- Torque module: use by default Turbinegroup not TurbineRole from generated doSelectJoinTurbine.. method, as this will be used as key in lookup in acl roleSets.
- add groupSet to interface
- add transient avalon logger to TurbineAccessControlList and use it to check group in constructor
- use model manager to fetch global group (model manager should be set always)
git-svn-id: https://svn.apache.org/repos/asf/turbine/fulcrum/trunk/security@1891978 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
index d8e3f0b..42461d7 100644
--- a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
+++ b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
@@ -151,7 +151,7 @@
{
accessControlList =
new TurbineAccessControlListImpl(turbineUserGroupRoleSet,
- groupManager, roleManager, modelManager);
+ groupManager, roleManager, modelManager, getLogger());
}
catch (FulcrumSecurityException e)
{
diff --git a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java
index 564529b..39a68bc 100644
--- a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java
+++ b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java
@@ -57,7 +57,7 @@
/**
* Retrieves a set of Roles an user is assigned in the global Group.
*
- * @return the set of Roles this user has within the global Group.
+ * @return the set of Roles this user has within the global Group or null.
*/
RoleSet getRoles();
@@ -208,4 +208,11 @@
* from within WebMacro/Velocity template
*/
Group[] getAllGroups();
+
+ /**
+ * Retrieves a set of Groups an user is assigned to.
+ *
+ * @return the set of Groups this user is assigned to.
+ */
+ GroupSet getGroupSet();
}
diff --git a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
index 94a1091..34b9957 100644
--- a/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
+++ b/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
@@ -23,6 +23,7 @@
import java.util.Map;
import java.util.Set;
+import org.apache.avalon.framework.logger.Logger;
import org.apache.fulcrum.security.GroupManager;
import org.apache.fulcrum.security.RoleManager;
import org.apache.fulcrum.security.entity.Group;
@@ -75,6 +76,9 @@
/** the distinct list of permissions that this user has */
private PermissionSet permissionSet = new PermissionSet();
+
+ /** the Avalon logger */
+ private transient Logger logger;
/**
* Constructs a new AccessControlList.
@@ -90,21 +94,30 @@
* The set of user/group/role relations that this acl is built from
* @param groupManager the Group manager
* @param roleManager the Role manager
- * @param modelManager he model Manager
+ * @param modelManager the model Manager
+ * @param logger
*
* @throws FulcrumSecurityException if the global group cannot be retrieved
*/
public TurbineAccessControlListImpl(
Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
- GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager) throws FulcrumSecurityException
+ GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, Logger logger) throws FulcrumSecurityException
{
this.roleSets = new HashMap<Group, RoleSet>();
this.permissionSets = new HashMap<Group, PermissionSet>();
this.groupManager = groupManager;
+
+ this.logger = logger;
for (TurbineUserGroupRole ugr : turbineUserGroupRoleSet)
{
Group group = ugr.getGroup();
+ // check if group matches
+ if (this.logger != null && this.groupManager != null && group.getClass() != this.groupManager.getGroupInstance().getClass()) {
+ this.logger.warn( "Turbine group classes do not match, some lookup might fail, check in componentConfiguration.xml. Expected class: " +
+ this.groupManager.getGroupInstance().getClass() + ", actual class: " +group.getClass()
+ );
+ }
groupSet.add(group);
Role role = ugr.getRole();
@@ -147,13 +160,9 @@
}
}
// this check might be not needed any more, required for custom group
- if (groupManager != null)
+ if (modelManager != null)
{
- this.globalGroup = groupManager.getGroupByName(modelManager.getGlobalGroupName());
- }
- else
- {
- this.globalGroup = groupSet.getByName(TurbineModelManager.GLOBAL_GROUP_NAME);
+ this.globalGroup = modelManager.getGlobalGroup();
}
}
@@ -176,7 +185,7 @@
/**
* Retrieves a set of Roles an user is assigned in the global Group.
*
- * @return the set of Roles this user has within the global Group.
+ * @return the set of Roles this user has within the global Group or null.
*/
@Override
public RoleSet getRoles()
@@ -502,11 +511,18 @@
{
try
{
- return groupManager.getAllGroups().toArray(new Group[0]);
+ return (groupManager != null)? groupManager.getAllGroups().toArray(new Group[0])
+ : new Group[0];
}
catch (FulcrumSecurityException e)
{
return new Group[0];
}
}
+
+ @Override
+ public GroupSet getGroupSet()
+ {
+ return groupSet;
+ }
}
diff --git a/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java b/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
index 955583f..45cf646 100644
--- a/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
+++ b/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
@@ -46,8 +46,12 @@
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbinePermissionImpl;
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineRoleImpl;
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl;
+import org.apache.fulcrum.security.util.RoleSet;
import org.apache.fulcrum.testcontainer.BaseUnit5Test;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.Test;
@@ -97,6 +101,15 @@
assertTrue(acl instanceof TurbineAccessControlList);
TurbineAccessControlList tacl = (TurbineAccessControlList) acl;
assertTrue(tacl.hasPermission(permission, group));
+
+ RoleSet roleSet = tacl.getRoles( group );
+ assertTrue(roleSet.contains( role ), "expect group "+ group + " has role "+ role);
+
+ assertNull( tacl.getRoles(), "expect no role in global group");
+// assertTrue(tacl.getAllGroups().length > 0,
+// "expect length for all group set:" + tacl.getAllGroups());
+ assertTrue(tacl.getGroupSet().size() > 0,
+ "expect length for all group set:" + tacl.getAllGroups());
}
@Test
diff --git a/pom.xml b/pom.xml
index 0955318..a080c86 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,6 +131,12 @@
<version>${turbine.log4j2.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.avalon.framework</groupId>
+ <artifactId>avalon-framework-api</artifactId>
+ <version>4.3.1</version>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java b/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java
index 3b96aa5..e9e86e6 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java
@@ -23,11 +23,10 @@
/** Serial version */
private static final long serialVersionUID = 1608546448609L;
- @Override
- public List doSelectJoinTurbineRole(Criteria criteria, Connection con) throws TorqueException {
- return doSelectJoinTorqueTurbineRole(criteria, con);
- }
-
-
+ @Override
+ public List doSelectJoinTurbineGroup(Criteria criteria, Connection con) throws TorqueException
+ {
+ return doSelectJoinTorqueTurbineGroup(criteria, con);
+ }
}
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java b/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java
index 48e85df..a8e5db6 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java
@@ -37,7 +37,7 @@
extends Peer
{
- List<T> doSelectJoinTurbineRole( Criteria criteria, Connection con ) throws TorqueException;
+ List<T> doSelectJoinTurbineGroup( Criteria criteria, Connection con ) throws TorqueException;
TableMap getTableMap() throws TorqueException;
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java b/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java
index d5589ce..7b6756e 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java
@@ -50,7 +50,6 @@
{
super.configure( conf );
- // peerClassName = conf.getChild( PEER_CLASS_NAME_KEY).getValue( "org.apache.fulcrum.security.torque.om.TorqueTurbineGroupPeer" );
peerClassName = conf.getChild( PEER_CLASS_NAME_KEY).getValue( null );
if (peerClassName != null) {
setPeerClassName( peerClassName );
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java b/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
index e0ac6fe..fa8dc24 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
@@ -46,11 +46,11 @@
{
/** Serial version */
private static final long serialVersionUID = -7255623655281852566L;
-
+
/**
* Forward reference to module generated code
*
- * Get a list of association objects, pre-populated with their TurbineRole
+ * Get a list of association objects, pre-populated with their TurbineGroup
* objects.
*
* Does intentionally not initialize the cache collTurbineUserGroupRoles for referenced objects.
@@ -65,28 +65,29 @@
* @return a list of User/Group/Role relations
* @throws TorqueException if any database error occurs
*/
- protected <T extends TurbineUserGroupRoleModelPeerMapper> List<T> getTurbineUserGroupRolesJoinTurbineRole(Criteria criteria, Connection con)
+ protected <T extends TurbineUserGroupRoleModelPeerMapper> List<T> getTurbineUserGroupRolesJoinTurbineGroup(Criteria criteria, Connection con)
throws TorqueException, DataBackendException
{
criteria.and(TurbineUserGroupRolePeer.USER_ID, getEntityId() );
try {
- return (List<T>) TurbineUserGroupRolePeer.doSelectJoinTurbineRole(criteria, con);
+ return (List<T>) TurbineUserGroupRolePeer.doSelectJoinTurbineGroup(criteria, con);
} catch ( TorqueException e) {
throw new DataBackendException( e.getMessage(), e );
}
}
- /* (non-Javadoc)
+ /**
* @see org.apache.fulcrum.security.torque.security.turbine.TorqueAbstractTurbineTurbineSecurityEntityDefault#retrieveAttachedObjects(java.sql.Connection, java.lang.Boolean, java.util.List)
*/
@Override
public <T extends TurbineUserGroupRoleModelPeerMapper> void retrieveAttachedObjects( Connection con, Boolean lazy, List<T> ugrs ) throws DataBackendException, TorqueException
{
- if (!lazy ) { // !lazy
+ if (!lazy ) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
if (ugrs == null) { // default
- ugrs = getTurbineUserGroupRolesJoinTurbineRole(new Criteria(), con);
+ // the groups are the keys in roleset, roles are not expected to be used as keys
+ ugrs = getTurbineUserGroupRolesJoinTurbineGroup(new Criteria(), con);
}
maptoModel( con, userGroupRoleSet, ugrs );
@@ -104,8 +105,9 @@
if (!lazy) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
- List<TurbineUserGroupRoleModelPeerMapper> ugrs = getTurbineUserGroupRolesJoinTurbineRole(new Criteria(), con);
+ List<TurbineUserGroupRoleModelPeerMapper> ugrs = getTurbineUserGroupRolesJoinTurbineGroup(new Criteria(), con);
+ // TODO: Need to call this too to fetch right role object? getTurbineUserGroupRolesJoinTurbineRole
// org.apache.fulcrum.security.torque.om.TurbineUserGroupRole
maptoModel( con, userGroupRoleSet, ugrs );
@@ -168,11 +170,12 @@
/**
* @param con data connection
- * @param userGroupRoleSet U/G/R set
+ * @param userGroupRoleSet U/G/R to be set / target object
* @param ugrs list of all ugrs
* @throws TorqueException if data connection could not be found
*/
- private <T extends TurbineUserGroupRoleModelPeerMapper> void maptoModel( Connection con, Set<TurbineUserGroupRole> userGroupRoleSet,
+ private <T extends TurbineUserGroupRoleModelPeerMapper> void maptoModel( Connection con,
+ Set<TurbineUserGroupRole> userGroupRoleSet,
List<T> ugrs )
throws DataBackendException
{
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java b/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java
index aa136ce..cb00dd6 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java
@@ -58,11 +58,11 @@
*
* @return a list of User/Group/Role relations
*/
- protected List<TorqueTurbineUserGroupRole> getTorqueTurbineUserGroupRolesJoinTorqueTurbineRole(Criteria criteria, Connection con)
+ protected List<TorqueTurbineUserGroupRole> getTorqueTurbineUserGroupRolesJoinTorqueTurbineGroup(Criteria criteria, Connection con)
throws TorqueException
{
criteria.and(TorqueTurbineUserGroupRolePeer.USER_ID, getEntityId() );
- return TorqueTurbineUserGroupRolePeer.doSelectJoinTorqueTurbineRole(criteria, con);
+ return TorqueTurbineUserGroupRolePeer.doSelectJoinTorqueTurbineGroup(criteria, con);
}
/* (non-Javadoc)
@@ -84,7 +84,7 @@
try {
if (!lazy) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
- List<TorqueTurbineUserGroupRole> ugrs = getTorqueTurbineUserGroupRolesJoinTorqueTurbineRole(new Criteria(), con);
+ List<TorqueTurbineUserGroupRole> ugrs = getTorqueTurbineUserGroupRolesJoinTorqueTurbineGroup(new Criteria(), con);
for (TorqueTurbineUserGroupRole ttugr : ugrs)
{
diff --git a/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java b/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java
index 0487ac2..54f4001 100644
--- a/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java
+++ b/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java
@@ -347,7 +347,7 @@
Criteria criteria = new Criteria();
// expecting the same name in any custom implementation
criteria.where(peerInstance.getTableMap().getColumn(getColumnName4UserGroupRole() ), ( (TorqueAbstractSecurityEntity) user ).getEntityId() );
- List<TurbineUserGroupRoleModelPeerMapper> ugrs = peerInstance.doSelectJoinTurbineRole( criteria, con );
+ List<TurbineUserGroupRoleModelPeerMapper> ugrs = peerInstance.doSelectJoinTurbineGroup( criteria, con );
if (user instanceof TorqueAbstractTurbineTurbineSecurityEntityDefault) {
((TorqueAbstractTurbineTurbineSecurityEntityDefault)user).retrieveAttachedObjects(con, false, ugrs);
