completed the transition to the new security architecture - the old stuff

has now been removed completely; the VeniceEngine is managing the conference
level SecurityMonitor for now
This commit is contained in:
Eric J. Bowersox 2001-11-18 22:14:12 +00:00
parent 5f966a6450
commit 9854ba1f76
21 changed files with 275 additions and 438 deletions

View File

@ -183,6 +183,107 @@
<permission id="ShowHiddenObjects" role="Community.AnyAdmin"/> <permission id="ShowHiddenObjects" role="Community.AnyAdmin"/>
</permissions> </permissions>
</security-definition> </security-definition>
<security-definition id="Conference" parent="Community"> <!-- will move eventually -->
<defined-roles>
<role id="Member" value="L+500">Conference Member</role>
<role id="AnyAdmin" value="HMIN">Any Conference Administrator</role>
<role id="Host" value="H+1500">Conference Host</role>
</defined-roles>
<defined-lists>
<list id="Read">
<permission/>
<element role="Global.Anonymous"/>
<element role="Global.Unverified"/>
<element role="Global.Normal"/>
<element role="Community.Member"/>
<element role="Conference.Member"/>
<element role="UnrestrictedUser"/>
</list>
<list id="Post">
<permission/>
<element role="Global.Anonymous"/>
<element role="Global.Unverified"/>
<element role="Global.Normal"/>
<element role="Community.Member"/>
<element role="Conference.Member"/>
<element role="UnrestrictedUser"/>
<element role="Conference.AnyAdmin"/>
<element role="Conference.Host"/>
</list>
<list id="Create">
<permission/>
<element role="Global.Anonymous"/>
<element role="Global.Unverified"/>
<element role="Global.Normal"/>
<element role="Community.Member"/>
<element role="Conference.Member"/>
<element role="UnrestrictedUser"/>
<element role="Conference.AnyAdmin"/>
<element role="Conference.Host"/>
</list>
<list id="Hide">
<permission/>
<element role="Conference.AnyAdmin"/>
<element role="Conference.Host" default="true"/>
<element role="Community.AnyAdmin"/>
<element role="Community.Cohost"/>
<element role="Community.Host"/>
<element role="Global.AnyAdmin"/>
</list>
<list id="Nuke">
<permission/>
<element role="Conference.AnyAdmin"/>
<element role="Conference.Host" default="true"/>
<element role="Community.AnyAdmin"/>
<element role="Community.Cohost"/>
<element role="Community.Host"/>
<element role="Global.AnyAdmin"/>
</list>
<list id="Change">
<permission/>
<element role="Conference.AnyAdmin"/>
<element role="Conference.Host" default="true"/>
<element role="Community.AnyAdmin"/>
<element role="Community.Cohost"/>
<element role="Community.Host"/>
<element role="Global.AnyAdmin"/>
</list>
<list id="Delete">
<permission/>
<element role="Community.AnyAdmin"/>
<element role="Community.Cohost" default="true"/>
<element role="Community.Host"/>
<element role="Global.AnyAdmin"/>
<element role="Global.PFY"/>
<element role="Global.BOFH"/>
<element role="NoAccess"/>
</list>
<list id="UserLevels">
<element role="NotInList"/>
<element role="Global.Anonymous"/>
<element role="Global.Unverified"/>
<element role="Global.Normal"/>
<element role="Community.Member"/>
<element role="Conference.Member"/>
<element role="UnrestrictedUser"/>
<element role="Conference.Host"/>
</list>
</defined-lists>
<defaults>
<default id="HostPrivs" role="Community.AnyAdmin"/>
<default id="NewUser" role="Conference.Member"/>
<default id="NewHost" role="Conference.Host"/>
<default id="Creator" role="Conference.Host"/>
<default id="Read.Public" role="Community.Member"/>
<default id="Read.Private" role="Conference.Member"/>
<default id="Post.Public" role="Community.Member"/>
<default id="Post.Private" role="Conference.Member"/>
<default id="Create.Public" role="Community.Member"/>
<default id="Create.Private" role="Conference.Member"/>
</defaults>
<permissions>
</permissions>
</security-definition>
</security> </security>
<!-- This section is used to configure electronic mail services. --> <!-- This section is used to configure electronic mail services. -->

View File

@ -23,8 +23,6 @@ public interface AdminOperations
{ {
public abstract SecurityInfo getSecurityInfo(); public abstract SecurityInfo getSecurityInfo();
public abstract boolean isGlobalAdmin();
public abstract List getAllowedRoleList(); public abstract List getAllowedRoleList();
public abstract List getAuditRecords(int offset, int count) throws DataException; public abstract List getAuditRecords(int offset, int count) throws DataException;

View File

@ -161,4 +161,6 @@ public interface ConferenceContext
public abstract void setProperties(ConferenceProperties props) throws DataException, AccessError; public abstract void setProperties(ConferenceProperties props) throws DataException, AccessError;
public abstract SecurityInfo getSecurityInfo();
} // end interface ConferenceContext } // end interface ConferenceContext

View File

@ -48,7 +48,7 @@ public final class GlobalProperties
conference_members_per_page = 50; conference_members_per_page = 50;
posts_on_front_page = 10; posts_on_front_page = 10;
audit_records_per_page = 100; audit_records_per_page = 100;
community_create_level = com.silverwrist.venice.security.SecLevels.GLOBAL_NORMAL; community_create_level = 1000; // this is actually the "normal user" security level
display_post_pictures = false; display_post_pictures = false;
} // end constructor } // end constructor

View File

@ -24,7 +24,6 @@ import com.silverwrist.venice.core.*;
import com.silverwrist.venice.core.internals.*; import com.silverwrist.venice.core.internals.*;
import com.silverwrist.venice.db.*; import com.silverwrist.venice.db.*;
import com.silverwrist.venice.security.AuditRecord; import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.SecLevels;
class AdminOperationsImpl implements AdminOperations class AdminOperationsImpl implements AdminOperations
{ {
@ -64,12 +63,6 @@ class AdminOperationsImpl implements AdminOperations
} // end getSecurityInfo } // end getSecurityInfo
public boolean isGlobalAdmin()
{
return (env.getUser().realBaseLevel()==SecLevels.GLOBAL_BOFH);
} // end isGlobalAdmin
public List getAllowedRoleList() public List getAllowedRoleList()
{ {
if (env.testPermission(EnvUser.PERM_DESIGNATEPFY)) if (env.testPermission(EnvUser.PERM_DESIGNATEPFY))

View File

@ -27,7 +27,6 @@ import com.silverwrist.venice.db.*;
import com.silverwrist.venice.core.*; import com.silverwrist.venice.core.*;
import com.silverwrist.venice.core.internals.*; import com.silverwrist.venice.core.internals.*;
import com.silverwrist.venice.security.AuditRecord; import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.DefaultLevels;
class CommunityCoreData implements CommunityData, CommunityDataBackend class CommunityCoreData implements CommunityData, CommunityDataBackend
{ {
@ -1493,7 +1492,8 @@ class CommunityCoreData implements CommunityData, CommunityDataBackend
host_uid); host_uid);
ConferenceData cdata = rcs.getConference(); ConferenceData cdata = rcs.getConference();
if (outer.getUserID()!=host_uid) // make the creating user a conference host too if (outer.getUserID()!=host_uid) // make the creating user a conference host too
cdata.setMembership(outer,outer.getUserID(),DefaultLevels.hostConference()); cdata.setMembership(outer,outer.getUserID(),
outer.getConferenceDefaultRole("Conference.Creator").getLevel());
// Wrap the returned ConferenceData object in a ConferenceCommunityContextImpl object. // Wrap the returned ConferenceData object in a ConferenceCommunityContextImpl object.
ConferenceCommunityContextImpl conf = ConferenceCommunityContextImpl conf =

View File

@ -25,7 +25,6 @@ import com.silverwrist.venice.core.*;
import com.silverwrist.venice.core.internals.*; import com.silverwrist.venice.core.internals.*;
import com.silverwrist.venice.db.*; import com.silverwrist.venice.db.*;
import com.silverwrist.venice.security.AuditRecord; import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.DefaultLevels;
import com.silverwrist.venice.security.Role; import com.silverwrist.venice.security.Role;
class CommunityUserContextImpl implements CommunityContext, CommunityBackend class CommunityUserContextImpl implements CommunityContext, CommunityBackend

View File

@ -25,7 +25,6 @@ import com.silverwrist.venice.core.*;
import com.silverwrist.venice.core.internals.*; import com.silverwrist.venice.core.internals.*;
import com.silverwrist.venice.db.*; import com.silverwrist.venice.db.*;
import com.silverwrist.venice.security.AuditRecord; import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.DefaultLevels;
class ConferenceCoreData implements ConferenceData class ConferenceCoreData implements ConferenceData
{ {
@ -113,7 +112,7 @@ class ConferenceCoreData implements ConferenceData
} // end constructor } // end constructor
protected ConferenceCoreData(EnvCommunityData env, int confid, java.util.Date created, boolean pvt, protected ConferenceCoreData(EnvCommunityData env, int confid, java.util.Date created, int[] levels,
String name, String descr) String name, String descr)
{ {
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
@ -122,13 +121,13 @@ class ConferenceCoreData implements ConferenceData
this.confid = confid; this.confid = confid;
this.create_date = created; this.create_date = created;
this.last_update = null; this.last_update = null;
this.read_level = DefaultLevels.newConferenceRead(pvt); this.read_level = levels[0];
this.post_level = DefaultLevels.newConferencePost(pvt); this.post_level = levels[1];
this.create_level = DefaultLevels.newConferenceCreate(pvt); this.create_level = levels[2];
this.hide_level = DefaultLevels.newConferenceHide(); this.hide_level = levels[3];
this.nuke_level = DefaultLevels.newConferenceNuke(); this.nuke_level = levels[4];
this.change_level = DefaultLevels.newConferenceChange(); this.change_level = levels[5];
this.delete_level = DefaultLevels.newConferenceDelete(); this.delete_level = levels[6];
this.top_topic = 0; this.top_topic = 0;
this.name = name; this.name = name;
this.description = descr; this.description = descr;
@ -361,8 +360,8 @@ class ConferenceCoreData implements ConferenceData
new StringBuffer("SELECT u.uid, u.username, u.description, c.given_name, c.family_name, " new StringBuffer("SELECT u.uid, u.username, u.description, c.given_name, c.family_name, "
+ "c.locality, c.region, c.country FROM users u, contacts c, confmember m " + "c.locality, c.region, c.country FROM users u, contacts c, confmember m "
+ "WHERE u.contactid = c.contactid AND u.uid = m.uid AND m.confid = "); + "WHERE u.contactid = c.contactid AND u.uid = m.uid AND m.confid = ");
sql.append(confid).append(" AND m.granted_lvl >= ").append(DefaultLevels.hostPrivsConference()); sql.append(confid).append(" AND m.granted_lvl >= ");
sql.append(" ORDER BY u.username;"); sql.append(env.getDefaultRole("Conference.HostPrivs").getLevel()).append(" ORDER BY u.username;");
// execute the query // execute the query
ResultSet rs = stmt.executeQuery(sql.toString()); ResultSet rs = stmt.executeQuery(sql.toString());
@ -1399,13 +1398,32 @@ class ConferenceCoreData implements ConferenceData
sql.append("INSERT INTO confs (createdate, read_lvl, post_lvl, create_lvl, hide_lvl, nuke_lvl, " sql.append("INSERT INTO confs (createdate, read_lvl, post_lvl, create_lvl, hide_lvl, nuke_lvl, "
+ "change_lvl, delete_lvl, name, descr) VALUES ('"); + "change_lvl, delete_lvl, name, descr) VALUES ('");
created = new java.util.Date(); created = new java.util.Date();
sql.append(SQLUtil.encodeDate(created)).append("', ").append(DefaultLevels.newConferenceRead(pvt)); int levels[] = new int[7];
sql.append(", ").append(DefaultLevels.newConferencePost(pvt)).append(", "); if (pvt)
sql.append(DefaultLevels.newConferenceCreate(pvt)).append(", "); { // load levels for private conference
sql.append(DefaultLevels.newConferenceHide()).append(", ").append(DefaultLevels.newConferenceNuke()); levels[0] = outer.getConferenceDefaultRole("Conference.Read.Private").getLevel();
sql.append(", ").append(DefaultLevels.newConferenceChange()).append(", "); levels[1] = outer.getConferenceDefaultRole("Conference.Post.Private").getLevel();
sql.append(DefaultLevels.newConferenceDelete()).append(", '").append(SQLUtil.encodeString(name)); levels[2] = outer.getConferenceDefaultRole("Conference.Create.Private").getLevel();
sql.append("', '").append(SQLUtil.encodeString(description)).append("');");
} // end if
else
{ // load levels for public conference
levels[0] = outer.getConferenceDefaultRole("Conference.Read.Public").getLevel();
levels[1] = outer.getConferenceDefaultRole("Conference.Post.Public").getLevel();
levels[2] = outer.getConferenceDefaultRole("Conference.Create.Public").getLevel();
} // end else
levels[3] = outer.getConferenceDefaultRole("Conference.Hide").getLevel();
levels[4] = outer.getConferenceDefaultRole("Conference.Nuke").getLevel();
levels[5] = outer.getConferenceDefaultRole("Conference.Change").getLevel();
levels[6] = outer.getConferenceDefaultRole("Conference.Delete").getLevel();
sql.append(SQLUtil.encodeDate(created)).append("', ").append(levels[0]).append(", ");
sql.append(levels[1]).append(", ").append(levels[2]).append(", ").append(levels[3]).append(", ");
sql.append(levels[4]).append(", ").append(levels[5]).append(", ").append(levels[6]);
sql.append(", '").append(SQLUtil.encodeString(name)).append("', '");
sql.append(SQLUtil.encodeString(description)).append("');");
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("SQL: " + sql.toString()); logger.debug("SQL: " + sql.toString());
stmt.executeUpdate(sql.toString()); stmt.executeUpdate(sql.toString());
@ -1436,14 +1454,15 @@ class ConferenceCoreData implements ConferenceData
// Make the specified UID the host of this new conference. // Make the specified UID the host of this new conference.
sql.setLength(0); sql.setLength(0);
sql.append("INSERT INTO confmember (confid, uid, granted_lvl) VALUES (").append(new_confid); sql.append("INSERT INTO confmember (confid, uid, granted_lvl) VALUES (").append(new_confid);
sql.append(", ").append(host_uid).append(", ").append(DefaultLevels.hostConference()).append(");"); sql.append(", ").append(host_uid).append(", ");
sql.append(outer.getConferenceDefaultRole("Conference.NewHost").getLevel()).append(");");
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("SQL: " + sql.toString()); logger.debug("SQL: " + sql.toString());
stmt.executeUpdate(sql.toString()); stmt.executeUpdate(sql.toString());
// Create a new ConferenceCoreData object representing this conference and register it with the // Create a new ConferenceCoreData object representing this conference and register it with the
// engine's conference data object cache. // engine's conference data object cache.
conf = new ConferenceCoreData(env,new_confid,created,pvt,name,description); conf = new ConferenceCoreData(env,new_confid,created,levels,name,description);
conf.newProperties(conn); conf.newProperties(conn);
} // end try } // end try

View File

@ -24,7 +24,7 @@ import com.silverwrist.venice.core.*;
import com.silverwrist.venice.core.internals.*; import com.silverwrist.venice.core.internals.*;
import com.silverwrist.venice.db.*; import com.silverwrist.venice.db.*;
import com.silverwrist.venice.htmlcheck.*; import com.silverwrist.venice.htmlcheck.*;
import com.silverwrist.venice.security.DefaultLevels; import com.silverwrist.venice.security.Role;
class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
{ {
@ -155,7 +155,7 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
private static Category logger = Category.getInstance(ConferenceUserContextImpl.class.getName()); private static Category logger = Category.getInstance(ConferenceUserContextImpl.class);
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Attributes * Attributes
@ -192,11 +192,12 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
ConferenceUserContextImpl(EnvCommunity env, ConferenceCommunityContext cdata) throws DataException ConferenceUserContextImpl(EnvCommunity env, ConferenceCommunityContext cdata) throws DataException
{ {
this.env = new EnvConference(env,this); EnvConference new_env = new EnvConference(env,this);
this.env = new_env;
this.confid = cdata.getConfID(); this.confid = cdata.getConfID();
this.cache = null; this.cache = null;
this.confdata = cdata; this.confdata = cdata;
recalcLevel(DefaultLevels.hostConference()); recalcLevel(new_env.getDefaultRole("Conference.Creator").getLevel());
this.pseud = env.getUser().userDefaultPseud(); this.pseud = env.getUser().userDefaultPseud();
this.last_read = null; this.last_read = null;
this.last_post = null; this.last_post = null;
@ -647,7 +648,12 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
public void addMember(int uid, boolean as_host) throws DataException, AccessError public void addMember(int uid, boolean as_host) throws DataException, AccessError
{ {
setMembership(uid,(as_host ? DefaultLevels.hostConference() : DefaultLevels.memberConference())); Role r;
if (as_host)
r = env.getDefaultRole("Conference.NewHost");
else
r = env.getDefaultRole("Conference.NewUser");
setMembership(uid,r.getLevel());
} // end addMember } // end addMember
@ -1449,6 +1455,12 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
} // end setProperties } // end setProperties
public SecurityInfo getSecurityInfo()
{
return env.getSecurityInfo();
} // end getSecurityInfo
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Implementations from interface ConferenceBackend * Implementations from interface ConferenceBackend
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
@ -1593,6 +1605,12 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend
} // end createDecoderContext } // end createDecoderContext
public int env_getConfLevel()
{
return level;
} // end env_getConfLevel
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Static functions usable only from within the package * Static functions usable only from within the package
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------

View File

@ -410,6 +410,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
private OptionSet global_flags = new OptionSet(); // global option flags private OptionSet global_flags = new OptionSet(); // global option flags
private SecurityMonitor global_security; // the global security monitor private SecurityMonitor global_security; // the global security monitor
private SecurityMonitor community_security; // the community security monitor private SecurityMonitor community_security; // the community security monitor
private SecurityMonitor conference_security; // conference security monitor (will move eventually)
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Constructor * Constructor
@ -752,6 +753,8 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
global_security = sm; global_security = sm;
else if (sm.getID().equals("Community")) else if (sm.getID().equals("Community"))
community_security = sm; community_security = sm;
else if (sm.getID().equals("Conference"))
conference_security = sm;
} // end if } // end if
@ -2267,6 +2270,8 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
return global_security; return global_security;
if (selector==SM_COMMUNITY) if (selector==SM_COMMUNITY)
return community_security; return community_security;
if (selector==SM_CONFERENCE)
return conference_security;
return null; return null;
} // end env_getSecurityMonitor } // end env_getSecurityMonitor

View File

@ -47,4 +47,6 @@ public interface ConferenceBackend
public abstract PostLinkDecoderContext createDecoderContext(short topicid); public abstract PostLinkDecoderContext createDecoderContext(short topicid);
public abstract int env_getConfLevel();
} // end interface ConferenceBackend } // end interface ConferenceBackend

View File

@ -57,6 +57,7 @@ public interface EngineBackend
// Selectors for security monitors // Selectors for security monitors
public static final int SM_GLOBAL = 0; public static final int SM_GLOBAL = 0;
public static final int SM_COMMUNITY = 1; public static final int SM_COMMUNITY = 1;
public static final int SM_CONFERENCE = 2;
public abstract VeniceEngine getSelf(); public abstract VeniceEngine getSelf();

View File

@ -169,4 +169,10 @@ public class EnvCommunity extends EnvUser
} // end isLevelAdmin } // end isLevelAdmin
public final Role getConferenceDefaultRole(String symbol)
{
return getEngine().env_getSecurityMonitor(EngineBackend.SM_CONFERENCE).getDefaultRole(symbol);
} // end getCommunityDefaultRole
} // end class EnvCommunity } // end class EnvCommunity

View File

@ -17,8 +17,16 @@
*/ */
package com.silverwrist.venice.core.internals; package com.silverwrist.venice.core.internals;
import com.silverwrist.venice.core.AccessError;
import com.silverwrist.venice.security.SecurityMonitor;
public class EnvConference extends EnvCommunity public class EnvConference extends EnvCommunity
{ {
/*--------------------------------------------------------------------------------
* Static data members
*--------------------------------------------------------------------------------
*/
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Attributes * Attributes
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
@ -45,6 +53,42 @@ public class EnvConference extends EnvCommunity
} // end constructor } // end constructor
/*--------------------------------------------------------------------------------
* Overrides from class EnvEngine
*--------------------------------------------------------------------------------
*/
protected SecurityMonitor getStaticMonitor()
{
return getEngine().env_getSecurityMonitor(EngineBackend.SM_CONFERENCE);
} // end getStaticMonitor
/*--------------------------------------------------------------------------------
* Overrides from class EnvCommunity
*--------------------------------------------------------------------------------
*/
public boolean testPermission(String symbol, String errormsg) throws AccessError
{
SecurityMonitor sm = getStaticMonitor();
// TODO: test dynamic permissions
if (sm.testPermission(symbol,conf.env_getConfLevel(),errormsg))
return true;
return super.testPermission(symbol,errormsg);
} // end testPermission
public boolean testPermission(String symbol)
{
SecurityMonitor sm = getStaticMonitor();
// TODO: test dynamic permissions
if (sm.testPermission(symbol,conf.env_getConfLevel()))
return true;
return super.testPermission(symbol);
} // end testPermission
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* External operations * External operations
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------

View File

@ -17,6 +17,9 @@
*/ */
package com.silverwrist.venice.core.internals; package com.silverwrist.venice.core.internals;
import com.silverwrist.venice.core.AccessError;
import com.silverwrist.venice.security.SecurityMonitor;
public class EnvConferenceData extends EnvEngine public class EnvConferenceData extends EnvEngine
{ {
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
@ -36,4 +39,32 @@ public class EnvConferenceData extends EnvEngine
} // end constructor } // end constructor
/*--------------------------------------------------------------------------------
* Overrides from class EnvEngine
*--------------------------------------------------------------------------------
*/
protected SecurityMonitor getStaticMonitor()
{
return getEngine().env_getSecurityMonitor(EngineBackend.SM_CONFERENCE);
} // end getStaticMonitor
/*--------------------------------------------------------------------------------
* External operations
*--------------------------------------------------------------------------------
*/
public final boolean testPermission(String symbol, int level, String errormsg) throws AccessError
{
return getStaticMonitor().testPermission(symbol,level,errormsg);
} // end testPermission
public final boolean testPermission(String symbol, int level)
{
return getStaticMonitor().testPermission(symbol,level);
} // end testPermission
} // end class EnvConferenceData } // end class EnvConferenceData

View File

@ -1,82 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.security;
public class DefaultLevels implements SecLevels
{
public static int hostPrivsConference()
{
return CONFERENCE_ANYADMIN;
} // end hostPrivsConference
public static int memberConference()
{
return CONFERENCE_MEMBER;
} // end memberConference
public static int hostConference()
{
return CONFERENCE_HOST;
} // end hostConference
public static int newConferenceRead(boolean pvt)
{
return (pvt ? CONFERENCE_MEMBER : COMM_MEMBER);
} // end newConferenceRead
public static int newConferencePost(boolean pvt)
{
return (pvt ? CONFERENCE_MEMBER : COMM_MEMBER);
} // end newConferencePost
public static int newConferenceCreate(boolean pvt)
{
return (pvt ? CONFERENCE_MEMBER : COMM_MEMBER);
} // end newConferencePost
public static int newConferenceHide()
{
return CONFERENCE_HOST;
} // end newConferenceHide
public static int newConferenceNuke()
{
return CONFERENCE_HOST;
} // end newConferenceHide
public static int newConferenceChange()
{
return CONFERENCE_HOST;
} // end newConferenceHide
public static int newConferenceDelete()
{
return COMM_COHOST;
} // end newConferenceHide
} // end class DefaultLevels

View File

@ -19,39 +19,16 @@ package com.silverwrist.venice.security;
import java.util.*; import java.util.*;
public final class Role implements Comparable, Cloneable, SecLevels public final class Role implements Comparable, Cloneable
{ {
/*--------------------------------------------------------------------------------
* Static data members
*--------------------------------------------------------------------------------
*/
private static Role not_in_list;
private static Role no_access;
private static Role unrestricted_user;
private static Role global_admin;
private static Role comm_host;
private static ArrayList global_low;
private static ArrayList global_high;
private static ArrayList comm_low;
private static ArrayList comm_high;
private static ArrayList conf_low;
private static ArrayList conf_high;
private static List confreadlist_rc = null;
private static List confpostlist_rc = null;
private static List confhidelist_rc = null;
private static List confdeletelist_rc = null;
private static List conf_member_levels = null;
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Attributes * Attributes
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
private int level; private int level; // access level in this role
private String name; private String name; // human-readable name
private String symbol; private String symbol; // programmatic symbol
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Constructors * Constructors
@ -162,189 +139,10 @@ public final class Role implements Comparable, Cloneable, SecLevels
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
public static final Role create(int level, String name, String symbol) static final Role create(int level, String name, String symbol)
{ {
return new Role(level,name,symbol); return new Role(level,name,symbol);
} // end create } // end create
/*--------------------------------------------------------------------------------
* External static operations which generate lists of roles
*--------------------------------------------------------------------------------
*/
public static List getConferenceReadList()
{
if (confreadlist_rc==null)
{ // precalculate the conference read list
ArrayList rc = new ArrayList();
rc.addAll(global_low);
rc.addAll(comm_low);
rc.addAll(conf_low);
rc.add(unrestricted_user);
rc.trimToSize();
confreadlist_rc = Collections.unmodifiableList(rc);
} // end if
return confreadlist_rc;
} // end getConferenceReadList
public static List getConferencePostList()
{
if (confpostlist_rc==null)
{ // precalculate the post list
ArrayList rc = new ArrayList();
rc.addAll(global_low);
rc.addAll(comm_low);
rc.addAll(conf_low);
rc.add(unrestricted_user);
rc.addAll(conf_high);
rc.trimToSize();
confpostlist_rc = Collections.unmodifiableList(rc);
} // end if
return confpostlist_rc;
} // return getConferencePostList
public static List getConferenceCreateList()
{
return getConferencePostList();
} // end getConferenceChangeList
public static List getConferenceHideList()
{
if (confhidelist_rc==null)
{ // precalculate the hide list
ArrayList rc = new ArrayList();
rc.addAll(conf_high);
rc.addAll(comm_high);
rc.add(global_high.get(0));
rc.trimToSize();
confhidelist_rc = Collections.unmodifiableList(rc);
} // end if
return confhidelist_rc;
} // end getConferenceHideList
public static List getConferenceNukeList()
{
return getConferenceHideList();
} // end getConferenceNukeList
public static List getConferenceChangeList()
{
return getConferenceHideList();
} // end getConferenceChangeList
public static List getConferenceDeleteList()
{
if (confdeletelist_rc==null)
{ // precalculate the delete list
ArrayList rc = new ArrayList();
rc.addAll(comm_high);
rc.addAll(global_high);
rc.add(no_access);
rc.trimToSize();
confdeletelist_rc = Collections.unmodifiableList(rc);
} // end if
return confdeletelist_rc;
} // end getConferenceDeleteList
public static List getConferenceMemberLevelChoices()
{
if (conf_member_levels==null)
{ // precalculate the list
ArrayList rc = new ArrayList();
rc.add(not_in_list);
rc.addAll(global_low);
rc.addAll(comm_low);
rc.addAll(conf_low);
rc.add(unrestricted_user);
rc.add(conf_high.get(conf_high.size()-1));
rc.trimToSize();
conf_member_levels = Collections.unmodifiableList(rc);
} // end if
return conf_member_levels;
} // end getConferenceMemberLevelChoices
/*--------------------------------------------------------------------------------
* Static initializer
*--------------------------------------------------------------------------------
*/
static
{ // begin initializing the "all roles" map
not_in_list = new Role(0,"(not in list)");
no_access = new Role(NO_ACCESS,"No Access");
unrestricted_user = new Role(UNRESTRICTED_USER,"'Unrestricted' User");
Role tmp;
// initialize the "global lowband" vector
global_low = new ArrayList(3);
tmp = new Role(GLOBAL_ANONYMOUS,"Anonymous User");
global_low.add(tmp);
tmp = new Role(GLOBAL_UNVERIFIED,"Unauthenticated User");
global_low.add(tmp);
tmp = new Role(GLOBAL_NORMAL,"Normal User");
global_low.add(tmp);
global_low.trimToSize();
// initialize the "global highband" vector
global_high = new ArrayList(3);
tmp = new Role(GLOBAL_ANYADMIN,"Any System Administrator");
global_high.add(tmp);
tmp = new Role(GLOBAL_PFY,"System Assistant Administrator");
global_high.add(tmp);
global_admin = new Role(GLOBAL_BOFH,"Global System Administrator");
global_high.add(global_admin);
global_high.trimToSize();
// initialize the "community lowband" vector
comm_low = new ArrayList(1);
tmp = new Role(COMM_MEMBER,"Community Member");
comm_low.add(tmp);
comm_low.trimToSize();
// initialize the "communtiy highband" vector
comm_high = new ArrayList(3);
tmp = new Role(COMM_ANYADMIN,"Any Community Administrator");
comm_high.add(tmp);
tmp = new Role(COMM_COHOST,"Community Co-Host");
comm_high.add(tmp);
comm_host = new Role(COMM_HOST,"Community Host");
comm_high.add(comm_host);
comm_high.trimToSize();
// initialize the "conference lowband" vector
conf_low = new ArrayList(1);
tmp = new Role(CONFERENCE_MEMBER,"Conference Member");
conf_low.add(tmp);
conf_low.trimToSize();
// initialize the "conference highband" vector
conf_high = new ArrayList(2);
tmp = new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator");
conf_high.add(tmp);
tmp = new Role(CONFERENCE_HOST,"Conference Host");
conf_high.add(tmp);
conf_high.trimToSize();
} // end static initializer
} // end class Role } // end class Role

View File

@ -1,98 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Community System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.security;
public interface SecLevels
{
/**
* Indicates "no access" (not even to the global system administrator). Used as the
* "delete" level for the Administration Community, so it can't be accidentally deleted.
*/
public static final int NO_ACCESS = 65500;
/**
* Indicates a user with unrestricted access to all objects, but no admin privilege.
* (Above the "low bands" of all scopes, but below the "high bands" of any of them.)
*/
public static final int UNRESTRICTED_USER = 32500;
/**
* Indicates a user that has not logged in ("Anonymous Honyak"). Can be used as a
* permission level for communities and conferences to permit public reading and/or anonymous
* posting.
*/
public static final int GLOBAL_ANONYMOUS = 100;
/**
* Indicates a user that has been registered, but has not yet had their email address
* verified.
*/
public static final int GLOBAL_UNVERIFIED = 500;
/**
* Indicates a user that has registered and been verified. Can be used as a permission
* level for communities and conferences to permit reading and/or posting by nonmembers.
*/
public static final int GLOBAL_NORMAL = 1000;
/**
* The security level of the global system administrator ("Administrator" account, sometimes
* known as the "BOFH" (Bastard Operator From Hell) account).
*/
public static final int GLOBAL_BOFH = 64999;
/**
* A security level for "assistant admin" accounts (sometimes known as "PFY" (Pimply-
* Faced Youth) accounts).
*/
public static final int GLOBAL_PFY = 64000;
/**
* A security level used to indicate any account with global admin privileges. Used
* to control access to the Administration community.
*/
public static final int GLOBAL_ANYADMIN = 63000;
/**
* The security level assigned to members of a community within that community.
*/
public static final int COMM_MEMBER = 6500;
/**
* The security level assigned to cohosts of a community within that community.
*/
public static final int COMM_COHOST = 58000;
/**
* The security level assigned to hosts of a community within that community.
*/
public static final int COMM_HOST = 58500;
/**
* A security level used to indicate any account with admin privileges over a specific community.
*/
public static final int COMM_ANYADMIN = 57000;
/**
* The maximum level in the "high band" of the community scope; used to test if a user already has
* maximum privs within the community (because of being an admin at global scope, perhaps).
*/
public static final int COMM_MAXADMIN = 58999;
/**
* The security level assigned to members of a (private) conference within that conference.
*/
public static final int CONFERENCE_MEMBER = 12500;
/**
* The security level assigned to hosts of a conference within that conference.
*/
public static final int CONFERENCE_HOST = 52500;
/**
* A security level used to indicate any account with admin privileges over a specific
* conference.
*/
public static final int CONFERENCE_ANYADMIN = 51000;
} // end interface SecLevels

View File

@ -61,14 +61,14 @@ public class ConfOperations extends VeniceServlet
} // end makeCreateConferenceDialog } // end makeCreateConferenceDialog
private EditConferenceDialog makeEditConferenceDialog() throws ServletException private EditConferenceDialog makeEditConferenceDialog(SecurityInfo sinf) throws ServletException
{ {
final String desired_name = "EditConferenceDialog"; final String desired_name = "EditConferenceDialog";
DialogCache cache = DialogCache.getDialogCache(getServletContext()); DialogCache cache = DialogCache.getDialogCache(getServletContext());
if (!(cache.isCached(desired_name))) if (!(cache.isCached(desired_name)))
{ // create a template and save it off { // create a template and save it off
EditConferenceDialog template = new EditConferenceDialog(); EditConferenceDialog template = new EditConferenceDialog(sinf);
cache.saveTemplate(template); cache.saveTemplate(template);
} // end if } // end if
@ -416,7 +416,7 @@ public class ConfOperations extends VeniceServlet
on_error); on_error);
// create and return the Edit Conference dialog // create and return the Edit Conference dialog
EditConferenceDialog dlg = makeEditConferenceDialog(); EditConferenceDialog dlg = makeEditConferenceDialog(conf.getSecurityInfo());
try try
{ // set up and return the dialog { // set up and return the dialog
dlg.setupDialog(comm,conf); dlg.setupDialog(comm,conf);
@ -825,7 +825,7 @@ public class ConfOperations extends VeniceServlet
on_error); on_error);
// create the dialog class // create the dialog class
EditConferenceDialog dlg = makeEditConferenceDialog(); EditConferenceDialog dlg = makeEditConferenceDialog(conf.getSecurityInfo());
if (dlg.isButtonClicked(request,"cancel")) if (dlg.isButtonClicked(request,"cancel"))
throw new RedirectResult(on_error); // they chickened out - go back to the conference list throw new RedirectResult(on_error); // they chickened out - go back to the conference list

View File

@ -63,7 +63,7 @@ public class ConferenceMembership implements JSPRender, SearchMode
this.engine = engine; this.engine = engine;
this.comm = comm; this.comm = comm;
this.conf = conf; this.conf = conf;
this.role_choices = Role.getConferenceMemberLevelChoices(); this.role_choices = conf.getSecurityInfo().getRoleList("Conference.UserLevels");
} // end constructor } // end constructor

View File

@ -37,7 +37,7 @@ public class EditConferenceDialog extends ContentDialog
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
public EditConferenceDialog() public EditConferenceDialog(SecurityInfo sinf)
{ {
super("Edit Conference:",null,"editconfform","confops"); super("Edit Conference:",null,"editconfform","confops");
setHiddenField("cmd","E"); setHiddenField("cmd","E");
@ -51,26 +51,26 @@ public class EditConferenceDialog extends ContentDialog
null,YES)); null,YES));
addFormField(new CDFormCategoryHeader("Security Information")); addFormField(new CDFormCategoryHeader("Security Information"));
addFormField(new CDRoleListFormField("read_lvl","Security level required to read conference",null,true, addFormField(new CDRoleListFormField("read_lvl","Security level required to read conference",null,true,
Role.getConferenceReadList())); sinf.getRoleList("Conference.Read")));
addFormField(new CDRoleListFormField("post_lvl","Security level required to post to conference",null,true, addFormField(new CDRoleListFormField("post_lvl","Security level required to post to conference",null,true,
Role.getConferencePostList())); sinf.getRoleList("Conference.Post")));
addFormField(new CDRoleListFormField("create_lvl", addFormField(new CDRoleListFormField("create_lvl",
"Security level required to create new topics in conference",null, "Security level required to create new topics in conference",null,
true,Role.getConferenceCreateList())); true,sinf.getRoleList("Conference.Create")));
addFormField(new CDRoleListFormField("hide_lvl", addFormField(new CDRoleListFormField("hide_lvl",
"Security level required to archive or freeze topics", "Security level required to archive or freeze topics",
"(or to hide posts of which you are not the owner)",true, "(or to hide posts of which you are not the owner)",true,
Role.getConferenceHideList())); sinf.getRoleList("Conference.Hide")));
addFormField(new CDRoleListFormField("nuke_lvl", addFormField(new CDRoleListFormField("nuke_lvl",
"Security level required to delete topics or nuke posts", "Security level required to delete topics or nuke posts",
"(or to scribble posts of which you are not the owner)",true, "(or to scribble posts of which you are not the owner)",true,
Role.getConferenceNukeList())); sinf.getRoleList("Conference.Nuke")));
addFormField(new CDRoleListFormField("change_lvl", addFormField(new CDRoleListFormField("change_lvl",
"Security level required to change conference attributes",null,true, "Security level required to change conference attributes",null,true,
Role.getConferenceChangeList())); sinf.getRoleList("Conference.Change")));
addFormField(new CDRoleListFormField("delete_lvl", addFormField(new CDRoleListFormField("delete_lvl",
"Security level required to delete conference",null,true, "Security level required to delete conference",null,true,
Role.getConferenceDeleteList())); sinf.getRoleList("Conference.Delete")));
addFormField(new CDFormCategoryHeader("Conference Properties")); addFormField(new CDFormCategoryHeader("Conference Properties"));
addFormField(new CDCheckBoxFormField("pic_in_post","Display users' pictures next to their posts", addFormField(new CDCheckBoxFormField("pic_in_post","Display users' pictures next to their posts",
"(user can override)",YES)); "(user can override)",YES));