[cvs] expresso commit by lhamel: add convenience methods
JCorporate Ltd
jcorp at jcorporate.com
Fri Oct 28 20:06:46 UTC 2005
Log Message:
-----------
add convenience methods
Modified Files:
--------------
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj:
RowSecuredDBObject.java
Revision Data
-------------
Index: RowSecuredDBObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java,v
retrieving revision 1.52
retrieving revision 1.53
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java -u -r1.52 -r1.53
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java
@@ -73,8 +73,8 @@
import com.jcorporate.expresso.core.security.User;
import com.jcorporate.expresso.services.dbobj.RowGroupPerms;
import com.jcorporate.expresso.services.dbobj.RowPermissions;
-import com.jcorporate.expresso.services.dbobj.UserGroup;
import com.jcorporate.expresso.services.dbobj.Setup;
+import com.jcorporate.expresso.services.dbobj.UserGroup;
import java.util.ArrayList;
import java.util.Collection;
@@ -449,6 +449,95 @@
}
/**
+ * determine if the group is able to read
+ *
+ * @param grpName name of group to test
+ * @return true if the given group is able to read
+ * @throws SecurityException (unchecked) if not allowed
+ * @throws DBException for other data-related errors.
+ */
+ public boolean isReadGroup(String grpName)
+ throws DBException {
+ boolean result = false;
+
+ // special case for 'everybody'
+ if (UserGroup.ALL_USERS_GROUP.equals(grpName)) {
+ // use OTHER privleges
+ result = this.getPermissions().canOthersRead();
+ } else {
+ List objGroups = getGroups();
+ for (Iterator iterator = objGroups.iterator(); iterator.hasNext();) {
+ RowGroupPerms perms = (RowGroupPerms) iterator.next();
+ if (perms.group().equals(grpName) && perms.canGroupRead()) {
+ result = true;
+ break;
+ }
+ }
+ }
+
+ return result;
+ }
+ /**
+ * determine if the group is able to write
+ *
+ * @param grpName name of group to test
+ * @return true if the given group is able to write
+ * @throws SecurityException (unchecked) if not allowed
+ * @throws DBException for other data-related errors.
+ */
+ public boolean isWriteGroup(String grpName)
+ throws DBException {
+ boolean result = false;
+
+ // special case for 'everybody'
+ if (UserGroup.ALL_USERS_GROUP.equals(grpName)) {
+ // use OTHER privleges
+ result = this.getPermissions().canOthersWrite();
+ } else {
+ List objGroups = getGroups();
+ for (Iterator iterator = objGroups.iterator(); iterator.hasNext();) {
+ RowGroupPerms perms = (RowGroupPerms) iterator.next();
+ if (perms.group().equals(grpName) && perms.canGroupWrite()) {
+ result = true;
+ break;
+ }
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * determine if the group is able to administrate
+ *
+ * @param grpName name of group to test
+ * @return true if the given group is able to administrate
+ * @throws SecurityException (unchecked) if not allowed
+ * @throws DBException for other data-related errors.
+ */
+ public boolean isAdminGroup(String grpName)
+ throws DBException {
+ boolean result = false;
+
+ // special case for 'everybody'
+ if (UserGroup.ALL_USERS_GROUP.equals(grpName)) {
+ // use OTHER privleges
+ result = this.getPermissions().canOthersAdministrate();
+ } else {
+ List objGroups = getGroups();
+ for (Iterator iterator = objGroups.iterator(); iterator.hasNext();) {
+ RowGroupPerms perms = (RowGroupPerms) iterator.next();
+ if (perms.group().equals(grpName) && perms.canGroupAdministrate()) {
+ result = true;
+ break;
+ }
+ }
+ }
+
+ return result;
+ }
+
+ /**
* iterate through collection, testing each row's privileges remove any row
* which does not have privileges; (do not throw security exception, just
* remove row)
@@ -537,7 +626,6 @@
super.add();
setDefaultPermissions();
}
- /* add() */
/*
* add row with given permissions, with group permissions applying
@@ -552,11 +640,12 @@
super.add();
setPermissions(getRequestingUid(), group, permissions);
}
- /* add() */
/**
- * add permissions for a group; will only ADD permissions, not replace will
- * add row or update existing row (logical OR of bits) as necessary
+ * add permissions for a group; will only ADD permissions, not replace;
+ * will add row or update existing row (logical OR of bits) as necessary;
+ * to fully replace permissions, get the group permission object itself
+ * and manipulate it.
*
* @param group to be added
* @param perm to be added
@@ -576,14 +665,11 @@
throw new DBException("cannot find group: " + group);
}
- RowGroupPerms rowGroupPerms = new RowGroupPerms(getJDBCMetaData()
- .getTargetTable(),
- getKey());
+ RowGroupPerms rowGroupPerms = new RowGroupPerms(this, group);
rowGroupPerms.setDataContext(getDataContext());
if (getLocalConnection() != null) {
rowGroupPerms.setConnection(getLocalConnection());
}
- rowGroupPerms.group(group);
if (rowGroupPerms.find()) {
// careful just to ADD permissions, which means bitwise OR
@@ -622,7 +708,6 @@
// now we may have newly created permissions or have retrieved existing ones
// boolean isNew = rowPermissions.isFresh();
-
// The test below will ALWAYS BE TRUE for newly created permissions
// because the requesting UID is the owner of the new permissions
@@ -631,7 +716,7 @@
// public readability?
result = rowPermissions.canOthersAdministrate() ||
((userId == rowPermissions.owner()) &&
- rowPermissions.canOwnerAdministrate());
+ rowPermissions.canOwnerAdministrate());
if (!result) {
// check groups
@@ -669,7 +754,7 @@
// public readability?
result = rowPermissions.canOthersRead() ||
((userId == rowPermissions.owner()) &&
- rowPermissions.canOwnerRead());
+ rowPermissions.canOwnerRead());
if (!result) {
// check groups
@@ -725,7 +810,7 @@
// public readability?
result = rowPermissions.canOthersWrite() ||
((userId == rowPermissions.owner()) &&
- rowPermissions.canOwnerWrite());
+ rowPermissions.canOwnerWrite());
// check alternative groups
if (!result) {
@@ -752,7 +837,7 @@
*/
public int defaultPermissions() {
String defaultPerms = Setup.getValueUnrequired(DEFAULT_PERMISSION_CODE);
- if ( defaultPerms != null ) {
+ if (defaultPerms != null) {
return Integer.parseInt(defaultPerms);
}
return RowPermissions.DEFAULT_PERMISSIONS;
@@ -825,7 +910,7 @@
// must test AFTER search, since we do not necessarily have row keys yet
// to find permissions
- if (result == true) {
+ if (result) {
isRowAllowed(SEARCH);
}
@@ -876,7 +961,8 @@
*/
public void retrieve() throws DBException {
super.retrieve();
- this.isRowAllowed(SEARCH); // test second in case we have a new object which will not have any permissions yet, and therefore always be disallowed
+ this.isRowAllowed(
+ SEARCH); // test second in case we have a new object which will not have any permissions yet, and therefore always be disallowed
}
/**
More information about the cvs
mailing list