[Major] Now exposing StrolchTransaction.assertHasPrivilege()
Enforcing privilege checking was a bad idea
This commit is contained in:
parent
1183000520
commit
e71b7b018b
|
@ -25,7 +25,6 @@ import li.strolch.model.activity.Activity;
|
||||||
import li.strolch.model.query.ActivityQuery;
|
import li.strolch.model.query.ActivityQuery;
|
||||||
import li.strolch.model.visitor.ActivityVisitor;
|
import li.strolch.model.visitor.ActivityVisitor;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
|
||||||
import li.strolch.utils.dbc.DBC;
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
||||||
*/
|
*/
|
||||||
public class AuditingActivityMap extends AuditingElementMapFacade<Activity> implements ActivityMap {
|
public class AuditingActivityMap extends AuditingElementMapFacade<Activity> implements ActivityMap {
|
||||||
|
|
||||||
public AuditingActivityMap(PrivilegeHandler privilegeHandler, ElementMap<Activity> elementMap,
|
public AuditingActivityMap(ElementMap<Activity> elementMap, boolean observeAccessReads) {
|
||||||
boolean observeAccessReads) {
|
super(elementMap, observeAccessReads);
|
||||||
super(privilegeHandler, elementMap, observeAccessReads);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.agent.impl;
|
package li.strolch.agent.impl;
|
||||||
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_PREFIX;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -30,8 +28,6 @@ import li.strolch.model.StrolchRootElement;
|
||||||
import li.strolch.model.parameter.StringListParameter;
|
import li.strolch.model.parameter.StringListParameter;
|
||||||
import li.strolch.model.parameter.StringParameter;
|
import li.strolch.model.parameter.StringParameter;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
|
||||||
import li.strolch.runtime.privilege.TransactedRestrictable;
|
|
||||||
import li.strolch.utils.dbc.DBC;
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -53,7 +49,6 @@ import li.strolch.utils.dbc.DBC;
|
||||||
*/
|
*/
|
||||||
public abstract class AuditingElementMapFacade<T extends StrolchRootElement> implements ElementMap<T> {
|
public abstract class AuditingElementMapFacade<T extends StrolchRootElement> implements ElementMap<T> {
|
||||||
|
|
||||||
private PrivilegeHandler privilegeHandler;
|
|
||||||
protected ElementMap<T> elementMap;
|
protected ElementMap<T> elementMap;
|
||||||
|
|
||||||
protected Set<T> read;
|
protected Set<T> read;
|
||||||
|
@ -65,11 +60,8 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
|
|
||||||
protected boolean observeAccessReads;
|
protected boolean observeAccessReads;
|
||||||
|
|
||||||
public AuditingElementMapFacade(PrivilegeHandler privilegeHandler, ElementMap<T> elementMap,
|
public AuditingElementMapFacade(ElementMap<T> elementMap, boolean observeAccessReads) {
|
||||||
boolean observeAccessReads) {
|
|
||||||
DBC.PRE.assertNotNull("PrivilegeHandler must be set!", privilegeHandler); //$NON-NLS-1$
|
|
||||||
DBC.PRE.assertNotNull("ElementMap must be set!", elementMap); //$NON-NLS-1$
|
DBC.PRE.assertNotNull("ElementMap must be set!", elementMap); //$NON-NLS-1$
|
||||||
this.privilegeHandler = privilegeHandler;
|
|
||||||
this.elementMap = elementMap;
|
this.elementMap = elementMap;
|
||||||
this.observeAccessReads = observeAccessReads;
|
this.observeAccessReads = observeAccessReads;
|
||||||
|
|
||||||
|
@ -165,11 +157,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public T getBy(StrolchTransaction tx, String type, String id) {
|
public T getBy(StrolchTransaction tx, String type, String id) {
|
||||||
T element = this.elementMap.getBy(tx, type, id);
|
T element = this.elementMap.getBy(tx, type, id);
|
||||||
|
|
||||||
if (element != null)
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && element != null)
|
if (this.observeAccessReads && element != null)
|
||||||
this.read.add(element);
|
this.read.add(element);
|
||||||
return element;
|
return element;
|
||||||
|
@ -180,11 +167,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public T getBy(StrolchTransaction tx, String type, String id, boolean assertExists) throws StrolchException {
|
public T getBy(StrolchTransaction tx, String type, String id, boolean assertExists) throws StrolchException {
|
||||||
T element = this.elementMap.getBy(tx, type, id, assertExists);
|
T element = this.elementMap.getBy(tx, type, id, assertExists);
|
||||||
|
|
||||||
if (element != null)
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && element != null)
|
if (this.observeAccessReads && element != null)
|
||||||
this.read.add(element);
|
this.read.add(element);
|
||||||
return element;
|
return element;
|
||||||
|
@ -193,11 +175,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public T getBy(StrolchTransaction tx, String type, String id, int version) {
|
public T getBy(StrolchTransaction tx, String type, String id, int version) {
|
||||||
T element = this.elementMap.getBy(tx, type, id, version);
|
T element = this.elementMap.getBy(tx, type, id, version);
|
||||||
|
|
||||||
if (element != null)
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && element != null)
|
if (this.observeAccessReads && element != null)
|
||||||
this.read.add(element);
|
this.read.add(element);
|
||||||
return element;
|
return element;
|
||||||
|
@ -207,11 +184,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
public T getBy(StrolchTransaction tx, String type, String id, int version, boolean assertExists)
|
public T getBy(StrolchTransaction tx, String type, String id, int version, boolean assertExists)
|
||||||
throws StrolchException {
|
throws StrolchException {
|
||||||
T element = this.elementMap.getBy(tx, type, id, version, assertExists);
|
T element = this.elementMap.getBy(tx, type, id, version, assertExists);
|
||||||
|
|
||||||
if (element != null)
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && element != null)
|
if (this.observeAccessReads && element != null)
|
||||||
this.read.add(element);
|
this.read.add(element);
|
||||||
return element;
|
return element;
|
||||||
|
@ -220,11 +192,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public T getBy(StrolchTransaction tx, StringParameter refP, boolean assertExists) throws StrolchException {
|
public T getBy(StrolchTransaction tx, StringParameter refP, boolean assertExists) throws StrolchException {
|
||||||
T element = this.elementMap.getBy(tx, refP, assertExists);
|
T element = this.elementMap.getBy(tx, refP, assertExists);
|
||||||
|
|
||||||
if (element != null)
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && element != null)
|
if (this.observeAccessReads && element != null)
|
||||||
this.read.add(element);
|
this.read.add(element);
|
||||||
return element;
|
return element;
|
||||||
|
@ -234,12 +201,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
public List<T> getBy(StrolchTransaction tx, StringListParameter refP, boolean assertExists)
|
public List<T> getBy(StrolchTransaction tx, StringListParameter refP, boolean assertExists)
|
||||||
throws StrolchException {
|
throws StrolchException {
|
||||||
List<T> elements = this.elementMap.getBy(tx, refP, assertExists);
|
List<T> elements = this.elementMap.getBy(tx, refP, assertExists);
|
||||||
|
|
||||||
for (T element : elements) {
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.observeAccessReads && !elements.isEmpty())
|
if (this.observeAccessReads && !elements.isEmpty())
|
||||||
this.read.addAll(elements);
|
this.read.addAll(elements);
|
||||||
return elements;
|
return elements;
|
||||||
|
@ -248,11 +209,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public List<T> getVersionsFor(StrolchTransaction tx, String type, String id) {
|
public List<T> getVersionsFor(StrolchTransaction tx, String type, String id) {
|
||||||
List<T> versions = this.elementMap.getVersionsFor(tx, type, id);
|
List<T> versions = this.elementMap.getVersionsFor(tx, type, id);
|
||||||
|
|
||||||
if (!versions.isEmpty())
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate()).validateAction(new TransactedRestrictable(tx,
|
|
||||||
PRIVILEGE_GET_PREFIX + getElementType(), versions.get(versions.size() - 1)));
|
|
||||||
|
|
||||||
if (this.observeAccessReads && !versions.isEmpty())
|
if (this.observeAccessReads && !versions.isEmpty())
|
||||||
this.read.add(versions.get(versions.size() - 1));
|
this.read.add(versions.get(versions.size() - 1));
|
||||||
return versions;
|
return versions;
|
||||||
|
@ -261,12 +217,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public List<T> getAllElements(StrolchTransaction tx) {
|
public List<T> getAllElements(StrolchTransaction tx) {
|
||||||
List<T> elements = this.elementMap.getAllElements(tx);
|
List<T> elements = this.elementMap.getAllElements(tx);
|
||||||
|
|
||||||
for (T element : elements) {
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.observeAccessReads && !elements.isEmpty())
|
if (this.observeAccessReads && !elements.isEmpty())
|
||||||
this.read.addAll(elements);
|
this.read.addAll(elements);
|
||||||
return elements;
|
return elements;
|
||||||
|
@ -275,12 +225,6 @@ public abstract class AuditingElementMapFacade<T extends StrolchRootElement> imp
|
||||||
@Override
|
@Override
|
||||||
public List<T> getElementsBy(StrolchTransaction tx, String type) {
|
public List<T> getElementsBy(StrolchTransaction tx, String type) {
|
||||||
List<T> elements = this.elementMap.getElementsBy(tx, type);
|
List<T> elements = this.elementMap.getElementsBy(tx, type);
|
||||||
|
|
||||||
for (T element : elements) {
|
|
||||||
this.privilegeHandler.getPrivilegeContext(tx.getCertificate())
|
|
||||||
.validateAction(new TransactedRestrictable(tx, PRIVILEGE_GET_PREFIX + getElementType(), element));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.observeAccessReads && !elements.isEmpty())
|
if (this.observeAccessReads && !elements.isEmpty())
|
||||||
this.read.addAll(elements);
|
this.read.addAll(elements);
|
||||||
return elements;
|
return elements;
|
||||||
|
|
|
@ -25,7 +25,6 @@ import li.strolch.model.Tags;
|
||||||
import li.strolch.model.query.OrderQuery;
|
import li.strolch.model.query.OrderQuery;
|
||||||
import li.strolch.model.visitor.OrderVisitor;
|
import li.strolch.model.visitor.OrderVisitor;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
|
||||||
import li.strolch.utils.dbc.DBC;
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
||||||
*/
|
*/
|
||||||
public class AuditingOrderMap extends AuditingElementMapFacade<Order> implements OrderMap {
|
public class AuditingOrderMap extends AuditingElementMapFacade<Order> implements OrderMap {
|
||||||
|
|
||||||
public AuditingOrderMap(PrivilegeHandler privilegeHandler, ElementMap<Order> elementMap,
|
public AuditingOrderMap(ElementMap<Order> elementMap, boolean observeAccessReads) {
|
||||||
boolean observeAccessReads) {
|
super(elementMap, observeAccessReads);
|
||||||
super(privilegeHandler, elementMap, observeAccessReads);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -25,7 +25,6 @@ import li.strolch.model.Tags;
|
||||||
import li.strolch.model.query.ResourceQuery;
|
import li.strolch.model.query.ResourceQuery;
|
||||||
import li.strolch.model.visitor.StrolchElementVisitor;
|
import li.strolch.model.visitor.StrolchElementVisitor;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
|
||||||
import li.strolch.utils.dbc.DBC;
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -37,9 +36,8 @@ import li.strolch.utils.dbc.DBC;
|
||||||
*/
|
*/
|
||||||
public class AuditingResourceMap extends AuditingElementMapFacade<Resource> implements ResourceMap {
|
public class AuditingResourceMap extends AuditingElementMapFacade<Resource> implements ResourceMap {
|
||||||
|
|
||||||
public AuditingResourceMap(PrivilegeHandler privilegeHandler, ElementMap<Resource> elementMap,
|
public AuditingResourceMap(ElementMap<Resource> elementMap, boolean observeAccessReads) {
|
||||||
boolean observeAccessReads) {
|
super(elementMap, observeAccessReads);
|
||||||
super(privilegeHandler, elementMap, observeAccessReads);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -16,15 +16,6 @@
|
||||||
package li.strolch.persistence.api;
|
package li.strolch.persistence.api;
|
||||||
|
|
||||||
import static li.strolch.model.Tags.AGENT;
|
import static li.strolch.model.Tags.AGENT;
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_ACTIVITY;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_ORDER;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_RESOURCE;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ACTIVITY;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ORDER;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_RESOURCE;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_ACTIVITY;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_ORDER;
|
|
||||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_RESOURCE;
|
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
@ -83,6 +74,7 @@ import li.strolch.model.query.StrolchQuery;
|
||||||
import li.strolch.model.timedstate.StrolchTimedState;
|
import li.strolch.model.timedstate.StrolchTimedState;
|
||||||
import li.strolch.model.timevalue.IValue;
|
import li.strolch.model.timevalue.IValue;
|
||||||
import li.strolch.model.visitor.ElementTypeVisitor;
|
import li.strolch.model.visitor.ElementTypeVisitor;
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.PrivilegeContext;
|
import li.strolch.privilege.model.PrivilegeContext;
|
||||||
|
@ -324,7 +316,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
||||||
@Override
|
@Override
|
||||||
public ResourceMap getResourceMap() {
|
public ResourceMap getResourceMap() {
|
||||||
if (this.resourceMap == null) {
|
if (this.resourceMap == null) {
|
||||||
this.resourceMap = new AuditingResourceMap(this.privilegeHandler, this.realm.getResourceMap(),
|
this.resourceMap = new AuditingResourceMap(this.realm.getResourceMap(),
|
||||||
this.realm.isAuditTrailEnabledForRead());
|
this.realm.isAuditTrailEnabledForRead());
|
||||||
}
|
}
|
||||||
return this.resourceMap;
|
return this.resourceMap;
|
||||||
|
@ -333,8 +325,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
||||||
@Override
|
@Override
|
||||||
public OrderMap getOrderMap() {
|
public OrderMap getOrderMap() {
|
||||||
if (this.orderMap == null) {
|
if (this.orderMap == null) {
|
||||||
this.orderMap = new AuditingOrderMap(this.privilegeHandler, this.realm.getOrderMap(),
|
this.orderMap = new AuditingOrderMap(this.realm.getOrderMap(), this.realm.isAuditTrailEnabledForRead());
|
||||||
this.realm.isAuditTrailEnabledForRead());
|
|
||||||
}
|
}
|
||||||
return this.orderMap;
|
return this.orderMap;
|
||||||
}
|
}
|
||||||
|
@ -342,7 +333,7 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
||||||
@Override
|
@Override
|
||||||
public ActivityMap getActivityMap() {
|
public ActivityMap getActivityMap() {
|
||||||
if (this.activityMap == null) {
|
if (this.activityMap == null) {
|
||||||
this.activityMap = new AuditingActivityMap(this.privilegeHandler, this.realm.getActivityMap(),
|
this.activityMap = new AuditingActivityMap(this.realm.getActivityMap(),
|
||||||
this.realm.isAuditTrailEnabledForRead());
|
this.realm.isAuditTrailEnabledForRead());
|
||||||
}
|
}
|
||||||
return this.activityMap;
|
return this.activityMap;
|
||||||
|
@ -666,102 +657,71 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
||||||
return this.objectFilter;
|
return this.objectFilter;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException {
|
||||||
|
DBC.PRE.assertNotNull("operation must not be null", operation);
|
||||||
|
DBC.PRE.assertNotNull("element must not be null", element);
|
||||||
|
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
||||||
|
.validateAction(new TransactedRestrictable(this, operation.getPrivilegeName(element), element));
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addResource(Resource resource) throws StrolchModelException {
|
public void addResource(Resource resource) throws StrolchModelException {
|
||||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_RESOURCE, resource));
|
|
||||||
|
|
||||||
DBC.PRE.assertFalse("resource already exists with id " + resource.getId(),
|
DBC.PRE.assertFalse("resource already exists with id " + resource.getId(),
|
||||||
getResourceMap().hasElement(this, resource.getType(), resource.getId()));
|
getResourceMap().hasElement(this, resource.getType(), resource.getId()));
|
||||||
|
|
||||||
getObjectFilter().add(Tags.RESOURCE, resource);
|
getObjectFilter().add(Tags.RESOURCE, resource);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addOrder(Order order) throws StrolchException {
|
public void addOrder(Order order) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("order must not be null", order);
|
DBC.PRE.assertNotNull("order must not be null", order);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_ORDER, order));
|
|
||||||
|
|
||||||
DBC.PRE.assertFalse("order already exists with id " + order.getId(),
|
DBC.PRE.assertFalse("order already exists with id " + order.getId(),
|
||||||
getOrderMap().hasElement(this, order.getType(), order.getId()));
|
getOrderMap().hasElement(this, order.getType(), order.getId()));
|
||||||
|
|
||||||
getObjectFilter().add(Tags.ORDER, order);
|
getObjectFilter().add(Tags.ORDER, order);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addActivity(Activity activity) throws StrolchException {
|
public void addActivity(Activity activity) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_ADD_ACTIVITY, activity));
|
|
||||||
|
|
||||||
DBC.PRE.assertFalse("activity already exists with id " + activity.getId(),
|
DBC.PRE.assertFalse("activity already exists with id " + activity.getId(),
|
||||||
getActivityMap().hasElement(this, activity.getType(), activity.getId()));
|
getActivityMap().hasElement(this, activity.getType(), activity.getId()));
|
||||||
|
|
||||||
getObjectFilter().add(Tags.ACTIVITY, activity);
|
getObjectFilter().add(Tags.ACTIVITY, activity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateResource(Resource resource) throws StrolchException {
|
public void updateResource(Resource resource) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_RESOURCE, resource));
|
|
||||||
|
|
||||||
getObjectFilter().update(Tags.RESOURCE, resource);
|
getObjectFilter().update(Tags.RESOURCE, resource);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateOrder(Order order) {
|
public void updateOrder(Order order) {
|
||||||
DBC.PRE.assertNotNull("order must not be null", order);
|
DBC.PRE.assertNotNull("order must not be null", order);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_ORDER, order));
|
|
||||||
|
|
||||||
getObjectFilter().update(Tags.ORDER, order);
|
getObjectFilter().update(Tags.ORDER, order);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateActivity(Activity activity) throws StrolchException {
|
public void updateActivity(Activity activity) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_UPDATE_ACTIVITY, activity));
|
|
||||||
|
|
||||||
getObjectFilter().update(Tags.ACTIVITY, activity);
|
getObjectFilter().update(Tags.ACTIVITY, activity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeResource(Resource resource) throws StrolchException {
|
public void removeResource(Resource resource) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("resource must not be null", resource);
|
DBC.PRE.assertNotNull("resource must not be null", resource);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_RESOURCE, resource));
|
|
||||||
|
|
||||||
getObjectFilter().remove(Tags.RESOURCE, resource);
|
getObjectFilter().remove(Tags.RESOURCE, resource);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeOrder(Order order) throws StrolchException {
|
public void removeOrder(Order order) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("order must not be null", order);
|
DBC.PRE.assertNotNull("order must not be null", order);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_ORDER, order));
|
|
||||||
|
|
||||||
getObjectFilter().remove(Tags.ORDER, order);
|
getObjectFilter().remove(Tags.ORDER, order);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeActivity(Activity activity) throws StrolchException {
|
public void removeActivity(Activity activity) throws StrolchException {
|
||||||
DBC.PRE.assertNotNull("activity must not be null", activity);
|
DBC.PRE.assertNotNull("activity must not be null", activity);
|
||||||
|
|
||||||
this.privilegeHandler.getPrivilegeContext(this.certificate)
|
|
||||||
.validateAction(new TransactedRestrictable(this, PRIVILEGE_REMOVE_ACTIVITY, activity));
|
|
||||||
|
|
||||||
getObjectFilter().remove(Tags.ACTIVITY, activity);
|
getObjectFilter().remove(Tags.ACTIVITY, activity);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
package li.strolch.persistence.api;
|
||||||
|
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_ADD_PREFIX;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_PREFIX;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_REMOVE_PREFIX;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_UPDATE_PREFIX;
|
||||||
|
|
||||||
|
import li.strolch.model.StrolchRootElement;
|
||||||
|
|
||||||
|
public enum Operation {
|
||||||
|
GET(PRIVILEGE_GET_PREFIX), //
|
||||||
|
ADD(PRIVILEGE_ADD_PREFIX), //
|
||||||
|
UPDATE(PRIVILEGE_UPDATE_PREFIX), //
|
||||||
|
REMOVE(PRIVILEGE_REMOVE_PREFIX);
|
||||||
|
|
||||||
|
private String privilegePrefix;
|
||||||
|
|
||||||
|
public String getPrivilegeName(StrolchRootElement element) {
|
||||||
|
return this.privilegePrefix + element.getObjectType();
|
||||||
|
}
|
||||||
|
|
||||||
|
private Operation(String privilegePrefix) {
|
||||||
|
this.privilegePrefix = privilegePrefix;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -49,6 +49,7 @@ import li.strolch.model.query.ResourceQuery;
|
||||||
import li.strolch.model.visitor.ActivityVisitor;
|
import li.strolch.model.visitor.ActivityVisitor;
|
||||||
import li.strolch.model.visitor.OrderVisitor;
|
import li.strolch.model.visitor.OrderVisitor;
|
||||||
import li.strolch.model.visitor.ResourceVisitor;
|
import li.strolch.model.visitor.ResourceVisitor;
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.runtime.StrolchConstants;
|
import li.strolch.runtime.StrolchConstants;
|
||||||
import li.strolch.service.api.Command;
|
import li.strolch.service.api.Command;
|
||||||
|
@ -1056,4 +1057,16 @@ public interface StrolchTransaction extends AutoCloseable {
|
||||||
* if the activity is null
|
* if the activity is null
|
||||||
*/
|
*/
|
||||||
public void removeActivity(Activity activity) throws StrolchException;
|
public void removeActivity(Activity activity) throws StrolchException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Asserts that the current {@link Certificate} has access to the given element with the given operation
|
||||||
|
*
|
||||||
|
* @param operation
|
||||||
|
* the operation to be performed
|
||||||
|
* @param element
|
||||||
|
* the element on which the operation is performed
|
||||||
|
*
|
||||||
|
* @throws AccessDeniedException
|
||||||
|
*/
|
||||||
|
public void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException;
|
||||||
}
|
}
|
||||||
|
|
|
@ -101,18 +101,9 @@ public class StrolchConstants {
|
||||||
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
||||||
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
||||||
|
|
||||||
public static final String PRIVILEGE_ADD_RESOURCE = "AddResource";
|
public static final String PRIVILEGE_ADD_PREFIX= "Add";
|
||||||
public static final String PRIVILEGE_UPDATE_RESOURCE = "UpdateResource";
|
public static final String PRIVILEGE_UPDATE_PREFIX= "Update";
|
||||||
public static final String PRIVILEGE_REMOVE_RESOURCE = "RemoveResource";
|
public static final String PRIVILEGE_REMOVE_PREFIX= "Remove";
|
||||||
|
|
||||||
public static final String PRIVILEGE_ADD_ORDER = "AddOrder";
|
|
||||||
public static final String PRIVILEGE_UPDATE_ORDER = "UpdateOrder";
|
|
||||||
public static final String PRIVILEGE_REMOVE_ORDER = "RemoveOrder";
|
|
||||||
|
|
||||||
public static final String PRIVILEGE_ADD_ACTIVITY = "AddActivity";
|
|
||||||
public static final String PRIVILEGE_UPDATE_ACTIVITY = "UpdateActivity";
|
|
||||||
public static final String PRIVILEGE_REMOVE_ACTIVITY = "RemoveActivity";
|
|
||||||
|
|
||||||
public static final String PRIVILEGE_GET_PREFIX= "Get";
|
public static final String PRIVILEGE_GET_PREFIX= "Get";
|
||||||
|
|
||||||
public static final String INTERNAL = StrolchModelConstants.INTERNAL;
|
public static final String INTERNAL = StrolchModelConstants.INTERNAL;
|
||||||
|
|
|
@ -3,6 +3,7 @@ package li.strolch.runtime.privilege;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
import li.strolch.model.StrolchRootElement;
|
import li.strolch.model.StrolchRootElement;
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||||
import li.strolch.privilege.model.IPrivilege;
|
import li.strolch.privilege.model.IPrivilege;
|
||||||
|
@ -20,7 +21,8 @@ public class ModelPrivilege implements PrivilegePolicy {
|
||||||
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -81,6 +81,11 @@ public class Order extends AbstractStrolchRootElement implements StrolchRootElem
|
||||||
setDate(date);
|
setDate(date);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getObjectType() {
|
||||||
|
return Tags.ORDER;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasVersion() {
|
public boolean hasVersion() {
|
||||||
return this.version != null;
|
return this.version != null;
|
||||||
|
|
|
@ -62,6 +62,11 @@ public class Resource extends AbstractStrolchRootElement implements StrolchRootE
|
||||||
super(id, name, type);
|
super(id, name, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getObjectType() {
|
||||||
|
return Tags.RESOURCE;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasVersion() {
|
public boolean hasVersion() {
|
||||||
return this.version != null;
|
return this.version != null;
|
||||||
|
|
|
@ -26,6 +26,13 @@ import li.strolch.model.visitor.StrolchRootElementVisitor;
|
||||||
*/
|
*/
|
||||||
public interface StrolchRootElement extends StrolchElement, PolicyContainer, ParameterBagContainer {
|
public interface StrolchRootElement extends StrolchElement, PolicyContainer, ParameterBagContainer {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the object type
|
||||||
|
*
|
||||||
|
* @return the object type
|
||||||
|
*/
|
||||||
|
public String getObjectType();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the type of this {@link StrolchRootElement}. Not that this method should only be called for new elements, not
|
* Set the type of this {@link StrolchRootElement}. Not that this method should only be called for new elements, not
|
||||||
* if this element has already been persisted!
|
* if this element has already been persisted!
|
||||||
|
|
|
@ -83,6 +83,11 @@ public class Activity extends AbstractStrolchRootElement
|
||||||
this.timeOrdering = timeOrdering;
|
this.timeOrdering = timeOrdering;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getObjectType() {
|
||||||
|
return Tags.ACTIVITY;
|
||||||
|
}
|
||||||
|
|
||||||
public TimeOrdering getTimeOrdering() {
|
public TimeOrdering getTimeOrdering() {
|
||||||
return this.timeOrdering;
|
return this.timeOrdering;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||||
import li.strolch.privilege.model.IPrivilege;
|
import li.strolch.privilege.model.IPrivilege;
|
||||||
|
@ -38,7 +39,8 @@ public class DefaultPrivilege implements PrivilegePolicy {
|
||||||
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
* @see li.strolch.privilege.policy.PrivilegePolicy#validateAction(IPrivilege, Restrictable)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -49,6 +49,6 @@ public interface PrivilegePolicy {
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if action not allowed
|
* if action not allowed
|
||||||
*/
|
*/
|
||||||
public abstract void validateAction(PrivilegeContext context, IPrivilege privilege, Restrictable restrictable)
|
public void validateAction(PrivilegeContext context, IPrivilege privilege, Restrictable restrictable)
|
||||||
throws AccessDeniedException;
|
throws AccessDeniedException;
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,20 @@ import li.strolch.utils.helper.StringHelper;
|
||||||
*/
|
*/
|
||||||
public class PrivilegePolicyHelper {
|
public class PrivilegePolicyHelper {
|
||||||
|
|
||||||
public static String preValidate(IPrivilege privilege, Restrictable restrictable) {
|
/**
|
||||||
|
* Validates the given values and returns the privilege name
|
||||||
|
*
|
||||||
|
* @param privilege
|
||||||
|
* the {@link IPrivilege}
|
||||||
|
* @param restrictable
|
||||||
|
* the {@link Restrictable}
|
||||||
|
*
|
||||||
|
* @return the privilege name
|
||||||
|
*
|
||||||
|
* @throws PrivilegeException
|
||||||
|
* if something is wrong
|
||||||
|
*/
|
||||||
|
public static String preValidate(IPrivilege privilege, Restrictable restrictable) throws PrivilegeException {
|
||||||
if (privilege == null)
|
if (privilege == null)
|
||||||
throw new PrivilegeException(PrivilegeMessages.getString("Privilege.privilegeNull")); //$NON-NLS-1$
|
throw new PrivilegeException(PrivilegeMessages.getString("Privilege.privilegeNull")); //$NON-NLS-1$
|
||||||
if (restrictable == null)
|
if (restrictable == null)
|
||||||
|
@ -54,27 +67,42 @@ public class PrivilegePolicyHelper {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Validates privilege is granted by checking first if all is allows, then the deny values, then the allow values.
|
||||||
|
* If the privilegeValue is in the deny list or not in the allow list, then access is denied and the
|
||||||
|
* {@link AccessDeniedException} is thrown
|
||||||
|
*
|
||||||
|
* @param ctx
|
||||||
|
* the context
|
||||||
* @param privilege
|
* @param privilege
|
||||||
|
* the privielge
|
||||||
|
* @param restrictable
|
||||||
|
* the restrictable
|
||||||
* @param privilegeValue
|
* @param privilegeValue
|
||||||
|
* the privilege value
|
||||||
|
*
|
||||||
|
* @throws AccessDeniedException
|
||||||
|
* if access is denied
|
||||||
*/
|
*/
|
||||||
public static void checkByAllowDenyValues(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable,
|
public static void checkByAllowDenyValues(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable,
|
||||||
String privilegeValue) {
|
String privilegeValue) throws AccessDeniedException {
|
||||||
|
|
||||||
|
// now check values allowed
|
||||||
|
if (privilege.isAllowed(privilegeValue))
|
||||||
|
return;
|
||||||
|
|
||||||
// first check values not allowed
|
// first check values not allowed
|
||||||
if (privilege.isDenied(privilegeValue)) {
|
if (privilege.isDenied(privilegeValue)) {
|
||||||
|
|
||||||
// then throw access denied
|
// then throw access denied
|
||||||
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
||||||
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// now check values allowed
|
|
||||||
if (privilege.isAllowed(privilegeValue))
|
|
||||||
return;
|
|
||||||
|
|
||||||
// default is not allowed
|
// default is not allowed
|
||||||
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
String msg = MessageFormat.format(PrivilegeMessages.getString("Privilege.accessdenied.noprivilege.value"), //$NON-NLS-1$
|
||||||
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
ctx.getUsername(), privilege.getName(), privilegeValue, restrictable.getClass().getName());
|
||||||
|
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||||
|
@ -38,7 +39,8 @@ import li.strolch.utils.dbc.DBC;
|
||||||
public class RoleAccessPrivilege implements PrivilegePolicy {
|
public class RoleAccessPrivilege implements PrivilegePolicy {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||||
|
@ -37,7 +38,8 @@ import li.strolch.utils.dbc.DBC;
|
||||||
public class UserAccessPrivilege implements PrivilegePolicy {
|
public class UserAccessPrivilege implements PrivilegePolicy {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -39,7 +39,8 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
||||||
private static final String PARAM_ORGANISATION = "organisation";
|
private static final String PARAM_ORGANISATION = "organisation";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
String privilegeName = PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -17,6 +17,7 @@ package li.strolch.privilege.policy;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
import li.strolch.privilege.i18n.PrivilegeMessages;
|
import li.strolch.privilege.i18n.PrivilegeMessages;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
|
@ -40,7 +41,8 @@ import li.strolch.privilege.model.Restrictable;
|
||||||
public class UsernameFromCertificatePrivilege implements PrivilegePolicy {
|
public class UsernameFromCertificatePrivilege implements PrivilegePolicy {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -44,7 +44,8 @@ public class UsernameFromCertificateWithSameOrganisationPrivilege extends Userna
|
||||||
private static final String PARAM_ORGANISATION = "organisation";
|
private static final String PARAM_ORGANISATION = "organisation";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
|
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||||
|
throws AccessDeniedException {
|
||||||
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
PrivilegePolicyHelper.preValidate(privilege, restrictable);
|
||||||
|
|
||||||
// get the value on which the action is to be performed
|
// get the value on which the action is to be performed
|
||||||
|
|
|
@ -7,6 +7,7 @@ import static li.strolch.service.test.AbstractRealmServiceTest.dropSchema;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
import static org.junit.Assert.fail;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -16,7 +17,9 @@ import li.strolch.model.Order;
|
||||||
import li.strolch.model.Resource;
|
import li.strolch.model.Resource;
|
||||||
import li.strolch.model.activity.Activity;
|
import li.strolch.model.activity.Activity;
|
||||||
import li.strolch.model.activity.TimeOrdering;
|
import li.strolch.model.activity.TimeOrdering;
|
||||||
|
import li.strolch.persistence.api.Operation;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.privilege.base.AccessDeniedException;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.testbase.runtime.RuntimeMock;
|
import li.strolch.testbase.runtime.RuntimeMock;
|
||||||
|
|
||||||
|
@ -31,7 +34,6 @@ public class InMemoryTransactionTest {
|
||||||
public static void beforeClass() throws Exception {
|
public static void beforeClass() throws Exception {
|
||||||
|
|
||||||
dropSchema("jdbc:postgresql://localhost/cacheduserdb", "cacheduser", "test");
|
dropSchema("jdbc:postgresql://localhost/cacheduserdb", "cacheduser", "test");
|
||||||
dropSchema("jdbc:postgresql://localhost/transactionaluserdb", "transactionaluser", "test");
|
|
||||||
|
|
||||||
runtimeMock = new RuntimeMock().mockRuntime(TARGET_RUNTIME, CONFIG_SRC);
|
runtimeMock = new RuntimeMock().mockRuntime(TARGET_RUNTIME, CONFIG_SRC);
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
@ -44,15 +46,15 @@ public class InMemoryTransactionTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void runTransient() {
|
public void runTransient() {
|
||||||
shouldRunAll(REALM_TRANSIENT);
|
runAll(REALM_TRANSIENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void runCached() {
|
public void runCached() {
|
||||||
shouldRunAll(REALM_CACHED);
|
runAll(REALM_CACHED);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void shouldRunAll(String realmName) {
|
private void runAll(String realmName) {
|
||||||
|
|
||||||
shouldCrudResource(realmName);
|
shouldCrudResource(realmName);
|
||||||
shouldCrudResource1(realmName);
|
shouldCrudResource1(realmName);
|
||||||
|
@ -65,6 +67,136 @@ public class InMemoryTransactionTest {
|
||||||
shouldCrudActivity(realmName);
|
shouldCrudActivity(realmName);
|
||||||
shouldCrudActivity1(realmName);
|
shouldCrudActivity1(realmName);
|
||||||
shouldCrudActivity2(realmName);
|
shouldCrudActivity2(realmName);
|
||||||
|
|
||||||
|
shouldAssertPrivilegeResource(realmName);
|
||||||
|
shouldAssertPrivilegeOrder(realmName);
|
||||||
|
shouldAssertPrivilegeActivity(realmName);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void shouldAssertPrivilegeResource(String realmName) {
|
||||||
|
String id = "@203";
|
||||||
|
String type = "Car";
|
||||||
|
|
||||||
|
// create
|
||||||
|
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||||
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.GET, newRes);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newRes);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, newRes);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, newRes);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void shouldAssertPrivilegeOrder(String realmName) {
|
||||||
|
String id = "@203";
|
||||||
|
String type = "Car";
|
||||||
|
|
||||||
|
// create
|
||||||
|
Order newOrder = ModelGenerator.createOrder(id, "200", type);
|
||||||
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.GET, newOrder);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newOrder);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, newOrder);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, newOrder);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void shouldAssertPrivilegeActivity(String realmName) {
|
||||||
|
String id = "@203";
|
||||||
|
String type = "Car";
|
||||||
|
|
||||||
|
// create
|
||||||
|
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||||
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.GET, newActivity);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newActivity);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, newActivity);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
try {
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, newActivity);
|
||||||
|
fail();
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
// as expected
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void shouldCrudResource(String realmName) {
|
public void shouldCrudResource(String realmName) {
|
||||||
|
@ -74,6 +206,10 @@ public class InMemoryTransactionTest {
|
||||||
// create
|
// create
|
||||||
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newRes);
|
||||||
|
|
||||||
tx.addResource(newRes);
|
tx.addResource(newRes);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -86,6 +222,11 @@ public class InMemoryTransactionTest {
|
||||||
// update
|
// update
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Resource res = tx.getResourceBy(type, id);
|
Resource res = tx.getResourceBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.GET, res);
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, res);
|
||||||
|
|
||||||
res.setName("Foo foo");
|
res.setName("Foo foo");
|
||||||
tx.updateResource(res);
|
tx.updateResource(res);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
|
@ -100,6 +241,10 @@ public class InMemoryTransactionTest {
|
||||||
// remove
|
// remove
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Resource res = tx.getResourceBy(type, id);
|
Resource res = tx.getResourceBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, res);
|
||||||
|
|
||||||
tx.removeResource(res);
|
tx.removeResource(res);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -129,6 +274,10 @@ public class InMemoryTransactionTest {
|
||||||
// create
|
// create
|
||||||
Order newOrder = ModelGenerator.createOrder(id, "200", type);
|
Order newOrder = ModelGenerator.createOrder(id, "200", type);
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newOrder);
|
||||||
|
|
||||||
tx.addOrder(newOrder);
|
tx.addOrder(newOrder);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -141,6 +290,11 @@ public class InMemoryTransactionTest {
|
||||||
// update
|
// update
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Order order = tx.getOrderBy(type, id);
|
Order order = tx.getOrderBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.GET, order);
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, order);
|
||||||
|
|
||||||
order.setName("Foo foo");
|
order.setName("Foo foo");
|
||||||
tx.updateOrder(order);
|
tx.updateOrder(order);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
|
@ -155,6 +309,10 @@ public class InMemoryTransactionTest {
|
||||||
// remove
|
// remove
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Order order = tx.getOrderBy(type, id);
|
Order order = tx.getOrderBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, order);
|
||||||
|
|
||||||
tx.removeOrder(order);
|
tx.removeOrder(order);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -184,6 +342,10 @@ public class InMemoryTransactionTest {
|
||||||
// create
|
// create
|
||||||
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.ADD, newActivity);
|
||||||
|
|
||||||
tx.addActivity(newActivity);
|
tx.addActivity(newActivity);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -196,6 +358,11 @@ public class InMemoryTransactionTest {
|
||||||
// update
|
// update
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Activity activity = tx.getActivityBy(type, id);
|
Activity activity = tx.getActivityBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.GET, activity);
|
||||||
|
tx.assertHasPrivilege(Operation.UPDATE, activity);
|
||||||
|
|
||||||
activity.setName("Foo foo");
|
activity.setName("Foo foo");
|
||||||
tx.updateActivity(activity);
|
tx.updateActivity(activity);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
|
@ -210,6 +377,10 @@ public class InMemoryTransactionTest {
|
||||||
// remove
|
// remove
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
Activity activity = tx.getActivityBy(type, id);
|
Activity activity = tx.getActivityBy(type, id);
|
||||||
|
|
||||||
|
// privilege assertion
|
||||||
|
tx.assertHasPrivilege(Operation.REMOVE, activity);
|
||||||
|
|
||||||
tx.removeActivity(activity);
|
tx.removeActivity(activity);
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
@ -255,7 +426,7 @@ public class InMemoryTransactionTest {
|
||||||
String id = "@202";
|
String id = "@202";
|
||||||
String type = "Bike";
|
String type = "Bike";
|
||||||
|
|
||||||
// create and update
|
// create, update and remove
|
||||||
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
Resource newRes = ModelGenerator.createResource(id, "200", type);
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
tx.addResource(newRes);
|
tx.addResource(newRes);
|
||||||
|
@ -304,7 +475,7 @@ public class InMemoryTransactionTest {
|
||||||
tx.commitOnClose();
|
tx.commitOnClose();
|
||||||
}
|
}
|
||||||
|
|
||||||
// should not exist
|
// create, update and remove
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
assertFalse("Order should not exist!", tx.getOrderMap().hasElement(tx, type, id));
|
assertFalse("Order should not exist!", tx.getOrderMap().hasElement(tx, type, id));
|
||||||
}
|
}
|
||||||
|
@ -333,7 +504,7 @@ public class InMemoryTransactionTest {
|
||||||
String id = "@202";
|
String id = "@202";
|
||||||
String type = "Bike";
|
String type = "Bike";
|
||||||
|
|
||||||
// create and update
|
// create, update and remove
|
||||||
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
Activity newActivity = ModelGenerator.createActivity(id, "200", type, TimeOrdering.SERIES);
|
||||||
try (StrolchTransaction tx = openTx(realmName)) {
|
try (StrolchTransaction tx = openTx(realmName)) {
|
||||||
tx.addActivity(newActivity);
|
tx.addActivity(newActivity);
|
||||||
|
|
|
@ -60,40 +60,40 @@
|
||||||
</Privilege>
|
</Privilege>
|
||||||
|
|
||||||
<Privilege name="GetResource" policy="ModelPrivilege">
|
<Privilege name="GetResource" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="GetOrder" policy="ModelPrivilege">
|
<Privilege name="GetOrder" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="GetActivity" policy="ModelPrivilege">
|
<Privilege name="GetActivity" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="AddResource" policy="ModelPrivilege">
|
<Privilege name="AddResource" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="AddOrder" policy="ModelPrivilege">
|
<Privilege name="AddOrder" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="AddActivity" policy="ModelPrivilege">
|
<Privilege name="AddActivity" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="UpdateResource" policy="ModelPrivilege">
|
<Privilege name="UpdateResource" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="UpdateOrder" policy="ModelPrivilege">
|
<Privilege name="UpdateOrder" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="UpdateActivity" policy="ModelPrivilege">
|
<Privilege name="UpdateActivity" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="RemoveResource" policy="ModelPrivilege">
|
<Privilege name="RemoveResource" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="RemoveOrder" policy="ModelPrivilege">
|
<Privilege name="RemoveOrder" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
<Privilege name="RemoveActivity" policy="ModelPrivilege">
|
<Privilege name="RemoveActivity" policy="ModelPrivilege">
|
||||||
<AllAllowed>true</AllAllowed>
|
<Allow>Bike</Allow>
|
||||||
</Privilege>
|
</Privilege>
|
||||||
</Role>
|
</Role>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue