[Major] Now exposing StrolchTransaction.assertHasPrivilege()
Enforcing privilege checking was a bad idea
This commit is contained in:
parent
1183000520
commit
e71b7b018b
|
|
@ -25,7 +25,6 @@ import li.strolch.model.activity.Activity;
|
|||
import li.strolch.model.query.ActivityQuery;
|
||||
import li.strolch.model.visitor.ActivityVisitor;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import li.strolch.utils.dbc.DBC;
|
||||
|
||||
/**
|
||||
|
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
|||
*/
|
||||
public class AuditingActivityMap extends AuditingElementMapFacade<Activity> implements ActivityMap {
|
||||
|
||||
public AuditingActivityMap(PrivilegeHandler privilegeHandler, ElementMap<Activity> elementMap,
|
||||
boolean observeAccessReads) {
|
||||
super(privilegeHandler, elementMap, observeAccessReads);
|
||||
public AuditingActivityMap(ElementMap<Activity> elementMap, boolean observeAccessReads) {
|
||||
super(elementMap, observeAccessReads);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@
|
|||
*/
|
||||
package li.strolch.agent.impl;
|
||||
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_PREFIX;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
|
@ -30,8 +28,6 @@ import li.strolch.model.StrolchRootElement;
|
|||
import li.strolch.model.parameter.StringListParameter;
|
||||
import li.strolch.model.parameter.StringParameter;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import li.strolch.runtime.privilege.TransactedRestrictable;
|
||||
import li.strolch.utils.dbc.DBC;
|
||||
|
||||
/**
|
||||
|
|
@ -53,7 +49,6 @@ import li.strolch.utils.dbc.DBC;
|
|||
*/
|
||||
public abstract class AuditingElementMapFacade<T extends StrolchRootElement> implements ElementMap<T> {
|
||||
|
||||
private PrivilegeHandler privilegeHandler;
|
||||
protected ElementMap<T> elementMap;
|
||||
|
||||
protected Set<T> read;
|
||||
|
|
@ -65,11 +60,8 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
|
||||
protected boolean observeAccessReads;
|
||||
|
||||
public AuditingElementMapFacade(PrivilegeHandler privilegeHandler, ElementMap<T> elementMap,
|
||||
boolean observeAccessReads) {
|
||||
DBC.PRE.assertNotNull("PrivilegeHandler must be set!", privilegeHandler); //$NON-NLS-1$
|
||||
public AuditingElementMapFacade(ElementMap<T> elementMap, boolean observeAccessReads) {
|
||||
DBC.PRE.assertNotNull("ElementMap must be set!", elementMap); //$NON-NLS-1$
|
||||
this.privilegeHandler = privilegeHandler;
|
||||
this.elementMap = elementMap;
|
||||
this.observeAccessReads = observeAccessReads;
|
||||
|
||||
|
|
@ -165,11 +157,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public T getBy(StrolchTransaction tx, String type, String id) {
|
||||
T element = this.elementMap.getBy(tx, type, id);
|
||||
|
||||
if (element != null)
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
|
||||
if (this.observeAccessReads && element != null)
|
||||
this.read.add(element);
|
||||
return element;
|
||||
|
|
@ -180,11 +167,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public T getBy(StrolchTransaction tx, String type, String id, boolean assertExists) throws StrolchException {
|
||||
T element = this.elementMap.getBy(tx, type, id, assertExists);
|
||||
|
||||
if (element != null)
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
|
||||
if (this.observeAccessReads && element != null)
|
||||
this.read.add(element);
|
||||
return element;
|
||||
|
|
@ -193,11 +175,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public T getBy(StrolchTransaction tx, String type, String id, int version) {
|
||||
T element = this.elementMap.getBy(tx, type, id, version);
|
||||
|
||||
if (element != null)
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
|
||||
if (this.observeAccessReads && element != null)
|
||||
this.read.add(element);
|
||||
return element;
|
||||
|
|
@ -207,11 +184,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
public T getBy(StrolchTransaction tx, String type, String id, int version, boolean assertExists)
|
||||
throws StrolchException {
|
||||
T element = this.elementMap.getBy(tx, type, id, version, assertExists);
|
||||
|
||||
if (element != null)
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
|
||||
if (this.observeAccessReads && element != null)
|
||||
this.read.add(element);
|
||||
return element;
|
||||
|
|
@ -220,11 +192,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public T getBy(StrolchTransaction tx, StringParameter refP, boolean assertExists) throws StrolchException {
|
||||
T element = this.elementMap.getBy(tx, refP, assertExists);
|
||||
|
||||
if (element != null)
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
|
||||
if (this.observeAccessReads && element != null)
|
||||
this.read.add(element);
|
||||
return element;
|
||||
|
|
@ -234,12 +201,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
public List<T> getBy(StrolchTransaction tx, StringListParameter refP, boolean assertExists)
|
||||
throws StrolchException {
|
||||
List<T> elements = this.elementMap.getBy(tx, refP, assertExists);
|
||||
|
||||
for (T element : elements) {
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
}
|
||||
|
||||
if (this.observeAccessReads && !elements.isEmpty())
|
||||
this.read.addAll(elements);
|
||||
return elements;
|
||||
|
|
@ -248,11 +209,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public List<T> getVersionsFor(StrolchTransaction tx, String type, String id) {
|
||||
List<T> versions = this.elementMap.getVersionsFor(tx, type, id);
|
||||
|
||||
if (!versions.isEmpty())
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate()).validateAction(new TransactedRestrictable(tx,
|
||||
PRIVILEGE_GET_PREFIX + getElementType(), versions.get(versions.size() - 1)));
|
||||
|
||||
if (this.observeAccessReads && !versions.isEmpty())
|
||||
this.read.add(versions.get(versions.size() - 1));
|
||||
return versions;
|
||||
|
|
@ -261,12 +217,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public List<T> getAllElements(StrolchTransaction tx) {
|
||||
List<T> elements = this.elementMap.getAllElements(tx);
|
||||
|
||||
for (T element : elements) {
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
}
|
||||
|
||||
if (this.observeAccessReads && !elements.isEmpty())
|
||||
this.read.addAll(elements);
|
||||
return elements;
|
||||
|
|
@ -275,12 +225,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
|||
@Override
|
||||
public List<T> getElementsBy(StrolchTransaction tx, String type) {
|
||||
List<T> elements = this.elementMap.getElementsBy(tx, type);
|
||||
|
||||
for (T element : elements) {
|
||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
||||
}
|
||||
|
||||
if (this.observeAccessReads && !elements.isEmpty())
|
||||
this.read.addAll(elements);
|
||||
return elements;
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import li.strolch.model.Tags;
|
|||
import li.strolch.model.query.OrderQuery;
|
||||
import li.strolch.model.visitor.OrderVisitor;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import li.strolch.utils.dbc.DBC;
|
||||
|
||||
/**
|
||||
|
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
|||
*/
|
||||
public class AuditingOrderMap extends AuditingElementMapFacade<Order> implements OrderMap {
|
||||
|
||||
public AuditingOrderMap(PrivilegeHandler privilegeHandler, ElementMap<Order> elementMap,
|
||||
boolean observeAccessReads) {
|
||||
super(privilegeHandler, elementMap, observeAccessReads);
|
||||
public AuditingOrderMap(ElementMap<Order> elementMap, boolean observeAccessReads) {
|
||||
super(elementMap, observeAccessReads);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import li.strolch.model.Tags;
|
|||
import li.strolch.model.query.ResourceQuery;
|
||||
import li.strolch.model.visitor.StrolchElementVisitor;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import li.strolch.utils.dbc.DBC;
|
||||
|
||||
/**
|
||||
|
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
|||
*/
|
||||
public class AuditingResourceMap extends AuditingElementMapFacade<Resource> implements ResourceMap {
|
||||
|
||||
public AuditingResourceMap(PrivilegeHandler privilegeHandler, ElementMap<Resource> elementMap,
|
||||
boolean observeAccessReads) {
|
||||
super(privilegeHandler, elementMap, observeAccessReads);
|
||||
public AuditingResourceMap(ElementMap<Resource> elementMap, boolean observeAccessReads) {
|
||||
super(elementMap, observeAccessReads);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -16,15 +16,6 @@
|
|||
package li.strolch.persistence.api;
|
||||
|
||||
import static li.strolch.model.Tags.AGENT;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_ACTIVITY;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_ORDER;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_RESOURCE;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ACTIVITY;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ORDER;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_RESOURCE;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_ACTIVITY;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_ORDER;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_RESOURCE;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -83,6 +74,7 @@ import li.strolch.model.query.StrolchQuery;
|
|||
import li.strolch.model.timedstate.StrolchTimedState;
|
||||
import li.strolch.model.timevalue.IValue;
|
||||
import li.strolch.model.visitor.ElementTypeVisitor;
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.privilege.model.PrivilegeContext;
|
||||
|
|
@ -324,7 +316,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
@Override
|
||||
public ResourceMap getResourceMap() {
|
||||
if (this.resourceMap == null) {
|
||||
this.resourceMap = new AuditingResourceMap(this.privilegeHandler, this.realm.getResourceMap(),
|
||||
this.resourceMap = new AuditingResourceMap(this.realm.getResourceMap(),
|
||||
this.realm.isAuditTrailEnabledForRead());
|
||||
}
|
||||
return this.resourceMap;
|
||||
|
|
@ -333,8 +325,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
@Override
|
||||
public OrderMap getOrderMap() {
|
||||
if (this.orderMap == null) {
|
||||
this.orderMap = new AuditingOrderMap(this.privilegeHandler, this.realm.getOrderMap(),
|
||||
this.realm.isAuditTrailEnabledForRead());
|
||||
this.orderMap = new AuditingOrderMap(this.realm.getOrderMap(), this.realm.isAuditTrailEnabledForRead());
|
||||
}
|
||||
return this.orderMap;
|
||||
}
|
||||
|
|
@ -342,7 +333,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
@Override
|
||||
public ActivityMap getActivityMap() {
|
||||
if (this.activityMap == null) {
|
||||
this.activityMap = new AuditingActivityMap(this.privilegeHandler, this.realm.getActivityMap(),
|
||||
this.activityMap = new AuditingActivityMap(this.realm.getActivityMap(),
|
||||
this.realm.isAuditTrailEnabledForRead());
|
||||
}
|
||||
return this.activityMap;
|
||||
|
|
@ -666,102 +657,71 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
return this.objectFilter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException {
|
||||
DBC.PRE.assertNotNull("operation must not be null", operation);
|
||||
DBC.PRE.assertNotNull("element must not be null", element);
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, operation.getPrivilegeName(element), element));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addResource(Resource resource) throws StrolchModelException {
|
||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_RESOURCE, resource));
|
||||
|
||||
DBC.PRE.assertFalse("resource already exists with id " + resource.getId(),
|
||||
getResourceMap().hasElement(this, resource.getType(), resource.getId()));
|
||||
|
||||
getObjectFilter().add(Tags.RESOURCE, resource);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addOrder(Order order) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("order must not be null", order);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_ORDER, order));
|
||||
|
||||
DBC.PRE.assertFalse("order already exists with id " + order.getId(),
|
||||
getOrderMap().hasElement(this, order.getType(), order.getId()));
|
||||
|
||||
getObjectFilter().add(Tags.ORDER, order);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addActivity(Activity activity) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_ACTIVITY, activity));
|
||||
|
||||
DBC.PRE.assertFalse("activity already exists with id " + activity.getId(),
|
||||
getActivityMap().hasElement(this, activity.getType(), activity.getId()));
|
||||
|
||||
getObjectFilter().add(Tags.ACTIVITY, activity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateResource(Resource resource) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_RESOURCE, resource));
|
||||
|
||||
getObjectFilter().update(Tags.RESOURCE, resource);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateOrder(Order order) {
|
||||
DBC.PRE.assertNotNull("order must not be null", order);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_ORDER, order));
|
||||
|
||||
getObjectFilter().update(Tags.ORDER, order);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateActivity(Activity activity) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_ACTIVITY, activity));
|
||||
|
||||
getObjectFilter().update(Tags.ACTIVITY, activity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeResource(Resource resource) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_RESOURCE, resource));
|
||||
|
||||
getObjectFilter().remove(Tags.RESOURCE, resource);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeOrder(Order order) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("order must not be null", order);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_ORDER, order));
|
||||
|
||||
getObjectFilter().remove(Tags.ORDER, order);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeActivity(Activity activity) throws StrolchException {
|
||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||
|
||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_ACTIVITY, activity));
|
||||
|
||||
getObjectFilter().remove(Tags.ACTIVITY, activity);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
package li.strolch.persistence.api;
|
||||
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_PREFIX;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_PREFIX;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_PREFIX;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_PREFIX;
|
||||
|
||||
import li.strolch.model.StrolchRootElement;
|
||||
|
||||
public enum Operation {
|
||||
GET(PRIVILEGE_GET_PREFIX), //
|
||||
ADD(PRIVILEGE_ADD_PREFIX), //
|
||||
UPDATE(PRIVILEGE_UPDATE_PREFIX), //
|
||||
REMOVE(PRIVILEGE_REMOVE_PREFIX);
|
||||
|
||||
private String privilegePrefix;
|
||||
|
||||
public String getPrivilegeName(StrolchRootElement element) {
|
||||
return this.privilegePrefix + element.getObjectType();
|
||||
}
|
||||
|
||||
private Operation(String privilegePrefix) {
|
||||
this.privilegePrefix = privilegePrefix;
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -49,6 +49,7 @@ import li.strolch.model.query.ResourceQuery;
|
|||
import li.strolch.model.visitor.ActivityVisitor;
|
||||
import li.strolch.model.visitor.OrderVisitor;
|
||||
import li.strolch.model.visitor.ResourceVisitor;
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.runtime.StrolchConstants;
|
||||
import li.strolch.service.api.Command;
|
||||
|
|
@ -1056,4 +1057,16 @@ public interface StrolchTransaction extends AutoCloseable {
|
|||
* if the activity is null
|
||||
*/
|
||||
public void removeActivity(Activity activity) throws StrolchException;
|
||||
|
||||
/**
|
||||
* Asserts that the current {@link Certificate} has access to the given element with the given operation
|
||||
*
|
||||
* @param operation
|
||||
* the operation to be performed
|
||||
* @param element
|
||||
* the element on which the operation is performed
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
*/
|
||||
public void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -101,18 +101,9 @@ public class StrolchConstants {
|
|||
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
||||
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
||||
|
||||
public static final String PRIVILEGE_ADD_RESOURCE = "AddResource";
|
||||
public static final String PRIVILEGE_UPDATE_RESOURCE = "UpdateResource";
|
||||
public static final String PRIVILEGE_REMOVE_RESOURCE = "RemoveResource";
|
||||
|
||||
public static final String PRIVILEGE_ADD_ORDER = "AddOrder";
|
||||
public static final String PRIVILEGE_UPDATE_ORDER = "UpdateOrder";
|
||||
public static final String PRIVILEGE_REMOVE_ORDER = "RemoveOrder";
|
||||
|
||||
public static final String PRIVILEGE_ADD_ACTIVITY = "AddActivity";
|
||||
public static final String PRIVILEGE_UPDATE_ACTIVITY = "UpdateActivity";
|
||||
public static final String PRIVILEGE_REMOVE_ACTIVITY = "RemoveActivity";
|
||||
|
||||
public static final String PRIVILEGE_ADD_PREFIX= "Add";
|
||||
public static final String PRIVILEGE_UPDATE_PREFIX= "Update";
|
||||
public static final String PRIVILEGE_REMOVE_PREFIX= "Remove";
|
||||
public static final String PRIVILEGE_GET_PREFIX= "Get";
|
||||
|
||||
public static final String INTERNAL = StrolchModelConstants.INTERNAL;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package li.strolch.runtime.privilege;
|
|||
import java.text.MessageFormat;
|
||||
|
||||
import li.strolch.model.StrolchRootElement;
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||
import li.strolch.privilege.model.IPrivilege;
|
||||
|
|
@ -20,7 +21,8 @@ public class ModelPrivilege implements PrivilegePolicy {
|
|||
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
||||
*/
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -81,6 +81,11 @@ public class Order extends AbstractStrolchRootElement implements StrolchRootElem
|
|||
setDate(date);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getObjectType() {
|
||||
return Tags.ORDER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasVersion() {
|
||||
return this.version != null;
|
||||
|
|
|
|||
|
|
@ -62,6 +62,11 @@ public class Resource extends AbstractStrolchRootElement implements StrolchRootE
|
|||
super(id, name, type);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getObjectType() {
|
||||
return Tags.RESOURCE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasVersion() {
|
||||
return this.version != null;
|
||||
|
|
|
|||
|
|
@ -26,6 +26,13 @@ import li.strolch.model.visitor.StrolchRootElementVisitor;
|
|||
*/
|
||||
public interface StrolchRootElement extends StrolchElement, PolicyContainer, ParameterBagContainer {
|
||||
|
||||
/**
|
||||
* Returns the object type
|
||||
*
|
||||
* @return the object type
|
||||
*/
|
||||
public String getObjectType();
|
||||
|
||||
/**
|
||||
* Set the type of this {@link StrolchRootElement}. Not that this method should only be called for new elements, not
|
||||
* if this element has already been persisted!
|
||||
|
|
|
|||
|
|
@ -83,6 +83,11 @@ public class Activity extends AbstractStrolchRootElement
|
|||
this.timeOrdering = timeOrdering;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getObjectType() {
|
||||
return Tags.ACTIVITY;
|
||||
}
|
||||
|
||||
public TimeOrdering getTimeOrdering() {
|
||||
return this.timeOrdering;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
|||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||
import li.strolch.privilege.model.IPrivilege;
|
||||
|
|
@ -38,7 +39,8 @@ public class DefaultPrivilege implements PrivilegePolicy {
|
|||
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
||||
*/
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -49,6 +49,6 @@ public interface PrivilegePolicy {
|
|||
* @throws AccessDeniedException
|
||||
* if action not allowed
|
||||
*/
|
||||
public abstract void validateAction(PrivilegeContext context, IPrivilege privilege, Restrictable restrictable)
|
||||
public void validateAction(PrivilegeContext context, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,20 @@ import li.strolch.utils.helper.StringHelper;
|
|||
*/
|
||||
public class PrivilegePolicyHelper {
|
||||
|
||||
public static String preValidate(IPrivilege privilege, Restrictable restrictable) {
|
||||
/**
|
||||
* Validates the given values and returns the privilege name
|
||||
*
|
||||
* @param privilege
|
||||
* the {@link IPrivilege}
|
||||
* @param restrictable
|
||||
* the {@link Restrictable}
|
||||
*
|
||||
* @return the privilege name
|
||||
*
|
||||
* @throws PrivilegeException
|
||||
* if something is wrong
|
||||
*/
|
||||
public static String preValidate(IPrivilege privilege, Restrictable restrictable) throws PrivilegeException {
|
||||
if (privilege == null)
|
||||
throw new PrivilegeException(PrivilegeMessages.getString("Privilege.privilegeNull")); //$NON-NLS-1$
|
||||
if (restrictable == null)
|
||||
|
|
@ -54,27 +67,42 @@ public class PrivilegePolicyHelper {
|
|||
}
|
||||
|
||||
/**
|
||||
* Validates privilege is granted by checking first if all is allows, then the deny values, then the allow values.
|
||||
* If the privilegeValue is in the deny list or not in the allow list, then access is denied and the
|
||||
* {@link AccessDeniedException} is thrown
|
||||
*
|
||||
* @param ctx
|
||||
* the context
|
||||
* @param privilege
|
||||
* the privielge
|
||||
* @param restrictable
|
||||
* the restrictable
|
||||
* @param privilegeValue
|
||||
* the privilege value
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if access is denied
|
||||
*/
|
||||
public static void checkByAllowDenyValues(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable,
|
||||
String privilegeValue) {
|
||||
String privilegeValue) throws AccessDeniedException {
|
||||
|
||||
// now check values allowed
|
||||
if (privilege.isAllowed(privilegeValue))
|
||||
return;
|
||||
|
||||
// first check values not allowed
|
||||
if (privilege.isDenied(privilegeValue)) {
|
||||
|
||||
// then throw access denied
|
||||
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
||||
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
||||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
|
||||
// now check values allowed
|
||||
if (privilege.isAllowed(privilegeValue))
|
||||
return;
|
||||
|
||||
// default is not allowed
|
||||
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
||||
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
||||
|
||||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
|||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||
|
|
@ -38,7 +39,8 @@ import li.strolch.utils.dbc.DBC;
|
|||
public class RoleAccessPrivilege implements PrivilegePolicy {
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
|||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||
|
|
@ -37,7 +38,8 @@ import li.strolch.utils.dbc.DBC;
|
|||
public class UserAccessPrivilege implements PrivilegePolicy {
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -39,7 +39,8 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
private static final String PARAM_ORGANISATION = "organisation";
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
|||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
|
|
@ -40,7 +41,8 @@ import li.strolch.privilege.model.Restrictable;
|
|||
public class UsernameFromCertificatePrivilege implements PrivilegePolicy {
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -44,7 +44,8 @@ public class UsernameFromCertificateWithSameOrganisationPrivilege extends Userna
|
|||
private static final String PARAM_ORGANISATION = "organisation";
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
throws AccessDeniedException {
|
||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||
|
||||
// get the value on which the action is to be performed
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import static li.strolch.service.test.AbstractRealmServiceTest.dropSchema;
|
|||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
|
@ -16,7 +17,9 @@ import li.strolch.model.Order;
|
|||
import li.strolch.model.Resource;
|
||||
import li.strolch.model.activity.Activity;
|
||||
import li.strolch.model.activity.TimeOrdering;
|
||||
import li.strolch.persistence.api.Operation;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.testbase.runtime.RuntimeMock;
|
||||
|
||||
|
|
@ -31,7 +34,6 @@ public class InMemoryTransactionTest {
|
|||
public static void beforeClass() throws Exception {
|
||||
|
||||
dropSchema("jdbc:postgresql://localhost/cacheduserdb", "cacheduser", "test");
|
||||
dropSchema("jdbc:postgresql://localhost/transactionaluserdb", "transactionaluser", "test");
|
||||
|
||||
runtimeMock = new RuntimeMock().mockRuntime(TARGET_RUNTIME, CONFIG_SRC);
|
||||
runtimeMock.startContainer();
|
||||
|
|
@ -44,15 +46,15 @@ public class InMemoryTransactionTest {
|
|||
|
||||
@Test
|
||||
public void runTransient() {
|
||||
shouldRunAll(REALM_TRANSIENT);
|
||||
runAll(REALM_TRANSIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void runCached() {
|
||||
shouldRunAll(REALM_CACHED);
|
||||
runAll(REALM_CACHED);
|
||||
}
|
||||
|
||||
private void shouldRunAll(String realmName) {
|
||||
private void runAll(String realmName) {
|
||||
|
||||
shouldCrudResource(realmName);
|
||||
shouldCrudResource1(realmName);
|
||||
|
|
@ -65,6 +67,136 @@ public class InMemoryTransactionTest {
|
|||
shouldCrudActivity(realmName);
|
||||
shouldCrudActivity1(realmName);
|
||||
shouldCrudActivity2(realmName);
|
||||
|
||||
shouldAssertPrivilegeResource(realmName);
|
||||
shouldAssertPrivilegeOrder(realmName);
|
||||
shouldAssertPrivilegeActivity(realmName);
|
||||
}
|
||||
|
||||
private void shouldAssertPrivilegeResource(String realmName) {
|
||||
String id = "@203";
|
||||
String type = "Car";
|
||||
|
||||
// create
|
||||
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.GET, newRes);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.ADD, newRes);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.UPDATE, newRes);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.REMOVE, newRes);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void shouldAssertPrivilegeOrder(String realmName) {
|
||||
String id = "@203";
|
||||
String type = "Car";
|
||||
|
||||
// create
|
||||
Order newOrder = ModelGenerator.createOrder(id, "200", type);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.GET, newOrder);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.ADD, newOrder);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.UPDATE, newOrder);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.REMOVE, newOrder);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void shouldAssertPrivilegeActivity(String realmName) {
|
||||
String id = "@203";
|
||||
String type = "Car";
|
||||
|
||||
// create
|
||||
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.GET, newActivity);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.ADD, newActivity);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.UPDATE, newActivity);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
|
||||
// privilege assertion
|
||||
try {
|
||||
tx.assertHasPrivilege(Operation.REMOVE, newActivity);
|
||||
fail();
|
||||
} catch (AccessDeniedException e) {
|
||||
// as expected
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void shouldCrudResource(String realmName) {
|
||||
|
|
@ -74,6 +206,10 @@ public class InMemoryTransactionTest {
|
|||
// create
|
||||
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.ADD, newRes);
|
||||
|
||||
tx.addResource(newRes);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -86,6 +222,11 @@ public class InMemoryTransactionTest {
|
|||
// update
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Resource res = tx.getResourceBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.GET, res);
|
||||
tx.assertHasPrivilege(Operation.UPDATE, res);
|
||||
|
||||
res.setName("Foo foo");
|
||||
tx.updateResource(res);
|
||||
tx.commitOnClose();
|
||||
|
|
@ -100,6 +241,10 @@ public class InMemoryTransactionTest {
|
|||
// remove
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Resource res = tx.getResourceBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.REMOVE, res);
|
||||
|
||||
tx.removeResource(res);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -129,6 +274,10 @@ public class InMemoryTransactionTest {
|
|||
// create
|
||||
Order newOrder = ModelGenerator.createOrder(id, "200", type);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.ADD, newOrder);
|
||||
|
||||
tx.addOrder(newOrder);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -141,6 +290,11 @@ public class InMemoryTransactionTest {
|
|||
// update
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Order order = tx.getOrderBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.GET, order);
|
||||
tx.assertHasPrivilege(Operation.UPDATE, order);
|
||||
|
||||
order.setName("Foo foo");
|
||||
tx.updateOrder(order);
|
||||
tx.commitOnClose();
|
||||
|
|
@ -155,6 +309,10 @@ public class InMemoryTransactionTest {
|
|||
// remove
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Order order = tx.getOrderBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.REMOVE, order);
|
||||
|
||||
tx.removeOrder(order);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -184,6 +342,10 @@ public class InMemoryTransactionTest {
|
|||
// create
|
||||
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.ADD, newActivity);
|
||||
|
||||
tx.addActivity(newActivity);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -196,6 +358,11 @@ public class InMemoryTransactionTest {
|
|||
// update
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Activity activity = tx.getActivityBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.GET, activity);
|
||||
tx.assertHasPrivilege(Operation.UPDATE, activity);
|
||||
|
||||
activity.setName("Foo foo");
|
||||
tx.updateActivity(activity);
|
||||
tx.commitOnClose();
|
||||
|
|
@ -210,6 +377,10 @@ public class InMemoryTransactionTest {
|
|||
// remove
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
Activity activity = tx.getActivityBy(type, id);
|
||||
|
||||
// privilege assertion
|
||||
tx.assertHasPrivilege(Operation.REMOVE, activity);
|
||||
|
||||
tx.removeActivity(activity);
|
||||
tx.commitOnClose();
|
||||
}
|
||||
|
|
@ -255,7 +426,7 @@ public class InMemoryTransactionTest {
|
|||
String id = "@202";
|
||||
String type = "Bike";
|
||||
|
||||
// create and update
|
||||
// create, update and remove
|
||||
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
tx.addResource(newRes);
|
||||
|
|
@ -304,7 +475,7 @@ public class InMemoryTransactionTest {
|
|||
tx.commitOnClose();
|
||||
}
|
||||
|
||||
// should not exist
|
||||
// create, update and remove
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
assertFalse("Order should not exist!", tx.getOrderMap().hasElement(tx, type, id));
|
||||
}
|
||||
|
|
@ -333,7 +504,7 @@ public class InMemoryTransactionTest {
|
|||
String id = "@202";
|
||||
String type = "Bike";
|
||||
|
||||
// create and update
|
||||
// create, update and remove
|
||||
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||
try (StrolchTransaction tx = openTx(realmName)) {
|
||||
tx.addActivity(newActivity);
|
||||
|
|
|
|||
|
|
@ -60,40 +60,40 @@
|
|||
</Privilege>
|
||||
|
||||
<Privilege name="GetResource" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="GetOrder" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="GetActivity" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="AddResource" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="AddOrder" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="AddActivity" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="UpdateResource" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="UpdateOrder" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="UpdateActivity" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="RemoveResource" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="RemoveOrder" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="RemoveActivity" policy="ModelPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Allow>Bike</Allow>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue