[Yanel-commits] rev 24548 - in public/yanel/trunk/src:
impl/java/org/wyona/yanel/impl/workflow
realms/yanel-website/ac-identities/groups
realms/yanel-website/ac-policies/content/policies
realms/yanel-website/content/workflow
michi at wyona.com
michi at wyona.com
Wed May 16 16:39:07 CEST 2007
Author: michi
Date: 2007-05-16 16:39:05 +0200 (Wed, 16 May 2007)
New Revision: 24548
Added:
public/yanel/trunk/src/realms/yanel-website/ac-identities/groups/reviewer.xml
Modified:
public/yanel/trunk/src/impl/java/org/wyona/yanel/impl/workflow/RoleCondition.java
public/yanel/trunk/src/realms/yanel-website/ac-policies/content/policies/root.pml
public/yanel/trunk/src/realms/yanel-website/content/workflow/workflow-with-review.xml
Log:
access policies for workflow added
Modified: public/yanel/trunk/src/impl/java/org/wyona/yanel/impl/workflow/RoleCondition.java
===================================================================
--- public/yanel/trunk/src/impl/java/org/wyona/yanel/impl/workflow/RoleCondition.java 2007-05-16 14:30:38 UTC (rev 24547)
+++ public/yanel/trunk/src/impl/java/org/wyona/yanel/impl/workflow/RoleCondition.java 2007-05-16 14:39:05 UTC (rev 24548)
@@ -15,23 +15,77 @@
*/
package org.wyona.yanel.impl.workflow;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Category;
+import org.wyona.security.core.api.Identity;
+import org.wyona.security.core.api.IdentityMap;
+import org.wyona.security.core.api.Role;
+import org.wyona.yanel.core.Resource;
import org.wyona.yanel.core.api.attributes.WorkflowableV1;
import org.wyona.yanel.core.workflow.Condition;
import org.wyona.yanel.core.workflow.Workflow;
import org.wyona.yanel.core.workflow.WorkflowException;
public class RoleCondition implements Condition {
+
+ private static Category log = Category.getInstance(RoleCondition.class);
+
+ public static String IDENTITY_MAP_KEY = "identity-map";
- protected String role;
+ protected Role role;
public void setExpression(String expression) {
- this.role = expression;
+ this.role = new Role(expression);
}
public boolean isComplied(WorkflowableV1 workflowable, Workflow workflow, String revision)
throws WorkflowException {
- // TODO
- return true;
+ // TODO: the cast should not be necessary, the workflowable interface should
+ // extend a resource interface
+ Resource resource = ((Resource)workflowable);
+ HttpServletRequest request = resource.getRequest();
+ try {
+ // TODO: it should be possible to get the identity from the framework,
+ // without knowledge duplication
+ Identity identity = getIdentity(request, resource.getRealm().getID());
+
+ if (identity == null) {
+ identity = new Identity();
+ }
+
+ boolean authorized;
+ authorized = resource.getRealm().getPolicyManager().authorize(resource.getPath(), identity, this.role);
+ if (log.isDebugEnabled()) {
+ log.debug("RoleCondition.isComplied():");
+ log.debug(" resource : " + resource.getPath());
+ log.debug(" identity : " + identity);
+ log.debug(" role : " + this.role.getName());
+ log.debug(" result : " + authorized);
+ }
+ return authorized;
+ } catch (Exception e) {
+ log.error(e, e);
+ throw new WorkflowException(e.getMessage(), e);
+ }
}
+ /**
+ * Gets the identity from the session associated with the given request.
+ * @param request
+ * @return identity or null if there is no identity in the session for the current
+ * realm or if there is no session at all
+ */
+ private Identity getIdentity(HttpServletRequest request, String realmID) throws Exception {
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ IdentityMap identityMap = (IdentityMap)session.getAttribute(IDENTITY_MAP_KEY);
+ if (identityMap != null) {
+ return (Identity)identityMap.get(realmID);
+ }
+ }
+ return null;
+ }
+
}
\ No newline at end of file
Added: public/yanel/trunk/src/realms/yanel-website/ac-identities/groups/reviewer.xml
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/ac-identities/groups/reviewer.xml 2007-05-16 14:30:38 UTC (rev 24547)
+++ public/yanel/trunk/src/realms/yanel-website/ac-identities/groups/reviewer.xml 2007-05-16 14:39:05 UTC (rev 24548)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<group id="reviewer">
+<name>Reviewers</name>
+<members>
+<member id="alice"/>
+</members>
+</group>
Modified: public/yanel/trunk/src/realms/yanel-website/ac-policies/content/policies/root.pml
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/ac-policies/content/policies/root.pml 2007-05-16 14:30:38 UTC (rev 24547)
+++ public/yanel/trunk/src/realms/yanel-website/ac-policies/content/policies/root.pml 2007-05-16 14:39:05 UTC (rev 24548)
@@ -7,19 +7,25 @@
</role>
<role id="open">
- <user id="lenya" permission="true"/>
+ <group id="editor" permission="true"/>
</role>
<role id="write">
- <user id="lenya" permission="true"/>
+ <group id="editor" permission="true"/>
</role>
<role id="create">
- <user id="lenya" permission="true"/>
+ <group id="editor" permission="true"/>
</role>
<role id="toolbar">
- <user id="lenya" permission="true"/>
+ <group id="editor" permission="true"/>
+ <group id="reviewer" permission="true"/>
+ <group id="admin" permission="true"/>
</role>
+ <role id="review">
+ <group id="reviewer" permission="true"/>
+ </role>
+
</policy>
Modified: public/yanel/trunk/src/realms/yanel-website/content/workflow/workflow-with-review.xml
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/workflow/workflow-with-review.xml 2007-05-16 14:30:38 UTC (rev 24547)
+++ public/yanel/trunk/src/realms/yanel-website/content/workflow/workflow-with-review.xml 2007-05-16 14:39:05 UTC (rev 24548)
@@ -9,7 +9,7 @@
<transitions>
<transition id="submit" from="draft" to="review">
- <condition class="org.wyona.yanel.impl.workflow.RoleCondition">edit</condition>
+ <condition class="org.wyona.yanel.impl.workflow.RoleCondition">write</condition>
</transition>
<transition id="reject" from="review" to="draft">
More information about the Yanel-commits
mailing list