first stage of transitioning to the new SecurityMonitor-based security
architecture--it's implemented at the global level and for communities, conferences still use the old hard-coded implementation. The new StaticSecurityMonitor is configured via XML data, which will be important when we implement the new Community Services architecture
This commit is contained in:
parent
47b88efd75
commit
5f966a6450
|
@ -54,6 +54,137 @@
|
|||
<wait-if-busy/>
|
||||
</database>
|
||||
|
||||
<!-- This section is used to configure the default security contexts, and should probably
|
||||
not be tampered with. -->
|
||||
<security>
|
||||
<security-definition id="Global">
|
||||
<defined-roles>
|
||||
<role id="Anonymous" value="L+100">Anonymous User</role>
|
||||
<role id="Unverified" value="L+500">Unauthenticated User</role>
|
||||
<role id="Normal" value="L+1000">Normal User</role>
|
||||
<role id="AnyAdmin" value="HMIN">Any System Administrator</role>
|
||||
<role id="PFY" value="H+1000">System Assistant Administrator</role>
|
||||
<role id="BOFH" value="HMAX">Global System Administrator</role>
|
||||
</defined-roles>
|
||||
<defined-lists>
|
||||
<list id="UserLevels">
|
||||
<element role="Global.Anonymous"/>
|
||||
<element role="Global.Unverified"/>
|
||||
<element role="Global.Normal"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
</list>
|
||||
<list id="UserLevelsPFY">
|
||||
<element role="Global.Anonymous"/>
|
||||
<element role="Global.Unverified"/>
|
||||
<element role="Global.Normal"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
<element role="Global.PFY"/>
|
||||
</list>
|
||||
<list id="CreateCommunity">
|
||||
<permission/>
|
||||
<element role="Global.Normal" default="true"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
<element role="Global.AnyAdmin"/>
|
||||
<element role="Global.PFY"/>
|
||||
<element role="Global.BOFH"/>
|
||||
</list>
|
||||
</defined-lists>
|
||||
<defaults>
|
||||
<default id="NewUser" role="Global.Unverified"/>
|
||||
<default id="AfterVerify" role="Global.Normal"/>
|
||||
<default id="AfterEmailChange" role="Global.Unverified"/>
|
||||
</defaults>
|
||||
<permissions>
|
||||
<permission id="ShowHiddenCategories" role="Global.AnyAdmin"/>
|
||||
<permission id="NoEmailVerify" role="Global.AnyAdmin"/>
|
||||
<permission id="SeeHiddenContactInfo" role="Global.AnyAdmin"/>
|
||||
<permission id="SearchHiddenCommunities" role="Global.AnyAdmin"/>
|
||||
<permission id="ShowHiddenCommunities" role="Global.AnyAdmin"/>
|
||||
<permission id="SearchHiddenCategories" role="Global.AnyAdmin"/>
|
||||
<permission id="SysAdminAccess" role="Global.AnyAdmin"/>
|
||||
<permission id="PublishFP" role="Global.AnyAdmin"/>
|
||||
<permission id="DesignatePFY" role="Global.BOFH"/>
|
||||
</permissions>
|
||||
</security-definition>
|
||||
<security-definition id="Community" parent="Global">
|
||||
<defined-roles>
|
||||
<role id="Member" value="L+500">Community Member</role>
|
||||
<role id="AnyAdmin" value="HMIN">Any Community Administrator</role>
|
||||
<role id="Cohost" value="H+1000">Community Co-Host</role>
|
||||
<role id="Host" value="H+1500">Community Host</role>
|
||||
</defined-roles>
|
||||
<defined-lists>
|
||||
<list id="Read">
|
||||
<permission/>
|
||||
<element role="Global.Anonymous"/>
|
||||
<element role="Global.Unverified"/>
|
||||
<element role="Global.Normal"/>
|
||||
<element role="Community.Member" default="true"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
<element role="Community.AnyAdmin"/>
|
||||
<element role="Community.Cohost"/>
|
||||
<element role="Community.Host"/>
|
||||
<element role="Global.AnyAdmin"/>
|
||||
</list>
|
||||
<list id="Write">
|
||||
<permission/>
|
||||
<element role="Community.AnyAdmin"/>
|
||||
<element role="Community.Cohost" default="true"/>
|
||||
<element role="Community.Host"/>
|
||||
<element role="Global.AnyAdmin"/>
|
||||
<element role="Global.PFY"/>
|
||||
<element role="Global.BOFH"/>
|
||||
</list>
|
||||
<list id="Create">
|
||||
<permission/>
|
||||
<element role="Global.Normal"/>
|
||||
<element role="Community.Member"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
<element role="Community.AnyAdmin"/>
|
||||
<element role="Community.Cohost" default="true"/>
|
||||
<element role="Community.Host"/>
|
||||
<element role="Global.AnyAdmin"/>
|
||||
</list>
|
||||
<list id="Delete">
|
||||
<permission/>
|
||||
<element role="Community.AnyAdmin"/>
|
||||
<element role="Community.Cohost"/>
|
||||
<element role="Community.Host" default="true"/>
|
||||
<element role="Global.AnyAdmin"/>
|
||||
<element role="Global.PFY"/>
|
||||
<element role="Global.BOFH"/>
|
||||
<element role="NoAccess"/>
|
||||
</list>
|
||||
<list id="Join">
|
||||
<permission/>
|
||||
<element role="Global.Anonymous"/>
|
||||
<element role="Global.Unverified"/>
|
||||
<element role="Global.Normal" default="true"/>
|
||||
</list>
|
||||
<list id="UserLevels">
|
||||
<element role="NotInList"/>
|
||||
<element role="Global.Anonymous"/>
|
||||
<element role="Global.Unverified"/>
|
||||
<element role="Global.Normal"/>
|
||||
<element role="Community.Member"/>
|
||||
<element role="UnrestrictedUser"/>
|
||||
<element role="Community.Cohost"/>
|
||||
</list>
|
||||
</defined-lists>
|
||||
<defaults>
|
||||
<default id="NewUser" role="Community.Member"/>
|
||||
<default id="Creator" role="Community.Host"/>
|
||||
</defaults>
|
||||
<permissions>
|
||||
<permission id="ShowAdmin" role="Community.AnyAdmin"/>
|
||||
<permission id="NoJoinRequired" role="Global.AnyAdmin"/>
|
||||
<permission id="NoKeyRequired" role="Global.AnyAdmin"/>
|
||||
<permission id="ShowHiddenMembers" role="Community.AnyAdmin"/>
|
||||
<permission id="ShowHiddenObjects" role="Community.AnyAdmin"/>
|
||||
</permissions>
|
||||
</security-definition>
|
||||
</security>
|
||||
|
||||
<!-- This section is used to configure electronic mail services. -->
|
||||
<email>
|
||||
<!-- The SMTP server to use when sending messages out. This server must be
|
||||
|
|
|
@ -21,8 +21,12 @@ import java.util.List;
|
|||
|
||||
public interface AdminOperations
|
||||
{
|
||||
public abstract SecurityInfo getSecurityInfo();
|
||||
|
||||
public abstract boolean isGlobalAdmin();
|
||||
|
||||
public abstract List getAllowedRoleList();
|
||||
|
||||
public abstract List getAuditRecords(int offset, int count) throws DataException;
|
||||
|
||||
public abstract int getAuditRecordCount() throws DataException;
|
||||
|
|
|
@ -20,6 +20,7 @@ package com.silverwrist.venice.core;
|
|||
import java.util.Date;
|
||||
import java.util.Locale;
|
||||
import java.util.TimeZone;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
|
||||
public interface AdminUserContext
|
||||
{
|
||||
|
@ -37,6 +38,10 @@ public interface AdminUserContext
|
|||
|
||||
public abstract void setBaseLevel(int new_level) throws DataException;
|
||||
|
||||
public abstract Role getBaseRole();
|
||||
|
||||
public abstract void setBaseRole(Role new_role) throws DataException;
|
||||
|
||||
public abstract boolean isEmailVerified();
|
||||
|
||||
public abstract void setEmailVerified(boolean flag) throws DataException;
|
||||
|
|
|
@ -175,4 +175,6 @@ public interface CommunityContext extends SearchMode
|
|||
|
||||
public abstract void setProperties(CommunityProperties props) throws DataException, AccessError;
|
||||
|
||||
public abstract SecurityInfo getSecurityInfo();
|
||||
|
||||
} // end interface CommunityContext
|
||||
|
|
35
src/com/silverwrist/venice/core/SecurityInfo.java
Normal file
35
src/com/silverwrist/venice/core/SecurityInfo.java
Normal file
|
@ -0,0 +1,35 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.core;
|
||||
|
||||
import java.util.List;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
|
||||
public interface SecurityInfo
|
||||
{
|
||||
public abstract List getRoleList(String symbol);
|
||||
|
||||
public abstract Role getRole(String symbol);
|
||||
|
||||
public abstract Role getRoleForLevel(int level);
|
||||
|
||||
public abstract Role getDefaultRole(String symbol);
|
||||
|
||||
public abstract String getID();
|
||||
|
||||
} // end interface SecurityInfo
|
|
@ -85,4 +85,6 @@ public interface VeniceEngine extends SearchMode
|
|||
|
||||
public abstract Dimension getCommunityLogoSize();
|
||||
|
||||
public abstract SecurityInfo getSecurityInfo();
|
||||
|
||||
} // end interface VeniceEngine
|
||||
|
|
|
@ -58,12 +58,27 @@ class AdminOperationsImpl implements AdminOperations
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public SecurityInfo getSecurityInfo()
|
||||
{
|
||||
return env.getEngine().getSelf().getSecurityInfo();
|
||||
|
||||
} // end getSecurityInfo
|
||||
|
||||
public boolean isGlobalAdmin()
|
||||
{
|
||||
return (env.getUser().realBaseLevel()==SecLevels.GLOBAL_BOFH);
|
||||
|
||||
} // end isGlobalAdmin
|
||||
|
||||
public List getAllowedRoleList()
|
||||
{
|
||||
if (env.testPermission(EnvUser.PERM_DESIGNATEPFY))
|
||||
return env.getRoleList("Global.UserLevelsPFY");
|
||||
else
|
||||
return env.getRoleList("Global.UserLevels");
|
||||
|
||||
} // end getAllowedRoleList
|
||||
|
||||
public List getAuditRecords(int offset, int count) throws DataException
|
||||
{
|
||||
Connection conn = null;
|
||||
|
|
|
@ -24,8 +24,7 @@ import com.silverwrist.util.International;
|
|||
import com.silverwrist.venice.core.*;
|
||||
import com.silverwrist.venice.core.internals.*;
|
||||
import com.silverwrist.venice.db.*;
|
||||
import com.silverwrist.venice.security.PasswordHash;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.*;
|
||||
|
||||
class AdminUserContextImpl implements AdminUserContext
|
||||
{
|
||||
|
@ -203,6 +202,18 @@ class AdminUserContextImpl implements AdminUserContext
|
|||
|
||||
} // end setBaseLevel
|
||||
|
||||
public Role getBaseRole()
|
||||
{
|
||||
return env.getRoleForLevel(level);
|
||||
|
||||
} // end getBaseRole
|
||||
|
||||
public void setBaseRole(Role new_role) throws DataException
|
||||
{
|
||||
setBaseLevel(new_role.getLevel());
|
||||
|
||||
} // end setBaseRole
|
||||
|
||||
public boolean isEmailVerified()
|
||||
{
|
||||
return email_verified;
|
||||
|
|
|
@ -370,7 +370,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
static List getTopLevelCategoryList(EnvEngine env, boolean do_hide) throws DataException
|
||||
static List getTopLevelCategoryList(EnvEngine env, boolean show_all) throws DataException
|
||||
{
|
||||
Connection conn = null;
|
||||
ArrayList rc = new ArrayList();
|
||||
|
@ -379,7 +379,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
conn = env.getConnection();
|
||||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql = new StringBuffer("SELECT catid, symlink, name FROM refcategory WHERE parent = -1");
|
||||
if (do_hide)
|
||||
if (!show_all)
|
||||
sql.append(" AND hide_dir = 0");
|
||||
sql.append(';');
|
||||
|
||||
|
@ -388,7 +388,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
while (rs.next())
|
||||
{ // turn data values into CategoryDescriptor objects
|
||||
CategoryDescriptor ncd = new CategoryDescriptorImpl(env,rs.getInt(1),rs.getInt(2),rs.getString(3),
|
||||
do_hide);
|
||||
!show_all);
|
||||
rc.add(ncd);
|
||||
|
||||
} // end while
|
||||
|
@ -409,7 +409,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
|
||||
} // end getTopLevelCategoryList
|
||||
|
||||
static List searchForCategories(EnvEngine env, boolean do_hide, boolean search_all, int mode,
|
||||
static List searchForCategories(EnvEngine env, boolean show_all, boolean search_all, int mode,
|
||||
String term, int offset, int count) throws DataException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
|
@ -444,7 +444,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
|
||||
} // end switch
|
||||
|
||||
if (do_hide)
|
||||
if (!show_all)
|
||||
sql.append(" AND hide_dir = 0");
|
||||
if (!search_all)
|
||||
sql.append(" AND hide_search = 0");
|
||||
|
@ -464,7 +464,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
|
||||
for (int i=0; i<n; i++)
|
||||
{ // convert all the simple category IDs into full-blown CategoryDescriptor objects
|
||||
CategoryDescriptor tmp = new CategoryDescriptorImpl(env,conn,rc_raw[i],do_hide);
|
||||
CategoryDescriptor tmp = new CategoryDescriptorImpl(env,conn,rc_raw[i],!show_all);
|
||||
rc.add(tmp);
|
||||
|
||||
} // end for
|
||||
|
@ -486,7 +486,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
|
||||
} // end searchForCategories
|
||||
|
||||
static int getSearchCategoryCount(EnvEngine env, boolean do_hide, boolean search_all, int mode,
|
||||
static int getSearchCategoryCount(EnvEngine env, boolean show_all, boolean search_all, int mode,
|
||||
String term) throws DataException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
|
@ -519,7 +519,7 @@ class CategoryDescriptorImpl implements CategoryDescriptor, Cloneable
|
|||
|
||||
} // end switch
|
||||
|
||||
if (do_hide)
|
||||
if (!show_all)
|
||||
sql.append(" AND hide_dir = 0");
|
||||
if (!search_all)
|
||||
sql.append(" AND hide_search = 0");
|
||||
|
|
|
@ -27,7 +27,6 @@ import com.silverwrist.venice.db.*;
|
|||
import com.silverwrist.venice.core.*;
|
||||
import com.silverwrist.venice.core.internals.*;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Capability;
|
||||
import com.silverwrist.venice.security.DefaultLevels;
|
||||
|
||||
class CommunityCoreData implements CommunityData, CommunityDataBackend
|
||||
|
@ -183,16 +182,17 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
|
|||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("new CommunityCoreData for BRAND NEW COMMUNITY " + cid);
|
||||
this.env = new EnvCommunityData(env,this);
|
||||
EnvCommunityData new_env = new EnvCommunityData(env,this);
|
||||
this.env = new_env;
|
||||
this.cid = cid;
|
||||
this.created = creation;
|
||||
this.last_access = creation;
|
||||
this.last_update = creation;
|
||||
this.read_level = DefaultLevels.newCommunityRead();
|
||||
this.write_level = DefaultLevels.newCommunityWrite();
|
||||
this.create_level = DefaultLevels.newCommunityCreate();
|
||||
this.delete_level = DefaultLevels.newCommunityDelete();
|
||||
this.join_level = DefaultLevels.newCommunityJoin();
|
||||
this.read_level = new_env.getDefaultRole("Community.Read").getLevel();
|
||||
this.write_level = new_env.getDefaultRole("Community.Write").getLevel();
|
||||
this.create_level = new_env.getDefaultRole("Community.Create").getLevel();
|
||||
this.delete_level = new_env.getDefaultRole("Community.Delete").getLevel();
|
||||
this.join_level = new_env.getDefaultRole("Community.Join").getLevel();
|
||||
this.contactid = -1;
|
||||
this.host_uid = host_uid;
|
||||
this.category_id = 0;
|
||||
|
@ -430,7 +430,7 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
|
|||
{
|
||||
if (deleted)
|
||||
throw new DataException("This community has been deleted.");
|
||||
if (Capability.exemptFromMembershipRequirement(level))
|
||||
if (env.testPermission(EnvCommunityData.PERM_NOJOINREQUIRED,level))
|
||||
return;
|
||||
if (members_only && !is_member)
|
||||
{ // the membership test failed
|
||||
|
@ -445,7 +445,7 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
|
|||
{
|
||||
if (deleted)
|
||||
return false;
|
||||
if (Capability.exemptFromMembershipRequirement(level))
|
||||
if (env.testPermission(EnvCommunityData.PERM_NOJOINREQUIRED,level))
|
||||
return true;
|
||||
return !members_only || is_member;
|
||||
|
||||
|
@ -1980,16 +1980,19 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
|
|||
+ "rules, joinkey, alias) VALUES ('");
|
||||
creation = new java.util.Date();
|
||||
String creation_str = SQLUtil.encodeDate(creation);
|
||||
int level_read = env.getCommunityDefaultRole("Community.Read").getLevel();
|
||||
int level_write = env.getCommunityDefaultRole("Community.Write").getLevel();
|
||||
int level_create = env.getCommunityDefaultRole("Community.Create").getLevel();
|
||||
int level_delete = env.getCommunityDefaultRole("Community.Delete").getLevel();
|
||||
int level_join = env.getCommunityDefaultRole("Community.Join").getLevel();
|
||||
sql.append(creation).append("', '").append(creation).append("', '").append(creation).append("', ");
|
||||
sql.append(DefaultLevels.newCommunityRead()).append(", ").append(DefaultLevels.newCommunityWrite());
|
||||
sql.append(", ").append(DefaultLevels.newCommunityCreate()).append(", ");
|
||||
sql.append(DefaultLevels.newCommunityDelete()).append(", ").append(DefaultLevels.newCommunityJoin());
|
||||
sql.append(", ").append(host_uid).append(", ").append(hide_dir ? '1' : '0').append(", ");
|
||||
sql.append(hide_search ? '1' : '0').append(", ").append(SQLUtil.encodeStringArg(name)).append(", ");
|
||||
sql.append(SQLUtil.encodeStringArg(language)).append(", ").append(SQLUtil.encodeStringArg(synopsis));
|
||||
sql.append(", ").append(SQLUtil.encodeStringArg(rules)).append(", ");
|
||||
sql.append(SQLUtil.encodeStringArg(joinkey)).append(", ").append(SQLUtil.encodeStringArg(alias));
|
||||
sql.append(");");
|
||||
sql.append(level_read).append(", ").append(level_write).append(", ").append(level_create).append(", ");
|
||||
sql.append(level_delete).append(", ").append(level_join).append(", ").append(host_uid).append(", ");
|
||||
sql.append(hide_dir ? '1' : '0').append(", ").append(hide_search ? '1' : '0').append(", ");
|
||||
sql.append(SQLUtil.encodeStringArg(name)).append(", ").append(SQLUtil.encodeStringArg(language));
|
||||
sql.append(", ").append(SQLUtil.encodeStringArg(synopsis)).append(", ");
|
||||
sql.append(SQLUtil.encodeStringArg(rules)).append(", ").append(SQLUtil.encodeStringArg(joinkey));
|
||||
sql.append(", ").append(SQLUtil.encodeStringArg(alias)).append(");");
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("SQL: " + sql.toString());
|
||||
|
@ -2037,8 +2040,8 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
|
|||
// is "locked" so they can't unjoin and leave the community hostless.
|
||||
sql.setLength(0);
|
||||
sql.append("INSERT INTO sigmember(sigid, uid, granted_lvl, locked) VALUES (").append(new_cid);
|
||||
sql.append(", ").append(host_uid).append(", ").append(DefaultLevels.creatorCommunity());
|
||||
sql.append(", 1);");
|
||||
sql.append(", ").append(host_uid).append(", ");
|
||||
sql.append(env.getCommunityDefaultRole("Community.Creator").getLevel()).append(", 1);");
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("SQL: " + sql.toString());
|
||||
stmt.executeUpdate(sql.toString());
|
||||
|
|
|
@ -25,8 +25,8 @@ import com.silverwrist.venice.core.*;
|
|||
import com.silverwrist.venice.core.internals.*;
|
||||
import com.silverwrist.venice.db.*;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Capability;
|
||||
import com.silverwrist.venice.security.DefaultLevels;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
|
||||
class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
||||
{
|
||||
|
@ -118,11 +118,12 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("CommunityUserContextImpl constructor:newCommunity");
|
||||
this.env = new EnvCommunity(env,this);
|
||||
EnvCommunity new_env = new EnvCommunity(env,this);
|
||||
this.env = new_env;
|
||||
this.cid = data.getID();
|
||||
this.cache = null; // no cache required - we have the CommunityData
|
||||
this.data = data;
|
||||
setMemberValues(DefaultLevels.creatorCommunity(),true,true);
|
||||
setMemberValues(new_env.getDefaultRole("Community.Creator").getLevel(),true,true);
|
||||
|
||||
} // end constructor
|
||||
|
||||
|
@ -139,7 +140,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
this.level = Math.max(env.getUser().realBaseLevel(),granted_level);
|
||||
this.is_member = member;
|
||||
this.show_admin = Capability.isCommunityAdmin(granted_level);
|
||||
this.show_admin = env.isLevelAdmin(granted_level);
|
||||
this.locked = locked;
|
||||
|
||||
} // end setMemberValues
|
||||
|
@ -327,7 +328,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
if (deleted)
|
||||
throw new DataException("This community has been deleted.");
|
||||
return new CategoryDescriptorImpl(env,getData().getCategoryID(),
|
||||
Capability.hideHiddenCategories(env.getUser().realBaseLevel()));
|
||||
!(env.testPermission(EnvUser.PERM_SHOWHIDDENCATS)));
|
||||
|
||||
} // end getCategory
|
||||
|
||||
|
@ -363,8 +364,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
conn = env.getConnection();
|
||||
|
||||
// load the profile for the user
|
||||
return new UserProfileImpl(env,conn,getData().getHostUID(),
|
||||
Capability.canSeeHiddenContactFields(env.getUser().realBaseLevel()));
|
||||
return new UserProfileImpl(env,conn,getData().getHostUID());
|
||||
|
||||
} // end try
|
||||
catch (SQLException e)
|
||||
|
@ -953,7 +953,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
if (!(getData().isPublicCommunity()))
|
||||
{ // this is a private community - but admins can join anyway
|
||||
if (!(Capability.canJoinPrivateCommunityWithoutKey(level)))
|
||||
if (!(env.testPermission(EnvCommunity.PERM_NOKEYREQUIRED)))
|
||||
{ // we need to test the join key against the one they supply
|
||||
String real_key = getData().getJoinKey();
|
||||
if (!(real_key.equals(joinkey)))
|
||||
|
@ -970,10 +970,11 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
// else we can join without specifying a key
|
||||
|
||||
// actually set the data in the database
|
||||
getData().setMembership(env,env.getUserID(),DefaultLevels.memberCommunity(),false,false);
|
||||
Role new_role = env.getDefaultRole("Community.NewUser");
|
||||
getData().setMembership(env,env.getUserID(),new_role.getLevel(),false,false);
|
||||
|
||||
// and update our internal data store
|
||||
setMemberValues(DefaultLevels.memberCommunity(),true,false);
|
||||
setMemberValues(new_role.getLevel(),true,false);
|
||||
|
||||
// and that's it! You expected lightning bolts maybe?
|
||||
|
||||
|
@ -1008,7 +1009,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
public int getMemberCount() throws DataException
|
||||
{
|
||||
return getData().getMemberCount(Capability.showHiddenCommunityMembers(level));
|
||||
return getData().getMemberCount(env.testPermission(EnvCommunity.PERM_SHOWHIDDENMEMBERS));
|
||||
|
||||
} // end getMemberCount
|
||||
|
||||
|
@ -1095,19 +1096,20 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
throws DataException
|
||||
{
|
||||
return getData().searchForMembers(field,mode,term,offset,count,
|
||||
Capability.showHiddenCommunityMembers(level));
|
||||
env.testPermission(EnvCommunity.PERM_SHOWHIDDENMEMBERS));
|
||||
|
||||
} // end searchForMembers
|
||||
|
||||
public int getSearchMemberCount(int field, int mode, String term) throws DataException
|
||||
{
|
||||
return getData().getSearchMemberCount(field,mode,term,Capability.showHiddenCommunityMembers(level));
|
||||
return getData().getSearchMemberCount(field,mode,term,
|
||||
env.testPermission(EnvCommunity.PERM_SHOWHIDDENMEMBERS));
|
||||
|
||||
} // end getSearchMemberCount
|
||||
|
||||
public List getMemberList() throws DataException
|
||||
{
|
||||
return getData().getMemberList(Capability.showHiddenCommunityMembers(level));
|
||||
return getData().getMemberList(env.testPermission(EnvCommunity.PERM_SHOWHIDDENMEMBERS));
|
||||
|
||||
} // end getMemberList
|
||||
|
||||
|
@ -1349,6 +1351,12 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
} // end setProperties
|
||||
|
||||
public SecurityInfo getSecurityInfo()
|
||||
{
|
||||
return env.getSecurityInfo();
|
||||
|
||||
} // end getSecurityInfo
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface CommunityBackend
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -1368,7 +1376,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
public boolean userHideHiddenConferences()
|
||||
{
|
||||
return Capability.hideHiddenConferences(level);
|
||||
return !(env.testPermission(EnvCommunity.PERM_SHOWHIDDENOBJECTS));
|
||||
|
||||
} // end userHideHiddenConferences
|
||||
|
||||
|
@ -1420,6 +1428,33 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
} // end getDataBackend
|
||||
|
||||
public boolean env_testPermission(String symbol)
|
||||
{
|
||||
if (deleted)
|
||||
return false;
|
||||
CommunityData d = getDataNE();
|
||||
if (d==null)
|
||||
return false;
|
||||
|
||||
if (symbol.equals(EnvCommunity.PERM_JOIN))
|
||||
return (is_member ? false : d.canJoinCommunity(env.getUserID(),level));
|
||||
|
||||
if (!(d.checkMembership(level,is_member)))
|
||||
return false;
|
||||
|
||||
if (symbol.equals(EnvCommunity.PERM_READ))
|
||||
return d.canReadCommunitySubObjects(level);
|
||||
if (symbol.equals(EnvCommunity.PERM_WRITE))
|
||||
return d.canModifyCommunityProfile(level);
|
||||
if (symbol.equals(EnvCommunity.PERM_CREATE))
|
||||
return d.canCreateCommunitySubObjects(level);
|
||||
if (symbol.equals(EnvCommunity.PERM_DELETE))
|
||||
return d.canDeleteCommunity(level);
|
||||
|
||||
return false;
|
||||
|
||||
} // end env_testPermission
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static operations for use within the implementation package
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -1591,7 +1626,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
} // end switch
|
||||
|
||||
if (Capability.hideHiddenSearchCommunities(env.getUser().realBaseLevel()))
|
||||
if (!(env.testPermission(EnvUser.PERM_SEARCHHIDDENCOMMUNITIES)))
|
||||
sql.append(" AND hide_search = 0");
|
||||
sql.append(" ORDER BY signame LIMIT ").append(offset).append(", ").append(count+1).append(';');
|
||||
|
||||
|
@ -1676,7 +1711,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
|
||||
} // end switch
|
||||
|
||||
if (Capability.hideHiddenSearchCommunities(env.getUser().realBaseLevel()))
|
||||
if (!(env.testPermission(EnvUser.PERM_SEARCHHIDDENCOMMUNITIES)))
|
||||
sql.append(" AND hide_search = 0");
|
||||
sql.append(';');
|
||||
|
||||
|
@ -1720,7 +1755,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql = new StringBuffer("SELECT sigid, signame, alias FROM sigs WHERE catid = ");
|
||||
sql.append(catid);
|
||||
if (Capability.hideHiddenDirectoryCommunities(env.getUser().realBaseLevel()))
|
||||
if (!(env.testPermission(EnvUser.PERM_SHOWHIDDENCOMMUNITIES)))
|
||||
sql.append(" AND hide_dir = 0");
|
||||
sql.append(" ORDER BY signame LIMIT ").append(offset).append(", ").append(count+1).append(';');
|
||||
|
||||
|
@ -1770,7 +1805,7 @@ class CommunityUserContextImpl implements CommunityContext, CommunityBackend
|
|||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql = new StringBuffer("SELECT COUNT(*) FROM sigs WHERE catid = ");
|
||||
sql.append(catid);
|
||||
if (Capability.hideHiddenDirectoryCommunities(env.getUser().realBaseLevel()))
|
||||
if (!(env.testPermission(EnvUser.PERM_SHOWHIDDENCOMMUNITIES)))
|
||||
sql.append(" AND hide_dir = 0");
|
||||
sql.append(';');
|
||||
|
||||
|
|
|
@ -28,7 +28,6 @@ import com.silverwrist.venice.core.*;
|
|||
import com.silverwrist.venice.core.internals.*;
|
||||
import com.silverwrist.venice.db.*;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Capability;
|
||||
|
||||
class TopicMessageUserContextImpl implements TopicMessageContext
|
||||
{
|
||||
|
@ -47,23 +46,23 @@ class TopicMessageUserContextImpl implements TopicMessageContext
|
|||
*/
|
||||
|
||||
private EnvConference env; // the conference environment
|
||||
private long postid;
|
||||
private long parent;
|
||||
private int num;
|
||||
private int linecount;
|
||||
private int creator_uid;
|
||||
private java.util.Date posted;
|
||||
private boolean hidden;
|
||||
private int scribble_uid;
|
||||
private java.util.Date scribble_date;
|
||||
private String pseud;
|
||||
private int datalen;
|
||||
private String filename;
|
||||
private String mimetype;
|
||||
private int stgmethod;
|
||||
private boolean nuked = false;
|
||||
private String creator_cache = null;
|
||||
private String text_cache = null;
|
||||
private long postid; // the ID of this post
|
||||
private long parent; // the parent post ID (not really used)
|
||||
private int num; // the post number within the topic
|
||||
private int linecount; // number of lines in message
|
||||
private int creator_uid; // the UID of the poster
|
||||
private java.util.Date posted; // date and time posted
|
||||
private boolean hidden; // has this post been hidden?
|
||||
private int scribble_uid; // UID of the user who scribbled it
|
||||
private java.util.Date scribble_date; // date and time it was scribbled
|
||||
private String pseud; // the pseud attached to this message
|
||||
private int datalen; // length in bytes of attachment
|
||||
private String filename; // file name of attachment
|
||||
private String mimetype; // MIME type for attachment
|
||||
private int stgmethod; // storage method for attachment
|
||||
private boolean nuked = false; // has this message been nuked?
|
||||
private String creator_cache = null; // cache for username of creator
|
||||
private String text_cache = null; // cache for actual message text
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructors
|
||||
|
@ -966,7 +965,7 @@ class TopicMessageUserContextImpl implements TopicMessageContext
|
|||
|
||||
public boolean canPublish()
|
||||
{
|
||||
if (!(Capability.canPublishToFrontPage(env.getUser().realBaseLevel())))
|
||||
if (!(env.testPermission(EnvUser.PERM_PUBLISH_FP)))
|
||||
return false; // must be a sysadmin to publish
|
||||
if ((scribble_date!=null) || nuked)
|
||||
return false; // cannot publish a scribbled or nuked message
|
||||
|
@ -1001,13 +1000,7 @@ class TopicMessageUserContextImpl implements TopicMessageContext
|
|||
|
||||
public void publish() throws DataException, AccessError
|
||||
{
|
||||
if (!(Capability.canPublishToFrontPage(env.getUser().realBaseLevel())))
|
||||
{ // you aren't allowed to publish - naughty naughty!
|
||||
logger.error("unable to publish because we're not allowed");
|
||||
throw new AccessError("You are not permitted to publish postings to the front page.");
|
||||
|
||||
} // end if
|
||||
|
||||
env.testPermission(EnvUser.PERM_PUBLISH_FP,"You are not permitted to publish postings to the front page.");
|
||||
if (nuked)
|
||||
{ // we can't publish a nuked message!
|
||||
logger.error("unable to publish because message nuked");
|
||||
|
|
|
@ -25,10 +25,7 @@ import com.silverwrist.venice.*;
|
|||
import com.silverwrist.venice.core.*;
|
||||
import com.silverwrist.venice.core.internals.*;
|
||||
import com.silverwrist.venice.db.*;
|
||||
import com.silverwrist.venice.security.PasswordHash;
|
||||
import com.silverwrist.venice.security.Capability;
|
||||
import com.silverwrist.venice.security.DefaultLevels;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.*;
|
||||
|
||||
class UserContextImpl implements UserContext, UserBackend
|
||||
{
|
||||
|
@ -238,6 +235,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
// Figure out which of those communities we haven't joined yet and set up to autojoin them.
|
||||
sql.setLength(0);
|
||||
int new_level = env.getCommunityDefaultRole("Community.NewUser").getLevel();
|
||||
for (int i=0; i<tmp_cid.size(); i++)
|
||||
{ // see if the user is already a member of this community
|
||||
Integer x_cid = (Integer)(tmp_cid.get(i));
|
||||
|
@ -250,9 +248,8 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
|
||||
else
|
||||
sql.append(", ");
|
||||
sql.append("(").append(x_cid).append(", ").append(uid).append(", ");
|
||||
sql.append(DefaultLevels.memberCommunity()).append(", ").append(x_locked.booleanValue() ? '1' : '0');
|
||||
sql.append(")");
|
||||
sql.append("(").append(x_cid).append(", ").append(uid).append(", ").append(new_level).append(", ");
|
||||
sql.append(x_locked.booleanValue() ? '1' : '0').append(")");
|
||||
|
||||
} // end if
|
||||
|
||||
|
@ -481,7 +478,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("confirmEmail(): confirming for UID " + uid);
|
||||
if ((email_verified) || Capability.exemptFromEmailVerification(level))
|
||||
if ((email_verified) || env.testPermission(EnvUser.PERM_NOEMAILVERIFY))
|
||||
{ // already confirmed
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...user has either already confirmed or is exempt");
|
||||
|
@ -501,16 +498,17 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
} // end if
|
||||
|
||||
Connection conn = null;
|
||||
Role new_role = env.getDefaultRole("Global.AfterVerify");
|
||||
|
||||
try
|
||||
{ // get a connection and set the user's status to reflect the verification
|
||||
conn = env.getConnection();
|
||||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql = new StringBuffer("UPDATE users SET verify_email = 1, base_lvl = ");
|
||||
sql.append(DefaultLevels.afterEmailVerification()).append(" WHERE uid = ").append(uid).append(';');
|
||||
sql.append(new_role.getLevel()).append(" WHERE uid = ").append(uid).append(';');
|
||||
stmt.executeUpdate(sql.toString());
|
||||
email_verified = true;
|
||||
level = DefaultLevels.afterEmailVerification();
|
||||
level = new_role.getLevel();
|
||||
|
||||
autoJoinCommunities(conn); // EJB 4/14/2001 - handle autojoin of any SIGs we couldn't autojoin at
|
||||
// account creation time
|
||||
|
@ -549,7 +547,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("resendEmailConfirmation(): resending for UID " + uid);
|
||||
if ((email_verified) || Capability.exemptFromEmailVerification(level))
|
||||
if ((email_verified) || env.testPermission(EnvUser.PERM_NOEMAILVERIFY))
|
||||
{ // already confirmed, no need to resend
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...user has either already confirmed or is exempt");
|
||||
|
@ -678,7 +676,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
if (my_email==null) // filling in, this is not necessarily the first time
|
||||
my_email = ci.getEmail();
|
||||
else if (!(my_email.equals(ci.getEmail())) && !Capability.exemptFromEmailVerification(level))
|
||||
else if (!(my_email.equals(ci.getEmail())) && !(env.testPermission(EnvUser.PERM_NOEMAILVERIFY)))
|
||||
{ // email address change - need to reconfirm - but choose a new confirmation
|
||||
// number and save it in the database first; also turn off the verify flag
|
||||
// and set the base level to GLOBAL_UNVERIFIED
|
||||
|
@ -689,10 +687,11 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
// generate new confirmation number
|
||||
int new_confirm_num = env.getEngine().getNewConfirmationNumber();
|
||||
Role new_role = env.getDefaultRole("Global.Unverified");
|
||||
|
||||
// create an SQL statement to reset the user account information, and execute it
|
||||
StringBuffer sql = new StringBuffer("UPDATE users SET verify_email = 0, email_confnum = ");
|
||||
sql.append(new_confirm_num).append(", base_lvl = ").append(DefaultLevels.afterEmailAddressChange());
|
||||
sql.append(new_confirm_num).append(", base_lvl = ").append(new_role.getLevel());
|
||||
sql.append(" WHERE uid = ").append(uid).append(';');
|
||||
Statement stmt = conn.createStatement();
|
||||
stmt.executeUpdate(sql.toString());
|
||||
|
@ -700,7 +699,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
// save off changed data
|
||||
email_verified = false;
|
||||
confirm_num = new_confirm_num;
|
||||
level = DefaultLevels.afterEmailAddressChange();
|
||||
level = new_role.getLevel();
|
||||
|
||||
// now send the email confirmation!
|
||||
sendEmailConfirmation();
|
||||
|
@ -755,8 +754,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
try
|
||||
{ // retrieve a connection from the data pool
|
||||
conn = env.getConnection();
|
||||
UserProfileImpl prof = new UserProfileImpl(env,conn,xusername,
|
||||
Capability.canSeeHiddenContactFields(level));
|
||||
UserProfileImpl prof = new UserProfileImpl(env,conn,xusername);
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...found it!");
|
||||
return prof;
|
||||
|
@ -785,8 +783,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
try
|
||||
{ // retrieve a connection from the data pool
|
||||
conn = env.getConnection();
|
||||
UserProfileImpl prof = new UserProfileImpl(env,conn,xuid,
|
||||
Capability.canSeeHiddenContactFields(level));
|
||||
UserProfileImpl prof = new UserProfileImpl(env,conn,xuid);
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...found it!");
|
||||
return prof;
|
||||
|
@ -914,13 +911,13 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
public List getRootCategoryList() throws DataException
|
||||
{
|
||||
return CategoryDescriptorImpl.getTopLevelCategoryList(env,Capability.hideHiddenCategories(level));
|
||||
return CategoryDescriptorImpl.getTopLevelCategoryList(env,env.testPermission(EnvUser.PERM_SHOWHIDDENCATS));
|
||||
|
||||
} // end getRootCategoryList
|
||||
|
||||
public CategoryDescriptor getCategoryDescriptor(int catid) throws DataException
|
||||
{
|
||||
return new CategoryDescriptorImpl(env,catid,Capability.hideHiddenCategories(level));
|
||||
return new CategoryDescriptorImpl(env,catid,!(env.testPermission(EnvUser.PERM_SHOWHIDDENCATS)));
|
||||
|
||||
} // end getCategoryDescriptor
|
||||
|
||||
|
@ -963,16 +960,16 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
public List searchForCategories(int mode, String term, int offset, int count) throws DataException
|
||||
{
|
||||
return CategoryDescriptorImpl.searchForCategories(env,Capability.hideHiddenCategories(level),
|
||||
Capability.showHiddenSearchCategories(level),mode,
|
||||
return CategoryDescriptorImpl.searchForCategories(env,env.testPermission(EnvUser.PERM_SHOWHIDDENCATS),
|
||||
env.testPermission(EnvUser.PERM_SEARCHHIDDENCATS),mode,
|
||||
term,offset,count);
|
||||
|
||||
} // end searchForCategories
|
||||
|
||||
public int getSearchCategoryCount(int mode, String term) throws DataException
|
||||
{
|
||||
return CategoryDescriptorImpl.getSearchCategoryCount(env,Capability.hideHiddenCategories(level),
|
||||
Capability.showHiddenSearchCategories(level),
|
||||
return CategoryDescriptorImpl.getSearchCategoryCount(env,env.testPermission(EnvUser.PERM_SHOWHIDDENCATS),
|
||||
env.testPermission(EnvUser.PERM_SEARCHHIDDENCATS),
|
||||
mode,term);
|
||||
|
||||
} // end getSearchCategoryCount
|
||||
|
@ -981,8 +978,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
String rules, String joinkey, int hide_mode)
|
||||
throws DataException, AccessError
|
||||
{
|
||||
if (!canCreateCommunity())
|
||||
throw new AccessError("You are not authorized to create new communities.");
|
||||
env.testPermission(EnvUser.PERM_CREATECOMMUNITY,"You are not authorized to create new communities.");
|
||||
|
||||
// Convert the "hide mode" value into the two hide flags.
|
||||
boolean hide_dir = (hide_mode!=CommunityContext.HIDE_NONE);
|
||||
|
@ -1003,7 +999,7 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
public boolean canCreateCommunity()
|
||||
{
|
||||
return (level>=env.getEngine().getParamInt(EngineBackend.IP_CREATECOMMUNITYLVL));
|
||||
return env.testPermission(EnvUser.PERM_CREATECOMMUNITY);
|
||||
|
||||
} // end canCreateCommunity
|
||||
|
||||
|
@ -1112,20 +1108,13 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
public boolean hasAdminAccess()
|
||||
{
|
||||
return Capability.canAdministerSystem(level);
|
||||
return env.testPermission(EnvUser.PERM_SYSADMINACCESS);
|
||||
|
||||
} // end hasAdminAccess
|
||||
|
||||
public AdminOperations getAdminInterface() throws AccessError
|
||||
{
|
||||
if (!(Capability.canAdministerSystem(level)))
|
||||
{ // you don't have access to get this!
|
||||
logger.error("user does not have access to do system admin stuff");
|
||||
throw new AccessError("You are not permitted to administer the server.");
|
||||
|
||||
} // end if
|
||||
|
||||
// create the return object
|
||||
env.testPermission(EnvUser.PERM_SYSADMINACCESS,"You are not permitted to administer the server.");
|
||||
return new AdminOperationsImpl(env);
|
||||
|
||||
} // end getAdminInterface
|
||||
|
|
|
@ -72,11 +72,10 @@ class UserProfileImpl implements UserProfile
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
UserProfileImpl(EnvUser env, Connection conn, String username, boolean override)
|
||||
throws DataException, SQLException
|
||||
UserProfileImpl(EnvUser env, Connection conn, String username) throws DataException, SQLException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("load UserProfileImpl by name: " + username + " (" + override + ")");
|
||||
logger.debug("load UserProfileImpl by name: " + username);
|
||||
this.env = env;
|
||||
|
||||
// first retrieve from the users table
|
||||
|
@ -101,15 +100,14 @@ class UserProfileImpl implements UserProfile
|
|||
descr = rs.getString(6);
|
||||
is_anon = rs.getBoolean(7);
|
||||
|
||||
loadContact(conn,contact_id,override);
|
||||
loadContact(conn,contact_id);
|
||||
|
||||
} // end constructor
|
||||
|
||||
UserProfileImpl(EnvUser env, Connection conn, int uid, boolean override)
|
||||
throws DataException, SQLException
|
||||
UserProfileImpl(EnvUser env, Connection conn, int uid) throws DataException, SQLException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("load UserProfileImpl by UID: " + uid + " (" + override + ")");
|
||||
logger.debug("load UserProfileImpl by UID: " + uid);
|
||||
this.env = env;
|
||||
|
||||
// first retrieve from the users table
|
||||
|
@ -134,7 +132,7 @@ class UserProfileImpl implements UserProfile
|
|||
descr = rs.getString(6);
|
||||
is_anon = rs.getBoolean(7);
|
||||
|
||||
loadContact(conn,contact_id,override);
|
||||
loadContact(conn,contact_id);
|
||||
|
||||
} // end constructor
|
||||
|
||||
|
@ -143,10 +141,11 @@ class UserProfileImpl implements UserProfile
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private void loadContact(Connection conn, int contact_id, boolean override) throws SQLException
|
||||
private void loadContact(Connection conn, int contact_id) throws SQLException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("loadContact for contact ID " + contact_id + " (" + override + ")");
|
||||
logger.debug("loadContact for contact ID " + contact_id);
|
||||
boolean override = env.testPermission(EnvUser.PERM_SEEHIDDENCONTACTINFO);
|
||||
|
||||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql = new StringBuffer("SELECT * FROM contacts WHERE contactid = ");
|
||||
|
|
|
@ -30,10 +30,7 @@ import com.silverwrist.venice.db.*;
|
|||
import com.silverwrist.venice.htmlcheck.*;
|
||||
import com.silverwrist.venice.htmlcheck.dict.*;
|
||||
import com.silverwrist.venice.htmlcheck.filters.*;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.PasswordGenerator;
|
||||
import com.silverwrist.venice.security.PasswordHash;
|
||||
import com.silverwrist.venice.security.DefaultLevels;
|
||||
import com.silverwrist.venice.security.*;
|
||||
|
||||
public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
||||
{
|
||||
|
@ -411,6 +408,8 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
private HashSet no_compress_types = new HashSet(); // the file types that can't be compressed
|
||||
private HashMap password_changes = new HashMap(); // current password change requests
|
||||
private OptionSet global_flags = new OptionSet(); // global option flags
|
||||
private SecurityMonitor global_security; // the global security monitor
|
||||
private SecurityMonitor community_security; // the community security monitor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
|
@ -711,7 +710,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
// store the real master sidebox table as an array
|
||||
sideboxes = (MasterSideBox[])(sidebox_tmp.toArray(new MasterSideBox[0]));
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug(sideboxes.length + " sidebox definitions loaded from database");
|
||||
logger.debug(sideboxes.length + " sidebox definitions loaded from XML");
|
||||
|
||||
// Get the <database/> section.
|
||||
Element db_sect = root_h.getSubElement("database");
|
||||
|
@ -734,6 +733,30 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
|
||||
} // end catch
|
||||
|
||||
Element security_sect = root_h.getSubElement("security");
|
||||
if (security_sect==null)
|
||||
{ // no "security" section...bad!
|
||||
logger.fatal("config document has no <security/> section");
|
||||
throw new ConfigException("no <security/> section found in config file",root);
|
||||
|
||||
} // end if
|
||||
|
||||
NodeList sec_nodes = security_sect.getChildNodes();
|
||||
for (i=0; i<sec_nodes.getLength(); i++)
|
||||
{ // scan through and find security monitors to initialize
|
||||
Node n = sec_nodes.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("security-definition")))
|
||||
{ // initial security definition
|
||||
SecurityMonitor sm = new StaticSecurityMonitor((Element)n);
|
||||
if (sm.getID().equals("Global"))
|
||||
global_security = sm;
|
||||
else if (sm.getID().equals("Community"))
|
||||
community_security = sm;
|
||||
|
||||
} // end if
|
||||
|
||||
} // end for
|
||||
|
||||
Element email_sect = root_h.getSubElement("email");
|
||||
if (email_sect==null)
|
||||
{ // unable to find the database section
|
||||
|
@ -1218,6 +1241,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
Connection conn = null;
|
||||
AuditRecord ar = null;
|
||||
String encode_username = SQLUtil.encodeString(username);
|
||||
Role new_role = global_security.getDefaultRole("Global.NewUser");
|
||||
// email confirmation # is between 1000000 and 9999999
|
||||
int confirm_num = getNewConfirmationNumber();
|
||||
int new_uid;
|
||||
|
@ -1247,7 +1271,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
StringBuffer sql = new StringBuffer("INSERT INTO users (username, passhash, email_confnum, "
|
||||
+ "base_lvl, created, lastaccess, passreminder) VALUES ('");
|
||||
sql.append(encode_username).append("', '").append(phash.toString()).append("', ");
|
||||
sql.append(confirm_num).append(", ").append(DefaultLevels.newUser()).append(", '");
|
||||
sql.append(confirm_num).append(", ").append(new_role.getLevel()).append(", '");
|
||||
created = new java.util.Date();
|
||||
sql.append(SQLUtil.encodeDate(created)).append("', '").append(SQLUtil.encodeDate(created));
|
||||
sql.append("', ").append(SQLUtil.encodeStringArg(reminder)).append(");");
|
||||
|
@ -1387,7 +1411,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
|
||||
// create a new context for the user (they're now effectively logged in)
|
||||
UserContextImpl rc = new UserContextImpl(env);
|
||||
rc.loadNewUser(remote_addr,new_uid,DefaultLevels.newUser(),username,confirm_num,created,created);
|
||||
rc.loadNewUser(remote_addr,new_uid,new_role.getLevel(),username,confirm_num,created,created);
|
||||
rc.autoJoinCommunities(); // EJB 4/14/2001
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...created new user context");
|
||||
|
@ -1819,11 +1843,23 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
|
||||
} // end getCommunityLogoSize
|
||||
|
||||
public SecurityInfo getSecurityInfo()
|
||||
{
|
||||
return new SecurityInfoWrapper(global_security);
|
||||
|
||||
} // end getSecurityInfo
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface EngineBackend
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public VeniceEngine getSelf()
|
||||
{
|
||||
return this;
|
||||
|
||||
} // end getSelf
|
||||
|
||||
public Emailer createEmailer()
|
||||
{
|
||||
checkInitialized();
|
||||
|
@ -2078,6 +2114,14 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
|
||||
} // end getParamBoolean
|
||||
|
||||
public Role getParamRole(int selector)
|
||||
{
|
||||
if (selector==ROLEP_CREATECOMMUNITY)
|
||||
return global_security.getRoleForLevel(gp_ints[IP_CREATECOMMUNITYLVL]);
|
||||
return null;
|
||||
|
||||
} // end getParamRole
|
||||
|
||||
public void forceParamReload() throws DataException
|
||||
{
|
||||
Connection conn = null; // data pooled connection
|
||||
|
@ -2217,6 +2261,16 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
|
||||
} // end setProperties
|
||||
|
||||
public SecurityMonitor env_getSecurityMonitor(int selector)
|
||||
{
|
||||
if (selector==SM_GLOBAL)
|
||||
return global_security;
|
||||
if (selector==SM_COMMUNITY)
|
||||
return community_security;
|
||||
return null;
|
||||
|
||||
} // end env_getSecurityMonitor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static initializer
|
||||
*--------------------------------------------------------------------------------
|
||||
|
|
|
@ -42,4 +42,6 @@ public interface CommunityBackend
|
|||
|
||||
public abstract CommunityDataBackend getDataBackend() throws DataException;
|
||||
|
||||
public abstract boolean env_testPermission(String symbol);
|
||||
|
||||
} // end interface CommunityBackend
|
||||
|
|
|
@ -20,11 +20,14 @@ package com.silverwrist.venice.core.internals;
|
|||
import java.util.BitSet;
|
||||
import java.util.List;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
import com.silverwrist.venice.security.SecurityMonitor;
|
||||
import com.silverwrist.venice.htmlcheck.HTMLChecker;
|
||||
import com.silverwrist.venice.core.DataException;
|
||||
import com.silverwrist.venice.core.GlobalProperties;
|
||||
import com.silverwrist.venice.core.SideBoxDescriptor;
|
||||
import com.silverwrist.venice.core.TopicMessageContext;
|
||||
import com.silverwrist.venice.core.VeniceEngine;
|
||||
|
||||
public interface EngineBackend
|
||||
{
|
||||
|
@ -48,6 +51,15 @@ public interface EngineBackend
|
|||
// Boolean parameter indexes
|
||||
public static final int BP_POSTPICTURES = 0;
|
||||
|
||||
// role parameter indexes
|
||||
public static final int ROLEP_CREATECOMMUNITY = 0;
|
||||
|
||||
// Selectors for security monitors
|
||||
public static final int SM_GLOBAL = 0;
|
||||
public static final int SM_COMMUNITY = 1;
|
||||
|
||||
public abstract VeniceEngine getSelf();
|
||||
|
||||
public abstract Emailer createEmailer();
|
||||
|
||||
public abstract String getStockMessage(String key);
|
||||
|
@ -88,6 +100,8 @@ public interface EngineBackend
|
|||
|
||||
public abstract boolean getParamBoolean(int selector);
|
||||
|
||||
public abstract Role getParamRole(int selector);
|
||||
|
||||
public abstract void forceParamReload() throws DataException;
|
||||
|
||||
public abstract SideBoxDescriptor getMasterSideBoxDescriptor(int id);
|
||||
|
@ -108,4 +122,6 @@ public interface EngineBackend
|
|||
|
||||
public abstract void setProperties(GlobalProperties props) throws DataException;
|
||||
|
||||
public abstract SecurityMonitor env_getSecurityMonitor(int selector);
|
||||
|
||||
} // end interface EngineBackend
|
||||
|
|
|
@ -17,10 +17,28 @@
|
|||
*/
|
||||
package com.silverwrist.venice.core.internals;
|
||||
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
import com.silverwrist.venice.security.SecurityMonitor;
|
||||
|
||||
public class EnvCommunity extends EnvUser
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static final String PERM_SHOWADMIN = "Community.ShowAdmin";
|
||||
public static final String PERM_NOKEYREQUIRED = "Community.NoKeyRequired";
|
||||
public static final String PERM_SHOWHIDDENMEMBERS = "Community.ShowHiddenMembers";
|
||||
public static final String PERM_SHOWHIDDENOBJECTS = "Community.ShowHiddenObjects";
|
||||
public static final String PERM_READ = "Community.Read";
|
||||
public static final String PERM_WRITE = "Community.Write";
|
||||
public static final String PERM_CREATE = "Community.Create";
|
||||
public static final String PERM_DELETE = "Community.Delete";
|
||||
public static final String PERM_JOIN = "Community.Join";
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -47,6 +65,17 @@ public class EnvCommunity extends EnvUser
|
|||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Overrides from class EnvEngine
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
protected SecurityMonitor getStaticMonitor()
|
||||
{
|
||||
return getEngine().env_getSecurityMonitor(EngineBackend.SM_COMMUNITY);
|
||||
|
||||
} // end getStaticMonitor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Overrides from class EnvUser
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -85,6 +114,38 @@ public class EnvCommunity extends EnvUser
|
|||
|
||||
} // end newAudit
|
||||
|
||||
public boolean testPermission(String symbol, String errormsg) throws AccessError
|
||||
{
|
||||
SecurityMonitor sm = getStaticMonitor();
|
||||
if ( symbol.equals(PERM_READ) || symbol.equals(PERM_WRITE) || symbol.equals(PERM_CREATE)
|
||||
|| symbol.equals(PERM_DELETE) || symbol.equals(PERM_JOIN))
|
||||
{ // fall back to the backend object to test this
|
||||
if (comm.env_testPermission(symbol))
|
||||
return true;
|
||||
if (errormsg==null)
|
||||
errormsg = "Permission denied.";
|
||||
throw new AccessError(errormsg);
|
||||
|
||||
} // end if
|
||||
|
||||
if (sm.testPermission(symbol,comm.realCommunityLevel(),errormsg))
|
||||
return true;
|
||||
return super.testPermission(symbol,errormsg);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean testPermission(String symbol)
|
||||
{
|
||||
SecurityMonitor sm = getStaticMonitor();
|
||||
if ( symbol.equals(PERM_READ) || symbol.equals(PERM_WRITE) || symbol.equals(PERM_CREATE)
|
||||
|| symbol.equals(PERM_DELETE) || symbol.equals(PERM_JOIN))
|
||||
return comm.env_testPermission(symbol);
|
||||
if (sm.testPermission(symbol,comm.realCommunityLevel()))
|
||||
return true;
|
||||
return super.testPermission(symbol);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -102,4 +163,10 @@ public class EnvCommunity extends EnvUser
|
|||
|
||||
} // end getCommunityID()
|
||||
|
||||
public final boolean isLevelAdmin(int level)
|
||||
{
|
||||
return getStaticMonitor().testPermission(PERM_SHOWADMIN,level);
|
||||
|
||||
} // end isLevelAdmin
|
||||
|
||||
} // end class EnvCommunity
|
||||
|
|
|
@ -17,8 +17,18 @@
|
|||
*/
|
||||
package com.silverwrist.venice.core.internals;
|
||||
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
import com.silverwrist.venice.security.SecurityMonitor;
|
||||
|
||||
public class EnvCommunityData extends EnvEngine
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static final String PERM_NOJOINREQUIRED = "Community.NoJoinRequired";
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -45,6 +55,17 @@ public class EnvCommunityData extends EnvEngine
|
|||
|
||||
} // end EnvCommunityData
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Overrides from class EnvEngine
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
protected SecurityMonitor getStaticMonitor()
|
||||
{
|
||||
return getEngine().env_getSecurityMonitor(EngineBackend.SM_COMMUNITY);
|
||||
|
||||
} // end getStaticMonitor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -62,4 +83,16 @@ public class EnvCommunityData extends EnvEngine
|
|||
|
||||
} // end getCommunityID
|
||||
|
||||
public final boolean testPermission(String symbol, int level, String errormsg) throws AccessError
|
||||
{
|
||||
return getStaticMonitor().testPermission(symbol,level,errormsg);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public final boolean testPermission(String symbol, int level)
|
||||
{
|
||||
return getStaticMonitor().testPermission(symbol,level);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
} // end class EnvCommunityData
|
||||
|
|
|
@ -19,7 +19,11 @@ package com.silverwrist.venice.core.internals;
|
|||
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
import java.util.List;
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
import com.silverwrist.venice.core.SecurityInfo;
|
||||
import com.silverwrist.venice.db.*;
|
||||
import com.silverwrist.venice.security.*;
|
||||
|
||||
public class EnvEngine
|
||||
{
|
||||
|
@ -50,6 +54,17 @@ public class EnvEngine
|
|||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Internal operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
protected SecurityMonitor getStaticMonitor()
|
||||
{
|
||||
return engine.env_getSecurityMonitor(EngineBackend.SM_GLOBAL);
|
||||
|
||||
} // end getStaticMonitor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -80,4 +95,40 @@ public class EnvEngine
|
|||
|
||||
} // end releaseConnection
|
||||
|
||||
public final boolean permissionDefined(String symbol, boolean no_follow)
|
||||
{
|
||||
return getStaticMonitor().permissionDefined(symbol,no_follow);
|
||||
|
||||
} // end permissionDefined
|
||||
|
||||
public final List getRoleList(String symbol)
|
||||
{
|
||||
return getStaticMonitor().getRoleList(symbol);
|
||||
|
||||
} // end getRoleList
|
||||
|
||||
public final Role getRole(String symbol)
|
||||
{
|
||||
return getStaticMonitor().getRole(symbol);
|
||||
|
||||
} // end getRole
|
||||
|
||||
public final Role getRoleForLevel(int level)
|
||||
{
|
||||
return getStaticMonitor().getRoleForLevel(level);
|
||||
|
||||
} // end getRoleForLevel
|
||||
|
||||
public final Role getDefaultRole(String symbol)
|
||||
{
|
||||
return getStaticMonitor().getDefaultRole(symbol);
|
||||
|
||||
} // end getDefaultRole
|
||||
|
||||
public final SecurityInfo getSecurityInfo()
|
||||
{
|
||||
return new SecurityInfoWrapper(getStaticMonitor());
|
||||
|
||||
} // end getSecurityInfo
|
||||
|
||||
} // end class EnvEngine
|
||||
|
|
|
@ -17,10 +17,31 @@
|
|||
*/
|
||||
package com.silverwrist.venice.core.internals;
|
||||
|
||||
import org.apache.log4j.*;
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
import com.silverwrist.venice.security.AuditRecord;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
|
||||
public class EnvUser extends EnvEngine
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private static Category logger = Category.getInstance(EnvUser.class);
|
||||
|
||||
public static final String PERM_SHOWHIDDENCATS = "Global.ShowHiddenCategories";
|
||||
public static final String PERM_NOEMAILVERIFY = "Global.NoEmailVerify";
|
||||
public static final String PERM_SEEHIDDENCONTACTINFO = "Global.SeeHiddenContactInfo";
|
||||
public static final String PERM_SEARCHHIDDENCOMMUNITIES = "Global.SearchHiddenCommunities";
|
||||
public static final String PERM_SHOWHIDDENCOMMUNITIES = "Global.ShowHiddenCommunities";
|
||||
public static final String PERM_SEARCHHIDDENCATS = "Global.SearchHiddenCategories";
|
||||
public static final String PERM_SYSADMINACCESS = "Global.SysAdminAccess";
|
||||
public static final String PERM_PUBLISH_FP = "Global.PublishFP";
|
||||
public static final String PERM_DESIGNATEPFY = "Global.DesignatePFY";
|
||||
public static final String PERM_CREATECOMMUNITY = "Global.CreateCommunity";
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -52,18 +73,6 @@ public class EnvUser extends EnvEngine
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public final UserBackend getUser()
|
||||
{
|
||||
return user;
|
||||
|
||||
} // end getUser
|
||||
|
||||
public final int getUserID()
|
||||
{
|
||||
return user.realUID();
|
||||
|
||||
} // end getUserID
|
||||
|
||||
public AuditRecord newAudit(int type, String data1, String data2, String data3, String data4)
|
||||
{
|
||||
return new AuditRecord(type,getUserID(),user.userRemoteAddress(),data1,data2,data3,data4);
|
||||
|
@ -94,4 +103,59 @@ public class EnvUser extends EnvEngine
|
|||
|
||||
} // end newAudit
|
||||
|
||||
public boolean testPermission(String symbol, String errormsg) throws AccessError
|
||||
{
|
||||
if (symbol.equals(PERM_CREATECOMMUNITY))
|
||||
{ // the Create Community permission test
|
||||
Role r = getEngine().getParamRole(EngineBackend.ROLEP_CREATECOMMUNITY);
|
||||
if (r.isSatisfiedBy(user.realBaseLevel()))
|
||||
return true;
|
||||
logger.error("testPermission() fail for permission " + PERM_CREATECOMMUNITY);
|
||||
if (errormsg==null)
|
||||
errormsg = "You are not authorized to create new communities.";
|
||||
throw new AccessError(errormsg);
|
||||
|
||||
} // end if
|
||||
|
||||
return getStaticMonitor().testPermission(symbol,user.realBaseLevel(),errormsg);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean testPermission(String symbol)
|
||||
{
|
||||
if (symbol.equals(PERM_CREATECOMMUNITY))
|
||||
{ // do the "Create Community" test here
|
||||
Role r = getEngine().getParamRole(EngineBackend.ROLEP_CREATECOMMUNITY);
|
||||
return r.isSatisfiedBy(user.realBaseLevel());
|
||||
|
||||
} // end if
|
||||
|
||||
return getStaticMonitor().testPermission(symbol,user.realBaseLevel());
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public final UserBackend getUser()
|
||||
{
|
||||
return user;
|
||||
|
||||
} // end getUser
|
||||
|
||||
public final int getUserID()
|
||||
{
|
||||
return user.realUID();
|
||||
|
||||
} // end getUserID
|
||||
|
||||
public final int getUserBaseLevel()
|
||||
{
|
||||
return user.realBaseLevel();
|
||||
|
||||
} // end getUserBaseLevel
|
||||
|
||||
public final Role getCommunityDefaultRole(String symbol)
|
||||
{
|
||||
return getEngine().env_getSecurityMonitor(EngineBackend.SM_COMMUNITY).getDefaultRole(symbol);
|
||||
|
||||
} // end getCommunityDefaultRole
|
||||
|
||||
} // end class EnvUser
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.core.internals;
|
||||
|
||||
import java.util.List;
|
||||
import com.silverwrist.venice.core.SecurityInfo;
|
||||
import com.silverwrist.venice.security.Role;
|
||||
import com.silverwrist.venice.security.SecurityMonitor;
|
||||
|
||||
public class SecurityInfoWrapper implements SecurityInfo
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private SecurityMonitor sm; // we call through to this
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public SecurityInfoWrapper(SecurityMonitor sm)
|
||||
{
|
||||
this.sm = sm;
|
||||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface SecurityInfo
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public List getRoleList(String symbol)
|
||||
{
|
||||
return sm.getRoleList(symbol);
|
||||
|
||||
} // end getRoleList
|
||||
|
||||
public Role getRole(String symbol)
|
||||
{
|
||||
return sm.getRole(symbol);
|
||||
|
||||
} // end getRole
|
||||
|
||||
public Role getRoleForLevel(int level)
|
||||
{
|
||||
return sm.getRoleForLevel(level);
|
||||
|
||||
} // end getRoleForLevel
|
||||
|
||||
public Role getDefaultRole(String symbol)
|
||||
{
|
||||
return sm.getDefaultRole(symbol);
|
||||
|
||||
} // end getDefaultRole
|
||||
|
||||
public String getID()
|
||||
{
|
||||
return sm.getID();
|
||||
|
||||
} // end getID
|
||||
|
||||
} // end class SecurityInfoWrapper
|
|
@ -1,106 +0,0 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.security;
|
||||
|
||||
public class Capability implements SecLevels
|
||||
{
|
||||
public static boolean canDesignatePFYs(int level)
|
||||
{
|
||||
return (level>=GLOBAL_BOFH);
|
||||
|
||||
} // end canDesignatePFYs
|
||||
|
||||
public static boolean isCommunityAdmin(int level)
|
||||
{
|
||||
return (level>=COMM_ANYADMIN);
|
||||
|
||||
} // end isCommunityAdmin
|
||||
|
||||
public static boolean hideHiddenCategories(int level)
|
||||
{
|
||||
return (level<GLOBAL_ANYADMIN);
|
||||
|
||||
} // end hideHiddenCategories
|
||||
|
||||
public static boolean exemptFromEmailVerification(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end exemptFromEmailVerification
|
||||
|
||||
public static boolean canSeeHiddenContactFields(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end canSeeHiddenContactFields
|
||||
|
||||
public static boolean exemptFromMembershipRequirement(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end exemptFromMembershipRequirement
|
||||
|
||||
public static boolean hideHiddenSearchCommunities(int level)
|
||||
{
|
||||
return (level<GLOBAL_ANYADMIN);
|
||||
|
||||
} // end hideHiddenSearchCommunities
|
||||
|
||||
public static boolean hideHiddenDirectoryCommunities(int level)
|
||||
{
|
||||
return (level<GLOBAL_ANYADMIN);
|
||||
|
||||
} // end hideHiddenSearchCommunities
|
||||
|
||||
public static boolean canJoinPrivateCommunityWithoutKey(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end canJoinPrivateCommunityWithoutKey
|
||||
|
||||
public static boolean showHiddenSearchCategories(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end showHioddenSearchCategories
|
||||
|
||||
public static boolean showHiddenCommunityMembers(int level)
|
||||
{
|
||||
return (level>=COMM_ANYADMIN);
|
||||
|
||||
} // end showHiddenCommunityMembers
|
||||
|
||||
public static boolean hideHiddenConferences(int level)
|
||||
{
|
||||
return (level<COMM_ANYADMIN);
|
||||
|
||||
} // end hideHiddenConferences
|
||||
|
||||
public static boolean canAdministerSystem(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end canAdministerSystem
|
||||
|
||||
public static boolean canPublishToFrontPage(int level)
|
||||
{
|
||||
return (level>=GLOBAL_ANYADMIN);
|
||||
|
||||
} // end canPublishToFrontPage
|
||||
|
||||
} // end class Capability
|
|
@ -19,72 +19,6 @@ package com.silverwrist.venice.security;
|
|||
|
||||
public class DefaultLevels implements SecLevels
|
||||
{
|
||||
public static int newUser()
|
||||
{
|
||||
return GLOBAL_UNVERIFIED;
|
||||
|
||||
} // end newUser
|
||||
|
||||
public static int memberCommunity()
|
||||
{
|
||||
return COMM_MEMBER;
|
||||
|
||||
} // end memberCommunity
|
||||
|
||||
public static int PFY()
|
||||
{
|
||||
return GLOBAL_PFY;
|
||||
|
||||
} // end PFY
|
||||
|
||||
public static int afterEmailVerification()
|
||||
{
|
||||
return GLOBAL_NORMAL;
|
||||
|
||||
} // end afterEmailVerification
|
||||
|
||||
public static int afterEmailAddressChange()
|
||||
{
|
||||
return GLOBAL_UNVERIFIED;
|
||||
|
||||
} // end afterEmailAddressChange
|
||||
|
||||
public static int newCommunityRead()
|
||||
{
|
||||
return COMM_MEMBER;
|
||||
|
||||
} // end newCommunityRead
|
||||
|
||||
public static int newCommunityWrite()
|
||||
{
|
||||
return COMM_COHOST;
|
||||
|
||||
} // end newCommunityWrite
|
||||
|
||||
public static int newCommunityCreate()
|
||||
{
|
||||
return COMM_COHOST;
|
||||
|
||||
} // end newCommunityCreate
|
||||
|
||||
public static int newCommunityDelete()
|
||||
{
|
||||
return COMM_HOST;
|
||||
|
||||
} // end newCommunityDelete
|
||||
|
||||
public static int newCommunityJoin()
|
||||
{
|
||||
return GLOBAL_NORMAL;
|
||||
|
||||
} // end newCommunityJoin
|
||||
|
||||
public static int creatorCommunity()
|
||||
{
|
||||
return COMM_HOST;
|
||||
|
||||
} // end creatorCommunity
|
||||
|
||||
public static int hostPrivsConference()
|
||||
{
|
||||
return CONFERENCE_ANYADMIN;
|
||||
|
|
|
@ -0,0 +1,187 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.security;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
import org.apache.log4j.*;
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
|
||||
public class PrimordialSecurityMonitor implements SecurityMonitor
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private static PrimordialSecurityMonitor self = null;
|
||||
|
||||
private static Category logger = Category.getInstance(PrimordialSecurityMonitor.class);
|
||||
|
||||
public static final String SYM_NOT_IN_LIST = "NotInList";
|
||||
public static final String SYM_NO_ACCESS = "NoAccess";
|
||||
public static final String SYM_UNRESTRICTED = "UnrestrictedUser";
|
||||
|
||||
private static final String NAME_NOT_IN_LIST = "(not in list)";
|
||||
private static final String NAME_NO_ACCESS = "No Access";
|
||||
private static final String NAME_UNRESTRICTED = "'Unrestricted' User";
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private Role not_in_list; // the "not in list" role
|
||||
private Role no_access; // the "no access" role
|
||||
private Role unrestricted_user; // the "unrestricted user" role
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private PrimordialSecurityMonitor()
|
||||
{
|
||||
String name_not_in_list = null, name_no_access = null, name_unrestricted_user = null;
|
||||
|
||||
try
|
||||
{ // load the three initial role names
|
||||
Properties init_props = new Properties();
|
||||
init_props.load(getClass().getResourceAsStream("sm.properties"));
|
||||
name_not_in_list = init_props.getProperty("role.NotInList.name",NAME_NOT_IN_LIST);
|
||||
name_no_access = init_props.getProperty("role.NoAccess.name",NAME_NO_ACCESS);
|
||||
name_unrestricted_user = init_props.getProperty("role.UnrestrictedUser.name",NAME_UNRESTRICTED);
|
||||
|
||||
} // end try
|
||||
catch (IOException e)
|
||||
{ // on error, revert to the internal names
|
||||
logger.warn("Error loading default names",e);
|
||||
name_not_in_list = NAME_NOT_IN_LIST;
|
||||
name_no_access = NAME_NO_ACCESS;
|
||||
name_unrestricted_user = NAME_UNRESTRICTED;
|
||||
|
||||
} // end catch
|
||||
|
||||
// Create the actual roles.
|
||||
this.not_in_list = Role.create(ScopeInfo.L_NOT_THERE,name_not_in_list,SYM_NOT_IN_LIST);
|
||||
this.no_access = Role.create(ScopeInfo.L_NO_ACCESS,name_no_access,SYM_NO_ACCESS);
|
||||
this.unrestricted_user = Role.create(ScopeInfo.L_UNRESTRICTED,name_unrestricted_user,SYM_UNRESTRICTED);
|
||||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface SecurityMonitor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public boolean testPermission(String symbol, int level, String errormsg) throws AccessError
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("testPermission() got null symbol");
|
||||
logger.error("testPermission: symbol \"" + symbol + "\" is not a defined permission test");
|
||||
throw new AccessError("Undefined internal permission test \"" + symbol + "\"");
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean testPermission(String symbol, int level)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("testPermission() got null symbol");
|
||||
logger.error("testPermission: symbol \"" + symbol + "\" is not a defined permission test");
|
||||
return false;
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean permissionDefined(String symbol, boolean no_follow)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("permissionDefined() got null symbol");
|
||||
return false; // primordial monitor defines no permissions
|
||||
|
||||
} // end permissionDefined
|
||||
|
||||
public List getRoleList(String symbol)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("getRoleList() got null symbol");
|
||||
logger.error("getRoleList: symbol \"" + symbol + "\" is not a defined role list");
|
||||
return null;
|
||||
|
||||
} // end getRoleList
|
||||
|
||||
public Role getRole(String symbol)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("getRole() got null symbol");
|
||||
if (symbol.equals(SYM_NOT_IN_LIST))
|
||||
return not_in_list;
|
||||
if (symbol.equals(SYM_NO_ACCESS))
|
||||
return no_access;
|
||||
if (symbol.equals(SYM_UNRESTRICTED))
|
||||
return unrestricted_user;
|
||||
logger.error("getRole: symbol \"" + symbol + "\" is not a defined role");
|
||||
return null;
|
||||
|
||||
} // end getRole
|
||||
|
||||
public Role getRoleForLevel(int level)
|
||||
{
|
||||
if (level==ScopeInfo.L_NOT_THERE)
|
||||
return not_in_list;
|
||||
if (level==ScopeInfo.L_NO_ACCESS)
|
||||
return no_access;
|
||||
if (level==ScopeInfo.L_UNRESTRICTED)
|
||||
return unrestricted_user;
|
||||
logger.error("getRoleForLevel: no role for level " + level);
|
||||
return null;
|
||||
|
||||
} // end getRoleForLevel
|
||||
|
||||
public Role getDefaultRole(String symbol)
|
||||
{
|
||||
logger.error("getDefaultRole: symbol \"" + symbol + "\" has no default role");
|
||||
return null;
|
||||
|
||||
} // end getDefaultRole
|
||||
|
||||
public ScopeInfo getScopeInfo()
|
||||
{
|
||||
return null; // this security monitor HAS no scope
|
||||
|
||||
} // end getScopeInfo
|
||||
|
||||
public String getID()
|
||||
{
|
||||
return null; // this security monitor HAS no ID
|
||||
|
||||
} // end getID
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External static operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static synchronized SecurityMonitor get()
|
||||
{
|
||||
if (self==null)
|
||||
self = new PrimordialSecurityMonitor();
|
||||
return self;
|
||||
|
||||
} // end get
|
||||
|
||||
} // end class PrimordialSecurityMonitor
|
|
@ -19,7 +19,7 @@ package com.silverwrist.venice.security;
|
|||
|
||||
import java.util.*;
|
||||
|
||||
public class Role implements Comparable, SecLevels
|
||||
public final class Role implements Comparable, Cloneable, SecLevels
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
|
@ -37,22 +37,12 @@ public class Role implements Comparable, SecLevels
|
|||
private static ArrayList comm_high;
|
||||
private static ArrayList conf_low;
|
||||
private static ArrayList conf_high;
|
||||
private static HashMap all_roles;
|
||||
|
||||
private static List base_levels = null;
|
||||
private static List base_levels_2 = null;
|
||||
private static List commreadlist_rc = null;
|
||||
private static List commwritelist_rc = null;
|
||||
private static List commcreatelist_rc = null;
|
||||
private static List commdeletelist_rc = null;
|
||||
private static List commjoinlist_rc = null;
|
||||
private static List comm_member_levels = null;
|
||||
private static List confreadlist_rc = null;
|
||||
private static List confpostlist_rc = null;
|
||||
private static List confhidelist_rc = null;
|
||||
private static List confdeletelist_rc = null;
|
||||
private static List conf_member_levels = null;
|
||||
private static List new_comm_list_rc = null;
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
|
@ -61,9 +51,10 @@ public class Role implements Comparable, SecLevels
|
|||
|
||||
private int level;
|
||||
private String name;
|
||||
private String symbol;
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
* Constructors
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
|
@ -71,34 +62,23 @@ public class Role implements Comparable, SecLevels
|
|||
{
|
||||
this.level = level;
|
||||
this.name = name;
|
||||
this.symbol = null;
|
||||
|
||||
} // end constructor
|
||||
|
||||
protected Role(int level, String name, String symbol)
|
||||
{
|
||||
this.level = level;
|
||||
this.name = name;
|
||||
this.symbol = symbol;
|
||||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
* Overrides from class Object
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public int getLevel()
|
||||
{
|
||||
return level;
|
||||
|
||||
} // end getLevel
|
||||
|
||||
public String getName()
|
||||
{
|
||||
return name;
|
||||
|
||||
} // end getName
|
||||
|
||||
public String toString()
|
||||
{
|
||||
StringBuffer buf = new StringBuffer(name);
|
||||
buf.append('[').append(level).append(']');
|
||||
return buf.toString();
|
||||
|
||||
} // end toString
|
||||
|
||||
public boolean equals(Object obj)
|
||||
{
|
||||
if (obj==null)
|
||||
|
@ -108,7 +88,7 @@ public class Role implements Comparable, SecLevels
|
|||
if (obj instanceof Role)
|
||||
{ // compare levels
|
||||
Role other = (Role)obj;
|
||||
return (level==other.getLevel());
|
||||
return (level==other.level);
|
||||
|
||||
} // end if
|
||||
|
||||
|
@ -122,174 +102,77 @@ public class Role implements Comparable, SecLevels
|
|||
|
||||
} // end hashCode
|
||||
|
||||
public String toString()
|
||||
{
|
||||
StringBuffer buf = new StringBuffer(name);
|
||||
buf.append('[').append(level).append(']');
|
||||
if (symbol!=null)
|
||||
buf.append('{').append(symbol).append('}');
|
||||
return buf.toString();
|
||||
|
||||
} // end toString
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface Comparable
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public int compareTo(Object obj)
|
||||
{
|
||||
if (obj==null)
|
||||
throw new NullPointerException("comparing a NULL object");
|
||||
if (!(obj instanceof Role))
|
||||
throw new ClassCastException("comparing non-Role to Role");
|
||||
Role other = (Role)obj;
|
||||
return level - other.getLevel();
|
||||
return level - other.level;
|
||||
|
||||
} // end compareTo
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public final int getLevel()
|
||||
{
|
||||
return level;
|
||||
|
||||
} // end getLevel
|
||||
|
||||
public final String getName()
|
||||
{
|
||||
return name;
|
||||
|
||||
} // end getName
|
||||
|
||||
public final String getSymbol()
|
||||
{
|
||||
return symbol;
|
||||
|
||||
} // end getSymbol
|
||||
|
||||
public final boolean isSatisfiedBy(int l)
|
||||
{
|
||||
return (l>=level);
|
||||
|
||||
} // end isSatisfiedBy
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External static operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static final Role create(int level, String name, String symbol)
|
||||
{
|
||||
return new Role(level,name,symbol);
|
||||
|
||||
} // end create
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External static operations which generate lists of roles
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static Role getRoleForLevel(int level)
|
||||
{
|
||||
Role rc = (Role)(all_roles.get(new Integer(level)));
|
||||
if (rc!=null)
|
||||
return rc;
|
||||
return new Role(level,"(Level " + level + ")");
|
||||
|
||||
} // end getRoleForLevel
|
||||
|
||||
public static List getBaseLevelChoices()
|
||||
{
|
||||
if (base_levels==null)
|
||||
{ // create the returned list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.addAll(global_low);
|
||||
rc.add(unrestricted_user);
|
||||
rc.addAll(global_high);
|
||||
rc.remove(rc.size()-1);
|
||||
rc.trimToSize();
|
||||
base_levels = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return base_levels;
|
||||
|
||||
} // end getBaseLevelChoices
|
||||
|
||||
public static List getBaseLevelChoices2()
|
||||
{
|
||||
if (base_levels_2==null)
|
||||
{ // create the returned list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.addAll(global_low);
|
||||
rc.add(unrestricted_user);
|
||||
rc.trimToSize();
|
||||
base_levels_2 = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return base_levels_2;
|
||||
|
||||
} // end getBaseLevelChoices2
|
||||
|
||||
public static Role getGlobalAdmin()
|
||||
{
|
||||
return global_admin;
|
||||
|
||||
} // end getGlobalAdmin
|
||||
|
||||
public static List getCommunityReadList()
|
||||
{
|
||||
if (commreadlist_rc==null)
|
||||
{ // create the returned list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.addAll(global_low);
|
||||
rc.addAll(comm_low);
|
||||
rc.add(unrestricted_user);
|
||||
rc.addAll(comm_high);
|
||||
rc.add(global_high.get(0));
|
||||
rc.trimToSize();
|
||||
commreadlist_rc = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return commreadlist_rc;
|
||||
|
||||
} // end getCommunityReadList
|
||||
|
||||
public static List getCommunityWriteList()
|
||||
{
|
||||
if (commwritelist_rc==null)
|
||||
{ // build the return value
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.addAll(comm_high);
|
||||
rc.addAll(global_high);
|
||||
rc.trimToSize();
|
||||
commwritelist_rc = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return commwritelist_rc;
|
||||
|
||||
} // end getCommunityWriteList
|
||||
|
||||
public static List getCommunityCreateList()
|
||||
{
|
||||
if (commcreatelist_rc==null)
|
||||
{ // create the return list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.add(global_low.get(global_low.size()-1));
|
||||
rc.addAll(comm_low);
|
||||
rc.add(unrestricted_user);
|
||||
rc.addAll(comm_high);
|
||||
rc.add(global_high.get(0));
|
||||
rc.trimToSize();
|
||||
commcreatelist_rc = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return commcreatelist_rc;
|
||||
|
||||
} // end getCommunityCreateList
|
||||
|
||||
public static List getCommunityDeleteList()
|
||||
{
|
||||
if (commdeletelist_rc==null)
|
||||
{ // create the return list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.addAll(comm_high);
|
||||
rc.addAll(global_high);
|
||||
rc.add(no_access);
|
||||
rc.trimToSize();
|
||||
commdeletelist_rc = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return commdeletelist_rc;
|
||||
|
||||
} // end getCommunityDeleteList
|
||||
|
||||
public static List getCommunityJoinList()
|
||||
{
|
||||
if (commjoinlist_rc==null)
|
||||
commjoinlist_rc = Collections.unmodifiableList(global_low);
|
||||
return commjoinlist_rc;
|
||||
|
||||
} // end getCommunityJoinList
|
||||
|
||||
public static List getCommunityMemberLevelChoices()
|
||||
{
|
||||
if (comm_member_levels==null)
|
||||
{ // figure out the member levels list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.add(not_in_list);
|
||||
rc.addAll(global_low);
|
||||
rc.addAll(comm_low);
|
||||
rc.add(unrestricted_user);
|
||||
rc.addAll(comm_high);
|
||||
rc.remove(rc.size()-1);
|
||||
rc.trimToSize();
|
||||
comm_member_levels = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return comm_member_levels;
|
||||
|
||||
} // end getCommunityMemberLevelChoices
|
||||
|
||||
public static Role getCommunityHostRole()
|
||||
{
|
||||
return comm_host;
|
||||
|
||||
} // end getCommunityHostRole
|
||||
|
||||
public static List getConferenceReadList()
|
||||
{
|
||||
if (confreadlist_rc==null)
|
||||
|
@ -399,23 +282,6 @@ public class Role implements Comparable, SecLevels
|
|||
|
||||
} // end getConferenceMemberLevelChoices
|
||||
|
||||
public static List getNewCommunityLevelChoices()
|
||||
{
|
||||
if (new_comm_list_rc==null)
|
||||
{ // precalculate the list
|
||||
ArrayList rc = new ArrayList();
|
||||
rc.add(global_low.get(global_low.size()-1));
|
||||
rc.add(unrestricted_user);
|
||||
rc.addAll(global_high);
|
||||
rc.trimToSize();
|
||||
new_comm_list_rc = Collections.unmodifiableList(rc);
|
||||
|
||||
} // end if
|
||||
|
||||
return new_comm_list_rc;
|
||||
|
||||
} // end getNewCommunityLevelChoices
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static initializer
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -423,13 +289,9 @@ public class Role implements Comparable, SecLevels
|
|||
|
||||
static
|
||||
{ // begin initializing the "all roles" map
|
||||
all_roles = new HashMap();
|
||||
not_in_list = new Role(0,"(not in list)");
|
||||
all_roles.put(new Integer(0),not_in_list);
|
||||
no_access = new Role(NO_ACCESS,"No Access");
|
||||
all_roles.put(new Integer(NO_ACCESS),no_access);
|
||||
unrestricted_user = new Role(UNRESTRICTED_USER,"'Unrestricted' User");
|
||||
all_roles.put(new Integer(UNRESTRICTED_USER),unrestricted_user);
|
||||
|
||||
Role tmp;
|
||||
|
||||
|
@ -437,63 +299,50 @@ public class Role implements Comparable, SecLevels
|
|||
global_low = new ArrayList(3);
|
||||
tmp = new Role(GLOBAL_ANONYMOUS,"Anonymous User");
|
||||
global_low.add(tmp);
|
||||
all_roles.put(new Integer(GLOBAL_ANONYMOUS),tmp);
|
||||
tmp = new Role(GLOBAL_UNVERIFIED,"Unauthenticated User");
|
||||
global_low.add(tmp);
|
||||
all_roles.put(new Integer(GLOBAL_UNVERIFIED),tmp);
|
||||
tmp = new Role(GLOBAL_NORMAL,"Normal User");
|
||||
global_low.add(tmp);
|
||||
all_roles.put(new Integer(GLOBAL_NORMAL),tmp);
|
||||
global_low.trimToSize();
|
||||
|
||||
// initialize the "global highband" vector
|
||||
global_high = new ArrayList(3);
|
||||
tmp = new Role(GLOBAL_ANYADMIN,"Any System Administrator");
|
||||
global_high.add(tmp);
|
||||
all_roles.put(new Integer(GLOBAL_ANYADMIN),tmp);
|
||||
tmp = new Role(GLOBAL_PFY,"System Assistant Administrator");
|
||||
global_high.add(tmp);
|
||||
all_roles.put(new Integer(GLOBAL_PFY),tmp);
|
||||
global_admin = new Role(GLOBAL_BOFH,"Global System Administrator");
|
||||
global_high.add(global_admin);
|
||||
all_roles.put(new Integer(GLOBAL_BOFH),global_admin);
|
||||
global_high.trimToSize();
|
||||
|
||||
// initialize the "community lowband" vector
|
||||
comm_low = new ArrayList(1);
|
||||
tmp = new Role(COMM_MEMBER,"Community Member");
|
||||
comm_low.add(tmp);
|
||||
all_roles.put(new Integer(COMM_MEMBER),tmp);
|
||||
comm_low.trimToSize();
|
||||
|
||||
// initialize the "communtiy highband" vector
|
||||
comm_high = new ArrayList(3);
|
||||
tmp = new Role(COMM_ANYADMIN,"Any Community Administrator");
|
||||
comm_high.add(tmp);
|
||||
all_roles.put(new Integer(COMM_ANYADMIN),tmp);
|
||||
tmp = new Role(COMM_COHOST,"Community Co-Host");
|
||||
comm_high.add(tmp);
|
||||
all_roles.put(new Integer(COMM_COHOST),tmp);
|
||||
comm_host = new Role(COMM_HOST,"Community Host");
|
||||
comm_high.add(comm_host);
|
||||
all_roles.put(new Integer(COMM_HOST),comm_host);
|
||||
comm_high.trimToSize();
|
||||
|
||||
// initialize the "conference lowband" vector
|
||||
conf_low = new ArrayList(1);
|
||||
tmp = new Role(CONFERENCE_MEMBER,"Conference Member");
|
||||
conf_low.add(tmp);
|
||||
all_roles.put(new Integer(CONFERENCE_MEMBER),tmp);
|
||||
conf_low.trimToSize();
|
||||
|
||||
// initialize the "conference highband" vector
|
||||
conf_high = new ArrayList(2);
|
||||
tmp = new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator");
|
||||
conf_high.add(tmp);
|
||||
all_roles.put(new Integer(CONFERENCE_ANYADMIN),tmp);
|
||||
tmp = new Role(CONFERENCE_HOST,"Conference Host");
|
||||
conf_high.add(tmp);
|
||||
all_roles.put(new Integer(CONFERENCE_HOST),tmp);
|
||||
conf_high.trimToSize();
|
||||
|
||||
} // end static initializer
|
||||
|
|
225
src/com/silverwrist/venice/security/ScopeInfo.java
Normal file
225
src/com/silverwrist/venice/security/ScopeInfo.java
Normal file
|
@ -0,0 +1,225 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.security;
|
||||
|
||||
public final class ScopeInfo implements Cloneable, Comparable
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private static final int[] LB_LOW = // Scope values, lowband, low end of range
|
||||
{ 0, 2000, 4000, 6000, 8000, 10000, 12000, 14000, 16000, 18000, 20000, 22000, 24000, 26000, 28000,
|
||||
30000 };
|
||||
private static final int[] LB_HIGH = // Scope values, lowband, high end of range
|
||||
{ 1999, 3999, 5999, 7999, 9999, 11999, 13999, 15999, 17999, 19999, 21999, 23999, 25999, 27999, 29999,
|
||||
31999 };
|
||||
private static final int[] HB_LOW = // Scope values, highband, low end of range
|
||||
{ 63000, 61000, 59000, 57000, 55000, 53000, 51000, 49000, 47000, 45000, 43000, 41000, 39000, 37000,
|
||||
35000, 33000 };
|
||||
private static final int[] HB_HIGH = // Scope values, highband, high end of range
|
||||
{ 64999, 62999, 60999, 58999, 56999, 54999, 52999, 50999, 48999, 46999, 44999, 42999, 40999, 38999,
|
||||
36999, 34999 };
|
||||
|
||||
public static final int L_NOT_THERE = -1; // global "not there" constant
|
||||
public static final int L_UNRESTRICTED = 32500; // global "unrestricted user" constant
|
||||
public static final int L_NO_ACCESS = 65500; // global "no access" constant
|
||||
|
||||
public static final int BAND_WIDTH = 1999; // offset between "high and low" values within a band
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
int scope; // the scope value
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public ScopeInfo(int scope)
|
||||
{
|
||||
if ((scope<0) || (scope>=LB_LOW.length))
|
||||
throw new IndexOutOfBoundsException("invalid scope value");
|
||||
this.scope = scope;
|
||||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Overrides from class Object
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if ((o==null) || !(o instanceof ScopeInfo))
|
||||
return false;
|
||||
ScopeInfo other = (ScopeInfo)o;
|
||||
return (scope==other.scope);
|
||||
|
||||
} // end equals
|
||||
|
||||
public int hashCode()
|
||||
{
|
||||
return scope;
|
||||
|
||||
} // end hashCode
|
||||
|
||||
public String toString()
|
||||
{
|
||||
StringBuffer buf = new StringBuffer("{ScopeInfo(");
|
||||
buf.append(scope).append("): ranges [").append(LB_LOW[scope]).append('-').append(LB_HIGH[scope]);
|
||||
buf.append("], [").append(HB_LOW[scope]).append('-').append(HB_HIGH[scope]).append("]}");
|
||||
return buf.toString();
|
||||
|
||||
} // end toString
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface Comparable
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public int compareTo(Object o)
|
||||
{
|
||||
if (o==null)
|
||||
throw new NullPointerException("can't compare to a null object");
|
||||
ScopeInfo other = (ScopeInfo)o; // may throw ClassCastException - that's OK
|
||||
return scope - other.scope;
|
||||
|
||||
} // end compareTo
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public final int getScope()
|
||||
{
|
||||
return scope;
|
||||
|
||||
} // end getScope
|
||||
|
||||
public final int getLowBandLow()
|
||||
{
|
||||
return LB_LOW[scope];
|
||||
|
||||
} // end getLowBandLow
|
||||
|
||||
public final int getLowBandHigh()
|
||||
{
|
||||
return LB_HIGH[scope];
|
||||
|
||||
} // end getLowBandHigh
|
||||
|
||||
public final int getHighBandLow()
|
||||
{
|
||||
return HB_LOW[scope];
|
||||
|
||||
} // end getHighBandLow
|
||||
|
||||
public final int getHighBandHigh()
|
||||
{
|
||||
return HB_HIGH[scope];
|
||||
|
||||
} // end getHighBandHigh
|
||||
|
||||
public final int getLevel(boolean highband, int offset)
|
||||
{
|
||||
int rc;
|
||||
if (highband)
|
||||
{ // it's in the highband
|
||||
if (offset<0)
|
||||
{ // negative offset from high end of highband
|
||||
rc = HB_HIGH[scope] + offset;
|
||||
if (rc<HB_LOW[scope])
|
||||
throw new IllegalArgumentException("value out of scope");
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // positive offset from low end of highband
|
||||
rc = HB_LOW[scope] + offset;
|
||||
if (rc>HB_HIGH[scope])
|
||||
throw new IllegalArgumentException("value out of scope");
|
||||
|
||||
} // end else
|
||||
|
||||
} // end if (highband)
|
||||
else
|
||||
{ // it's in the lowband
|
||||
if (offset<0)
|
||||
{ // negative offset from high end of lowband
|
||||
rc = LB_HIGH[scope] + offset;
|
||||
if (rc<LB_LOW[scope])
|
||||
throw new IllegalArgumentException("value out of scope");
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // positive offset from low end of lowband
|
||||
rc = LB_LOW[scope] + offset;
|
||||
if (rc>LB_HIGH[scope])
|
||||
throw new IllegalArgumentException("value out of scope");
|
||||
|
||||
} // end else
|
||||
|
||||
} // end else (lowband)
|
||||
|
||||
return rc;
|
||||
|
||||
} // end getLevel
|
||||
|
||||
public final boolean isInScope(int value)
|
||||
{
|
||||
if ((value>=LB_LOW[scope]) && (value<=LB_HIGH[scope]))
|
||||
return true;
|
||||
if ((value>=HB_LOW[scope]) && (value<=HB_HIGH[scope]))
|
||||
return true;
|
||||
return false;
|
||||
|
||||
} // end isInScope
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* External static operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public static final boolean isValidScope(int s)
|
||||
{
|
||||
return ((s>=0) && (s<LB_LOW.length));
|
||||
|
||||
} // end isValidScope
|
||||
|
||||
public static final int getScopeOf(int value)
|
||||
{
|
||||
if ((value<LB_LOW[0]) || (value>HB_HIGH[0]))
|
||||
return -1; // quick test to eliminate most of the range
|
||||
|
||||
for (int i=0; i<LB_LOW.length; i++)
|
||||
{ // look in each scope in turn
|
||||
if ((value<=LB_HIGH[i]) || (value>=HB_LOW[i]))
|
||||
return i;
|
||||
|
||||
} // end for
|
||||
|
||||
return -1; // not in a scope
|
||||
|
||||
} // end getScopeOf
|
||||
|
||||
} // end class ScopeInfo
|
43
src/com/silverwrist/venice/security/SecurityMonitor.java
Normal file
43
src/com/silverwrist/venice/security/SecurityMonitor.java
Normal file
|
@ -0,0 +1,43 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.security;
|
||||
|
||||
import java.util.List;
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
|
||||
public interface SecurityMonitor
|
||||
{
|
||||
public abstract boolean testPermission(String symbol, int level, String errormsg) throws AccessError;
|
||||
|
||||
public abstract boolean testPermission(String symbol, int level);
|
||||
|
||||
public abstract boolean permissionDefined(String symbol, boolean no_follow);
|
||||
|
||||
public abstract List getRoleList(String symbol);
|
||||
|
||||
public abstract Role getRole(String symbol);
|
||||
|
||||
public abstract Role getRoleForLevel(int level);
|
||||
|
||||
public abstract Role getDefaultRole(String symbol);
|
||||
|
||||
public abstract ScopeInfo getScopeInfo();
|
||||
|
||||
public abstract String getID();
|
||||
|
||||
} // end interface SecurityMonitor
|
713
src/com/silverwrist/venice/security/StaticSecurityMonitor.java
Normal file
713
src/com/silverwrist/venice/security/StaticSecurityMonitor.java
Normal file
|
@ -0,0 +1,713 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
* (the "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
* language governing rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Venice Web Communities System.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*/
|
||||
package com.silverwrist.venice.security;
|
||||
|
||||
import java.util.*;
|
||||
import org.apache.log4j.*;
|
||||
import org.w3c.dom.*;
|
||||
import com.silverwrist.util.DOMElementHelper;
|
||||
import com.silverwrist.venice.core.AccessError;
|
||||
import com.silverwrist.venice.core.ConfigException;
|
||||
|
||||
public class StaticSecurityMonitor implements SecurityMonitor
|
||||
{
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Internal class for evaluating static permissions
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
final class StaticPermission
|
||||
{
|
||||
private Role role;
|
||||
private String message;
|
||||
|
||||
StaticPermission(Role role, String message)
|
||||
{
|
||||
this.role = role;
|
||||
this.message = message;
|
||||
|
||||
} // end constructor
|
||||
|
||||
final void test(int level, String errormessage) throws AccessError
|
||||
{
|
||||
if (!(role.isSatisfiedBy(level)))
|
||||
{ // the static permission test failed!
|
||||
logger.warn("Static permission test (level " + level + " vs. role " + role + ") failed");
|
||||
if (errormessage==null)
|
||||
errormessage = message;
|
||||
if (errormessage==null)
|
||||
errormessage = "Operation not permitted.";
|
||||
throw new AccessError(errormessage);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end test
|
||||
|
||||
final boolean test(int level)
|
||||
{
|
||||
return role.isSatisfiedBy(level);
|
||||
|
||||
} // end test
|
||||
|
||||
} // end class StaticPermission
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Static data members
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private static Category logger = Category.getInstance(StaticSecurityMonitor.class);
|
||||
|
||||
private static SecurityMonitor root_monitor = null;
|
||||
private static Map known_monitors = Collections.synchronizedMap(new HashMap());
|
||||
|
||||
private static int DEFAULT_SCOPE_OFFSET = 3;
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Attributes
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private String id; // the identity of this security monitor
|
||||
private ScopeInfo scope; // the scope of this security monitor
|
||||
private SecurityMonitor parent; // the parent of this security monitor
|
||||
private Map sym_to_role; // mapping of role symbols to roles
|
||||
private Map level_to_role; // mapping of role levels to roles
|
||||
private Map lists; // mapping of list symbols to lists
|
||||
private Map default_roles; // mapping of symbols to default values
|
||||
private Map static_permissions; // mapping of symbols to static permissions
|
||||
private Set dynamic_permissions; // set of defined dynamic permission names
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Constructor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public StaticSecurityMonitor(Element cfg) throws ConfigException
|
||||
{
|
||||
boolean set_root_monitor = false;
|
||||
|
||||
if (!(cfg.getTagName().equals("security-definition")))
|
||||
{ // not the right kind of element!
|
||||
logger.fatal("security monitor config is not a <security-definition/> element");
|
||||
throw new ConfigException("configuration must be a <security-definition/>",cfg);
|
||||
|
||||
} // end if
|
||||
|
||||
DOMElementHelper root_h = new DOMElementHelper(cfg);
|
||||
if (root_h.hasAttribute("id"))
|
||||
id = cfg.getAttribute("id");
|
||||
else
|
||||
{ // no id= attribute? that's bad!
|
||||
logger.fatal("security monitor has no id= attribute");
|
||||
throw new ConfigException("<security-definition/> must have an id= attribute",cfg);
|
||||
|
||||
} // end else
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("defining new StaticSecurityMonitor with id=" + id);
|
||||
|
||||
if (known_monitors.containsKey(id))
|
||||
{ // the monitor with this ID has already been defined!
|
||||
logger.fatal("security monitor with id=" + id + " is already defined!");
|
||||
throw new ConfigException("security monitor id=" + id + " is already defined!");
|
||||
|
||||
} // end if
|
||||
|
||||
if (root_h.hasAttribute("parent"))
|
||||
{ // find our parent
|
||||
String parent_id = cfg.getAttribute("parent");
|
||||
parent = (SecurityMonitor)(known_monitors.get(parent_id));
|
||||
if (parent==null)
|
||||
{ // no parent! that's bogus!
|
||||
logger.fatal("parent security monitor with id=" + parent_id + " does not exist!");
|
||||
throw new ConfigException("parent security monitor with id=" + parent_id + " does not exist!");
|
||||
|
||||
} // end if
|
||||
|
||||
int my_scope = parent.getScopeInfo().getScope();
|
||||
int my_offset = DEFAULT_SCOPE_OFFSET;
|
||||
if (root_h.hasAttribute("offset"))
|
||||
{ // get the offset value and compare it
|
||||
Integer tmp = root_h.getAttributeInt("offset");
|
||||
if (tmp==null)
|
||||
{ // the offset was not an integer value - bye now!
|
||||
logger.fatal("offset= value was not an integer");
|
||||
throw new ConfigException("offset= attribute of <security-definition/> must be an integer");
|
||||
|
||||
} // end if
|
||||
|
||||
my_offset = tmp.intValue();
|
||||
if (my_offset<1)
|
||||
{ // the offset must be greater than or equal to 1!
|
||||
logger.fatal("offset= value (" + my_offset + ") was out of range");
|
||||
throw new ConfigException("offset= attribute of <security-definition/> must be >= 1");
|
||||
|
||||
} // end if
|
||||
|
||||
} // end if
|
||||
|
||||
my_scope += my_offset;
|
||||
if (!(ScopeInfo.isValidScope(my_scope)))
|
||||
{ // resulting scope is out of range!
|
||||
logger.fatal("scope for id=" + id + " comes out to " + my_scope + ", and that's not in range");
|
||||
throw new ConfigException("scope for security monitor id=" + id + " is out of range!");
|
||||
|
||||
} // end if
|
||||
|
||||
// allocate a scope info object with the new scope
|
||||
scope = new ScopeInfo(my_scope);
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // this must be the root security monitor!
|
||||
if (root_monitor!=null)
|
||||
{ // but we already have a root - can't be two roots!
|
||||
logger.fatal("trying to define root security monitor but we already have one");
|
||||
throw new ConfigException("root security monitor is already defined!");
|
||||
|
||||
} // end if
|
||||
|
||||
// we are the root security monitor...we live at scope 0, our parent is the primordial monitor
|
||||
set_root_monitor = true;
|
||||
scope = new ScopeInfo(0);
|
||||
parent = PrimordialSecurityMonitor.get();
|
||||
|
||||
} // end else
|
||||
|
||||
// get the defined roles
|
||||
Element sect = root_h.getSubElement("defined-roles");
|
||||
NodeList nl;
|
||||
int i;
|
||||
if (sect!=null)
|
||||
{ // we need to define some roles here...
|
||||
HashMap tmp_sym_to_role = new HashMap();
|
||||
HashMap tmp_level_to_role = new HashMap();
|
||||
nl = sect.getChildNodes();
|
||||
for (i=0; i<nl.getLength(); i++)
|
||||
{ // get each child node, see if it's a <role/>
|
||||
Node n = nl.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("role")))
|
||||
{ // create the role and add it to the temporary
|
||||
Role r = createRole((Element)n);
|
||||
tmp_sym_to_role.put(r.getSymbol(),r);
|
||||
tmp_level_to_role.put(new Integer(r.getLevel()),r);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end for
|
||||
|
||||
if (tmp_sym_to_role.size()>0)
|
||||
{ // save these off as unmodifiable maps
|
||||
sym_to_role = Collections.unmodifiableMap(tmp_sym_to_role);
|
||||
level_to_role = Collections.unmodifiableMap(tmp_level_to_role);
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // nothing defined here!
|
||||
sym_to_role = Collections.EMPTY_MAP;
|
||||
level_to_role = Collections.EMPTY_MAP;
|
||||
|
||||
} // end else
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // I guess we don't define any roles!
|
||||
sym_to_role = Collections.EMPTY_MAP;
|
||||
level_to_role = Collections.EMPTY_MAP;
|
||||
|
||||
} // end else
|
||||
|
||||
// since lists may indirectly define default roles and permissions, create storage space for them
|
||||
HashMap tmp_default_roles = new HashMap();
|
||||
HashMap tmp_static_permissions = new HashMap();
|
||||
HashSet tmp_dynamic_permissions = new HashSet();
|
||||
|
||||
// get the defined role lists
|
||||
sect = root_h.getSubElement("defined-lists");
|
||||
if (sect!=null)
|
||||
{ // we need to define some role lists here!
|
||||
HashMap tmp_lists = new HashMap();
|
||||
nl = sect.getChildNodes();
|
||||
for (i=0; i<nl.getLength(); i++)
|
||||
{ // get each child node, see if it's a <list/>
|
||||
Node n = nl.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("list")))
|
||||
{ // create the role list and add it to the temporary map
|
||||
// but first, get the ID
|
||||
DOMElementHelper hn = new DOMElementHelper((Element)n);
|
||||
String list_id;
|
||||
if (hn.hasAttribute("id"))
|
||||
list_id = id + "." + hn.getElement().getAttribute("id");
|
||||
else
|
||||
{ // no id= attribute - can't do anything with this
|
||||
logger.fatal("<list/> element found with no id= attribute!");
|
||||
throw new ConfigException("no id= attribute on defined <list/> element",hn.getElement());
|
||||
|
||||
} // end else
|
||||
|
||||
// now actually build the list and insert it
|
||||
List rlist = buildList(hn.getElement(),list_id,tmp_default_roles,tmp_static_permissions,
|
||||
tmp_dynamic_permissions);
|
||||
tmp_lists.put(list_id,rlist);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end for
|
||||
|
||||
if (tmp_lists.size()>0)
|
||||
lists = Collections.unmodifiableMap(tmp_lists);
|
||||
else
|
||||
lists = Collections.EMPTY_MAP;
|
||||
|
||||
} // end if
|
||||
else // no lists defined here!
|
||||
lists = Collections.EMPTY_MAP;
|
||||
|
||||
// Get the additional defined default roles.
|
||||
sect = root_h.getSubElement("defaults");
|
||||
if (sect!=null)
|
||||
{ // get the nodes in the defaults section
|
||||
nl = sect.getChildNodes();
|
||||
for (i=0; i<nl.getLength(); i++)
|
||||
{ // pick out each one and process it if it's a <default/>
|
||||
Node n = nl.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("default")))
|
||||
processDefault((Element)n,tmp_default_roles);
|
||||
|
||||
} // end for
|
||||
|
||||
} // end if
|
||||
// else no more defined defaults
|
||||
|
||||
// Since that's it for the defaults, freeze the defaults list.
|
||||
if (tmp_default_roles.size()>0)
|
||||
default_roles = Collections.unmodifiableMap(tmp_default_roles);
|
||||
else
|
||||
default_roles = Collections.EMPTY_MAP;
|
||||
|
||||
// Get the defined permissions.
|
||||
sect = root_h.getSubElement("permissions");
|
||||
if (sect!=null)
|
||||
{ // get the nodes in the permissions section
|
||||
nl = sect.getChildNodes();
|
||||
for (i=0; i<nl.getLength(); i++)
|
||||
{ // pick out each one and process it if it's a <permission/>
|
||||
Node n = nl.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("permission")))
|
||||
processPermission((Element)n,tmp_static_permissions,tmp_dynamic_permissions);
|
||||
|
||||
} // end for
|
||||
|
||||
} // end if
|
||||
// else no more defined permissions
|
||||
|
||||
// That's now it for the permissions, so freeze those elements.
|
||||
if (tmp_static_permissions.size()>0)
|
||||
static_permissions = Collections.unmodifiableMap(tmp_static_permissions);
|
||||
else
|
||||
static_permissions = Collections.EMPTY_MAP;
|
||||
if (tmp_dynamic_permissions.size()>0)
|
||||
dynamic_permissions = Collections.unmodifiableSet(tmp_dynamic_permissions);
|
||||
else
|
||||
dynamic_permissions = Collections.EMPTY_SET;
|
||||
|
||||
// Finish up by adding ourselves to the known monitors list.
|
||||
known_monitors.put(id,this);
|
||||
if (set_root_monitor)
|
||||
root_monitor = this;
|
||||
|
||||
} // end constructor
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Internal operations
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private Role createRole(Element e) throws ConfigException
|
||||
{
|
||||
String symbol, text;
|
||||
int level;
|
||||
|
||||
DOMElementHelper h = new DOMElementHelper(e);
|
||||
if (h.hasAttribute("id"))
|
||||
symbol = id + "." + e.getAttribute("id"); // symbols get automagically scoped
|
||||
else
|
||||
{ // no role defined
|
||||
logger.fatal("<role/> defined with no id= attribute!");
|
||||
throw new ConfigException("no id= attribute for a <role/>",e);
|
||||
|
||||
} // end else
|
||||
|
||||
if (h.hasAttribute("value"))
|
||||
{ // get the value and parse it out
|
||||
String value_str = e.getAttribute("value").trim().toUpperCase();
|
||||
if (value_str.equals("LMIN"))
|
||||
level = scope.getLowBandLow();
|
||||
else if (value_str.equals("LMAX"))
|
||||
level = scope.getLowBandHigh();
|
||||
else if (value_str.equals("HMIN"))
|
||||
level = scope.getHighBandLow();
|
||||
else if (value_str.equals("HMAX"))
|
||||
level = scope.getHighBandHigh();
|
||||
else if ( value_str.startsWith("L+") || value_str.startsWith("L-") || value_str.startsWith("H+")
|
||||
|| value_str.startsWith("H-"))
|
||||
{ // take the characters following the 2-character prefix and convert them to an integer
|
||||
int offset;
|
||||
try
|
||||
{ // convert the value and make sure it's not less than 0
|
||||
offset = Integer.parseInt(value_str.substring(2));
|
||||
if (offset<0)
|
||||
{ // don't want it less than zero here!
|
||||
logger.fatal("offset value " + offset + " was out of range");
|
||||
throw new ConfigException("offset value= attribute for <role/> was out of range",e);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end try
|
||||
catch (NumberFormatException nfe)
|
||||
{ // not a numeric offset value
|
||||
logger.fatal("offset value \"" + value_str + "\" was not numeric");
|
||||
throw new ConfigException("offset value= attribute for <role/> was not properly numeric",e);
|
||||
|
||||
} // end catch
|
||||
|
||||
if (value_str.charAt(1)=='-')
|
||||
offset = -offset; // compute as negative offset
|
||||
try
|
||||
{ // now use the scope to compute the level!
|
||||
level = scope.getLevel((value_str.charAt(0)=='H'),offset);
|
||||
|
||||
} // end try
|
||||
catch (IllegalArgumentException iae)
|
||||
{ // we landed with a value outside the scope!
|
||||
logger.fatal("offset value \"" + value_str + "\" was not in the scope");
|
||||
throw new ConfigException("offset value= attribute for <role/> was not within the scope",e);
|
||||
|
||||
} // end catch
|
||||
|
||||
} // end else if
|
||||
else
|
||||
{ // just a straight numeric level
|
||||
try
|
||||
{ // parse it out and give it a scope check
|
||||
level = Integer.parseInt(value_str);
|
||||
if (!(scope.isInScope(level)))
|
||||
{ // not in the right scope - can't help you, pal!
|
||||
logger.fatal("level value \"" + level + "\" was not in the scope");
|
||||
throw new ConfigException("level value= attribute for <role/> was not within the scope",e);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end try
|
||||
catch (NumberFormatException nfe)
|
||||
{ // the level was not numeric
|
||||
logger.fatal("level value \"" + value_str + "\" was not numeric");
|
||||
throw new ConfigException("level value= attribute for <role/> was not properly numeric",e);
|
||||
|
||||
} // end catch
|
||||
|
||||
} // end else
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // no value defined for this role!
|
||||
logger.fatal("<role/> defined with no value= attribute!");
|
||||
throw new ConfigException("no value= attribute for a <role/>",e);
|
||||
|
||||
} // end else
|
||||
|
||||
// Get the text; default to the symbol name if it doesn't exist.
|
||||
text = h.getElementText();
|
||||
if (text==null)
|
||||
text = symbol;
|
||||
|
||||
// create the resulting role!
|
||||
return Role.create(level,text,symbol);
|
||||
|
||||
} // end createRole
|
||||
|
||||
private List buildList(Element elem, String listid, Map defaultrole, Map static_perm, Set dynamic_perm)
|
||||
throws ConfigException
|
||||
{
|
||||
DOMElementHelper h = new DOMElementHelper(elem);
|
||||
Element perm = h.getSubElement("permission");
|
||||
if (perm!=null)
|
||||
{ // there's a permission associated with this list, find out what it is
|
||||
DOMElementHelper ph = new DOMElementHelper(perm);
|
||||
if (ph.hasAttribute("role"))
|
||||
{ // look up the role and make sure it corresponds to one we know
|
||||
Role role = this.getRole(perm.getAttribute("role"));
|
||||
if (role==null)
|
||||
{ // role not present!
|
||||
logger.fatal("list <permission/> role (" + perm.getAttribute("role") + ") not defined");
|
||||
throw new ConfigException("<permission/> inside of <list/> did not use defined role!",perm);
|
||||
|
||||
} // end if
|
||||
|
||||
// create a new StaticPermission and add it to the mapping
|
||||
StaticPermission sp = new StaticPermission(role,ph.getElementText());
|
||||
static_perm.put(listid,sp);
|
||||
|
||||
} // end if
|
||||
else // this is a dynamic permission, add it to the set
|
||||
dynamic_perm.add(listid);
|
||||
|
||||
} // end if
|
||||
// else there's no problem
|
||||
|
||||
NodeList nl = elem.getChildNodes();
|
||||
ArrayList rc = new ArrayList(nl.getLength());
|
||||
boolean have_default = false;
|
||||
for (int i=0; i<nl.getLength(); i++)
|
||||
{ // look for list elements
|
||||
Node n = nl.item(i);
|
||||
if ((n.getNodeType()==Node.ELEMENT_NODE) && (n.getNodeName().equals("element")))
|
||||
{ // look at the attributes of this element node
|
||||
DOMElementHelper itmh = new DOMElementHelper((Element)n);
|
||||
Role r = null;
|
||||
if (itmh.hasAttribute("role"))
|
||||
{ // convert the string into a role
|
||||
r = this.getRole(itmh.getElement().getAttribute("role"));
|
||||
if (r==null)
|
||||
{ // the role is not defined!
|
||||
logger.fatal("list <element/> role (" + itmh.getElement().getAttribute("role") + ") not defined");
|
||||
throw new ConfigException("<element/> inside of <list/> did not use defined role!",
|
||||
itmh.getElement());
|
||||
|
||||
} // end if
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // no attribute present
|
||||
logger.fatal("<element/> defined with no role= attribute!");
|
||||
throw new ConfigException("no role= attribute for a list <element/>",itmh.getElement());
|
||||
|
||||
} // end else
|
||||
|
||||
rc.add(r); // add element to defining list
|
||||
if (itmh.hasAttribute("default"))
|
||||
{ // this is a default item...
|
||||
if (have_default)
|
||||
{ // but there can't be two defaults!
|
||||
logger.fatal("duplicate default= attributes in list <element/> nodes!");
|
||||
throw new ConfigException("duplicate default= attribute in list <element/>",itmh.getElement());
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // we have a default for the list now!
|
||||
defaultrole.put(listid,r);
|
||||
have_default = true;
|
||||
|
||||
} // end else
|
||||
|
||||
} // end if
|
||||
|
||||
} // end if
|
||||
|
||||
} // end for
|
||||
|
||||
// Final prep on the list prior to returning it.
|
||||
Collections.sort(rc);
|
||||
rc.trimToSize();
|
||||
return Collections.unmodifiableList(rc);
|
||||
|
||||
} // end buildlist
|
||||
|
||||
private void processDefault(Element elem, Map defaultrole) throws ConfigException
|
||||
{
|
||||
// Start by getting the default ID.
|
||||
DOMElementHelper h = new DOMElementHelper(elem);
|
||||
String def_id = null;
|
||||
if (h.hasAttribute("id"))
|
||||
def_id = id + "." + elem.getAttribute("id");
|
||||
else
|
||||
{ // no id defined!
|
||||
logger.fatal("<default/> defined with no id= attribute!");
|
||||
throw new ConfigException("no id= attribute for a <default/>",elem);
|
||||
|
||||
} // end else
|
||||
|
||||
Role r = null;
|
||||
if (h.hasAttribute("role"))
|
||||
{ // get the role associated with the item
|
||||
r = this.getRole(elem.getAttribute("role"));
|
||||
if (r==null)
|
||||
{ // no role found - this is an error!
|
||||
logger.fatal("<default/> role (" + elem.getAttribute("role") + ") not defined");
|
||||
throw new ConfigException("<default/> did not use defined role!",elem);
|
||||
|
||||
} // end if
|
||||
|
||||
} // end if
|
||||
else
|
||||
{ // no role defined!
|
||||
logger.fatal("<default/> defined with no id= attribute!");
|
||||
throw new ConfigException("no id= attribute for a <default/>",elem);
|
||||
|
||||
} // end else
|
||||
|
||||
defaultrole.put(def_id,r);
|
||||
|
||||
} // end processDefault
|
||||
|
||||
private void processPermission(Element elem, Map static_perm, Set dynamic_perm) throws ConfigException
|
||||
{
|
||||
// Start by getting the permission ID.
|
||||
DOMElementHelper h = new DOMElementHelper(elem);
|
||||
String perm_id = null;
|
||||
if (h.hasAttribute("id"))
|
||||
perm_id = id + "." + elem.getAttribute("id");
|
||||
else
|
||||
{ // no id defined!
|
||||
logger.fatal("<permission/> defined with no id= attribute!");
|
||||
throw new ConfigException("no id= attribute for a <permission/>",elem);
|
||||
|
||||
} // end else
|
||||
|
||||
if (h.hasAttribute("role"))
|
||||
{ // this is a static permission; try and get the associated role
|
||||
Role r = this.getRole(elem.getAttribute("role"));
|
||||
if (r==null)
|
||||
{ // no role found - this is an error!
|
||||
logger.fatal("<permission/> role (" + elem.getAttribute("role") + ") not defined");
|
||||
throw new ConfigException("<permission/> did not use defined role!",elem);
|
||||
|
||||
} // end if
|
||||
|
||||
// create static permission and add it
|
||||
StaticPermission sp = new StaticPermission(r,h.getElementText());
|
||||
static_perm.put(perm_id,sp);
|
||||
|
||||
} // end if
|
||||
else // this is a dynamic permission; just add to our set
|
||||
dynamic_perm.add(perm_id);
|
||||
|
||||
} // end processPermission
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface SecurityMonitor
|
||||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public boolean testPermission(String symbol, int level, String errormsg) throws AccessError
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("testPermission() got null symbol");
|
||||
StaticPermission sp = (StaticPermission)(static_permissions.get(symbol));
|
||||
if (sp==null)
|
||||
{ // permission not found here - NOTE! Do not call to parent unless we are at the root level, as
|
||||
// permission tests always follow the DYNAMIC chain, not the static one!
|
||||
if (scope.getScope()==0)
|
||||
return parent.testPermission(symbol,level,errormsg);
|
||||
else
|
||||
return false;
|
||||
|
||||
} // end if
|
||||
|
||||
sp.test(level,errormsg); // will throw AccessError on failure
|
||||
return true;
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean testPermission(String symbol, int level)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("testPermission() got null symbol");
|
||||
StaticPermission sp = (StaticPermission)(static_permissions.get(symbol));
|
||||
if (sp==null)
|
||||
{ // permission not found here - NOTE! Do not call to parent unless we are at the root level, as
|
||||
// permission tests always follow the DYNAMIC chain, not the static one!
|
||||
if (scope.getScope()==0)
|
||||
return parent.testPermission(symbol,level);
|
||||
else
|
||||
return false;
|
||||
|
||||
} // end if
|
||||
|
||||
return sp.test(level);
|
||||
|
||||
} // end testPermission
|
||||
|
||||
public boolean permissionDefined(String symbol, boolean no_follow)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("permissionDefined() got null symbol");
|
||||
if (static_permissions.containsKey(symbol) || dynamic_permissions.contains(symbol))
|
||||
return true;
|
||||
if (no_follow)
|
||||
return false;
|
||||
return parent.permissionDefined(symbol,false);
|
||||
|
||||
} // end permissionDefined
|
||||
|
||||
public List getRoleList(String symbol)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("getRoleList() got null symbol");
|
||||
List rc = (List)(lists.get(symbol));
|
||||
if (rc==null)
|
||||
rc = parent.getRoleList(symbol);
|
||||
return rc;
|
||||
|
||||
} // end getRoleList
|
||||
|
||||
public Role getRole(String symbol)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("getRole() got null symbol");
|
||||
Role rc = (Role)(sym_to_role.get(symbol));
|
||||
if (rc==null)
|
||||
rc = parent.getRole(symbol);
|
||||
return rc;
|
||||
|
||||
} // end getRole
|
||||
|
||||
public Role getRoleForLevel(int level)
|
||||
{
|
||||
Role rc = (Role)(level_to_role.get(new Integer(level)));
|
||||
if (rc==null)
|
||||
rc = parent.getRoleForLevel(level);
|
||||
return rc;
|
||||
|
||||
} // end getRoleForLevel
|
||||
|
||||
public Role getDefaultRole(String symbol)
|
||||
{
|
||||
if (symbol==null)
|
||||
throw new NullPointerException("getRole() got null symbol");
|
||||
Role rc = (Role)(default_roles.get(symbol));
|
||||
if (rc==null)
|
||||
rc = parent.getDefaultRole(symbol);
|
||||
return rc;
|
||||
|
||||
} // end getDefaultRole
|
||||
|
||||
public ScopeInfo getScopeInfo()
|
||||
{
|
||||
return scope;
|
||||
|
||||
} // end getScopeInfo
|
||||
|
||||
public String getID()
|
||||
{
|
||||
return id;
|
||||
|
||||
} // end getID
|
||||
|
||||
} // end class StaticSecurityMonitor
|
21
src/com/silverwrist/venice/security/sm.properties
Normal file
21
src/com/silverwrist/venice/security/sm.properties
Normal file
|
@ -0,0 +1,21 @@
|
|||
# The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
# (the "License"); you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
# WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
# language governing rights and limitations under the License.
|
||||
#
|
||||
# The Original Code is the Venice Web Communities System.
|
||||
#
|
||||
# The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
# for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
# Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
# -------------------------------------------------------------------------------------
|
||||
|
||||
# Names for the roles initialized by the primordial security monitor
|
||||
role.NoAccess.name=No Access
|
||||
role.NotInList.name=(not in list)
|
||||
role.UnrestrictedUser.name='Unrestricted' User
|
|
@ -61,14 +61,14 @@ public class CommunityAdmin extends VeniceServlet
|
|||
|
||||
} // end makeCommunityAdminTop
|
||||
|
||||
private EditCommunityProfileDialog makeEditCommunityProfileDialog() throws ServletException
|
||||
private EditCommunityProfileDialog makeEditCommunityProfileDialog(SecurityInfo sinf) throws ServletException
|
||||
{
|
||||
final String desired_name = "EditCommunityProfileDialog";
|
||||
DialogCache cache = DialogCache.getDialogCache(getServletContext());
|
||||
|
||||
if (!(cache.isCached(desired_name)))
|
||||
{ // create a template and save it off
|
||||
EditCommunityProfileDialog template = new EditCommunityProfileDialog();
|
||||
EditCommunityProfileDialog template = new EditCommunityProfileDialog(sinf);
|
||||
cache.saveTemplate(template);
|
||||
|
||||
} // end if
|
||||
|
@ -126,7 +126,7 @@ public class CommunityAdmin extends VeniceServlet
|
|||
} // end if
|
||||
|
||||
// construct the edit profile dialog and load it up for use
|
||||
EditCommunityProfileDialog dlg = makeEditCommunityProfileDialog();
|
||||
EditCommunityProfileDialog dlg = makeEditCommunityProfileDialog(comm.getSecurityInfo());
|
||||
|
||||
try
|
||||
{ // load the values for this dialog
|
||||
|
@ -393,7 +393,7 @@ public class CommunityAdmin extends VeniceServlet
|
|||
} // end if
|
||||
|
||||
// construct the edit profile dialog and load it up for use
|
||||
EditCommunityProfileDialog dlg = makeEditCommunityProfileDialog();
|
||||
EditCommunityProfileDialog dlg = makeEditCommunityProfileDialog(comm.getSecurityInfo());
|
||||
dlg.setupDialogBasic(engine,comm);
|
||||
|
||||
if (dlg.isButtonClicked(request,"cancel"))
|
||||
|
|
|
@ -75,14 +75,14 @@ public class SystemAdmin extends VeniceServlet
|
|||
|
||||
} // end makeAdminModifyUserDialog
|
||||
|
||||
private EditGlobalPropertiesDialog makeGlobalPropertiesDialog() throws ServletException
|
||||
private EditGlobalPropertiesDialog makeGlobalPropertiesDialog(SecurityInfo sinf) throws ServletException
|
||||
{
|
||||
final String desired_name = "EditGlobalPropertiesDialog";
|
||||
DialogCache cache = DialogCache.getDialogCache(getServletContext());
|
||||
|
||||
if (!(cache.isCached(desired_name)))
|
||||
{ // create a template and save it off
|
||||
EditGlobalPropertiesDialog template = new EditGlobalPropertiesDialog();
|
||||
EditGlobalPropertiesDialog template = new EditGlobalPropertiesDialog(sinf);
|
||||
cache.saveTemplate(template);
|
||||
|
||||
} // end if
|
||||
|
@ -186,7 +186,7 @@ public class SystemAdmin extends VeniceServlet
|
|||
AdminUserContext admuser = adm.getUserContext(Integer.parseInt(s_uid));
|
||||
|
||||
AdminModifyUserDialog dlg = makeAdminModifyUserDialog();
|
||||
dlg.setupDialog(adm.isGlobalAdmin(),admuser);
|
||||
dlg.setupDialog(adm,admuser);
|
||||
setMyLocation(request,"sysadmin?cmd=UM");
|
||||
return dlg;
|
||||
|
||||
|
@ -215,7 +215,7 @@ public class SystemAdmin extends VeniceServlet
|
|||
try
|
||||
{ // get the global properties
|
||||
AdminOperations adm = user.getAdminInterface();
|
||||
EditGlobalPropertiesDialog dlg = makeGlobalPropertiesDialog();
|
||||
EditGlobalPropertiesDialog dlg = makeGlobalPropertiesDialog(adm.getSecurityInfo());
|
||||
dlg.setupDialog(adm);
|
||||
setMyLocation(request,"sysadmin?cmd=G");
|
||||
return dlg;
|
||||
|
@ -301,7 +301,7 @@ public class SystemAdmin extends VeniceServlet
|
|||
} // end try
|
||||
catch (ValidationException ve)
|
||||
{ // this is a simple error
|
||||
dlg.resetOnError(adm.isGlobalAdmin(),admuser,ve.getMessage() + " Please try again.");
|
||||
dlg.resetOnError(adm,admuser,ve.getMessage() + " Please try again.");
|
||||
setMyLocation(request,"sysadmin?cmd=UM");
|
||||
return dlg;
|
||||
|
||||
|
@ -339,7 +339,7 @@ public class SystemAdmin extends VeniceServlet
|
|||
{ // "G" - Edit Global Properties
|
||||
try
|
||||
{ // get the dialog box
|
||||
EditGlobalPropertiesDialog dlg = makeGlobalPropertiesDialog();
|
||||
EditGlobalPropertiesDialog dlg = makeGlobalPropertiesDialog(engine.getSecurityInfo());
|
||||
|
||||
if (dlg.isButtonClicked(request,"cancel"))
|
||||
throw new RedirectResult("sysadmin"); // we decided not to bother - go back
|
||||
|
|
|
@ -42,7 +42,7 @@ public class AdminModifyUserDialog extends ContentDialog
|
|||
addFormField(new CDPasswordFormField("pass2","Password","(retype)",false,32,128));
|
||||
addFormField(new CDTextFormField("remind","Password reminder phrase",null,false,32,255));
|
||||
addFormField(new CDRoleListFormField("base_lvl","Base security level",null,true,
|
||||
Role.getBaseLevelChoices()));
|
||||
Collections.EMPTY_LIST));
|
||||
addFormField(new CDCheckBoxFormField("verify_email","E-mail address verified",null,"Y"));
|
||||
addFormField(new CDCheckBoxFormField("lockout","Account locked out",null,"Y"));
|
||||
addFormField(new CDFormCategoryHeader("Name"));
|
||||
|
@ -91,29 +91,23 @@ public class AdminModifyUserDialog extends ContentDialog
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
private void coreSetup(boolean is_global_admin, AdminUserContext admuser)
|
||||
private void coreSetup(AdminOperations ops, AdminUserContext admuser)
|
||||
{
|
||||
setSubtitle("User: " + admuser.getUserName());
|
||||
setHiddenField("uid",String.valueOf(admuser.getUID()));
|
||||
|
||||
CDPickListFormField level_field = (CDPickListFormField)modifyField("base_lvl");
|
||||
List role_list;
|
||||
if (is_global_admin)
|
||||
role_list = level_field.getChoicesList();
|
||||
else
|
||||
{ // not a global admin - deny user the right to select assistant admin choices
|
||||
role_list = Role.getBaseLevelChoices2();
|
||||
List role_list = ops.getAllowedRoleList();
|
||||
level_field.setChoicesList(role_list);
|
||||
|
||||
} // end else
|
||||
|
||||
// See if this level was found on the list.
|
||||
Role my_role = admuser.getBaseRole();
|
||||
boolean found = false;
|
||||
Iterator it = role_list.iterator();
|
||||
while (it.hasNext())
|
||||
{ // seek each role in turn
|
||||
Role r = (Role)(it.next());
|
||||
if (r.getLevel()==admuser.getBaseLevel())
|
||||
if (r.equals(my_role))
|
||||
{ // found it!
|
||||
found = true;
|
||||
break;
|
||||
|
@ -124,7 +118,7 @@ public class AdminModifyUserDialog extends ContentDialog
|
|||
|
||||
if (!found)
|
||||
{ // not in the list - set the defined "role list" to be a singleton of our current level
|
||||
role_list = Collections.singletonList(Role.getRoleForLevel(admuser.getBaseLevel()));
|
||||
role_list = Collections.singletonList(my_role);
|
||||
level_field.setChoicesList(role_list);
|
||||
|
||||
} // end if
|
||||
|
@ -172,9 +166,9 @@ public class AdminModifyUserDialog extends ContentDialog
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public void setupDialog(boolean is_global_admin, AdminUserContext admuser) throws DataException
|
||||
public void setupDialog(AdminOperations ops, AdminUserContext admuser) throws DataException
|
||||
{
|
||||
coreSetup(is_global_admin,admuser);
|
||||
coreSetup(ops,admuser);
|
||||
|
||||
setFieldValue("base_lvl",String.valueOf(admuser.getBaseLevel()));
|
||||
if (admuser.isEmailVerified())
|
||||
|
@ -281,9 +275,9 @@ public class AdminModifyUserDialog extends ContentDialog
|
|||
|
||||
} // end doDialog
|
||||
|
||||
public void resetOnError(boolean is_global_admin, AdminUserContext admuser, String message)
|
||||
public void resetOnError(AdminOperations ops, AdminUserContext admuser, String message)
|
||||
{
|
||||
coreSetup(is_global_admin,admuser);
|
||||
coreSetup(ops,admuser);
|
||||
setErrorMessage(message);
|
||||
setFieldValue("pass1",null);
|
||||
setFieldValue("pass2",null);
|
||||
|
|
|
@ -62,8 +62,9 @@ public class CommunityMembership implements JSPRender, SearchMode
|
|||
{
|
||||
this.engine = engine;
|
||||
this.comm = comm;
|
||||
this.role_choices = Role.getCommunityMemberLevelChoices();
|
||||
this.role_comm_host = Role.getCommunityHostRole();
|
||||
SecurityInfo sinf = comm.getSecurityInfo();
|
||||
this.role_choices = sinf.getRoleList("Community.UserLevels");
|
||||
this.role_comm_host = sinf.getRole("Community.Host");
|
||||
|
||||
} // end constructor
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ public class EditCommunityProfileDialog extends ContentDialog
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public EditCommunityProfileDialog()
|
||||
public EditCommunityProfileDialog(SecurityInfo sinf)
|
||||
{
|
||||
super("Edit Community Profile:",null,"commprofform","sigadmin");
|
||||
setHiddenField("cmd","P");
|
||||
|
@ -145,15 +145,15 @@ public class EditCommunityProfileDialog extends ContentDialog
|
|||
null,YES));
|
||||
addFormField(new CDSimplePickListFormField("hidemode","Community visibility",null,true,vec_hidemode,'|'));
|
||||
addFormField(new CDRoleListFormField("read_lvl","Security level required to read contents",null,true,
|
||||
Role.getCommunityReadList()));
|
||||
sinf.getRoleList("Community.Read")));
|
||||
addFormField(new CDRoleListFormField("write_lvl","Security level required to update profile",null,true,
|
||||
Role.getCommunityWriteList()));
|
||||
sinf.getRoleList("Community.Write")));
|
||||
addFormField(new CDRoleListFormField("create_lvl","Security level required to create new subobjects",
|
||||
null,true,Role.getCommunityCreateList()));
|
||||
null,true,sinf.getRoleList("Community.Create")));
|
||||
addFormField(new CDRoleListFormField("delete_lvl","Security level required to delete community",null,true,
|
||||
Role.getCommunityDeleteList()));
|
||||
sinf.getRoleList("Community.Delete")));
|
||||
addFormField(new CDRoleListFormField("join_lvl","Security level required to join community",null,true,
|
||||
Role.getCommunityJoinList()));
|
||||
sinf.getRoleList("Community.Join")));
|
||||
|
||||
addFormField(new CDFormCategoryHeader("Conferencing Options"));
|
||||
addFormField(new CDCheckBoxFormField("pic_in_post","Display user pictures next to posts in conferences",
|
||||
|
|
|
@ -31,7 +31,7 @@ public class EditGlobalPropertiesDialog extends ContentDialog
|
|||
*--------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public EditGlobalPropertiesDialog()
|
||||
public EditGlobalPropertiesDialog(SecurityInfo sinf)
|
||||
{
|
||||
super("Edit Global Properties",null,"globpropform","sysadmin");
|
||||
setHiddenField("cmd","G");
|
||||
|
@ -44,7 +44,7 @@ public class EditGlobalPropertiesDialog extends ContentDialog
|
|||
addFormField(new CDIntegerFormField("audit_recs","Number of audit records to display per page",
|
||||
null,10,500));
|
||||
addFormField(new CDRoleListFormField("create_lvl","Security level required to create a new community",
|
||||
null,true,Role.getNewCommunityLevelChoices()));
|
||||
null,true,sinf.getRoleList("Global.CreateCommunity")));
|
||||
|
||||
addFormField(new CDFormCategoryHeader("Community Properties"));
|
||||
addFormField(new CDIntegerFormField("comm_mbrs","Number of community members to display per page",
|
||||
|
|
Loading…
Reference in New Issue
Block a user