svn commit: r808951 [1/2] - in /ofbiz/branches/executionconte
Locked
svn commit: r808951 [1/2] - in /ofbiz/branches/executionconte
 
|
Author: adrianc
Date: Fri Aug 28 16:48:37 2009 New Revision: 808951 URL: http://svn.apache.org/viewvc?rev=808951&view=rev Log: Implemented permissions checking. Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (with props) ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java (with props) ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java (with props) ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java (with props) ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java (with props) Removed: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsList.java ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java Modified: ofbiz/branches/executioncontext20090812/BranchReadMe.txt ofbiz/branches/executioncontext20090812/framework/api/config/api.properties ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java ofbiz/branches/executioncontext20090812/framework/entityext/build.xml ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/job/JobManager.java ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/job/PersistedServiceJob.java ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/form/ModelFormAction.java ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/screen/ModelScreenAction.java ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java Modified: ofbiz/branches/executioncontext20090812/BranchReadMe.txt URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/BranchReadMe.txt?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/BranchReadMe.txt (original) +++ ofbiz/branches/executioncontext20090812/BranchReadMe.txt Fri Aug 28 16:48:37 2009 @@ -43,6 +43,8 @@ action, change the settings in api.properties. You'll see info messages in the console log. +--------------------------------------------------------------------- + 2009-08-26: Added security-aware Freemarker transform. Template sections can be controlled with: @@ -50,3 +52,11 @@ If the user has permission to view the artifact, then "Some text" will be rendered. + +--------------------------------------------------------------------- + +2009-08-28: Permissions checking has been implemented. The code has +a few bugs, and there are places where the ExecutionContext isn't being +passed along, so OFBiz won't run with the AuthorizationManager enabled. +Consequently, the AuthorizationManager is disabled by default. You can +enable it with a property in api.properties. Modified: ofbiz/branches/executioncontext20090812/framework/api/config/api.properties URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/config/api.properties?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/config/api.properties (original) +++ ofbiz/branches/executioncontext20090812/framework/api/config/api.properties Fri Aug 28 16:48:37 2009 @@ -21,18 +21,21 @@ # Apache OFBiz Framework API Settings #### -# Set to true to enable ExecutionContext info messages. This property is for -# development only, it will be removed when the ExecutionContext implementation -# is complete. -executionContext.verbose=false - # Class name of the ExecutionContext implementation executionContext.class=org.ofbiz.context.ExecutionContextImpl -# Set to true to enable AuthorizationManager info messages. This property is for -# development only, it will be removed when the AuthorizationManager implementation -# is complete. -authorizationManager.verbose=false - # Class name of the AuthorizationManager implementation authorizationManager.class=org.ofbiz.context.AuthorizationManagerImpl + +#-- The following properties are for development only, they will be removed +#-- when the security-aware artifact implementation is complete. + +# Set to true to enable ExecutionContext info messages. +executionContext.verbose=false + +# Set to true to enable AuthorizationManager info messages. +authorizationManager.verbose=false + +# Set to true to disable the AuthorizationManager. +authorizationManager.disabled=true + Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java Fri Aug 28 16:48:37 2009 @@ -23,13 +23,46 @@ import java.util.List; import java.util.ListIterator; -/** - * AccessController interface. +/** AccessController interface. This interface is intended to + * separate the permissions-checking logic from the artifacts + * that use it. */ public interface AccessController<E> { - public void checkPermission(Permission permission) throws AccessControlException; - public List<E> applyFilters(List<E> list); + /** Returns silently if the user has been granted <code>permission</code> + * access for the current artifact, throws <code>AccessControlException</code> + * otherwise.<p>Security-aware artifacts call this + * method with the desired permission. If access is granted the + * method returns, otherwise it throws an unchecked exception. + * Higher level code can catch the exception and handle it accordingly.</p> + * + * @param permission The permission to check + * @throws AccessControlException + */ + public void checkPermission(Permission permission) throws AccessControlException; + + /** Applies permission filters to a <code>List</code>. The + * returned <code>List</code> is security-aware, so methods + * that return an <code>Object</code> will return only the + * objects the user has permission to access. + * + * @param list The <code>List</code> to apply filters to + * @return A security-aware <code>List</code> if filters + * were specified for the current artifact, or the original + * <code>List</code> otherwise + */ + public List<E> applyFilters(List<E> list); + + /** Applies permission filters to a <code>ListIterator</code>. The + * returned <code>ListIterator</code> is security-aware, so methods + * that return an <code>Object</code> will return only the + * objects the user has permission to access. + * + * @param list The <code>ListIterator</code> to apply filters to + * @return A security-aware <code>ListIterator</code> if filters + * were specified for the current artifact, or the original + * <code>ListIterator</code> otherwise + */ public ListIterator<E> applyFilters(ListIterator<E> list); } Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java Fri Aug 28 16:48:37 2009 @@ -21,13 +21,11 @@ import java.security.Permission; /** - * Admin permission class. Similar to java.security.BasicPermission. + * Admin permission class. Extends GenericPermission. */ @SuppressWarnings("serial") -public class AdminPermission extends Permission { +public class AdminPermission extends BasicPermission { - protected final String permissionString = "admin=true"; - public AdminPermission() { super("admin=true"); } @@ -38,7 +36,7 @@ return true; } try { - BasicPermission that = (BasicPermission) obj; + AdminPermission that = (AdminPermission) obj; return this.permissionString.equals(that.permissionString); } catch (Exception e) {} return false; Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java Fri Aug 28 16:48:37 2009 @@ -18,6 +18,8 @@ *******************************************************************************/ package org.ofbiz.api.authorization; +import java.security.AccessControlException; + import org.ofbiz.api.context.ExecutionContext; /** @@ -26,6 +28,6 @@ public interface AuthorizationManager { // Get the access controller for an artifact/user combination - public AccessController getAccessController (ExecutionContext executionContext); + public AccessController getAccessController (ExecutionContext executionContext) throws AccessControlException; } Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java Fri Aug 28 16:48:37 2009 @@ -21,7 +21,7 @@ import java.security.Permission; /** - * Basic permission class. Similar to java.security.BasicPermission. + * Generic permission class. Similar to java.security.BasicPermission. */ @SuppressWarnings("serial") public class BasicPermission extends Permission { @@ -39,7 +39,7 @@ return true; } try { - BasicPermission that = (BasicPermission) obj; + BasicPermission that = (BasicPermission) obj; return this.permissionString.equals(that.permissionString); } catch (Exception e) {} return false; @@ -59,7 +59,7 @@ public boolean implies(Permission permission) { try { PermissionsUnion permissionsUnion = (PermissionsUnion) permission; - for (Permission perm : permissionsUnion.permissionsList) { + for (Permission perm : permissionsUnion.getPermissionsSet()) { if (this.implies(perm)) { return true; } @@ -68,7 +68,7 @@ } catch (Exception e) {} try { PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; - for (Permission perm : permissionsIntersection.permissionsList) { + for (Permission perm : permissionsIntersection.getPermissionsSet()) { if (!this.implies(perm)) { return false; } Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java Fri Aug 28 16:48:37 2009 @@ -22,10 +22,14 @@ import java.util.List; /** - * A <code>List</code> of permissions that represent an intersection. + * A <code>Set</code> of permissions that represents an intersection. */ @SuppressWarnings("serial") -public class PermissionsIntersection extends PermissionsList { +public class PermissionsIntersection extends PermissionsSet { + + public PermissionsIntersection(String listName) { + super(listName); + } public PermissionsIntersection(String listName, List<Permission> permissionsList) { super(listName, permissionsList); @@ -38,7 +42,7 @@ public boolean implies(Permission permission) { try { PermissionsUnion permissionsUnion = (PermissionsUnion) permission; - for (Permission perm : permissionsUnion.permissionsList) { + for (Permission perm : permissionsUnion.getPermissionsSet()) { if (this.implies(perm)) { return true; } @@ -47,14 +51,14 @@ } catch (Exception e) {} try { PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; - for (Permission perm : permissionsIntersection.permissionsList) { + for (Permission perm : permissionsIntersection.getPermissionsSet()) { if (!this.implies(perm)) { return false; } } return true; } catch (Exception e) {} - for (Permission perm : this.permissionsList) { + for (Permission perm : this.permissionsSet) { if (!perm.implies(permission)) { return false; } Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java?rev=808951&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (added) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java Fri Aug 28 16:48:37 2009 @@ -0,0 +1,79 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; +import java.util.List; +import java.util.Set; + +import javolution.util.FastSet; + +/** + * A <code>Set</code> of permissions. + */ +@SuppressWarnings("serial") +public abstract class PermissionsSet extends BasicPermission { + + protected final Set<Permission> permissionsSet = FastSet.newInstance(); + + public PermissionsSet(String setName) { + super(setName); + } + + public PermissionsSet(String setName, List<Permission> permissionsList) { + super(setName); + this.permissionsSet.addAll(permissionsList); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + PermissionsSet that = (PermissionsSet) obj; + return this.permissionsSet.equals(that.permissionsSet); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return permissionsSet.hashCode(); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + for (Permission perm : this.permissionsSet) { + sb.append(perm); + sb.append(" "); + } + return sb.toString().trim(); + } + + public Set<Permission> getPermissionsSet() { + return this.permissionsSet; + } +} Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java Fri Aug 28 16:48:37 2009 @@ -22,37 +22,17 @@ import java.util.List; /** - * A <code>List</code> of permissions that represent a union. + * A <code>Set</code> of permissions that represent a union. */ @SuppressWarnings("serial") -public class PermissionsUnion extends Permission { - protected final List<Permission> permissionsList; +public class PermissionsUnion extends PermissionsSet { - public PermissionsUnion(String listName, List<Permission> permissionsList) { - super(listName); - this.permissionsList = permissionsList; - } - - @Override - public boolean equals(Object obj) { - if (obj == this) { - return true; - } - try { - PermissionsUnion that = (PermissionsUnion) obj; - return this.permissionsList.equals(that.permissionsList); - } catch (Exception e) {} - return false; + public PermissionsUnion(String listName) { + super(listName); } - @Override - public String getActions() { - return null; - } - - @Override - public int hashCode() { - return permissionsList.hashCode(); + public PermissionsUnion(String listName, List<Permission> permissionsList) { + super(listName, permissionsList); } /** Returns <code>true</code> if any of the contained permissions @@ -62,7 +42,7 @@ public boolean implies(Permission permission) { try { PermissionsUnion permissionsUnion = (PermissionsUnion) permission; - for (Permission perm : permissionsUnion.permissionsList) { + for (Permission perm : permissionsUnion.getPermissionsSet()) { if (this.implies(perm)) { return true; } @@ -71,28 +51,18 @@ } catch (Exception e) {} try { PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; - for (Permission perm : permissionsIntersection.permissionsList) { + for (Permission perm : permissionsIntersection.getPermissionsSet()) { if (!this.implies(perm)) { return false; } } return true; } catch (Exception e) {} - for (Permission perm : this.permissionsList) { + for (Permission perm : this.permissionsSet) { if (perm.implies(permission)) { return true; } } return false; } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - for (Permission perm : this.permissionsList) { - sb.append(perm); - sb.append(" "); - } - return sb.toString().trim(); - } } Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java Fri Aug 28 16:48:37 2009 @@ -18,8 +18,12 @@ *******************************************************************************/ package org.ofbiz.api.context; -/** ExecutionArtifact interface. */ +/** ExecutionArtifact interface. Artifacts in the program's execution + * path (services, screen widgets, form widgets, entities) should implement + * this interface. + */ public interface ExecutionArtifact { + /** * Returns the location of this artifact. * Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java Fri Aug 28 16:48:37 2009 @@ -24,7 +24,23 @@ import org.ofbiz.api.authorization.AccessController; -/** ExecutionContext interface. */ +/** ExecutionContext interface. The <code>ExecutionContext</code> is a container + * for frequently used objects, plus it keeps track of the program's + * execution path. <p>As an object container, the <code>ExecutionContext</code> + * simplifies framework code - since only one oject needs to be + * passed around instead of five or six.</p><p>The <code>ExecutionContext</code> + * depends on the artifacts in the program's execution path to implement + * the <code>ExecutionArtifact</code> interface, or if that is not possible, + * to use a <code>GenericExecutionArtifact</code> instance. At the start of + * each method, the artifact calls <code>pushExecutionArtifact</code>, and + * as each method exits the artifact calls <code>popExecutionArtifact</code>. + * Implementations of this interface will pass the current execution path + * to the Authorization Manager so the proper user permissions can be + * retrieved for the current artifact.</p> + * + * @see org.ofbiz.api.context.ExecutionArtifact + * @see org.ofbiz.api.context.GenericExecutionArtifact + */ public interface ExecutionContext { /** Returns an <code>AccessController</code> instance for this Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java Fri Aug 28 16:48:37 2009 @@ -25,13 +25,14 @@ import javolution.util.FastList; import javolution.util.FastMap; +import org.ofbiz.api.authorization.AccessController; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilProperties; /** Implementation of the ExecutionContext interface. */ public abstract class ExecutionContextImpl implements ExecutionContext { - public static final String module = ExecutionContextImpl.class.getName(); + public static final String module = ExecutionContextImpl.class.getName(); protected final FastList<ExecutionArtifact> artifactStack = FastList.newInstance(); protected String currencyUom = null; @@ -51,6 +52,16 @@ this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "executionContext.verbose")); } + @Override + protected void finalize() throws Throwable { + if (this.artifactStack.size() > 0) { + // This check is temporary - it will be removed when implementation is complete + Debug.logError(new Exception("finalize() called with a stack that is not empty"), module); + return; + } + super.finalize(); + } + public String getCurrencyUom() { return this.currencyUom; } @@ -63,7 +74,7 @@ StringBuilder sb = new StringBuilder("ofbiz"); for (ExecutionArtifact artifact : this.artifactStack) { sb.append("/"); - sb.append(artifact.getName()); + sb.append(artifact.getName() == null ? "null" : artifact.getName()); } return sb.toString(); } Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java Fri Aug 28 16:48:37 2009 @@ -18,7 +18,7 @@ *******************************************************************************/ package org.ofbiz.api.context; -/** A basic implementation of the ExecutionArtifact interface. */ +/** A basic implementation of the <code>ExecutionArtifact</code> interface. */ public class GenericExecutionArtifact implements ExecutionArtifact { protected final String location; Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java Fri Aug 28 16:48:37 2009 @@ -20,7 +20,22 @@ import java.util.Map; -/** ParametersArtifact interface. */ +/** ParametersArtifact interface. This interface extends + * <code>ExecutionArtifact</code> and adds the ability to + * contain a parameter <code>Map</code>.<p>The purpose of this + * class is to provide a way for the <code>ExecutionContext</code> + * to keep track of what parameters are the most recent. For + * example: Service A calls Service B. Service A has one set of + * parameters, and Service B has another set of parameters. During + * program execution, Service A creates a <code>ParametersArtifact</code> + * instance that contains the service's parameters, then pushes that + * instance on the <code>ExecutionContext</code> stack. When Service B + * is called, it does the same thing. When framework code needs to + * access the current parameters, it calls + * <code>ExecutionContext.getParameters()</code>. The <code>ExecutionContext</code> + * will search its stack for the first <code>ParametersArtifact</code> instance - + * starting at the top of the stack, and return that instance.</p> + */ public interface ParametersArtifact extends ExecutionArtifact { /** Modified: ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java (original) +++ ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java Fri Aug 28 16:48:37 2009 @@ -427,7 +427,11 @@ Map<String, Object> prepareResult = null; try { - prepareResult = dispatcher.runSync("prepareFind", UtilMisc.toMap("entityName", entityName, "orderBy", orderBy, "inputFields", inputFields, "filterByDate", filterByDate,"filterByDateValue", filterByDateValue, "userLogin", userLogin, "locale", context.get("locale"), "timeZone", context.get("timeZone"))); + prepareResult = dispatcher.runSync("prepareFind", UtilMisc.toMap("entityName", entityName, + "orderBy", orderBy, "inputFields", inputFields, "filterByDate", filterByDate, + "filterByDateValue", filterByDateValue, "userLogin", userLogin, + "locale", context.get("locale"), "timeZone", context.get("timeZone"), + "executionContext", context.get("executionContext"))); } catch (GenericServiceException gse) { return ServiceUtil.returnError("Error preparing conditions: " + gse.getMessage()); } @@ -436,7 +440,8 @@ Map<String, Object> executeResult = null; try { - executeResult = dispatcher.runSync("executeFind", UtilMisc.toMap("entityName", entityName, "orderByList", orderByList, "fieldList", fieldList, "entityConditionList", exprList, "noConditionFind", noConditionFind, "distinct", distinct, "locale", context.get("locale"), "timeZone", context.get("timeZone"))); + executeResult = dispatcher.runSync("executeFind", UtilMisc.toMap("entityName", entityName, "orderByList", orderByList, "fieldList", fieldList, "entityConditionList", exprList, "noConditionFind", noConditionFind, "distinct", distinct, "locale", context.get("locale"), "timeZone", context.get("timeZone"), + "executionContext", context.get("executionContext"))); } catch (GenericServiceException gse) { return ServiceUtil.returnError("Error finding iterator: " + gse.getMessage()); } Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java Fri Aug 28 16:48:37 2009 @@ -18,80 +18,117 @@ *******************************************************************************/ package org.ofbiz.context; -import static org.ofbiz.api.authorization.BasicPermissions.Admin; - import java.security.AccessControlException; import java.security.Permission; import java.util.List; import java.util.ListIterator; +import java.util.Map; + +import javolution.util.FastMap; import org.ofbiz.entity.AccessController; import org.ofbiz.base.util.Debug; -import org.ofbiz.base.util.UtilMisc; import org.ofbiz.base.util.UtilProperties; -import org.ofbiz.base.util.cache.UtilCache; import org.ofbiz.entity.util.EntityListIterator; +import org.ofbiz.service.DispatchContext; import org.ofbiz.service.ExecutionContext; +import org.ofbiz.service.LocalDispatcher; +import org.ofbiz.service.ModelService; public class AccessControllerImpl<E> implements AccessController<E> { public static final String module = AccessControllerImpl.class.getName(); - protected static UtilCache<String, Permission> userGroupPermCache = new UtilCache<String, Permission>("authorization.UserGroupPermissions"); - protected static UtilCache<String, Permission> userPermCache = new UtilCache<String, Permission>("authorization.UserPermissions"); + protected final ExecutionContext executionContext; - protected final String executionPath; - protected final Permission permission; + protected final OFBizPermission permission; + protected final PathNode node; // Temporary - will be removed later protected boolean verbose = false; - protected List<String> serviceNameList = UtilMisc.toList("securityRedesignTest"); + protected boolean disabled = false; - protected AccessControllerImpl(ExecutionContext executionContext, Permission permission) { + protected AccessControllerImpl(ExecutionContext executionContext, PathNode node) { this.executionContext = executionContext; - this.executionPath = executionContext.getExecutionPath(); - this.permission = permission; + this.node = node; + this.permission = new OFBizPermission(executionContext.getUserLogin().getString("userLoginId")); this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose")); + this.disabled = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.disabled")); } public void checkPermission(Permission permission) throws AccessControlException { if (this.verbose) { - Debug.logInfo("Checking permission: " + this.executionPath + "[" + permission + "]", module); + Debug.logInfo("Checking permission: " + this.executionContext.getExecutionPath() + "[" + permission + "]", module); } - if (!this.permission.implies(permission)) { - throw new AccessControlException(this.executionPath); + this.permission.reset(); + this.node.getPermissions(this.executionContext.getExecutionPath(), this.permission); + if (this.verbose) { + Debug.logInfo("Found permission(s): " + this.executionContext.getUserLogin().getString("userLoginId") + + "@" + this.executionContext.getExecutionPath() + "[" + this.permission + "]", module); } + if (this.disabled) { + return; + } + if (this.permission.implies(permission) && this.hasServicePermission()) { + return; + } + throw new AccessControlException(this.executionContext.getUserLogin().getString("userLoginId") + + "@" + this.executionContext.getExecutionPath() + "[" + permission + "]"); } public List<E> applyFilters(List<E> list) { - String upperPath = this.executionPath.toUpperCase(); - if (upperPath.startsWith("OFBIZ/EXAMPLE")) { - if (this.verbose) { - Debug.logInfo("Applying List filter \"securityRedesignTest\" for path " + this.executionPath, module); - } - return new SecurityAwareList<E>(list, this.serviceNameList, this.executionContext); + if (this.permission.getFilterNames().size() > 0) { + return new SecurityAwareList<E>(list, this.permission.getFilterNames(), this.executionContext); } return list; } public ListIterator<E> applyFilters(ListIterator<E> listIterator) { - String upperPath = this.executionPath.toUpperCase(); - if (upperPath.startsWith("OFBIZ/EXAMPLE")) { - if (this.verbose) { - Debug.logInfo("Applying ListIterator filter \"securityRedesignTest\" for path " + this.executionPath, module); - } - return new SecurityAwareListIterator<E>(listIterator, this.serviceNameList, this.executionContext); + if (this.permission.getFilterNames().size() > 0) { + return new SecurityAwareListIterator<E>(listIterator, this.permission.getFilterNames(), this.executionContext); } return listIterator; } public EntityListIterator applyFilters(EntityListIterator listIterator) { - String upperPath = this.executionPath.toUpperCase(); - if (upperPath.startsWith("OFBIZ/EXAMPLE")) { - if (this.verbose) { - Debug.logInfo("Applying EntityListIterator filter \"securityRedesignTest\" for path " + this.executionPath, module); - } + if (this.permission.getFilterNames().size() > 0) { // Commented out for now - causes problems with list pagination in UI // return new SecurityAwareEli(listIterator, this.serviceNameList, this.executionContext); } return listIterator; } + + protected boolean hasServicePermission() { + try { + if (this.permission.getServiceNames().size() == 0) { + return true; + } + LocalDispatcher dispatcher = this.executionContext.getDispatcher(); + DispatchContext ctx = dispatcher.getDispatchContext(); + Map<String, ? extends Object> params = this.executionContext.getParameters(); + for (String serviceName : this.permission.getServiceNames()) { + ModelService modelService = ctx.getModelService(serviceName); + Map<String, Object> context = FastMap.newInstance(); + if (params != null) { + context.putAll(params); + } + if (!context.containsKey("userLogin")) { + context.put("userLogin", this.executionContext.getUserLogin()); + } + if (!context.containsKey("locale")) { + context.put("locale", this.executionContext.getLocale()); + } + if (!context.containsKey("timeZone")) { + context.put("timeZone", this.executionContext.getTimeZone()); + } + context = modelService.makeValid(context, ModelService.IN_PARAM); + Map<String, Object> result = dispatcher.runSync(serviceName, context); + Boolean hasPermission = (Boolean) result.get("hasPermission"); + if (hasPermission != null && !hasPermission.booleanValue()) { + return false; + } + } + } catch (Exception e) { + Debug.logError(e, module); + } + return true; + } } Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java Fri Aug 28 16:48:37 2009 @@ -18,21 +18,22 @@ *******************************************************************************/ package org.ofbiz.context; -import static org.ofbiz.api.authorization.BasicPermissions.Admin; - import java.security.AccessControlException; import java.security.Permission; import java.util.List; -import java.util.ListIterator; +import org.ofbiz.api.authorization.BasicPermissions; import org.ofbiz.entity.AccessController; -import org.ofbiz.api.authorization.PermissionsIntersection; +import org.ofbiz.entity.GenericDelegator; +import org.ofbiz.entity.GenericEntityException; +import org.ofbiz.entity.GenericValue; +import org.ofbiz.entity.condition.EntityCondition; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilMisc; +import org.ofbiz.base.util.cache.UtilCache; import org.ofbiz.security.AuthorizationManager; import org.ofbiz.security.OFBizSecurity; import org.ofbiz.service.ExecutionContext; -import org.ofbiz.service.ServicePermission; /** * An implementation of the AuthorizationManager interface that uses the OFBiz database @@ -40,28 +41,17 @@ */ public class AuthorizationManagerImpl<E> extends OFBizSecurity implements AuthorizationManager { - // Right now this class is being used as a test jig for the various classes - // it will be working with. The actual implementation will occur once the - // entities are defined and in place. + // Right now this class implements permission checking only. public static final String module = AuthorizationManagerImpl.class.getName(); - - protected Permission testPermission = null; - protected Permission getTestPermission(ExecutionContext executionContext) { - if (this.testPermission == null) { - // Build test permissions - this.testPermission = new PermissionsIntersection("TestPermissions", - UtilMisc.toList(new ServicePermission("securityRedesignTest", executionContext), - Admin)); - } - return this.testPermission; - } + protected static final UtilCache<String, PathNode> userPermCache = new UtilCache<String, PathNode>("authorization.UserPermissions"); + public static final AccessController<?> nullAccessController = new NullAccessController(); + protected static boolean underConstruction = false; public AuthorizationManagerImpl() { } - public void assignGroupPermission(String userGroupId, String artifactId, - Permission permission) { + public void assignGroupPermission(String userGroupId, String artifactId, Permission permission) { // TODO Auto-generated method stub } @@ -71,8 +61,7 @@ } - public void assignUserPermission(String userLoginId, String artifactId, - Permission permission) { + public void assignUserPermission(String userLoginId, String artifactId, Permission permission) { // TODO Auto-generated method stub } @@ -97,8 +86,7 @@ } - public void deleteGroupPermission(String userGroupId, String artifactId, - Permission permission) { + public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission) { // TODO Auto-generated method stub } @@ -118,8 +106,7 @@ } - public void deleteUserPermission(String userLoginId, String artifactId, - Permission permission) { + public void deleteUserPermission(String userLoginId, String artifactId, Permission permission) { // TODO Auto-generated method stub } @@ -134,8 +121,91 @@ } - public AccessController<E> getAccessController(org.ofbiz.api.context.ExecutionContext executionContext) { - return new AccessControllerImpl<E>((ExecutionContext) executionContext, this.getTestPermission((ExecutionContext) executionContext)); - } + @SuppressWarnings("unchecked") + public AccessController<?> getAccessController(org.ofbiz.api.context.ExecutionContext executionContext) throws AccessControlException { + String userLoginId = ((ExecutionContext) executionContext).getUserLogin().getString("userLoginId"); + PathNode node = userPermCache.get(userLoginId); + if (node == null) { + synchronized (userPermCache) { + if (underConstruction) { + return nullAccessController; + } + node = userPermCache.get(userLoginId); + if (node == null) { + node = getUserPermissionsNode((ExecutionContext) executionContext); + userPermCache.put(userLoginId, node); + } + } + } + return new AccessControllerImpl((ExecutionContext) executionContext, node); + } + + @SuppressWarnings("unchecked") + protected static PathNode getUserPermissionsNode(ExecutionContext executionContext) throws AccessControlException { + underConstruction = true; + // Set up the ExecutionContext for unrestricted access to security-aware artifacts + ExecutionContext localContext = (ExecutionContext) executionContext; + AuthorizationManager originalSecurity = localContext.getSecurity(); + localContext.setSecurity(new NullAuthorizationManager()); + String userLoginId = executionContext.getUserLogin().getString("userLoginId"); + GenericDelegator delegator = executionContext.getDelegator(); + PathNode node = new PathNode(); + try { + // Process group membership permissions first + List<GenericValue> groupMemberships = delegator.findList("UserToUserGroupRelationship", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false); + for (GenericValue userGroup : groupMemberships) { + processGroupPermissions(userGroup.getString("groupId"), node, delegator); + } + // Process user permissions last + List<GenericValue> permissionValues = delegator.findList("UserToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false); + setPermissions(userLoginId, node, permissionValues); + } catch (GenericEntityException e) { + throw new AccessControlException(e.getMessage()); + } finally { + localContext.setSecurity(originalSecurity); + underConstruction = false; + } + return node; + } + + protected static void processGroupPermissions(String groupId, PathNode node, GenericDelegator delegator) throws AccessControlException { + try { + // Process this group's memberships first + List<GenericValue> parentGroups = delegator.findList("UserGroupRelationship", EntityCondition.makeCondition(UtilMisc.toMap("toGroupId", groupId)), null, null, null, false); + for (GenericValue parentGroup : parentGroups) { + processGroupPermissions(parentGroup.getString("fromGroupId"), node, delegator); + } + // Process this group's permissions + List<GenericValue> permissionValues = delegator.findList("UserGroupToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("groupId", groupId)), null, null, null, false); + setPermissions(groupId, node, permissionValues); + } catch (GenericEntityException e) { + throw new AccessControlException(e.getMessage()); + } + } + + protected static void setPermissions(String id, PathNode node, List<GenericValue> permissionValues) { + for (GenericValue value : permissionValues) { + String artifactPath = value.getString("artifactPath"); + OFBizPermission target = new OFBizPermission(id + "@" + artifactPath); + String[] pair = value.getString("permissionValue").split("="); + if ("filter".equalsIgnoreCase(pair[0])) { + target.filters.add(pair[1]); + } else if ("service".equalsIgnoreCase(pair[0])) { + target.services.add(pair[1]); + } else { + Permission permission = BasicPermissions.ConversionMap.get(pair[0].toUpperCase()); + if (permission != null) { + if ("true".equalsIgnoreCase(pair[1])) { + target.includePermissions.getPermissionsSet().add(permission); + } else { + target.excludePermissions.getPermissionsSet().add(permission); + } + } else { + throw new AccessControlException("Invalid permission: " + pair[0]); + } + } + node.setPermissions(artifactPath, target); + } + } } Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java Fri Aug 28 16:48:37 2009 @@ -37,6 +37,7 @@ /** ExecutionContext implementation. */ public class ExecutionContextImpl extends org.ofbiz.api.context.ExecutionContextImpl implements ExecutionContext { + public static final String module = ExecutionContextImpl.class.getName(); protected GenericDelegator delegator = null; protected LocalDispatcher dispatcher = null; protected AuthorizationManager security = null; @@ -74,6 +75,10 @@ } catch (GenericEntityException e) { Debug.logError(e, "Error while getting NOT_LOGGED_IN user: ", module); } + if (this.userLogin == null) { + this.userLogin = localDelegator.makeValue("UserLogin"); + this.userLogin.set("userLoginId", "NOT_LOGGED_IN"); + } } return this.userLogin; } @@ -113,6 +118,6 @@ } public AccessController<?> getAccessController() { - return (AccessController<?>) this.getSecurity().getAccessController(this); + return (AccessController<?>) this.getSecurity().getAccessController(this); } } Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java?rev=808951&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java (added) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java Fri Aug 28 16:48:37 2009 @@ -0,0 +1,44 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import java.security.AccessControlException; +import java.security.Permission; +import java.util.List; +import java.util.ListIterator; + +import org.ofbiz.entity.AccessController; +import org.ofbiz.entity.util.EntityListIterator; + +public class NullAccessController<E> implements AccessController<E> { + + public EntityListIterator applyFilters(EntityListIterator listIterator) { + return listIterator; + } + + public List<E> applyFilters(List<E> list) { + return list; + } + + public ListIterator<E> applyFilters(ListIterator<E> list) { + return list; + } + + public void checkPermission(Permission permission) throws AccessControlException {} +} Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java?rev=808951&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java (added) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java Fri Aug 28 16:48:37 2009 @@ -0,0 +1,163 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import java.security.AccessControlException; +import java.security.Permission; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpSession; + +import org.ofbiz.entity.GenericDelegator; +import org.ofbiz.entity.GenericValue; +import org.ofbiz.security.AuthorizationManager; + +/** An implementation of <code>AuthorizationManager</code> that allows + * unrestricted access to all security-aware artifacts. This class + * is intended to be used in situations where user permissions are + * not available or accessible (the initial data load for example). + * <p>Extreme care should be taken when using this class so that + * security holes are not introduced. A recommended strategy is:<br><br> + * <ul> + * <li>Save the current <code>AuthorizationManager</code> instance in + * a local variable - using <code>ExecutionContext.getSecurity()</code>.</li> + * <li>Call <code>ExecutionContext.setSecurity(...)</code> with a + * <code>NullAuthorizationManager</code> instance.</li> + * <li>Perform the unrestricted tasks.</li> + * <li>Restore the original <code>AuthorizationManager</code> by + * calling <code>ExecutionContext.setSecurity(...)</code> with the + * saved <code>AuthorizationManager</code> instance.</li> + * </ul></p> + * + * @param <E> + */ +public class NullAuthorizationManager<E> implements AuthorizationManager { + + public void assignGroupPermission(String userGroupId, String artifactId, + Permission permission) { + } + + public void assignGroupToGroup(String childGroupId, String parentGroupId) { + } + + public void assignUserPermission(String userLoginId, String artifactId, + Permission permission) { + } + + public void assignUserToGroup(String userLoginId, String userGroupId) { + } + + public void createUser(String userLoginId, String password) { + } + + public String createUserGroup(String description) { + return null; + } + + public void deleteGroupFromGroup(String childGroupId, String parentGroupId) { + } + + public void deleteGroupPermission(String userGroupId, String artifactId, + Permission permission) { + } + + public void deleteUser(String userLoginId) { + } + + public void deleteUserFromGroup(String userLoginId, String userGroupId) { + } + + public void deleteUserGroup(String userGroupId) { + } + + public void deleteUserPermission(String userLoginId, String artifactId, + Permission permission) { + } + + public void updateUser(String userLoginId, String password) { + } + + public void updateUserGroup(String userGroupId, String description) { + } + + public org.ofbiz.api.authorization.AccessController getAccessController( + org.ofbiz.api.context.ExecutionContext executionContext) + throws AccessControlException { + return AuthorizationManagerImpl.nullAccessController; + } + + public void clearUserData(GenericValue userLogin) { + } + + public Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId( + String userLoginId) { + return null; + } + + public GenericDelegator getDelegator() { + return null; + } + + public boolean hasEntityPermission(String entity, String action, + HttpSession session) { + return true; + } + + public boolean hasEntityPermission(String entity, String action, + GenericValue userLogin) { + return true; + } + + public boolean hasPermission(String permission, HttpSession session) { + return true; + } + + public boolean hasPermission(String permission, GenericValue userLogin) { + return true; + } + + public boolean hasRolePermission(String application, String action, + String primaryKey, String role, HttpSession session) { + return true; + } + + public boolean hasRolePermission(String application, String action, + String primaryKey, String role, GenericValue userLogin) { + return true; + } + + public boolean hasRolePermission(String application, String action, + String primaryKey, List<String> roles, GenericValue userLogin) { + return true; + } + + public boolean hasRolePermission(String application, String action, + String primaryKey, List<String> roles, HttpSession session) { + return true; + } + + public boolean securityGroupPermissionExists(String groupId, + String permission) { + return true; + } + + public void setDelegator(GenericDelegator delegator) { + } +} Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java?rev=808951&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java (added) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java Fri Aug 28 16:48:37 2009 @@ -0,0 +1,140 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import static org.ofbiz.api.authorization.BasicPermissions.*; + +import java.security.Permission; +import java.util.Set; + +import javolution.util.FastSet; + +import org.ofbiz.api.authorization.PermissionsUnion; + +/** OFBizPermission class. + * <p>This class enforces the security-aware artifact permission + * checking rules:<br> + * <ul> + * <li>If the permissions list contains the specified permission, + * then access is granted</li> + * <li>If services are specified, and all services return + * <code>hasPermission=true</code>, then access is granted</li> + * <li>The class contains a list of filters that can be used + * by filter implementations</li> + * </ul></p> + * + */ +@SuppressWarnings("serial") +public class OFBizPermission extends Permission { + + protected Permission adminPermission = null; + protected final PermissionsUnion includePermissions; + protected final PermissionsUnion excludePermissions; + protected final Set<String> filters = FastSet.newInstance(); + protected final Set<String> services = FastSet.newInstance(); + + public OFBizPermission(String name) { + super(name); + this.includePermissions = new PermissionsUnion(name); + this.excludePermissions = new PermissionsUnion(name); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + OFBizPermission that = (OFBizPermission) obj; + return this.getName().equals(that.getName()); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return this.getName().hashCode(); + } + + @Override + public boolean implies(Permission permission) { + if (this.adminPermission != null) { + return this.adminPermission.implies(permission); + } + return this.includePermissions.implies(permission) && !this.excludePermissions.implies(permission); + } + + public Set<String> getFilterNames() { + return this.filters; + } + + public Set<String> getServiceNames() { + return this.services; + } + + public void accumulatePermissions(OFBizPermission permission) { + if (permission == null || this.adminPermission != null) { + return; + } + if (permission.includePermissions.getPermissionsSet().contains(Admin)) { + this.adminPermission = Admin; + return; + } + this.includePermissions.getPermissionsSet().removeAll(permission.excludePermissions.getPermissionsSet()); + this.excludePermissions.getPermissionsSet().removeAll(permission.includePermissions.getPermissionsSet()); + this.includePermissions.getPermissionsSet().addAll(permission.includePermissions.getPermissionsSet()); + this.excludePermissions.getPermissionsSet().addAll(permission.excludePermissions.getPermissionsSet()); + this.filters.addAll(permission.filters); + this.services.addAll(permission.services); + } + + public void reset() { + this.adminPermission = null; + this.includePermissions.getPermissionsSet().clear(); + this.excludePermissions.getPermissionsSet().clear(); + this.filters.clear(); + this.services.clear(); + } + + @Override + public String toString() { + if (this.adminPermission != null) { + return this.adminPermission.toString(); + } + StringBuilder sb = new StringBuilder(); + sb.append(this.includePermissions); + sb.append(" "); + sb.append(this.excludePermissions); + for (String filter : this.filters) { + sb.append(" filter="); + sb.append(filter); + } + for (String service : this.services) { + sb.append(" service="); + sb.append(service); + } + return sb.toString().trim(); + } + +} Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java?rev=808951&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java (added) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java Fri Aug 28 16:48:37 2009 @@ -0,0 +1,66 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import java.util.Map; + +import javolution.util.FastMap; + +public class PathNode { + + protected Map<String, PathNode> childNodes = null; + protected OFBizPermission permission = null; + + public void setPermissions(String artifactPath, OFBizPermission permission) { + int pos = artifactPath.indexOf("/"); + if (pos == -1) { + if (this.permission == null) { + this.permission = permission; + } else { + this.permission.accumulatePermissions(permission); + } + return; + } + String key = artifactPath.substring(0, pos - 1).toUpperCase(); + if (this.childNodes == null) { + this.childNodes = FastMap.newInstance(); + } + PathNode node = this.childNodes.get(key); + if (node == null) { + node = new PathNode(); + this.childNodes.put(key, node); + } + node.setPermissions(artifactPath.substring(pos + 1), permission); + } + + public void getPermissions(String artifactPath, OFBizPermission permission) { + permission.accumulatePermissions(this.permission); + int pos = artifactPath.indexOf("/"); + if (pos == -1) { + return; + } + String key = artifactPath.substring(0, pos - 1).toUpperCase(); + if (this.childNodes != null) { + PathNode node = this.childNodes.get(key); + if (node != null) { + node.getPermissions(artifactPath, permission); + } + } + } +} Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java Fri Aug 28 16:48:37 2009 @@ -19,6 +19,7 @@ package org.ofbiz.context; import java.util.List; +import java.util.Set; import javolution.util.FastList; @@ -44,7 +45,7 @@ protected final EntityListIterator listIterator; protected GenericValue previousValue = null; - public SecurityAwareEli(EntityListIterator iterator, List<String> serviceNameList, ExecutionContext executionContext) { + public SecurityAwareEli(EntityListIterator iterator, Set<String> serviceNameList, ExecutionContext executionContext) { super(iterator, serviceNameList, executionContext); this.listIterator = iterator; } Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java Fri Aug 28 16:48:37 2009 @@ -19,7 +19,7 @@ package org.ofbiz.context; import java.util.Iterator; -import java.util.List; +import java.util.Set; import java.util.Map; import javolution.util.FastMap; @@ -44,11 +44,11 @@ public static final String module = SecurityAwareIterator.class.getName(); protected final Iterator<E> iterator; - protected final List<String> serviceNameList; + protected final Set<String> serviceNameList; protected final ExecutionContext executionContext; protected E nextValue = null; - public SecurityAwareIterator(Iterator<E> iterator, List<String> serviceNameList, ExecutionContext executionContext) { + public SecurityAwareIterator(Iterator<E> iterator, Set<String> serviceNameList, ExecutionContext executionContext) { this.iterator = iterator; this.serviceNameList = serviceNameList; this.executionContext = executionContext; Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java Fri Aug 28 16:48:37 2009 @@ -22,6 +22,7 @@ import java.util.Iterator; import java.util.List; import java.util.ListIterator; +import java.util.Set; import org.ofbiz.service.ExecutionContext; @@ -32,10 +33,10 @@ public class SecurityAwareList<E> extends ArrayList<E> implements List<E> { protected final static String module = SecurityAwareList.class.getName(); - protected final List<String> serviceNameList; + protected final Set<String> serviceNameList; protected final ExecutionContext executionContext; - public SecurityAwareList(List<E> valueList, List<String> serviceNameList, ExecutionContext executionContext) { + public SecurityAwareList(List<E> valueList, Set<String> serviceNameList, ExecutionContext executionContext) { super(valueList.size()); this.addAll(valueList); this.trimToSize(); Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java Fri Aug 28 16:48:37 2009 @@ -20,6 +20,7 @@ import java.util.List; import java.util.ListIterator; +import java.util.Set; import org.ofbiz.service.ExecutionContext; @@ -40,7 +41,7 @@ protected E previousValue = null; protected int index = 0; - public SecurityAwareListIterator(ListIterator<E> iterator, List<String> serviceNameList, ExecutionContext executionContext) { + public SecurityAwareListIterator(ListIterator<E> iterator, Set<String> serviceNameList, ExecutionContext executionContext) { super(iterator, serviceNameList, executionContext); this.listIterator = iterator; } Modified: ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java (original) +++ ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java Fri Aug 28 16:48:37 2009 @@ -28,6 +28,16 @@ */ public interface AccessController<E> extends org.ofbiz.api.authorization.AccessController<E> { + /** Applies permission filters to an <code>EntityListIterator</code>. The + * returned <code>EntityListIterator</code> is security-aware, so methods + * that return a <code>GenericValue</code> will return only the + * values the user has permission to access. + * + * @param list The <code>EntityListIterator</code> to apply filters to + * @return A security-aware <code>EntityListIterator</code> if filters + * were specified for the current artifact, or the original + * <code>EntityListIterator</code> otherwise + */ public EntityListIterator applyFilters(EntityListIterator listIterator); } Modified: ofbiz/branches/executioncontext20090812/framework/entityext/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entityext/build.xml?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/entityext/build.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/entityext/build.xml Fri Aug 28 16:48:37 2009 @@ -39,6 +39,7 @@ <fileset dir="../security/build/lib" includes="*.jar"/> <fileset dir="../service/lib" includes="*.jar"/> <fileset dir="../service/build/lib" includes="*.jar"/> + <fileset dir="../context/build/lib" includes="*.jar"/> </path> <!-- ================================================================== --> Modified: ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java (original) +++ ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java Fri Aug 28 16:48:37 2009 @@ -35,6 +35,9 @@ import org.ofbiz.base.util.StringUtil; import org.ofbiz.base.util.UtilURL; import org.ofbiz.base.util.UtilValidate; +import org.ofbiz.context.AuthorizationManagerImpl; +import org.ofbiz.context.ExecutionContextImpl; +import org.ofbiz.entity.AccessController; import org.ofbiz.entity.DelegatorFactory; import org.ofbiz.entity.GenericDelegator; import org.ofbiz.entity.GenericEntityException; @@ -225,7 +228,7 @@ String delegatorNameToUse = overrideDelegator != null ? overrideDelegator : delegatorName; String groupNameToUse = overrideGroup != null ? overrideGroup : entityGroupName; - GenericDelegator delegator = DelegatorFactory.getGenericDelegator(delegatorNameToUse); + GenericDelegator delegator = DelegatorFactory.getGenericDelegator(delegatorNameToUse, new LoaderExecutionContext()); if (delegator == null) { throw new ContainerException("Invalid delegator name!"); } @@ -470,4 +473,12 @@ */ public void stop() throws ContainerException { } + + // TODO: Find an implementation-agnostic way to do this + protected static class LoaderExecutionContext extends ExecutionContextImpl { + @Override + public AccessController<?> getAccessController() { + return AuthorizationManagerImpl.nullAccessController; + } + } } Modified: ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml Fri Aug 28 16:48:37 2009 @@ -35,6 +35,13 @@ <ArtifactPath artifactPath="ofbiz/example" description="Example Application"/> <ArtifactPath artifactPath="ofbiz/exampleext" description="Extended Example Application"/> + <!-- Data needed to get users logged in --> + <ArtifactPath artifactPath="ofbiz/example/getUserPreferenceGroup" description="Example Application - getUserPreferenceGroup service"/> + <ArtifactPath artifactPath="ofbiz/example/login" description="Example Application - Login screen"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/getUserPreferenceGroup" permissionValue="access=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="access=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="view=true"/> + <!-- Data needed for the transition to security-aware artifacts. As each webapp is converted over to the new security design, the corresponding admin permission should be removed. --> Modified: ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java (original) +++ ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java Fri Aug 28 16:48:37 2009 @@ -101,7 +101,15 @@ methodContext.setErrorReturn(errMsg, simpleMethod); return false; } + Map<String, Object> originalParams = methodContext.getParameters(); for (ModelParam modelParam: modelService.getInModelParamList()) { + if (modelParam.internal) { + // Copy internal parameters + Object value = originalParams.get(modelParam.name); + if (value != null) { + toMap.put(modelParam.name, value); + } + } if (fromMap.containsKey(modelParam.name)) { Object value = fromMap.get(modelParam.name); Modified: ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml Fri Aug 28 16:48:37 2009 @@ -61,6 +61,7 @@ <UserLogin userLoginId="NOT_LOGGED_IN" enabled="N" isSystem="N"/> <UserGroup groupId="OFBIZ_USERS" description="All OFBiz users"/> <ArtifactPath artifactPath="ofbiz" description="The artifact path root"/> + <ArtifactPermission permissionValue="access=true" description="Access granted"/> <ArtifactPermission permissionValue="admin=true" description="Admin access granted"/> <ArtifactPermission permissionValue="create=true" description="Create access granted"/> <ArtifactPermission permissionValue="create=false" description="Create access denied"/> @@ -71,5 +72,9 @@ <ArtifactPermission permissionValue="view=true" description="View access granted"/> <ArtifactPermission permissionValue="view=false" description="View access denied"/> <UserToArtifactPermRel userLoginId="system" artifactPath="ofbiz" permissionValue="admin=true"/> + <ArtifactPath artifactPath="ofbiz/getUserPreferenceGroup" description="The getUserPreferenceGroup service"/> + <ArtifactPath artifactPath="ofbiz/getVisualThemeResources" description="The getVisualThemeResources service"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/getUserPreferenceGroup" permissionValue="access=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/getVisualThemeResources" permissionValue="access=true"/> </entity-engine-xml> Modified: ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml?rev=808951&r1=808950&r2=808951&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml Fri Aug 28 16:48:37 2009 @@ -344,7 +344,7 @@ <field name="groupId" type="id-ne"/> <field name="artifactPath" type="id-vlong-ne"/> <field name="permissionValue" type="id-long-ne"/> - <prim-key field="userLoginId"/> + <prim-key field="groupId"/> <prim-key field="artifactPath"/> <prim-key field="permissionValue"/> <relation type="one" fk-name="UGAP_USER_GROUP" rel-entity-name="UserGroup"> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |