* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
*/
package org.collectionspace.services.authorization;
*/
//FIXME this method should be in the restful web service resource of authz
public void addPermissions(Permission perm,
- PermissionRole permRole) {
+ PermissionRole permRole) throws PermissionException {
List<String> principals = new ArrayList<String>();
if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) {
throw new IllegalArgumentException("permission ids do not"
* @param res
* @param principals
*/
- public void addPermission(CSpaceResource res, String[] principals) {
+ public void addPermission(CSpaceResource res, String[] principals) throws PermissionException {
CSpaceAction action = res.getAction();
addPermission(res, principals, action);
}
* @param principals
* @param perm
*/
- public void addPermission(CSpaceResource res, String[] principals, CSpaceAction action) {
+ public void addPermission(CSpaceResource res, String[] principals, CSpaceAction action)
+ throws PermissionException {
provider.getPermissionManager().addPermission(res, principals, action);
if (log.isDebugEnabled()) {
log.debug("added permission resource=" + res.getId() + " action=" + action.name());
* @param res
* @param principals
*/
- public void deletePermission(CSpaceResource res, String[] principals) {
+ public void deletePermission(CSpaceResource res, String[] principals)
+ throws PermissionNotFoundException, PermissionException {
CSpaceAction action = res.getAction();
deletePermission(res, principals, action);
}
* @param principals
* @param perm
*/
- public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction action) {
+ public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction action)
+ throws PermissionNotFoundException, PermissionException {
provider.getPermissionManager().deletePermission(res, principals, action);
if (log.isDebugEnabled()) {
log.debug("removed permission resource=" + res.getId() + " action=" + action.name());
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
*/
package org.collectionspace.services.authorization;
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
*/
package org.collectionspace.services.authorization;
@Override
public abstract CSpaceAction getAction();
+
+ @Override
+ public String toString() {
+ StringBuilder builder = new StringBuilder();
+ builder.append("CSpaceResourceImpl [");
+ builder.append("id=");
+ builder.append(id);
+ builder.append(", type=");
+ builder.append(type);
+ builder.append("]");
+ return builder.toString();
+ }
+
+
}
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.collectionspace.services.authorization;
+
+/**
+ *
+ * @author
+ */
+public class PermissionException extends Exception {
+
+ /**
+ * Creates a new instance of <code>PermissionException</code> without detail message.
+ */
+ public PermissionException() {
+ }
+
+ /**
+ * Constructs an instance of <code>PermissionException</code> with the specified detail message.
+ * @param msg the detail message.
+ */
+ public PermissionException(String msg) {
+ super(msg);
+ }
+
+ public PermissionException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+
+
+ public PermissionException(Throwable cause) {
+ super(cause);
+ }
+}
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.collectionspace.services.authorization;
+
+/**
+ *
+ * @author sanjaydalal
+ */
+public class PermissionNotFoundException extends PermissionException {
+
+ /**
+ * Creates a new instance of <code>PermissionNotFoundException</code> without detail message.
+ */
+ public PermissionNotFoundException() {
+ }
+
+ /**
+ * Constructs an instance of <code>PermissionNotFoundException</code> with the specified detail message.
+ * @param msg the detail message.
+ */
+ public PermissionNotFoundException(String msg) {
+ super(msg);
+ }
+
+ public PermissionNotFoundException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+
+ public PermissionNotFoundException(Throwable cause) {
+ super(cause);
+ }
+}
}
throw new IllegalArgumentException("action = " + action.toString());
}
+
+ @Override
+ public String toString() {
+ StringBuilder builder = new StringBuilder();
+ builder.append("URIResourceImpl [");
+ builder.append("action=");
+ builder.append(action);
+ builder.append(", method=");
+ builder.append(method);
+ builder.append(", uri=");
+ builder.append(uri);
+ builder.append("]");
+ return builder.toString() + " " + super.toString();
+ }
+
+
}
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.collectionspace.services.authorization.spi;
import org.collectionspace.services.authorization.CSpaceResource;
import org.collectionspace.services.authorization.CSpaceAction;
+import org.collectionspace.services.authorization.PermissionException;
+import org.collectionspace.services.authorization.PermissionNotFoundException;
/**
* Permission management interface for CSpace services
*/
public interface CSpacePermissionManager {
- public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm);
+ public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm)
+ throws PermissionException;
- public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm);
+ public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm)
+ throws PermissionNotFoundException, PermissionException;
}
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.collectionspace.services.authorization.spring;
import java.util.List;
import org.collectionspace.services.authorization.CSpaceAction;
import org.collectionspace.services.authorization.spi.CSpacePermissionManager;
import org.collectionspace.services.authorization.CSpaceResource;
+import org.collectionspace.services.authorization.PermissionException;
+import org.collectionspace.services.authorization.PermissionNotFoundException;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
}
@Override
- public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm) {
+ public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm)
+ throws PermissionException {
ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
Permission p = SpringAuthorizationProvider.mapPermssion(perm);
for (Sid sid : sids) {
addPermission(oid, sid, p);
+ if (log.isDebugEnabled()) {
+ log.debug("added permission "
+ + " res=" + res.toString()
+ + " cperm=" + perm.toString()
+ + convertToString(principals)
+ + " oid=" + oid.toString()
+ + " perm=" + p.toString()
+ + " sid=" + sids.toString());
+ }
}
}
MutableAclService mutableAclService = provider.getProviderAclService();
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
+ if (log.isDebugEnabled()) {
+ log.debug("addPermission: found acl for oid=" + oid.toString());
+ }
} catch (NotFoundException nfe) {
acl = mutableAclService.createAcl(oid);
}
acl.insertAce(acl.getEntries().size(), permission, recipient, true);
mutableAclService.updateAcl(acl);
+ if (log.isDebugEnabled()) {
+ log.debug("addPermission: added acl for oid=" + oid.toString()
+ + " perm=" + permission.toString()
+ + " sid=" + recipient.toString());
+ }
}
@Override
- public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm) {
+ public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm)
+ throws PermissionNotFoundException, PermissionException {
ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
Permission p = SpringAuthorizationProvider.mapPermssion(perm);
for (Sid sid : sids) {
deletePermission(oid, sid, p);
+ if (log.isDebugEnabled()) {
+ log.debug("deleted permission "
+ + " res=" + res.toString()
+ + " cperm=" + perm.toString()
+ + convertToString(principals)
+ + " oid=" + oid.toString()
+ + " perm=" + p.toString()
+ + " sid=" + sids.toString());
+ }
}
}
- private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission) {
+ private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission)
+ throws PermissionException {
MutableAclService mutableAclService = provider.getProviderAclService();
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
-
+ if (log.isDebugEnabled()) {
+ log.debug("deletePermission: found acl for oid=" + oid.toString());
+ }
+ if (acl == null) {
+ String msg = "Cound not find acl for oid=" + oid.toString();
+ log.error(msg);
+ throw new PermissionNotFoundException(msg);
+ }
// Remove all permissions associated with this particular recipient (string equality to KISS)
List<AccessControlEntry> entries = acl.getEntries();
-
+ if (log.isDebugEnabled()) {
+ log.debug("deletePermission: for acl oid=" + oid.toString()
+ + " found " + entries.size() + " aces");
+ }
for (int i = 0; i < entries.size(); i++) {
if (entries.get(i).getSid().equals(recipient)
&& entries.get(i).getPermission().equals(permission)) {
}
}
mutableAclService.updateAcl(acl);
+ if (log.isDebugEnabled()) {
+ log.debug("deletePermission: for acl oid=" + oid.toString()
+ + " deleted " + entries.size() + " aces");
+ }
+ }
+
+ private String convertToString(String[] stra) {
+ StringBuilder builder = new StringBuilder();
+ for (String s : stra) {
+ builder.append(s);
+ builder.append(" ");
+ }
+ return builder.toString();
}
}
projects / tmp / jakarta-migration.git / commitdiff