Author: mor
Date: Sat Apr 3 16:07:18 2010 New Revision: 930536 URL: http://svn.apache.org/viewvc?rev=930536&view=rev Log: Extending the <required-permissions> tag in service model such that it can contain one or more occurrence of <permission-service> tag. This is helpful when there is a need to check more then one permission using a permission service. Applied framework only part from my patch from jira issue OFBIZ-3632 (https://issues.apache.org/jira/browse/OFBIZ-3632) Modified: ofbiz/trunk/framework/service/dtd/services.xsd ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java Modified: ofbiz/trunk/framework/service/dtd/services.xsd URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/dtd/services.xsd?rev=930536&r1=930535&r2=930536&view=diff ============================================================================== --- ofbiz/trunk/framework/service/dtd/services.xsd (original) +++ ofbiz/trunk/framework/service/dtd/services.xsd Sat Apr 3 16:07:18 2010 @@ -188,6 +188,7 @@ under the License. <xs:sequence> <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-permission"/> <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-role-member"/> + <xs:element minOccurs="0" maxOccurs="unbounded" ref="permission-service"/> </xs:sequence> <xs:attributeGroup ref="attlist.required-permissions"/> </xs:complexType> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java?rev=930536&r1=930535&r2=930536&view=diff ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java Sat Apr 3 16:07:18 2010 @@ -40,11 +40,15 @@ public class ModelPermission implements public static final int PERMISSION = 1; public static final int ENTITY_PERMISSION = 2; public static final int ROLE_MEMBER = 3; + public static final int PERMISSION_SERVICE = 4; public ModelService serviceModel = null; public int permissionType = 0; public String nameOrRole = null; public String action = null; + public String permissionServiceName = null; + public String permissionResourceDesc = null; + public Boolean auth; public String clazz = null; public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) { @@ -62,6 +66,8 @@ public class ModelPermission implements return evalEntityPermission(security, userLogin); case ROLE_MEMBER: return evalRoleMember(userLogin); + case PERMISSION_SERVICE: + return evalPermissionService(serviceModel, dctx, context); default: Debug.logWarning("Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module); return false; @@ -110,4 +116,47 @@ public class ModelPermission implements } return false; } -} + + private boolean evalPermissionService(ModelService origService, DispatchContext dctx, Map<String, ? extends Object> context) { + ModelService permission; + if (permissionServiceName == null) { + Debug.logWarning("No ModelService found; no service name specified!", module); + return false; + } + try { + permission = dctx.getModelService(permissionServiceName); + } catch (GenericServiceException e) { + Debug.logError(e, "Failed to get ModelService: " + e.toString(), module); + return false; + } + if (permission == null) { + Debug.logError("No ModelService found with the name [" + permissionServiceName + "]", module); + return false; + } + permission.auth = true; + Map<String, Object> ctx = permission.makeValid(context, ModelService.IN_PARAM); + if (UtilValidate.isNotEmpty(action)) { + ctx.put("mainAction", action); + } + if (UtilValidate.isNotEmpty(permissionResourceDesc)) { + ctx.put("resourceDescription", permissionResourceDesc); + } else if (origService != null) { + ctx.put("resourceDescription", origService.name); + } + LocalDispatcher dispatcher = dctx.getDispatcher(); + Map<String, Object> resp; + String failMessage = null; + try { + resp = dispatcher.runSync(permission.name, ctx, 300, true); + failMessage = (String) resp.get("failMessage"); + } catch (GenericServiceException e) { + Debug.logError(failMessage + e.getMessage(), module); + return false; + } + if (ServiceUtil.isError(resp) || ServiceUtil.isFailure(resp)) { + Debug.logError(failMessage, module); + return false; + } + return ((Boolean) resp.get("hasPermission")).booleanValue(); + } +} \ No newline at end of file Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java?rev=930536&r1=930535&r2=930536&view=diff ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java Sat Apr 3 16:07:18 2010 @@ -394,6 +394,19 @@ public class ModelServiceReader implemen perm.serviceModel = service; group.permissions.add(perm); } + // Create the permissions based on permission services + for (Element element : UtilXml.childElementList(baseElement, "permission-service")) { + ModelPermission perm = new ModelPermission(); + if (baseElement != null) { + perm.permissionType = ModelPermission.PERMISSION_SERVICE; + perm.permissionServiceName = element.getAttribute("service-name"); + perm.action = element.getAttribute("main-action"); + perm.permissionResourceDesc = element.getAttribute("resource-description"); + perm.auth = true; // auth is always required when permissions are set + perm.serviceModel = service; + group.permissions.add(perm); + } + } } private void createGroupDefs(Element baseElement, ModelService service) { |
Free forum by Nabble | Edit this page |