import org.collectionspace.services.authorization.Permission;
import org.collectionspace.services.authorization.EffectType;
import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionActionUtil;
import org.collectionspace.services.authorization.PermissionRole;
import org.collectionspace.services.authorization.PermissionValue;
import org.collectionspace.services.authorization.PermissionsList;
ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
perm.setActions(pas);
- PermissionAction pa = new PermissionAction();
- pa.setName(ActionType.CREATE);
- pas.add(pa);
- PermissionAction pa1 = new PermissionAction();
- pa1.setName(ActionType.READ);
- pas.add(pa1);
- PermissionAction pa2 = new PermissionAction();
- pa2.setName(ActionType.UPDATE);
- pas.add(pa2);
- PermissionAction pa3 = new PermissionAction();
- pa3.setName(ActionType.DELETE);
- pas.add(pa3);
- PermissionAction pa4 = new PermissionAction();
- pa4.setName(ActionType.SEARCH);
- pas.add(pa4);
+ PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.CREATE);
+ pas.add(permAction);
+
+ permAction = PermissionActionUtil.create(perm, ActionType.READ);
+ pas.add(permAction);
+
+ permAction = PermissionActionUtil.create(perm, ActionType.UPDATE);
+ pas.add(permAction);
+
+ permAction = PermissionActionUtil.create(perm, ActionType.DELETE);
+ pas.add(permAction);
+
+ permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
+ pas.add(permAction);
return perm;
}
ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
perm.setActions(pas);
- PermissionAction pa1 = new PermissionAction();
- pa1.setName(ActionType.READ);
- pas.add(pa1);
+ PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.READ);
+ pas.add(permAction);
+
+ permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
+ pas.add(permAction);
- PermissionAction pa4 = new PermissionAction();
- pa4.setName(ActionType.SEARCH);
- pas.add(pa4);
return perm;
}
Role rrole = buildTenantReaderRole(tenantId);
readerRoles.add(rrole);
-
}
}
}
List<PermissionAction> permActions = perm.getActions();
for (PermissionAction permAction : permActions) {
- CSpaceAction action = getAction(permAction.getName());
+ CSpaceAction action = URIResourceImpl.getAction(permAction.getName());
URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
perm.getResourceName(), action);
boolean grant = perm.getEffect().equals(EffectType.PERMIT) ? true : false;
* given ActionType
* @param action
* @return
- */
+ *
private CSpaceAction getAction(ActionType action) {
if (ActionType.CREATE.equals(action)) {
return CSpaceAction.CREATE;
}
throw new IllegalArgumentException("action = " + action.toString());
}
+ */
static Object fromFile(Class jaxbClass, String fileName) throws Exception {
InputStream is = new FileInputStream(fileName);
<property file="${services.trunk}/build.properties" />\r
<property name="mvn.opts" value="" />\r
<property name="src" location="src"/>\r
- <property name="authorization.jar" value="cspace-services-authz.jar"/>\r
+ <property name="authorization.jar" value="collectionspace-services-authz-mgt.jar"/>\r
<condition property="osfamily-unix">\r
<os family="unix" />\r
</condition>\r
</exec>\r
</target>\r
\r
+<!--\r
<target name="deploy" depends="install"\r
description="deploy authorization service in ${jboss.server.cspace}">\r
<copy file="${basedir}/target/${authorization.jar}" todir="${jboss.server.cspace}/lib"/>\r
<delete file="${jboss.server.cspace}/lib/${authorization.jar}"/>\r
<echo message="Check out authorization Service Configuration Guide on wiki.collectionspace.org for more details"/>\r
</target>\r
+--> \r
\r
<target name="dist"\r
description="generate distribution for authorization service" depends="package">\r
import org.collectionspace.services.authorization.AccountRole;
import org.collectionspace.services.authorization.AccountRoleRel;
+import org.collectionspace.services.authorization.ActionType;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.CSpaceAction;
+import org.collectionspace.services.authorization.EffectType;
import org.collectionspace.services.authorization.Permission;
import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionActionUtil;
import org.collectionspace.services.authorization.PermissionsList;
import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.collectionspace.services.authorization.URIResourceImpl;
import org.collectionspace.services.common.document.AbstractDocumentHandlerImpl;
import org.collectionspace.services.common.document.BadRequestException;
private final Logger logger = LoggerFactory.getLogger(PermissionDocumentHandler.class);
private Permission permission;
private PermissionsList permissionsList;
+
+ public CSpaceAction getAction(ActionType action) {
+ System.out.println("Hello, world? " + action.name());
+ System.out.println("Hello, world? " + ActionType.CREATE.name());
+
+ try {
+ if (ActionType.CREATE.name().equals(action.name())) {
+ return CSpaceAction.CREATE;
+ } else if (ActionType.READ.equals(action)) {
+ return CSpaceAction.READ;
+ } else if (ActionType.UPDATE.equals(action)) {
+ return CSpaceAction.UPDATE;
+ } else if (ActionType.DELETE.equals(action)) {
+ return CSpaceAction.DELETE;
+ } else if (ActionType.SEARCH.equals(action)) {
+ return CSpaceAction.SEARCH;
+ } else if (ActionType.ADMIN.equals(action)) {
+ return CSpaceAction.ADMIN;
+ } else if (ActionType.START.equals(action)) {
+ return CSpaceAction.START;
+ } else if (ActionType.STOP.equals(action)) {
+ return CSpaceAction.STOP;
+ }
+ } catch (Exception x) {
+ x.printStackTrace();
+ }
+ throw new IllegalArgumentException("action = " + action.toString());
+ }
+
+ /*
+ * Add the ACE hashed ID to the permission action so we can map the permission to the Spring Security
+ * tables.
+ */
+ private void handlePermissionActions(Permission perm) {
+ //FIXME: REM - Having Java class loader issues with ActionType class. Not sure of the cause.
+ try {
+ List<PermissionAction> permActions = perm.getActions();
+ for (PermissionAction permAction : permActions) {
+ CSpaceAction action = getAction(permAction.getName());
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+ perm.getResourceName(), action);
+ permAction.setObjectIdentity(uriRes.getHashedId().toString());
+ //PermissionActionUtil.update(perm, permAction);
+ }
+ } catch (Exception x) {
+ x.printStackTrace();
+ }
+ }
@Override
public void handleCreate(DocumentWrapper<Permission> wrapDoc) throws Exception {
Permission permission = wrapDoc.getWrappedObject();
permission.setCsid(id);
setTenant(permission);
+ handlePermissionActions(permission);
}
@Override
logger.debug("merged permission=" + JaxbUtils.toString(to, Permission.class));
}
+ handlePermissionActions(to);
return to;
}
</xs:appinfo>
</xs:annotation>
</xs:element>
+ <xs:element name="objectIdentity" type="xs:string" minOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="objectIdentity" length="128" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
</xs:sequence>
</xs:complexType>
drop table if exists roles;
create table accounts_roles (HJID bigint not null auto_increment, account_id varchar(128) not null, created_at datetime not null, role_id varchar(128) not null, role_name varchar(255), screen_name varchar(255), user_id varchar(128) not null, primary key (HJID), unique (account_id, role_id));
create table permissions (csid varchar(128) not null, action_group varchar(128), attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid));
-create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID));
+create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, objectIdentity varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID));
create table permissions_roles (HJID bigint not null auto_increment, actionGroup varchar(255), created_at datetime not null, permission_id varchar(128) not null, permission_resource varchar(255), role_id varchar(128) not null, role_name varchar(255), primary key (HJID), unique (permission_id, role_id));
create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid), unique (rolename, tenant_id));
alter table permissions_actions add index FK85F82042E2DC84FD (ACTIONS_PERMISSION_CSID), add constraint FK85F82042E2DC84FD foreign key (ACTIONS_PERMISSION_CSID) references permissions (csid);
* @return
*/
public String getId();
+
+ /**
+ * Gets the hashed id.
+ *
+ * @return the hashed id
+ */
+ public Long getHashedId();
/**
* getType get type of the resource
//tenant-qualified id
return tenantId + SEPARATOR_COLON + id;
}
+
+ @Override
+ public Long getHashedId() {
+ return Long.valueOf(getId().hashCode());
+ }
@Override
public TYPE getType() {
--- /dev/null
+package org.collectionspace.services.authorization;\r
+\r
+import org.collectionspace.services.authorization.PermissionAction;\r
+import org.collectionspace.services.authorization.ActionType;\r
+import org.collectionspace.services.authorization.Permission;\r
+\r
+public class PermissionActionUtil {\r
+\r
+ static public PermissionAction create(Permission perm,\r
+ ActionType actionType) {\r
+ PermissionAction pa = new PermissionAction();\r
+\r
+ CSpaceAction action = URIResourceImpl.getAction(actionType);\r
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),\r
+ perm.getResourceName(), action);\r
+ pa.setName(actionType);\r
+ pa.setObjectIdentity(uriRes.getHashedId().toString());\r
+ \r
+ return pa;\r
+ }\r
+\r
+ static public PermissionAction update(Permission perm, PermissionAction permAction) {\r
+ PermissionAction pa = new PermissionAction();\r
+\r
+ CSpaceAction action = URIResourceImpl.getAction(permAction.getName());\r
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),\r
+ perm.getResourceName(), action);\r
+ pa.setObjectIdentity(uriRes.getHashedId().toString());\r
+ \r
+ return pa;\r
+ }\r
+}\r
return uri;
}
+ /*
+ * Map a Permission ActionType to a CSpaceAction
+ */
+ public static CSpaceAction getAction(ActionType action) {
+ System.out.println("Hello, world? " + action.name());
+ System.out.println("Hello, world? " + ActionType.CREATE.name());
+
+ try {
+ if (ActionType.CREATE.name().equals(action.name())) {
+ return CSpaceAction.CREATE;
+ } else if (ActionType.READ.equals(action)) {
+ return CSpaceAction.READ;
+ } else if (ActionType.UPDATE.equals(action)) {
+ return CSpaceAction.UPDATE;
+ } else if (ActionType.DELETE.equals(action)) {
+ return CSpaceAction.DELETE;
+ } else if (ActionType.SEARCH.equals(action)) {
+ return CSpaceAction.SEARCH;
+ } else if (ActionType.ADMIN.equals(action)) {
+ return CSpaceAction.ADMIN;
+ } else if (ActionType.START.equals(action)) {
+ return CSpaceAction.START;
+ } else if (ActionType.STOP.equals(action)) {
+ return CSpaceAction.STOP;
+ }
+ } catch (Exception x) {
+ x.printStackTrace();
+ }
+ throw new IllegalArgumentException("action = " + action.toString());
+ }
+
/**
* getAction is a conveneniece method to get action
* for given HTTP method invoked on the resource
}
static Long getObjectIdentityIdentifier(CSpaceResource res) {
- return Long.valueOf(res.getId().hashCode());
+ return res.getHashedId();
+ //return Long.valueOf(res.getId().hashCode());
}
static String getObjectIdentityType(CSpaceResource res) {
projects / tmp / jakarta-migration.git / commitdiff