Fixed name
This commit is contained in:
parent
7efdf5cf91
commit
a7c89cded0
|
@ -55,7 +55,7 @@ public class ContextUtility {
|
||||||
contexts = new HashMap<>();
|
contexts = new HashMap<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final InheritableThreadLocal<Boolean> hierarchicMode = new InheritableThreadLocal<Boolean>() {
|
private static final InheritableThreadLocal<Boolean> hierarchicalMode = new InheritableThreadLocal<Boolean>() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Boolean initialValue() {
|
protected Boolean initialValue() {
|
||||||
|
@ -64,8 +64,8 @@ public class ContextUtility {
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
public static InheritableThreadLocal<Boolean> getHierarchicMode() {
|
public static InheritableThreadLocal<Boolean> getHierarchicalMode() {
|
||||||
return hierarchicMode;
|
return hierarchicalMode;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String getCurrentContextFullName() {
|
private static String getCurrentContextFullName() {
|
||||||
|
|
|
@ -45,9 +45,12 @@ public class SecurityContext {
|
||||||
protected static final String DEFAULT_WRITER_ROLE = "writer";
|
protected static final String DEFAULT_WRITER_ROLE = "writer";
|
||||||
protected static final String DEFAULT_READER_ROLE = "reader";
|
protected static final String DEFAULT_READER_ROLE = "reader";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* H stand for Hierarchical
|
||||||
|
*/
|
||||||
public static final String H = "H";
|
public static final String H = "H";
|
||||||
|
|
||||||
protected final boolean hierarchic;
|
protected final boolean hierarchical;
|
||||||
|
|
||||||
public enum SecurityType {
|
public enum SecurityType {
|
||||||
ROLE("Role"), USER("User");
|
ROLE("Role"), USER("User");
|
||||||
|
@ -85,8 +88,8 @@ public class SecurityContext {
|
||||||
|
|
||||||
protected Set<SecurityContext> children;
|
protected Set<SecurityContext> children;
|
||||||
|
|
||||||
protected boolean isHierarchicMode() {
|
protected boolean isHierarchicalMode() {
|
||||||
return hierarchic && ContextUtility.getHierarchicMode().get();
|
return hierarchical && ContextUtility.getHierarchicalMode().get();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setParentSecurityContext(SecurityContext parentSecurityContext) {
|
public void setParentSecurityContext(SecurityContext parentSecurityContext) {
|
||||||
|
@ -151,7 +154,7 @@ public class SecurityContext {
|
||||||
* @throws ResourceRegistryException
|
* @throws ResourceRegistryException
|
||||||
*/
|
*/
|
||||||
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, ODatabaseDocument orientGraph) throws ResourceRegistryException {
|
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, ODatabaseDocument orientGraph) throws ResourceRegistryException {
|
||||||
if(!hierarchic) {
|
if(!hierarchical) {
|
||||||
StringBuilder errorMessage = new StringBuilder();
|
StringBuilder errorMessage = new StringBuilder();
|
||||||
errorMessage.append("Cannot change parent ");
|
errorMessage.append("Cannot change parent ");
|
||||||
errorMessage.append(SecurityContext.class.getSimpleName());
|
errorMessage.append(SecurityContext.class.getSimpleName());
|
||||||
|
@ -195,16 +198,16 @@ public class SecurityContext {
|
||||||
ORole role = oSecurity.getRole(roleName);
|
ORole role = oSecurity.getRole(roleName);
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
}
|
}
|
||||||
newParentSecurityContext.addHierarchicRoleToParent(oSecurity, permissionMode, roles.toArray(new ORole[allChildren.size()]));
|
newParentSecurityContext.addHierarchicalRoleToParent(oSecurity, permissionMode, roles.toArray(new ORole[allChildren.size()]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected SecurityContext(UUID context, boolean hierarchic) throws ResourceRegistryException {
|
protected SecurityContext(UUID context, boolean hierarchical) throws ResourceRegistryException {
|
||||||
this.context = context;
|
this.context = context;
|
||||||
this.poolMap = new HashMap<>();
|
this.poolMap = new HashMap<>();
|
||||||
this.hierarchic = hierarchic;
|
this.hierarchical = hierarchical;
|
||||||
this.children = new HashSet<>();
|
this.children = new HashSet<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -215,7 +218,7 @@ public class SecurityContext {
|
||||||
private synchronized ODatabasePool getPool(PermissionMode permissionMode, boolean recreate) {
|
private synchronized ODatabasePool getPool(PermissionMode permissionMode, boolean recreate) {
|
||||||
ODatabasePool pool = null;
|
ODatabasePool pool = null;
|
||||||
|
|
||||||
Boolean h = isHierarchicMode();
|
Boolean h = isHierarchicalMode();
|
||||||
|
|
||||||
Map<PermissionMode,ODatabasePool> pools = poolMap.get(h);
|
Map<PermissionMode,ODatabasePool> pools = poolMap.get(h);
|
||||||
if(pools == null) {
|
if(pools == null) {
|
||||||
|
@ -288,7 +291,7 @@ public class SecurityContext {
|
||||||
ODocument oDocument = element.getRecord();
|
ODocument oDocument = element.getRecord();
|
||||||
OSecurity oSecurity = getOSecurity(oDatabaseDocument);
|
OSecurity oSecurity = getOSecurity(oDatabaseDocument);
|
||||||
allow(oSecurity, oDocument, false);
|
allow(oSecurity, oDocument, false);
|
||||||
if(hierarchic) {
|
if(hierarchical) {
|
||||||
allow(oSecurity, oDocument, true);
|
allow(oSecurity, oDocument, true);
|
||||||
}
|
}
|
||||||
oDocument.save();
|
oDocument.save();
|
||||||
|
@ -305,17 +308,17 @@ public class SecurityContext {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchic) {
|
protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchical) {
|
||||||
// The element could be created in such a context so the writerUser for the
|
// The element could be created in such a context so the writerUser for the
|
||||||
// context is allowed by default because it was the creator
|
// context is allowed by default because it was the creator
|
||||||
String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchical);
|
||||||
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName);
|
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName);
|
||||||
String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchical);
|
||||||
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_READ, readerUserName);
|
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_READ, readerUserName);
|
||||||
|
|
||||||
String writerRoleName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, hierarchic);
|
String writerRoleName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, hierarchical);
|
||||||
oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_ALL, writerRoleName);
|
oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_ALL, writerRoleName);
|
||||||
String readerRoleName = getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE, hierarchic);
|
String readerRoleName = getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE, hierarchical);
|
||||||
oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_READ, readerRoleName);
|
oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_READ, readerRoleName);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -324,7 +327,7 @@ public class SecurityContext {
|
||||||
ODocument oDocument = element.getRecord();
|
ODocument oDocument = element.getRecord();
|
||||||
OSecurity oSecurity = getOSecurity(oDatabaseDocument);
|
OSecurity oSecurity = getOSecurity(oDatabaseDocument);
|
||||||
deny(oSecurity, oDocument, false);
|
deny(oSecurity, oDocument, false);
|
||||||
if(hierarchic) {
|
if(hierarchical) {
|
||||||
deny(oSecurity, oDocument, true);
|
deny(oSecurity, oDocument, true);
|
||||||
}
|
}
|
||||||
oDocument.save();
|
oDocument.save();
|
||||||
|
@ -339,7 +342,7 @@ public class SecurityContext {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Boolean call() throws Exception {
|
public Boolean call() throws Exception {
|
||||||
ContextUtility.getHierarchicMode().set(false);
|
ContextUtility.getHierarchicalMode().set(false);
|
||||||
ODatabaseDocument oDatabaseDocument = getDatabaseDocument(PermissionMode.READER);
|
ODatabaseDocument oDatabaseDocument = getDatabaseDocument(PermissionMode.READER);
|
||||||
try {
|
try {
|
||||||
oDatabaseDocument.activateOnCurrentThread();
|
oDatabaseDocument.activateOnCurrentThread();
|
||||||
|
@ -389,7 +392,7 @@ public class SecurityContext {
|
||||||
return oSecurity.getRole(superRoleName);
|
return oSecurity.getRole(superRoleName);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void addHierarchicRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole... roles) {
|
protected void addHierarchicalRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole... roles) {
|
||||||
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
|
||||||
OUser user = oSecurity.getUser(userName);
|
OUser user = oSecurity.getUser(userName);
|
||||||
for(ORole role : roles) {
|
for(ORole role : roles) {
|
||||||
|
@ -398,33 +401,33 @@ public class SecurityContext {
|
||||||
user.save();
|
user.save();
|
||||||
|
|
||||||
if(getParentSecurityContext() != null) {
|
if(getParentSecurityContext() != null) {
|
||||||
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, roles);
|
getParentSecurityContext().addHierarchicalRoleToParent(oSecurity, permissionMode, roles);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void createRolesAndUsers(OSecurity oSecurity) {
|
protected void createRolesAndUsers(OSecurity oSecurity) {
|
||||||
boolean[] booleanArray;
|
boolean[] booleanArray;
|
||||||
if(hierarchic) {
|
if(hierarchical) {
|
||||||
booleanArray = new boolean[] {false, true};
|
booleanArray = new boolean[] {false, true};
|
||||||
} else {
|
} else {
|
||||||
booleanArray = new boolean[] {false};
|
booleanArray = new boolean[] {false};
|
||||||
}
|
}
|
||||||
|
|
||||||
for(boolean hierarchic : booleanArray) {
|
for(boolean hierarchical : booleanArray) {
|
||||||
for(PermissionMode permissionMode : PermissionMode.values()) {
|
for(PermissionMode permissionMode : PermissionMode.values()) {
|
||||||
ORole superRole = getSuperRole(oSecurity, permissionMode);
|
ORole superRole = getSuperRole(oSecurity, permissionMode);
|
||||||
|
|
||||||
String roleName = getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, hierarchic);
|
String roleName = getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, hierarchical);
|
||||||
ORole role = oSecurity.createRole(roleName, superRole, ALLOW_MODES.DENY_ALL_BUT);
|
ORole role = oSecurity.createRole(roleName, superRole, ALLOW_MODES.DENY_ALL_BUT);
|
||||||
addExtraRules(role, permissionMode);
|
addExtraRules(role, permissionMode);
|
||||||
role.save();
|
role.save();
|
||||||
logger.trace("{} created", role);
|
logger.trace("{} created", role);
|
||||||
|
|
||||||
if(hierarchic && getParentSecurityContext() != null) {
|
if(hierarchical && getParentSecurityContext() != null) {
|
||||||
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
|
getParentSecurityContext().addHierarchicalRoleToParent(oSecurity, permissionMode, role);
|
||||||
}
|
}
|
||||||
|
|
||||||
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchical);
|
||||||
OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode),
|
OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode),
|
||||||
role);
|
role);
|
||||||
user.save();
|
user.save();
|
||||||
|
@ -513,7 +516,7 @@ public class SecurityContext {
|
||||||
|
|
||||||
protected void deleteRolesAndUsers(OSecurity oSecurity) {
|
protected void deleteRolesAndUsers(OSecurity oSecurity) {
|
||||||
boolean[] booleanArray;
|
boolean[] booleanArray;
|
||||||
if(hierarchic) {
|
if(hierarchical) {
|
||||||
booleanArray = new boolean[] {false, true};
|
booleanArray = new boolean[] {false, true};
|
||||||
} else {
|
} else {
|
||||||
booleanArray = new boolean[] {false};
|
booleanArray = new boolean[] {false};
|
||||||
|
|
|
@ -244,8 +244,8 @@ public class FacetManagementTest extends ContextTest {
|
||||||
read(s);
|
read(s);
|
||||||
});
|
});
|
||||||
|
|
||||||
/* Entering hierarchic mode */
|
/* Entering hierarchical mode */
|
||||||
ContextUtility.getHierarchicMode().set(true);
|
ContextUtility.getHierarchicalMode().set(true);
|
||||||
|
|
||||||
softwareFacet = read(softwareFacet);
|
softwareFacet = read(softwareFacet);
|
||||||
checkSoftwareFacetAssertion(softwareFacet, VERSION);
|
checkSoftwareFacetAssertion(softwareFacet, VERSION);
|
||||||
|
@ -256,8 +256,8 @@ public class FacetManagementTest extends ContextTest {
|
||||||
softwareFacet = read(softwareFacet);
|
softwareFacet = read(softwareFacet);
|
||||||
checkSoftwareFacetAssertion(softwareFacet, VERSION);
|
checkSoftwareFacetAssertion(softwareFacet, VERSION);
|
||||||
|
|
||||||
/* Leaving hierarchic mode */
|
/* Leaving hierarchical mode */
|
||||||
ContextUtility.getHierarchicMode().set(false);
|
ContextUtility.getHierarchicalMode().set(false);
|
||||||
|
|
||||||
assertThrow(softwareFacet, FacetAvailableInAnotherContextException.class, (SoftwareFacet s) -> {
|
assertThrow(softwareFacet, FacetAvailableInAnotherContextException.class, (SoftwareFacet s) -> {
|
||||||
read(s);
|
read(s);
|
||||||
|
@ -290,8 +290,8 @@ public class FacetManagementTest extends ContextTest {
|
||||||
read(s);
|
read(s);
|
||||||
});
|
});
|
||||||
|
|
||||||
/* Entering hierarchic mode */
|
/* Entering hierarchical mode */
|
||||||
ContextUtility.getHierarchicMode().set(true);
|
ContextUtility.getHierarchicalMode().set(true);
|
||||||
|
|
||||||
assertThrow(softwareFacet, FacetAvailableInAnotherContextException.class, (SoftwareFacet s) -> {
|
assertThrow(softwareFacet, FacetAvailableInAnotherContextException.class, (SoftwareFacet s) -> {
|
||||||
read(s);
|
read(s);
|
||||||
|
@ -304,8 +304,8 @@ public class FacetManagementTest extends ContextTest {
|
||||||
read(softwareFacet);
|
read(softwareFacet);
|
||||||
checkSoftwareFacetAssertion(softwareFacet, NEW_VERSION);
|
checkSoftwareFacetAssertion(softwareFacet, NEW_VERSION);
|
||||||
|
|
||||||
/* Leaving hierarchic mode */
|
/* Leaving hierarchical mode */
|
||||||
ContextUtility.getHierarchicMode().set(false);
|
ContextUtility.getHierarchicalMode().set(false);
|
||||||
|
|
||||||
read(softwareFacet);
|
read(softwareFacet);
|
||||||
checkSoftwareFacetAssertion(softwareFacet, NEW_VERSION);
|
checkSoftwareFacetAssertion(softwareFacet, NEW_VERSION);
|
||||||
|
|
|
@ -110,14 +110,14 @@ public class BasicTest extends ContextTest {
|
||||||
|
|
||||||
/* ---------------- entering hierarchic mode */
|
/* ---------------- entering hierarchic mode */
|
||||||
|
|
||||||
ContextUtility.getHierarchicMode().set(true);
|
ContextUtility.getHierarchicalMode().set(true);
|
||||||
|
|
||||||
facetManagement = new FacetManagement();
|
facetManagement = new FacetManagement();
|
||||||
facetManagement.setUUID(uuid);
|
facetManagement.setUUID(uuid);
|
||||||
readJson = facetManagement.read();
|
readJson = facetManagement.read();
|
||||||
logger.debug("You should be able to read it {}", readJson);
|
logger.debug("You should be able to read it {}", readJson);
|
||||||
|
|
||||||
ContextUtility.getHierarchicMode().set(false);
|
ContextUtility.getHierarchicalMode().set(false);
|
||||||
|
|
||||||
/* ---------------- leaving hierarchic mode */
|
/* ---------------- leaving hierarchic mode */
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue