuiton.org/repositories/revision/wikitty/387
Log:
security bug fixes
Modified:
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 13:34:48 UTC (rev 386)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 14:23:14 UTC (rev 387)
@@ -185,10 +185,10 @@
WIKITTY_APPADMIN_GROUP_NAME));
}
}
-
+
protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) {
boolean userIsAnonymousOrAppAdmin = false;
-
+ /*
if (securityToken == null) {
// user is anonymous
userIsAnonymousOrAppAdmin = true;
@@ -200,6 +200,20 @@
}
}
}
+ */
+
+ if (getAppAdminGroup(securityToken) == null) {
+ if (securityToken == null) {
+ // user is anonymous
+ userIsAnonymousOrAppAdmin = true;
+ }
+ } else {
+ if (isAppAdmin(securityToken, userId)) {
+ // user is appAdmin
+ userIsAnonymousOrAppAdmin = true;
+ }
+ }
+
return userIsAnonymousOrAppAdmin;
}
@@ -410,10 +424,12 @@
protected void refuseUnauthorizedRead( String securityToken,
String userId,
Wikitty wikitty) {
- for (String extensionName : wikitty.getExtensionNames()) {
- if ( ! canRead(securityToken, userId, extensionName, wikitty)) {
- throw new SecurityException(_("user %s can't read extension %s on wikitty %s, it may be due to a global policy on the wikitty",
- userId, extensionName, wikitty));
+ if (wikitty != null) {
+ for (String extensionName : wikitty.getExtensionNames()) {
+ if ( ! canRead(securityToken, userId, extensionName, wikitty)) {
+ throw new SecurityException(_("user %s can't read extension %s on wikitty %s, it may be due to a global policy on the wikitty",
+ userId, extensionName, wikitty));
+ }
}
}
}
@@ -486,12 +502,7 @@
|| isOwner(securityToken, userId, wikitty, null);
} else if ( ! canAdmin ) {
// still not admin, check appAdmin
- if (getAppAdminGroup(securityToken) == null) {
- canAdmin = isAppAdmin(securityToken, userId);
- }
- } else {
- // no security policy, everything is allowed
- canAdmin = true;
+ canAdmin = userIsAnonymousOrAppAdmin(securityToken, userId);
}
return canAdmin;
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 13:34:48 UTC (rev 386)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 14:23:14 UTC (rev 387)
@@ -45,6 +45,12 @@
securityService = new WikittyServiceSecurity(inMemoryService);
+ /** /
+ // FIXME 20101005 bleny implementation should be able to allow
+ // passing trough two security layers
+ securityService = new WikittyServiceSecurity(securityService);
+ /**/
+
service = securityService;
// token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
1
0
r386 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers test/resources
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 15:34:48 +0200 (Tue, 05 Oct 2010)
New Revision: 386
Url: http://nuiton.org/repositories/revision/wikitty/386
Log:
better security support : more checks
Modified:
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
trunk/wikitty-api/src/test/resources/log4j.properties
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 07:43:24 UTC (rev 385)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 13:34:48 UTC (rev 386)
@@ -121,8 +121,8 @@
}
}
- protected String extensionToWikittySecurityId(WikittyExtension extension) {
- return String.format("WikittySecurity:%s", extension.getName());
+ protected String extensionToWikittySecurityId(String extensionName) {
+ return String.format("WikittySecurity:%s", extensionName);
}
public void createAccount(String securityToken, String login, String password) {
@@ -167,8 +167,8 @@
boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId);
if (creationAllowed) {
- if (restoreExtensionAuthorisation(securityToken, extension) == null) {
- String wikittyAuthorisationId = extensionToWikittySecurityId(extension);
+ if (restoreExtensionAuthorisation(securityToken, extension.getName()) == null) {
+ String wikittyAuthorisationId = extensionToWikittySecurityId(extension.getName());
Wikitty wikittyAuthorisation = new WikittyImpl(wikittyAuthorisationId);
WikittyAuthorisationHelper.addExtension(wikittyAuthorisation);
WikittyAuthorisationHelper.setOwner(wikittyAuthorisation, userId);
@@ -202,20 +202,29 @@
}
return userIsAnonymousOrAppAdmin;
}
-
- /** restore the wikitty authorisation attached to given extension
+
+ /** restore the wikitty authorisation attached to given extension.
*
* @return a wikitty with WikittyAuthorisation extension, or null if given
* extension has no security policy attached
- * @throws SecurityException if user don't have rights required
*/
public Wikitty restoreExtensionAuthorisation(String securityToken,
WikittyExtension extension) {
+ return restoreExtensionAuthorisation(securityToken, extension.getName());
+ }
+
+ /** restore the wikitty authorisation attached to given extension.
+ *
+ * @return a wikitty with WikittyAuthorisation extension, or null if given
+ * extension has no security policy attached
+ */
+ public Wikitty restoreExtensionAuthorisation(String securityToken,
+ String extensionName) {
String userId = getUserId(securityToken);
- String wikittyAuthorisationId = extensionToWikittySecurityId(extension);
+ String wikittyAuthorisationId = extensionToWikittySecurityId(extensionName);
Wikitty wikittyAuthorisation = ws.restore(securityToken, wikittyAuthorisationId);
if (wikittyAuthorisation == null) {
- log.debug(extension + " has no authorization attached");
+ log.debug(extensionName + " has no authorization attached");
} else {
/*
if ( ! canAdmin(securityToken, userId, wikittyAuthorisation)) {
@@ -311,44 +320,58 @@
List<Wikitty> wikittiesToStore = new ArrayList<Wikitty>();
for (Wikitty wikitty : wikitties) {
- // FIXME 20100930 bleny what if user store wikitty authorisation
-
// usual case, a user want to store a wikitty
Wikitty oldVersion = ws.restore(securityToken, wikitty.getId());
- if (oldVersion == null) { // it's a creation
-
- // check that **reader** right on Security for all extension
- for (WikittyExtension extension: wikitty.getExtensions()) {
- Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension);
-
- boolean canCreate = extensionRights == null ||
- canRead(securityToken, userId, null, extensionRights);
- if ( ! canCreate ) {
- throw new SecurityException(_(
- "user %s can't create instance of extension %s",
- userId, extensionRights));
- }
+
+ Collection<String> newExtensions = wikitty.getExtensionNames();
+ if (oldVersion != null) {
+ // we already checked the rights for those extension
+ // re-do the check has too much cost, avoid it
+ newExtensions.removeAll(oldVersion.getExtensionNames());
+ }
+
+ // check that **reader** right on Security for all extension
+ for (String extensionName: newExtensions) {
+
+ Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extensionName);
+ boolean canCreate = extensionRights == null ||
+ canRead(securityToken, userId, null, extensionRights);
+ if ( ! canCreate ) {
+ throw new SecurityException(_(
+ "user %s can't create instance of extension %s",
+ userId, extensionRights));
}
+ }
- } else { // it's an update
+ if (oldVersion != null) { // it's an update
for (String fqFieldDirtyName : wikitty.getDirty()) {
String concernedExtensionName = WikittyUtil.getExtensionNameFromFQFieldName(fqFieldDirtyName);
if (log.isTraceEnabled()) {
- log.trace("will update field " + fqFieldDirtyName);
- log.trace("it's extension " + concernedExtensionName);
+ log.trace(String.format("will update field %s from extension %s",
+ fqFieldDirtyName, concernedExtensionName));
}
- if (canWrite(securityToken, userId, concernedExtensionName, wikitty)) {
+ boolean canChange;
+ if (WikittyAuthorisation.EXT_WIKITTYAUTHORISATION.equals(concernedExtensionName)) {
+ canChange = canAdmin(securityToken, userId, concernedExtensionName, wikitty);
+ } else {
+ canChange = canWrite(securityToken, userId, concernedExtensionName, wikitty);
+ }
+
+ if (canChange) {
Object newValue = wikitty.getFqField(fqFieldDirtyName);
oldVersion.setFqField(fqFieldDirtyName, newValue);
+ } else {
+ throw new SecurityException(_("user %s can't write field %s on wikitty %s",
+ userId, fqFieldDirtyName, wikitty));
}
}
+ }
- wikittiesToStore.add(wikitty);
- }
+ wikittiesToStore.add(wikitty);
}
return wikittiesToStore;
}
@@ -389,7 +412,7 @@
Wikitty wikitty) {
for (String extensionName : wikitty.getExtensionNames()) {
if ( ! canRead(securityToken, userId, extensionName, wikitty)) {
- throw new SecurityException(_("user %s can't read extension %s on wikitty %s",
+ throw new SecurityException(_("user %s can't read extension %s on wikitty %s, it may be due to a global policy on the wikitty",
userId, extensionName, wikitty));
}
}
@@ -411,7 +434,7 @@
// there is no policy for this extension
// but there is a policy for all extension of wikitty
canRead = isReader(securityToken, userId, wikitty, null)
- || canWrite(securityToken, userId, extensionName, wikitty);
+ || canWrite(securityToken, userId, extensionName, wikitty);
} else {
// no security policy, everything is allowed
canRead = true;
@@ -544,7 +567,7 @@
String userId = getUserId(securityToken);
if ( ! userIsAnonymousOrAppAdmin(securityToken, userId)) {
for (WikittyExtension extension : exts) {
- Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension);
+ Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName());
if ( ! canWrite(securityToken, userId, null, extensionAuthorisation)) {
throw new SecurityException(_("user %s don't have write right for extension %s", userId, extension));
}
@@ -757,7 +780,7 @@
String metaFieldName = WikittyUtil.getMetaFieldName(
WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName,
WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_READER);
- result = isMember(securityToken, userId, wikitty, metaFieldName);
+ result = isMember(securityToken, userId, wikitty, metaFieldName, true);
return result;
}
@@ -825,24 +848,36 @@
}
protected boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName) {
+ // by default, user is considered not member if she is not in the group, so passing "false"
+ return isMember(securityToken, userId, extensionRights, fqFieldName, false);
+ }
+ protected boolean isMember(String securityToken, String userId,
+ Wikitty extensionRights, String fqFieldName, boolean considerEmptyGroupAsMembership) {
+
String extensionName = WikittyUtil.getExtensionNameFromFQFieldName(fqFieldName);
String fieldName = WikittyUtil.getFieldNameFromFQFieldName(fqFieldName);
-
+
Set<String> groupOrUser = extensionRights.getFieldAsSet(extensionName,
fieldName,
String.class);
- boolean result = isMember(securityToken, userId, groupOrUser);
- if ( ! result) {
+ boolean isMember;
+ if (groupOrUser == null || groupOrUser.isEmpty()) {
+ isMember = considerEmptyGroupAsMembership;
+ } else {
+ isMember = isMember(securityToken, userId, groupOrUser);
+ }
+
+ if ( ! isMember) {
// user don't have right on current object, check parent right
String parentId = WikittyAuthorisationHelper.getParent(extensionRights);
if (parentId != null) {
Wikitty parent = ws.restore(securityToken, parentId);
- result = isMember(securityToken, userId, parent, fqFieldName);
+ isMember = isMember(securityToken, userId, parent, fqFieldName);
}
}
- return result;
+ return isMember;
}
// /**
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-10-05 07:43:24 UTC (rev 385)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-10-05 13:34:48 UTC (rev 386)
@@ -820,21 +820,27 @@
return fqFieldName;
}
- /** given a fully qualified meta-extension name, return the name of the meta-extension */
+ /** given a fully qualified meta-extension name, return the name of the meta-extension.
+ * @return null if fqFieldName doesn't contains a meta extension
+ */
public static String getMetaExtensionNameFromFQMetaExtensionName(String fqFieldName) {
- String[] fqElements = fqFieldName.split(FQ_META_EXTENSION_SEPARATOR_REGEX);
- return fqElements[0];
+ String metaExtensionName = null;
+ if (fqFieldName.indexOf(FQ_META_EXTENSION_SEPARATOR) != -1) {
+ String[] fqElements = fqFieldName.split(FQ_META_EXTENSION_SEPARATOR_REGEX);
+ metaExtensionName = fqElements[1];
+ }
+ return metaExtensionName;
}
/** given a fully qualified meta-extension name, return the name of the extension */
public static String getExtensionNameFromFQMetaExtensionName(String fqFieldName) {
String[] fqElements = fqFieldName.split(FQ_META_EXTENSION_SEPARATOR_REGEX);
- return fqElements[1];
+ return fqElements[0];
}
/** given names of meta-extension and extension, return a fully qualified meta-extension name */
public static String getFQMetaExtensionName(String metaExtensionName, String extensionName) {
- String fqFieldName = metaExtensionName + FQ_META_EXTENSION_SEPARATOR + extensionName;
+ String fqFieldName = extensionName + FQ_META_EXTENSION_SEPARATOR + metaExtensionName;
return fqFieldName;
}
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 07:43:24 UTC (rev 385)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 13:34:48 UTC (rev 386)
@@ -2,6 +2,7 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -23,9 +24,9 @@
import org.nuiton.wikitty.WikittyService;
import org.nuiton.wikitty.WikittyServiceInMemory;
import org.nuiton.wikitty.WikittyServiceSecurity;
+import org.nuiton.wikitty.WikittyUtil;
-/** test {@link org.nuiton.wikitty.WikittyServiceSecurity} */
-@Ignore("not ready")
+/** test {@link org.nuiton.wikitty.WikittyServiceSecurity}. */
public class WikittyServiceSecurityTest extends AbstractWikittyServiceTest {
private static final Log log = LogFactory.getLog(WikittyServiceSecurityTest.class);
@@ -87,7 +88,7 @@
@Test
public void testInvalidToken() {
// try to store with invalid token
- String invalidToken = "INVALID TOKEN";
+ String invalidToken = WikittyUtil.genSecurityTokenId();
try {
service.store(invalidToken, aWikitty);
fail();
@@ -110,7 +111,7 @@
// now try to make a valid token invalid
service.logout(readerToken);
try {
- service.store(token, aWikitty);
+ service.store(readerToken, aWikitty);
fail();
} catch (SecurityException e) {}
}
@@ -121,7 +122,7 @@
public void testReaderRightOnWikitty() {
aWikitty.addExtension(WikittyAuthorisationAbstract.extensionWikittyAuthorisation);
WikittyAuthorisation auth = new WikittyAuthorisationImpl(aWikitty);
-
+
String readerId = securityService.getUserWikittyId(null, "reader");
auth.clearReader();
@@ -129,14 +130,42 @@
log.debug("will store wikitty" + aWikitty);
service.store(ownerToken, aWikitty);
-
+
try {
- service.restore(null, aWikitty.getId());
+ Wikitty restoredWikitty = service.restore(null, aWikitty.getId());
+ log.debug("restored wikitty is " + restoredWikitty);
fail("an exception should have been raised");
} catch (SecurityException e) {
- log.info(e);
+ log.info("raised exception : " + e);
}
}
+
+ @Test
+ public void testWriterRightOnWikitty() {
+ aWikitty.addExtension(WikittyAuthorisationAbstract.extensionWikittyAuthorisation);
+ WikittyAuthorisation auth = new WikittyAuthorisationImpl(aWikitty);
+ service.store(ownerToken, aWikitty);
+
+ String adminId = securityService.getUserWikittyId(null, "admin");
+
+ auth.clearReader();
+ auth.clearWriter();
+ auth.clearAdmin();
+ auth.addAdmin(adminId);
+
+ log.debug("will store wikitty" + aWikitty);
+
+ try {
+ service.store(writerToken, aWikitty);
+ fail("an exception should have been raised");
+ } catch (SecurityException e) {
+ log.info("raised exception : " + e);
+ }
+
+ Wikitty restoredWikitty = service.restore(null, aWikitty.getId());
+ log.debug("restored wikitty is " + restoredWikitty);
+ assertNotNull(restoredWikitty);
+ }
/* *** level 2 security tests ***/
@@ -194,7 +223,7 @@
}
@Test
- public void checkAdminRightOnExtention() {
+ public void checkAdminRightOnExtension() {
// TODO 20100923 bleny check that store with no sufficient rights fail
Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(adminToken, extension);
Modified: trunk/wikitty-api/src/test/resources/log4j.properties
===================================================================
--- trunk/wikitty-api/src/test/resources/log4j.properties 2010-10-05 07:43:24 UTC (rev 385)
+++ trunk/wikitty-api/src/test/resources/log4j.properties 2010-10-05 13:34:48 UTC (rev 386)
@@ -4,7 +4,8 @@
# Appender and Layout
log4j.appender.logConsole=org.apache.log4j.ConsoleAppender
log4j.appender.logConsole.layout=org.apache.log4j.PatternLayout
-log4j.appender.logConsole.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
+log4j.appender.logConsole.layout.ConversionPattern=%d %5p [%t] (%F:%L) %M - %m%n
+# security layer :
# log4j.category.org.nuiton.wikitty.WikittyServiceSecurity=TRACE
# log4j.category.org.nuiton.wikitty.layers.WikittyServiceSecurityTest=TRACE
1
0
r385 - in trunk/wikitty-api/src: main/java/org/nuiton/wikitty test/java/org/nuiton/wikitty/layers test/resources
by bleny@users.nuiton.org 05 Oct '10
by bleny@users.nuiton.org 05 Oct '10
05 Oct '10
Author: bleny
Date: 2010-10-05 09:43:24 +0200 (Tue, 05 Oct 2010)
New Revision: 385
Url: http://nuiton.org/repositories/revision/wikitty/385
Log:
security impl
Modified:
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntity.java
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntityWikitty.java
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java
trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
trunk/wikitty-api/src/test/resources/log4j.properties
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntity.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntity.java 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntity.java 2010-10-05 07:43:24 UTC (rev 385)
@@ -48,6 +48,14 @@
public String getWikittyVersion();
/**
+ * Return wikitty
+ *
+ * @return the wikitty actually storing the entity's data
+ * @since 2.2.1
+ */
+ public Wikitty getWikitty();
+
+ /**
* Only framework can use this method.
*
* @param version version to set
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntityWikitty.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntityWikitty.java 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/BusinessEntityWikitty.java 2010-10-05 07:43:24 UTC (rev 385)
@@ -84,6 +84,9 @@
this.wikitty = wikitty;
}
+ /**
+ * @see BusinessEntity#getWikitty()
+ */
public Wikitty getWikitty() {
return wikitty;
}
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyServiceSecurity.java 2010-10-05 07:43:24 UTC (rev 385)
@@ -16,6 +16,8 @@
/**
*
+ * FIXME add security policy level two on wikittyAuthorisation to prevent writing
+ *
* @author poussin
* @version $Revision$
*
@@ -35,40 +37,33 @@
/** cache de l'id du groupe AppAdmin */
transient protected String appAdminGroupId = null;
- public static final String APPADMIN_LOGIN = "root";
-
- // TODO 20100826 bleny look for password in a config file
- public static final String APPADMIN_PASSWORD = "toto";
-
public WikittyServiceSecurity(WikittyService ws) {
this.ws = ws;
- Wikitty appAdminGroup = getAppAdminGroup(null);
+// Wikitty appAdminGroup = getAppAdminGroup(null);
+//
+// if (WikittyGroupHelper.getMembers(appAdminGroup) == null) {
+// // first time boot
+// ws.storeExtension(null, WikittyUserAbstract.extensions);
+// ws.storeExtension(null, SecurityTokenAbstract.extensions);
+// ws.storeExtension(null, WikittyGroupAbstract.extensions);
+//
+// // create the appAdmin account
+// Wikitty appAdmin = new WikittyImpl();
+// WikittyUserHelper.addExtension(appAdmin);
+// WikittyUserHelper.setLogin(appAdmin, APPADMIN_LOGIN);
+// WikittyUserHelper.setPassword(appAdmin, APPADMIN_PASSWORD);
+// ws.store(null, appAdmin);
+//
- if (WikittyGroupHelper.getMembers(appAdminGroup) == null) {
- // first time boot
- ws.storeExtension(null, WikittyUserAbstract.extensions);
- ws.storeExtension(null, SecurityTokenAbstract.extensions);
- ws.storeExtension(null, WikittyGroupAbstract.extensions);
-
- // create the appAdmin account
- Wikitty appAdmin = new WikittyImpl();
- WikittyUserHelper.addExtension(appAdmin);
- WikittyUserHelper.setLogin(appAdmin, APPADMIN_LOGIN);
- WikittyUserHelper.setPassword(appAdmin, APPADMIN_PASSWORD);
- ws.store(null, appAdmin);
-
- // add APPADMIN_LOGIN to AppAdmin group
- WikittyGroupHelper.addMembers(appAdminGroup, appAdmin.getId());
- ws.store(null, appAdminGroup);
-
- // login as admin to add some security polices
- String adminToken = login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
-
- // FIXME 20100923 bleny make all tokens unwritable, except for app admin
-
- logout(adminToken);
- }
+//
+// // login as admin to add some security polices
+// String adminToken = login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
+//
+// // FIXME 20100923 bleny make all tokens unwritable, except for app admin
+//
+// logout(adminToken);
+// }
}
@Override
@@ -104,10 +99,37 @@
}
}
}
-
+
+ @Override
+ public void logout(String securityToken) {
+ if (securityToken == null) {
+ throw new IllegalArgumentException("security token is null");
+ } else {
+ getUserId(securityToken); // will throw exception if token is not valid
+ ws.delete(securityToken, securityToken);
+ }
+ }
+
+ @Override
+ public void clear(String securityToken) {
+ String userId = getUserId(securityToken);
+ if (isAppAdmin(securityToken, userId)) {
+ // seul les AppAdmin on le droit a cette method
+ ws.clear(securityToken);
+ } else {
+ throw new SecurityException(_("user %s can't clear data", userId));
+ }
+ }
+
+ protected String extensionToWikittySecurityId(WikittyExtension extension) {
+ return String.format("WikittySecurity:%s", extension.getName());
+ }
+
public void createAccount(String securityToken, String login, String password) {
String userId = getUserId(securityToken);
- if (isAppAdmin(securityToken, userId)) {
+ boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId);
+
+ if (creationAllowed) {
Wikitty user = ws.findByCriteria(securityToken, Search.query().eq(
WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria());
if (user == null) {
@@ -128,7 +150,7 @@
}
public String getUserWikittyId(String securityToken, String login) {
- String userId = getUserId(securityToken);
+ getUserId(securityToken);
String userWikittyId = null;
Wikitty user = ws.findByCriteria(null, Search.query().eq(
WikittyUser.FQ_FIELD_WIKITTYUSER_LOGIN, login).criteria());
@@ -138,32 +160,13 @@
return userWikittyId;
}
- @Override
- public void logout(String securityToken) {
- getUserId(securityToken); // will throw exception if token is not valid
- ws.delete(securityToken, securityToken);
- }
-
- @Override
- public void clear(String securityToken) {
- String userId = getUserId(securityToken);
- if (isAppAdmin(securityToken, userId)) {
- // seul les AppAdmin on le droit a cette method
- ws.clear(securityToken);
- } else {
- throw new SecurityException(_("user %s can't clear data", userId));
- }
- }
-
- protected String extensionToWikittySecurityId(WikittyExtension extension) {
- return String.format("WikittySecurity'%s'", extension.getName());
- }
-
/** */
public Wikitty addWikittyAuthorisation(String securityToken,
WikittyExtension extension) {
String userId = getUserId(securityToken);
- if (isAppAdmin(securityToken, userId)) {
+ boolean creationAllowed = userIsAnonymousOrAppAdmin(securityToken, userId);
+
+ if (creationAllowed) {
if (restoreExtensionAuthorisation(securityToken, extension) == null) {
String wikittyAuthorisationId = extensionToWikittySecurityId(extension);
Wikitty wikittyAuthorisation = new WikittyImpl(wikittyAuthorisationId);
@@ -183,6 +186,23 @@
}
}
+ protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) {
+ boolean userIsAnonymousOrAppAdmin = false;
+
+ if (securityToken == null) {
+ // user is anonymous
+ userIsAnonymousOrAppAdmin = true;
+ } else {
+ if (getAppAdminGroup(securityToken) != null) {
+ if ( isAppAdmin(securityToken, userId)) {
+ // user is appAdmin
+ userIsAnonymousOrAppAdmin = true;
+ }
+ }
+ }
+ return userIsAnonymousOrAppAdmin;
+ }
+
/** restore the wikitty authorisation attached to given extension
*
* @return a wikitty with WikittyAuthorisation extension, or null if given
@@ -190,10 +210,10 @@
* @throws SecurityException if user don't have rights required
*/
public Wikitty restoreExtensionAuthorisation(String securityToken,
- WikittyExtension extension) {
+ WikittyExtension extension) {
String userId = getUserId(securityToken);
String wikittyAuthorisationId = extensionToWikittySecurityId(extension);
- Wikitty wikittyAuthorisation = restore(securityToken, wikittyAuthorisationId);
+ Wikitty wikittyAuthorisation = ws.restore(securityToken, wikittyAuthorisationId);
if (wikittyAuthorisation == null) {
log.debug(extension + " has no authorization attached");
} else {
@@ -208,15 +228,15 @@
return wikittyAuthorisation;
}
- public void storeWikittyAuthorisation(String securityToken,
+ public void storeExtensionAuthorisation(String securityToken,
Wikitty wikitty) {
String userId = getUserId(securityToken);
- Wikitty oldVersion = ws.restore(null, wikitty.getId());
+ Wikitty oldVersion = ws.restore(securityToken, wikitty.getId());
// check that the wikitty does not have
- if (WikittyAuthorisationHelper.isExtension(wikitty)) {
+ if (WikittyAuthorisationHelper.hasExtension(wikitty)) {
if (oldVersion == null) {
// if this exception is raised, you should use addWikittyAuthorisation()
@@ -224,26 +244,27 @@
} else {
- if ( canAdmin(securityToken, userId, oldVersion) ) {
-
- if (isAdmin(securityToken, userId, oldVersion)) {
- // admin can't change owner, admin or parent
- // putting back old values
- Object oldValue = oldVersion.getFieldAsObject(
- WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
- WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER);
- wikitty.setField(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
- WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER,
- oldValue);
+ if ( userIsAnonymousOrAppAdmin(securityToken, userId) ||
+ canAdmin(securityToken, userId, null, oldVersion) ) {
+//
+// if (isAdmin(securityToken, userId, oldVersion, null)) {
+// // admin can't change owner, admin or parent
+// // putting back old values
+// Object oldValue = oldVersion.getFieldAsObject(
+// WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
+// WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER);
+// wikitty.setField(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
+// WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER,
+// oldValue);
+//
+// WikittyAuthorisationHelper.setOwner(wikitty,
+// WikittyAuthorisationHelper.getOwner(oldVersion));
+// WikittyAuthorisationHelper.setParent(wikitty,
+// WikittyAuthorisationHelper.getParent(oldVersion));
+//
+// }
- WikittyAuthorisationHelper.setOwner(wikitty,
- WikittyAuthorisationHelper.getOwner(oldVersion));
- WikittyAuthorisationHelper.setParent(wikitty,
- WikittyAuthorisationHelper.getParent(oldVersion));
-
- }
-
- ws.store(null, wikitty);
+ ws.store(securityToken, wikitty);
} else {
throw new SecurityException(String.format(
"user %s can't admin rights for this extension", userId));
@@ -254,171 +275,205 @@
"wikitty %s is not a wikittyAuthorisation. It misses the extension",
wikitty));
}
-
}
- /** true if userId has the right to write on extension */
- protected boolean canRead(String securityToken, String userId, Wikitty extensionRights) {
- boolean canRead = isReader(securityToken, userId, extensionRights)
- || canWrite(securityToken, userId, extensionRights);
- return canRead;
- }
-
- /** true if userId has the right to write on extension */
- protected boolean canWrite(String securityToken, String userId, Wikitty extensionRights) {
- boolean canWrite = isWriter(securityToken, userId, extensionRights)
- || isOwner(securityToken, userId, extensionRights)
- || isAppAdmin(securityToken, userId);
- return canWrite;
- }
-
- /** true if userId has the right to admin on extension */
- protected boolean canAdmin(String securityToken, String userId, Wikitty extensionRights) {
- boolean canWrite = isAdmin(securityToken, userId, extensionRights)
- || isOwner(securityToken, userId, extensionRights)
- || isAppAdmin(securityToken, userId);
- return canWrite;
- }
-
- /** true if userId has the right is owner of all the extensions of the given wikitty */
- protected boolean canDelete(String securityToken, String userId, Wikitty wikitty) {
- if (isAppAdmin(securityToken, userId)) {
- return true;
- }
-
- // now read all extensions for this wikitty, and return false
- // if user is not owner on one of those extensions
- for (WikittyExtension extension : wikitty.getExtensions()) {
- Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension);
- boolean canDelete = extensionRights == null
- || isOwner(securityToken, userId, extensionRights);
- // FIXME 20100922 bleny if appadmin ?
- if (! canDelete) {
- return false;
- }
- }
- return true;
- }
-
@Override
public UpdateResponse store(String securityToken, Wikitty wikitty) {
Collection<Wikitty> wikitties = Arrays.asList(wikitty);
- wikitties = removeUnauthorizedModifications(securityToken, wikitties);
+ wikitties = checkStore(securityToken, wikitties);
UpdateResponse result = ws.store(securityToken, wikitties);
return result;
}
@Override
public UpdateResponse store(String securityToken, Collection<Wikitty> wikitties) {
- Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties);
+ Collection<Wikitty> wikittiesToStore = checkStore(securityToken, wikitties);
UpdateResponse result = ws.store(securityToken, wikittiesToStore);
return result;
}
@Override
public UpdateResponse store(String securityToken, Collection<Wikitty> wikitties, boolean force) {
- Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties);
+ Collection<Wikitty> wikittiesToStore = checkStore(securityToken, wikitties);
UpdateResponse result = ws.store(securityToken, wikittiesToStore, force);
return result;
}
-
- /**
- *
- */
- protected Collection<Wikitty> removeUnauthorizedModifications(String securityToken, Collection<Wikitty> wikitties) {
+
+ @Override
+ public UpdateResponse store(String securityToken, WikittyTransaction transaction, Collection<Wikitty> wikitties, boolean force) {
+ Collection<Wikitty> wikittiesToStore = checkStore(securityToken, wikitties);
+ UpdateResponse result = ws.store(securityToken, transaction, wikittiesToStore, force);
+ return result;
+ }
+
+ protected Collection<Wikitty> checkStore(String securityToken, Collection<Wikitty> wikitties) {
String userId = getUserId(securityToken);
List<Wikitty> wikittiesToStore = new ArrayList<Wikitty>();
for (Wikitty wikitty : wikitties) {
- // check that the wikitty does not have
- if (WikittyAuthorisationHelper.isExtension(wikitty)) {
- storeWikittyAuthorisation(securityToken, wikitty);
- } else {
- // usual case, a user want to store a wikitty
- Wikitty oldVersion = ws.restore(null, wikitty.getId());
- if (oldVersion == null) { // it's a creation
- // check that **reader** right on Security for all extension
- } else { // it's an update
- // filtering, revert changes on field that this user can't write
- for (WikittyExtension extension : wikitty.getExtensions()) {
- Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension);
- if (extensionRights != null) {
- if ( ! canWrite(securityToken, userId, extensionRights)) {
- // the user doesn't have the rights to write
- // on the fields of extension. Moving back
- // values to the old one
- for (String fieldName : extension.getFieldNames()) {
- if (oldVersion == null) {
- wikitty.setField(extension.getName(), fieldName, null);
- } else {
- Object oldValue = oldVersion.getFieldAsObject(extension.getName(), fieldName);
- wikitty.setField(extension.getName(), fieldName, oldValue);
- }
- }
- }
- } // else no particular right on this extension
+
+ // FIXME 20100930 bleny what if user store wikitty authorisation
+
+ // usual case, a user want to store a wikitty
+ Wikitty oldVersion = ws.restore(securityToken, wikitty.getId());
+ if (oldVersion == null) { // it's a creation
+
+ // check that **reader** right on Security for all extension
+ for (WikittyExtension extension: wikitty.getExtensions()) {
+ Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension);
+
+ boolean canCreate = extensionRights == null ||
+ canRead(securityToken, userId, null, extensionRights);
+ if ( ! canCreate ) {
+ throw new SecurityException(_(
+ "user %s can't create instance of extension %s",
+ userId, extensionRights));
}
- wikittiesToStore.add(wikitty);
}
+
+ } else { // it's an update
+
+ for (String fqFieldDirtyName : wikitty.getDirty()) {
+
+ String concernedExtensionName = WikittyUtil.getExtensionNameFromFQFieldName(fqFieldDirtyName);
+
+ if (log.isTraceEnabled()) {
+ log.trace("will update field " + fqFieldDirtyName);
+ log.trace("it's extension " + concernedExtensionName);
+ }
+
+ if (canWrite(securityToken, userId, concernedExtensionName, wikitty)) {
+ Object newValue = wikitty.getFqField(fqFieldDirtyName);
+ oldVersion.setFqField(fqFieldDirtyName, newValue);
+ }
+ }
+
+ wikittiesToStore.add(wikitty);
}
}
return wikittiesToStore;
}
@Override
- public UpdateResponse store(String securityToken, WikittyTransaction transaction, Collection<Wikitty> wikitties, boolean force) {
- Collection<Wikitty> wikittiesToStore = removeUnauthorizedModifications(securityToken, wikitties);
- UpdateResponse result = ws.store(securityToken, transaction, wikittiesToStore, force);
- return result;
- }
-
- @Override
public Wikitty restore(String securityToken, String id) {
- List<String> ids = Arrays.asList(id);
- List<Wikitty> wikitties = restore(securityToken, ids);
- Wikitty wikitty = null;
- if (! wikitties.isEmpty()) {
- wikitty = wikitties.get(0);
+ String userId = getUserId(securityToken);
+ Wikitty wikitty = ws.restore(securityToken, id);
+ if (wikitty != null) {
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
}
return wikitty;
}
@Override
public List<Wikitty> restore(String securityToken, List<String> ids) {
- List<Wikitty> wikitties = new ArrayList<Wikitty>();
- for (String id : ids) {
- // do it first, will throw an exception if security token is invalid
-
- String userId = getUserId(securityToken);
-
- Wikitty wikitty = ws.restore(securityToken, id);
- if (wikitty != null) {
- // FIXME 20100827 bleny copy on write is done because setting some field to null below modify stored wikitty if WikittyServiceInMemory is used
- wikitty = new WikittyCopyOnWrite(wikitty);
-
- for (WikittyExtension extension : wikitty.getExtensions()) {
- Wikitty extensionRights = restoreExtensionAuthorisation(securityToken, extension);
-
- // field of extension can be read if no policy attached
- // if a policy is attached, check that user has right to read
- boolean canRead = extensionRights == null || canRead(securityToken, userId, extensionRights);
- if ( ! canRead) {
- for (String fieldName : extension.getFieldNames()) {
- wikitty.setField(extension.getName(), fieldName, null);
- }
- }
- }
- wikitties.add(wikitty);
- }
+ String userId = getUserId(securityToken);
+ List<Wikitty> wikitties = ws.restore(securityToken, ids);
+ for (Wikitty wikitty : wikitties) {
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
}
return wikitties;
}
@Override
public List<Wikitty> restore(String securityToken, WikittyTransaction transaction, List<String> ids) {
- throw new UnsupportedOperationException();
- // ws.restore(securityToken, transaction, ids);
+ String userId = getUserId(securityToken);
+ List<Wikitty> wikitties = ws.restore(securityToken, transaction, ids);
+ for (Wikitty wikitty : wikitties) {
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
+ }
+ return wikitties;
}
+
+ /** throw an exception if read is not allowed */
+ protected void refuseUnauthorizedRead( String securityToken,
+ String userId,
+ Wikitty wikitty) {
+ for (String extensionName : wikitty.getExtensionNames()) {
+ if ( ! canRead(securityToken, userId, extensionName, wikitty)) {
+ throw new SecurityException(_("user %s can't read extension %s on wikitty %s",
+ userId, extensionName, wikitty));
+ }
+ }
+ }
+ protected boolean canRead(String securityToken, String userId,
+ String extensionName, Wikitty wikitty) {
+
+ boolean canRead = false;
+
+ // first, check per-extension rights
+ if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
+ extensionName)) {
+ // there is a policy on the extension
+ canRead = isReader(securityToken, userId, wikitty, extensionName)
+ || canWrite(securityToken, userId, extensionName, wikitty);
+ } else if ( ! canRead &&
+ wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) {
+ // there is no policy for this extension
+ // but there is a policy for all extension of wikitty
+ canRead = isReader(securityToken, userId, wikitty, null)
+ || canWrite(securityToken, userId, extensionName, wikitty);
+ } else {
+ // no security policy, everything is allowed
+ canRead = true;
+ }
+
+ return canRead;
+ }
+
+ protected boolean canWrite(String securityToken, String userId,
+ String extensionName, Wikitty wikitty) {
+ boolean canWrite = false;
+
+ // first, check per-extension rights
+ if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
+ extensionName)) {
+ // there is a policy on the extension of fqFieldDirtyName
+ canWrite = isWriter(securityToken, userId, wikitty, extensionName)
+ || canAdmin(securityToken, userId, extensionName, wikitty);
+ } else if ( ! canWrite &&
+ wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) {
+ // there is no policy for this extension
+ // but there is a policy for all extension of wikitty
+ canWrite = isWriter(securityToken, userId, wikitty, null)
+ || canAdmin(securityToken, userId, extensionName, wikitty);
+ } else {
+ // no security policy, everything is allowed
+ canWrite = true;
+ }
+
+ return canWrite;
+ }
+
+ protected boolean canAdmin(String securityToken, String userId,
+ String extensionName, Wikitty wikitty) {
+
+ boolean canAdmin = false;
+
+ // first, check per-extension rights
+ if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
+ extensionName)) {
+ // there is a policy on the extension of fqFieldDirtyName
+ canAdmin = isAdmin(securityToken, userId, wikitty, extensionName)
+ || isOwner(securityToken, userId, wikitty, extensionName);
+ } else if ( ! canAdmin &&
+ wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) {
+ // there is no policy for this extension
+ // but there is a policy for all extension of wikitty
+ canAdmin = isAdmin(securityToken, userId, wikitty, null)
+ || isOwner(securityToken, userId, wikitty, null);
+ } else if ( ! canAdmin ) {
+ // still not admin, check appAdmin
+ if (getAppAdminGroup(securityToken) == null) {
+ canAdmin = isAppAdmin(securityToken, userId);
+ }
+ } else {
+ // no security policy, everything is allowed
+ canAdmin = true;
+ }
+
+ return canAdmin;
+ }
+
@Override
public void delete(String securityToken, String id) {
Collection<String> ids = Arrays.asList(id);
@@ -427,24 +482,19 @@
@Override
public void delete(String securityToken, Collection<String> ids) {
+ String userId = getUserId(securityToken);
List<String> idsAsList = new ArrayList<String>(ids);
- secureDelete(securityToken, idsAsList);
- }
-
- /** delete wikitties only if user has right to */
- protected void secureDelete(String securityToken, List<String> ids) {
- String userId = getUserId(securityToken);
-
- List<Wikitty> wikitties = ws.restore(securityToken, ids);
- List<String> idsToRemove = new ArrayList<String>();
-
+ List<Wikitty> wikitties = ws.restore(securityToken, idsAsList);
for (Wikitty wikitty : wikitties) {
- if ( canDelete(securityToken, userId, wikitty)) {
- idsToRemove.add(wikitty.getId());
+ for (String extensionName : wikitty.getExtensionNames()) {
+ if ( ! canWrite(securityToken, userId, extensionName, wikitty)) {
+ throw new SecurityException(_(
+ "user %s doesn't have rights on extension %s on wikitty %s",
+ userId, extensionName, wikitty));
+ }
}
}
-
- ws.delete(securityToken, idsToRemove);
+ ws.delete(securityToken, ids);
}
@Override
@@ -479,32 +529,41 @@
}
@Override
- public UpdateResponse storeExtension(
- String securityToken, WikittyExtension ext) {
+ public UpdateResponse storeExtension(String securityToken, WikittyExtension ext) {
Collection<WikittyExtension> exts = Arrays.asList(ext);
+ checkStoreExtension(securityToken, exts);
return storeExtension(securityToken, exts);
}
+
+
+ /* *** storing and restoring extensions ***/
+
+ protected void checkStoreExtension(String securityToken,
+ Collection<WikittyExtension> exts) {
+ String userId = getUserId(securityToken);
+ if ( ! userIsAnonymousOrAppAdmin(securityToken, userId)) {
+ for (WikittyExtension extension : exts) {
+ Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension);
+ if ( ! canWrite(securityToken, userId, null, extensionAuthorisation)) {
+ throw new SecurityException(_("user %s don't have write right for extension %s", userId, extension));
+ }
+ }
+ }
+ }
+
@Override
public UpdateResponse storeExtension(String securityToken,
- Collection<WikittyExtension> exts) {
- // TODO poussin 20100607 check security, mais qui a le droit ?
-
-
-
-
+ Collection<WikittyExtension> exts) {
+ checkStoreExtension(securityToken, exts);
return ws.storeExtension(securityToken, exts);
}
@Override
public UpdateResponse storeExtension(String securityToken,
WikittyTransaction transaction, Collection<WikittyExtension> exts) {
- String userId = getUserId(securityToken);
- UpdateResponse response = null;
- if (isAppAdmin(securityToken, userId)) {
- response = ws.storeExtension(securityToken, transaction, exts);
- }
- return response;
+ checkStoreExtension(securityToken, exts);
+ return ws.storeExtension(securityToken, transaction, exts);
}
@Override
@@ -521,8 +580,8 @@
}
@Override
- public WikittyExtension restoreExtensionLastVersion(
- String securityToken, String name) {
+ public WikittyExtension restoreExtensionLastVersion(String securityToken,
+ String name) {
// All people can read extension
return ws.restoreExtensionLastVersion(securityToken, name);
}
@@ -543,7 +602,7 @@
@Override
public PagedResult<String> findAllByCriteria(String securityToken,
- WikittyTransaction transaction, Criteria criteria) {
+ WikittyTransaction transaction, Criteria criteria) {
// All people can read PagedResult that contains only id
PagedResult<String> result = ws.findAllByCriteria(
securityToken, transaction, criteria);
@@ -552,77 +611,103 @@
@Override
public Wikitty findByCriteria(String securityToken, Criteria criteria) {
- Wikitty result = ws.findByCriteria(securityToken, criteria);
- if (!canRead(securityToken, result.getId())) {
- // user don't have correct right, return null
- result = null;
- }
- return result;
+ String userId = getUserId(securityToken);
+ Wikitty wikitty = ws.findByCriteria(securityToken, criteria);
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
+ return wikitty;
}
@Override
public void addLabel(String securityToken, String wikittyId, String label) {
- // TODO poussin 20100607 check security
- ws.addLabel(securityToken, wikittyId, label);
+ log.error("security is not supported for labels");
+ throw new UnsupportedOperationException("security is not supported for labels");
}
@Override
public PagedResult<String> findAllByLabel(String securityToken,
String label, int firstIndex, int endIndex) {
- // All people can read PagedResult that contains only id
- PagedResult<String> result = ws.findAllByLabel(
- securityToken, label, firstIndex, endIndex);
- return result;
+ log.error("security is not supported for labels");
+ throw new UnsupportedOperationException("security is not supported for labels");
}
@Override
public Wikitty findByLabel(String securityToken, String label) {
- Wikitty result = ws.findByLabel(securityToken, label);
- if (!canRead(securityToken, result.getId())) {
- // user don't have correct right, return null
- result = null;
- }
- return result;
+ log.error("security is not supported for labels");
+ throw new UnsupportedOperationException("security is not supported for labels");
}
@Override
public Set<String> findAllAppliedLabels(String securityToken, String wikittyId) {
- Set<String> result = ws.findAllAppliedLabels(securityToken, wikittyId);
- return result;
+ log.error("security is not supported for labels");
+ throw new UnsupportedOperationException("security is not supported for labels");
}
@Override
public Tree restoreTree(String securityToken, String wikittyId) {
- // FIXME poussin 20100607 check security
- return ws.restoreTree(securityToken, wikittyId);
+ String userId = getUserId(securityToken);
+ Tree restoredTree = ws.restoreTree(securityToken, wikittyId);
+ checkRestoreTree(securityToken, userId, restoredTree);
+ return restoredTree;
}
- @Override
- public Entry<TreeNode, Integer> restoreNode(
- String securityToken, String wikittyId, Criteria filter) {
- // FIXME poussin 20100607 check security
- return ws.restoreNode(securityToken, wikittyId, filter);
+ protected void checkRestoreTree(String securityToken, String userId, Tree tree) {
+ checkRestoreTreeNode(securityToken, userId, tree.node);
+ for (Tree subTree : tree.getChildren()) {
+ checkRestoreTree(securityToken, userId, subTree);
+ }
}
+
+ protected void checkRestoreTreeNode(String securityToken, String userId, TreeNode treeNode) {
+ refuseUnauthorizedRead(securityToken, userId, treeNode.getWikitty());
+ }
+
@Override
- public Map<TreeNode, Integer> restoreChildren(
- String securityToken, String wikittyId, Criteria filter) {
- // FIXME poussin 20100607 check security
- return ws.restoreChildren(securityToken, wikittyId, filter);
+ public Entry<TreeNode, Integer> restoreNode(String securityToken, String wikittyId, Criteria filter) {
+ String userId = getUserId(securityToken);
+ Entry<TreeNode, Integer> entry = ws.restoreNode(securityToken, wikittyId, filter);
+ checkRestoreTreeNode(securityToken, userId, entry.getKey());
+ return entry;
}
@Override
- public Wikitty restoreVersion(
- String securityToken, String wikittyId, String version) {
- Wikitty result = ws.restoreVersion(securityToken, wikittyId, version);
- if (!canRead(securityToken, result.getId())) {
- // user don't have correct right, return null
- result = null;
+ public Map<TreeNode, Integer> restoreChildren(String securityToken,
+ String wikittyId,
+ Criteria filter) {
+ String userId = getUserId(securityToken);
+ Map<TreeNode, Integer> children = ws.restoreChildren(securityToken, wikittyId, filter);
+ for (Map.Entry<TreeNode, Integer> child : children.entrySet()) {
+ checkRestoreTreeNode(securityToken, userId, child.getKey());
}
- return result;
+ return children;
}
@Override
+ public List<String> deleteTree(String securityToken, String treeNodeId) {
+ TreeNode treeNode = ws.restoreNode(securityToken, treeNodeId, null).getKey();
+ Collection<Wikitty> wikitties = Arrays.asList(treeNode.getWikitty());
+ checkStore(securityToken, wikitties);
+ return ws.deleteTree(securityToken, treeNodeId);
+ }
+
+ @Override
+ public Wikitty restoreVersion(String securityToken, String wikittyId, String version) {
+ Wikitty wikitty = ws.restoreVersion(securityToken, wikittyId, version);
+ String userId = getUserId(securityToken);
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
+ return wikitty;
+ }
+
+ @Override
+ public Wikitty findByCriteria(String securityToken,
+ WikittyTransaction transaction, Criteria criteria) {
+ Wikitty wikitty = ws.findByCriteria(securityToken, transaction, criteria);
+ String userId = getUserId(securityToken);
+ refuseUnauthorizedRead(securityToken, userId, wikitty);
+ return wikitty;
+ }
+
+ @Override
public UpdateResponse syncEngin(String securityToken) {
String userId = getUserId(securityToken);
if (isAppAdmin(securityToken, userId)) {
@@ -634,25 +719,11 @@
}
}
-
//
// Method helper to check right
//
/**
- *
- * @param pagedResult
- * @return
- */
- protected PagedResult<Wikitty> checkPagedResult(PagedResult<Wikitty> pagedResult) {
- // TODO poussin 20100610 que faire
- // TODO - parcourir tous les resultats pour retirer ceux auquel on a pas le droit
- // TODO - lever une exception des qu'on trouve un element interdit
-
- return pagedResult;
- }
-
- /**
* Recupere l'identifiant de l'utilisateur associe au securityToken
*
* @param securityToken
@@ -662,103 +733,149 @@
String result = null;
// recuperation de l'utilisateur associe au securityToken
// le securityToken est aussi l'id de l'objet
- Wikitty securityTokenWikitty = ws.restore(securityToken, securityToken);
- if (securityTokenWikitty == null) {
- throw new SecurityException(_("trying to use an invalidate security token %s", securityToken));
- } else {
- result = SecurityTokenHelper.getUser(securityTokenWikitty);
+ if (securityToken != null) {
+ Wikitty securityTokenWikitty = ws.restore(securityToken, securityToken);
+ if (securityTokenWikitty == null) {
+ throw new SecurityException("bad (obsolete ?) token");
+ } else {
+ result = SecurityTokenHelper.getUser(securityTokenWikitty);
+ }
}
return result;
}
/**
- * verifie que l'utilisateur est dans la liste des admin
- *
+ *
+ * @param securityToken
* @param userId
- * @param w
- * @return vrai si et seulement si l'utilisateur est dans la liste des
- * admin
+ * @param wikitty
+ * @param extensionName may be null
+ * @return
*/
- protected boolean isAdmin(String securityToken, String userId, Wikitty extensionRights) {
- boolean result = isMember(
- securityToken, userId, extensionRights, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_ADMIN);
+ protected boolean isReader(String securityToken, String userId, Wikitty wikitty, String extensionName) {
+ boolean result;
+ String metaFieldName = WikittyUtil.getMetaFieldName(
+ WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName,
+ WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_READER);
+ result = isMember(securityToken, userId, wikitty, metaFieldName);
return result;
}
/**
- * verifie que l'utilisateur est dans la liste des writer
- *
+ *
+ * @param securityToken
* @param userId
- * @param w
- * @return vrai si et seulement si l'utilisateur est dans la liste des
- * writers
+ * @param wikitty
+ * @param extensionName may be null
+ * @return
*/
- protected boolean isWriter(String securityToken, String userId, Wikitty extensionRights) {
- boolean result = isMember(
- securityToken, userId, extensionRights, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_WRITER);
+ protected boolean isWriter(String securityToken, String userId, Wikitty wikitty, String extensionName) {
+ boolean result;
+ String metaFieldName = WikittyUtil.getMetaFieldName(
+ WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName,
+ WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_WRITER);
+ log.trace("meta field name " + metaFieldName);
+ result = isMember(securityToken, userId, wikitty, metaFieldName);
return result;
}
/**
- * Verifie que l'utilisateur est bien le proprietaire de l'objet
- *
+ *
+ * @param securityToken
* @param userId
- * @param w
+ * @param wikitty
+ * @param extensionName may be null
* @return
*/
- protected boolean isOwner(String securityToken, String userId, Wikitty extensionRights) {
- String owner = WikittyAuthorisationHelper.getOwner(extensionRights);
- boolean result = userId.equals(owner);
+ protected boolean isAdmin(String securityToken, String userId, Wikitty wikitty, String extensionName) {
+ boolean result;
+ String metaFieldName = WikittyUtil.getMetaFieldName(
+ WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName,
+ WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_ADMIN);
+ result = isMember(securityToken, userId, wikitty, metaFieldName);
return result;
}
+
+ /**
+ *
+ * @param securityToken
+ * @param userId
+ * @param wikitty
+ * @param extensionName may be null
+ * @return
+ */
+ protected boolean isOwner(String securityToken, String userId, Wikitty wikitty, String extensionName) {
+
+ String metaFieldName = WikittyUtil.getMetaFieldName(
+ WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName,
+ WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_OWNER);
+
+ String actualExtensionName = WikittyUtil.getExtensionNameFromFQFieldName(metaFieldName);
+ String fieldName = WikittyUtil.getFieldNameFromFQFieldName(metaFieldName);
+
+ String owner = wikitty.getFieldAsString(actualExtensionName, fieldName);
+
+ boolean isOwner;
+ if (owner == null) {
+ isOwner = false;
+ } else {
+ isOwner = owner.equals(userId);
+ }
+ return isOwner;
+ }
- protected boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fieldName) {
- Set<String> groupOrUser = extensionRights.getFieldAsSet(
- WikittyAuthorisation.EXT_WIKITTYAUTHORISATION,
- fieldName,
- String.class);
+ protected boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName) {
+
+ String extensionName = WikittyUtil.getExtensionNameFromFQFieldName(fqFieldName);
+ String fieldName = WikittyUtil.getFieldNameFromFQFieldName(fqFieldName);
+
+ Set<String> groupOrUser = extensionRights.getFieldAsSet(extensionName,
+ fieldName,
+ String.class);
+
boolean result = isMember(securityToken, userId, groupOrUser);
- if (!result) {
+ if ( ! result) {
// user don't have right on current object, check parent right
String parentId = WikittyAuthorisationHelper.getParent(extensionRights);
if (parentId != null) {
Wikitty parent = ws.restore(securityToken, parentId);
- result = isMember(securityToken, userId, parent, fieldName);
+ result = isMember(securityToken, userId, parent, fqFieldName);
}
}
return result;
}
- /**
- * Par defaut un objet est lisible par tous, sauf s'il a l'extension
- * d'autorisation et que la liste des readers existe et n'est pas vide
- *
- * @param userId
- * @param w
- * @return true si l'utilisateur est dans la liste des reader (ou que cette
- * liste n'existe pas ce qui indique que tout le monde est reader)
- */
- protected boolean isReader(String securityToken, String userId, Wikitty w) {
- boolean result = true;
- if (WikittyAuthorisationHelper.isExtension(w)) {
- Set<String> groupOrUser = WikittyAuthorisationHelper.getReader(w);
- if (groupOrUser == null || groupOrUser.size() == 0) {
- // il n'y a pas de reader sur l'objet actuel, il faut regarder
- // sur le parent s'il y en a
- String parentId = WikittyAuthorisationHelper.getParent(w);
- if (parentId != null) {
- Wikitty parent = ws.restore(securityToken, parentId);
- result = isReader(securityToken, userId, parent);
- }
- } else {
- // il y a des readers sur l'objet actuel, il faut donc checker
- // comme pour les autres droits en parent aussi les parents
- result = isMember(
- securityToken, userId, w, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_READER);
- }
- }
- return result;
- }
+// /**
+// * Par defaut un objet est lisible par tous, sauf s'il a l'extension
+// * d'autorisation et que la liste des readers existe et n'est pas vide
+// *
+// * @param userId
+// * @param w
+// * @return true si l'utilisateur est dans la liste des reader (ou que cette
+// * liste n'existe pas ce qui indique que tout le monde est reader)
+// */
+// @Deprecated
+// protected boolean isReader(String securityToken, String userId, Wikitty w) {
+// boolean result = true;
+// if (WikittyAuthorisationHelper.isExtension(w)) {
+// Set<String> groupOrUser = WikittyAuthorisationHelper.getReader(w);
+// if (groupOrUser == null || groupOrUser.size() == 0) {
+// // il n'y a pas de reader sur l'objet actuel, il faut regarder
+// // sur le parent s'il y en a
+// String parentId = WikittyAuthorisationHelper.getParent(w);
+// if (parentId != null) {
+// Wikitty parent = ws.restore(securityToken, parentId);
+// result = isReader(securityToken, userId, parent);
+// }
+// } else {
+// // il y a des readers sur l'objet actuel, il faut donc checker
+// // comme pour les autres droits en parent aussi les parents
+// result = isMember(
+// securityToken, userId, w, WikittyAuthorisation.FIELD_WIKITTYAUTHORISATION_READER);
+// }
+// }
+// return result;
+// }
/**
* Verifie si l'utilisateur est considere comme un AppAdmin
@@ -772,7 +889,33 @@
boolean result = isMember(securityToken, userId, ids);
return result;
}
+
+ /** create appAdminGroup and add current user as first member */
+ public void createAppAdminGroup(String securityToken) {
+ if (securityToken == null) {
+ throw new IllegalArgumentException("login required, token is null");
+ }
+ Wikitty group = getAppAdminGroup(securityToken);
+ if (group == null) {
+ // il n'existe pas on le cree.
+ WikittyGroupAbstract appAdminGroup = new WikittyGroupImpl();
+ appAdminGroup.setName(WIKITTY_APPADMIN_GROUP_NAME);
+
+ String fisrtUserId = getUserId(securityToken);
+ appAdminGroup.addMembers(fisrtUserId);
+
+ ws.store(securityToken, appAdminGroup.getWikitty());
+
+ // on garde l'id pour ne plus faire la recherche,
+ // vu que le groupe doit etre unique cela ne pose pas de probleme
+ appAdminGroupId = appAdminGroup.getWikitty().getId();
+ group = appAdminGroup.getWikitty();
+ } else {
+ throw new SecurityException("AppAdmin group already exists");
+ }
+ }
+
protected Wikitty getAppAdminGroup(String securityToken) {
Wikitty group;
if (appAdminGroupId == null) {
@@ -787,17 +930,6 @@
// group peut-etre null, si entre temps un admin a supprime le group
}
- if (group == null) {
- // il n'existe pas on le cree.
- WikittyGroupAbstract appAdminGroup = new WikittyGroupImpl();
- appAdminGroup.setName(WIKITTY_APPADMIN_GROUP_NAME);
- ws.store(securityToken, appAdminGroup.getWikitty());
- group = appAdminGroup.getWikitty();
-
- // on garde l'id pour ne plus faire la recherche,
- // vu que le groupe doit etre unique cela ne pose pas de probleme
- appAdminGroupId = group.getId();
- }
return group;
}
@@ -813,11 +945,11 @@
String securityToken, String userId, Set<String> groupOrUser) {
if (groupOrUser != null) {
for (String id : groupOrUser) {
- if (userId.equals(id)) {
+ if (id.equals(userId)) {
return true;
} else {
Wikitty groupWikitty = ws.restore(securityToken, id);
- if (WikittyGroupHelper.isExtension(groupWikitty)) {
+ if (WikittyGroupHelper.hasExtension(groupWikitty)) {
Set<String> members = WikittyGroupHelper.getMembers(groupWikitty);
return isMember(securityToken, userId, members);
}
@@ -827,17 +959,4 @@
return false; // not found in groupOrUser
}
- @Override
- public Wikitty findByCriteria(String securityToken,
- WikittyTransaction transaction, Criteria criteria) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public List<String> deleteTree(String securityToken, String treeNodeId) {
- // TODO Auto-generated method stub
- return null;
- }
-
}
Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java
===================================================================
--- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/WikittyUtil.java 2010-10-05 07:43:24 UTC (rev 385)
@@ -816,7 +816,7 @@
/** given names of extension and field, return a fully qualified field name */
public static String getFQFieldName(String extensionName, String fieldName) {
- String fqFieldName = extensionName + FQ_FIELD_NAME_SEPARATOR_REGEX + fieldName;
+ String fqFieldName = extensionName + FQ_FIELD_NAME_SEPARATOR + fieldName;
return fqFieldName;
}
@@ -845,7 +845,7 @@
*/
public static String getMetaFieldName(String metaExtensionName, String extensionName, String fieldName) {
String actualExtensionName = metaExtensionName;
- if (extensionName == null) {
+ if (extensionName != null) {
actualExtensionName = getFQMetaExtensionName(metaExtensionName, extensionName);
}
String metaFieldName = getFQFieldName(actualExtensionName, fieldName);
Modified: trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java
===================================================================
--- trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/test/java/org/nuiton/wikitty/layers/WikittyServiceSecurityTest.java 2010-10-05 07:43:24 UTC (rev 385)
@@ -13,9 +13,11 @@
import org.junit.Test;
import org.nuiton.wikitty.FieldType;
import org.nuiton.wikitty.FieldType.TYPE;
+import org.nuiton.wikitty.SecurityToken;
import org.nuiton.wikitty.TreeNodeAbstract;
import org.nuiton.wikitty.Wikitty;
import org.nuiton.wikitty.WikittyAuthorisation;
+import org.nuiton.wikitty.WikittyAuthorisationAbstract;
import org.nuiton.wikitty.WikittyAuthorisationHelper;
import org.nuiton.wikitty.WikittyAuthorisationImpl;
import org.nuiton.wikitty.WikittyService;
@@ -23,13 +25,11 @@
import org.nuiton.wikitty.WikittyServiceSecurity;
/** test {@link org.nuiton.wikitty.WikittyServiceSecurity} */
+@Ignore("not ready")
public class WikittyServiceSecurityTest extends AbstractWikittyServiceTest {
private static final Log log = LogFactory.getLog(WikittyServiceSecurityTest.class);
- protected static final String APPADMIN_LOGIN = WikittyServiceSecurity.APPADMIN_LOGIN;
- protected static final String APPADMIN_PASSWORD = WikittyServiceSecurity.APPADMIN_PASSWORD;
-
protected WikittyServiceSecurity securityService;
protected String noRightsToken;
@@ -46,7 +46,8 @@
service = securityService;
- token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
+ // token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
+ token = null;
securityService.createAccount(token, "i have no rights", "");
securityService.createAccount(token, "reader", "");
@@ -62,12 +63,12 @@
log.debug("initial wikitty rights" + authorizations);
- service.store(token, authorizations);
+ securityService.storeExtensionAuthorisation(token, authorizations);
+ securityService.storeExtension(token, extension);
Wikitty extensionAuthorisation = securityService.restoreExtensionAuthorisation(token, extension);
log.debug("restored initial rights " + extensionAuthorisation);
- service.logout(token);
token = null;
ownerToken = service.login("owner", "");
@@ -75,6 +76,12 @@
writerToken = service.login("writer", "");
readerToken = service.login("reader", "");
noRightsToken = service.login("i have no rights", "");
+
+ /**/
+ securityService.createAccount(null, "root", "");
+ String rootToken = service.login("root", "");
+ securityService.createAppAdminGroup(rootToken);
+ /**/
}
@Test
@@ -87,8 +94,7 @@
} catch (SecurityException e) {}
// now storing the wikitty for next tests
- token = service.login(APPADMIN_LOGIN, APPADMIN_PASSWORD);
- service.store(token, aWikitty);
+ service.store(readerToken, aWikitty);
// try to make operations on the stored wikitty with a bad token
try {
@@ -102,7 +108,7 @@
} catch (SecurityException e) {}
// now try to make a valid token invalid
- service.logout(token);
+ service.logout(readerToken);
try {
service.store(token, aWikitty);
fail();
@@ -111,26 +117,30 @@
/* *** level 1 security tests ***/
- @Ignore
@Test
public void testReaderRightOnWikitty() {
+ aWikitty.addExtension(WikittyAuthorisationAbstract.extensionWikittyAuthorisation);
+ WikittyAuthorisation auth = new WikittyAuthorisationImpl(aWikitty);
-// aWikitty.addMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extension);
- // delegate to WikittyAuthorisationHelper.addMetaExtension(extension, aWikitty)
+ String readerId = securityService.getUserWikittyId(null, "reader");
+
+ auth.clearReader();
+ auth.addReader(readerId);
+
+ log.debug("will store wikitty" + aWikitty);
+ service.store(ownerToken, aWikitty);
-// WikittyAuthorisation auth = new WikittyAuthorisationImpl(extension, aWikitty);
-// auth
-// WikittyAuthorisation authautre = new WikittyAuthorisationImpl(aWikitty);
-//
-// auth.clearReader();
-
-
+ try {
+ service.restore(null, aWikitty.getId());
+ fail("an exception should have been raised");
+ } catch (SecurityException e) {
+ log.info(e);
+ }
}
/* *** level 2 security tests ***/
/** test level 2 reader right */
- @Ignore
@Test
public void checkReaderRightOnExtension() {
@@ -143,16 +153,14 @@
try {
service.restoreExtension(noRightsToken, extension.getId());
- fail("an exception should have been raised");
} catch (SecurityException e) {
- log.debug("creating a wikitty without rights", e);
+ fail("no exception should have been raised");
}
try {
service.restoreExtensionLastVersion(noRightsToken, extension.getName());
- fail("an exception should have been raised");
} catch (SecurityException e) {
- log.debug("creating a wikitty without rights", e);
+ fail("no exception should have been raised");
}
try {
@@ -165,12 +173,11 @@
}
- @Ignore
@Test
public void checkWriterRightOnExtension() {
FieldType fieldType = new FieldType(FieldType.TYPE.STRING, 0, 1);
-
+
service.restoreExtensionLastVersion(writerToken, extension.getName());
extension.addField("new_field", fieldType);
@@ -186,7 +193,6 @@
}
}
- @Ignore
@Test
public void checkAdminRightOnExtention() {
// TODO 20100923 bleny check that store with no sufficient rights fail
@@ -207,10 +213,16 @@
// WikittyAuthorisationHelper.clearAdmin(extensionAuthorisation);
log.debug("will store rights " + extensionAuthorisation);
- service.store(adminToken, extensionAuthorisation);
+
+ try {
+ securityService.storeExtensionAuthorisation(writerToken, extensionAuthorisation);
+ fail("an exception should habe raised");
+ } catch (SecurityException e) {}
+
+ securityService.storeExtensionAuthorisation(adminToken, extensionAuthorisation);
// now, restore and check that rights are preserved
- extensionAuthorisation = service.restore(adminToken, extensionAuthorisation.getId());
+ extensionAuthorisation = securityService.restoreExtensionAuthorisation(adminToken, extension);
log.debug("restored rights " + extensionAuthorisation);
@@ -221,16 +233,9 @@
assertTrue(WikittyAuthorisationHelper.getWriter(extensionAuthorisation).contains("ID1"));
// ... and no one else
assertEquals(1, WikittyAuthorisationHelper.getWriter(extensionAuthorisation).size());
-
- // check that admin is not modified
- assertFalse(WikittyAuthorisationHelper.getAdmin(extensionAuthorisation).isEmpty());
-
- // check that ID2 is NOT owner (admin should not be able to change owner)
- assertFalse(WikittyAuthorisationHelper.getOwner(extensionAuthorisation).equals("ID2"));
+
+ // check that ID2 is owner
+ assertTrue(WikittyAuthorisationHelper.getOwner(extensionAuthorisation).contains("ID2"));
+
}
-
- @Test
- public void checkOwnerRightOnExtention() {
- // TODO
- }
}
Modified: trunk/wikitty-api/src/test/resources/log4j.properties
===================================================================
--- trunk/wikitty-api/src/test/resources/log4j.properties 2010-10-04 14:14:22 UTC (rev 384)
+++ trunk/wikitty-api/src/test/resources/log4j.properties 2010-10-05 07:43:24 UTC (rev 385)
@@ -5,3 +5,6 @@
log4j.appender.logConsole=org.apache.log4j.ConsoleAppender
log4j.appender.logConsole.layout=org.apache.log4j.PatternLayout
log4j.appender.logConsole.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
+
+# log4j.category.org.nuiton.wikitty.WikittyServiceSecurity=TRACE
+# log4j.category.org.nuiton.wikitty.layers.WikittyServiceSecurityTest=TRACE
2
1