svn commit: r930536 - in /ofbiz/trunk/framework/service: dtd/services.xsd src/org/ofbiz/service/ModelPermission.java src/org/ofbiz/service/ModelServiceReader.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r930536 - in /ofbiz/trunk/framework/service: dtd/services.xsd src/org/ofbiz/service/ModelPermission.java src/org/ofbiz/service/ModelServiceReader.java

mor-2
Author: mor
Date: Sat Apr  3 16:07:18 2010
New Revision: 930536

URL: http://svn.apache.org/viewvc?rev=930536&view=rev
Log:
Extending the <required-permissions> tag in service model such that it can contain one or more occurrence of <permission-service> tag.
This is helpful when there is a need to check more then one permission using a permission service.

Applied framework only part from my patch from jira issue OFBIZ-3632 (https://issues.apache.org/jira/browse/OFBIZ-3632)


Modified:
    ofbiz/trunk/framework/service/dtd/services.xsd
    ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java
    ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java

Modified: ofbiz/trunk/framework/service/dtd/services.xsd
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/dtd/services.xsd?rev=930536&r1=930535&r2=930536&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/dtd/services.xsd (original)
+++ ofbiz/trunk/framework/service/dtd/services.xsd Sat Apr  3 16:07:18 2010
@@ -188,6 +188,7 @@ under the License.
             <xs:sequence>
                 <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-permission"/>
                 <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-role-member"/>
+                <xs:element minOccurs="0" maxOccurs="unbounded" ref="permission-service"/>
             </xs:sequence>
             <xs:attributeGroup ref="attlist.required-permissions"/>
         </xs:complexType>

Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java?rev=930536&r1=930535&r2=930536&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java Sat Apr  3 16:07:18 2010
@@ -40,11 +40,15 @@ public class ModelPermission implements
     public static final int PERMISSION = 1;
     public static final int ENTITY_PERMISSION = 2;
     public static final int ROLE_MEMBER = 3;
+    public static final int PERMISSION_SERVICE = 4;
 
     public ModelService serviceModel = null;
     public int permissionType = 0;
     public String nameOrRole = null;
     public String action = null;
+    public String permissionServiceName = null;
+    public String permissionResourceDesc = null;
+    public Boolean auth;
     public String clazz = null;
 
     public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) {
@@ -62,6 +66,8 @@ public class ModelPermission implements
                 return evalEntityPermission(security, userLogin);
             case ROLE_MEMBER:
                 return evalRoleMember(userLogin);
+            case PERMISSION_SERVICE:
+                return evalPermissionService(serviceModel, dctx, context);
             default:
                 Debug.logWarning("Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module);
                 return false;
@@ -110,4 +116,47 @@ public class ModelPermission implements
         }
         return false;
     }
-}
+
+    private boolean evalPermissionService(ModelService origService, DispatchContext dctx, Map<String, ? extends Object> context) {
+        ModelService permission;
+        if (permissionServiceName == null) {
+            Debug.logWarning("No ModelService found; no service name specified!", module);
+            return false;
+        }
+        try {
+            permission = dctx.getModelService(permissionServiceName);
+        } catch (GenericServiceException e) {
+            Debug.logError(e, "Failed to get ModelService: " + e.toString(), module);
+            return false;
+        }
+        if (permission == null) {
+            Debug.logError("No ModelService found with the name [" + permissionServiceName + "]", module);
+            return false;
+        }
+        permission.auth = true;
+        Map<String, Object> ctx = permission.makeValid(context, ModelService.IN_PARAM);
+        if (UtilValidate.isNotEmpty(action)) {
+            ctx.put("mainAction", action);
+        }
+        if (UtilValidate.isNotEmpty(permissionResourceDesc)) {
+            ctx.put("resourceDescription", permissionResourceDesc);
+        } else if (origService != null) {
+            ctx.put("resourceDescription", origService.name);
+        }
+        LocalDispatcher dispatcher = dctx.getDispatcher();
+        Map<String, Object> resp;
+        String failMessage = null;
+        try {
+            resp = dispatcher.runSync(permission.name,  ctx, 300, true);
+            failMessage = (String) resp.get("failMessage");
+        } catch (GenericServiceException e) {
+            Debug.logError(failMessage + e.getMessage(), module);
+            return false;
+        }
+        if (ServiceUtil.isError(resp) || ServiceUtil.isFailure(resp)) {
+            Debug.logError(failMessage, module);
+            return false;
+        }
+        return ((Boolean) resp.get("hasPermission")).booleanValue();
+    }
+}
\ No newline at end of file

Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java?rev=930536&r1=930535&r2=930536&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java Sat Apr  3 16:07:18 2010
@@ -394,6 +394,19 @@ public class ModelServiceReader implemen
             perm.serviceModel = service;
             group.permissions.add(perm);
         }
+        // Create the permissions based on permission services
+        for (Element element : UtilXml.childElementList(baseElement, "permission-service")) {
+            ModelPermission perm = new ModelPermission();
+            if (baseElement != null) {
+                perm.permissionType = ModelPermission.PERMISSION_SERVICE;
+                perm.permissionServiceName = element.getAttribute("service-name");
+                perm.action = element.getAttribute("main-action");
+                perm.permissionResourceDesc = element.getAttribute("resource-description");
+                perm.auth = true; // auth is always required when permissions are set
+                perm.serviceModel = service;
+                group.permissions.add(perm);
+            }
+        }
     }
 
     private void createGroupDefs(Element baseElement, ModelService service) {