Skip to content

Commit

Permalink
Bug 459781 - Customizable authentication & authorization
Browse files Browse the repository at this point in the history
AdminEmfStoreImpl uses access control to retrieve & modify users/groups
  • Loading branch information
edgarmueller committed Mar 23, 2015
1 parent 8f8b7fa commit dc57ab4
Show file tree
Hide file tree
Showing 6 changed files with 163 additions and 45 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
******************************************************************************/
package org.eclipse.emf.emfstore.server.model;

import java.io.IOException;
import java.util.List;
import java.util.Set;

Expand Down Expand Up @@ -47,7 +48,44 @@ public interface ESOrgUnitProvider {
List<ESProjectHistory> getProjects();

/**
* @param serverSpace
* Removes the given group.
*
* @param group the group to be removed
*/
void removeGroup(ESGroup group);

/**
* Removes the given user.
*
* @param user the user to be removed
*/
void removeUser(ESUser user);

/**
* Adds the given user.
*
* @param user the user to be added
*/
void addUser(ESUser user);

/**
* Adds the given group.
*
* @param group the group to be added
*/
void addGroup(ESGroup group);

/**
* Save the current state of the provider.
*
* @throws IOException in case saving fails
*/
void save() throws IOException;

/**
*
* @param daoFacade
*/
// TODO: FIXME
void init(ACDAOFacade daoFacade);
}
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ public synchronized void run(boolean waitForTermination) throws FatalESException
accessControl = initAccessControl(serverSpace);
// TODO: ugly
emfStore = EMFStoreImpl.createInterface(serverSpace, accessControl);
adminEmfStore = new AdminEmfStoreImpl(serverSpace, serverSpace, accessControl);
adminEmfStore = new AdminEmfStoreImpl(serverSpace, accessControl);

// copy keystore file to workspace if not existent
copyFileToWorkspace(ServerConfiguration.getServerKeyStorePath(), ServerConfiguration.SERVER_KEYSTORE_FILE,
Expand Down Expand Up @@ -238,19 +238,19 @@ private void initLogging() {
Platform.getLog(Platform.getBundle(EMFSTORE_COMMON_BUNDLE)).addLogListener(new
ILogListener() {

public void logging(IStatus status, String plugin) {
if (status.getSeverity() == IStatus.INFO) {
System.out.println(status.getMessage());
} else if (!status.isOK()) {
System.err.println(status.getMessage());
final Throwable exception = status.getException();
if (exception != null) {
exception.printStackTrace(System.err);
}
public void logging(IStatus status, String plugin) {
if (status.getSeverity() == IStatus.INFO) {
System.out.println(status.getMessage());
} else if (!status.isOK()) {
System.err.println(status.getMessage());
final Throwable exception = status.getException();
if (exception != null) {
exception.printStackTrace(System.err);
}
}
}

});
});
}

private void handleStartupListener() {
Expand Down Expand Up @@ -295,7 +295,7 @@ private void copyFileToWorkspace(String target, String source, String failure, S
try {
FileUtil.copyFile(new URL("platform:/plugin/" //$NON-NLS-1$
+ element.getIConfigurationElement().getNamespaceIdentifier() + "/" + attribute) //$NON-NLS-1$
.openConnection().getInputStream(), targetFile);
.openConnection().getInputStream(), targetFile);
return;
} catch (final IOException e) {
ModelUtil.logWarning(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ private ESAuthorizationService initAuthorizationService() {
ESAuthorizationService authorizationService;
try {
final List<ESAuthorizationService> services = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, false)
.getClasses(AUTHORIZATION_SERVICE_CLASS, ESAuthorizationService.class);
.getClasses(AUTHORIZATION_SERVICE_CLASS, ESAuthorizationService.class);
if (services.isEmpty()) {
authorizationService = new DefaultESAuthorizationService();
} else if (services.size() == 1) {
Expand Down Expand Up @@ -156,7 +156,7 @@ private ESOrgUnitResolver initOrgUnitResolverService() {
MessageFormat.format(
Messages.AccessControl_MultipleExtensionsDiscovered,
ACCESSCONTROL_EXTENSION_ID + "." + ORG_UNIT_RESOLVER_SERVICE_CLASS //$NON-NLS-1$
));
));
}
} catch (final ESExtensionPointException e) {
final String message = "Custom org unit resolver class not be initialized"; //$NON-NLS-1$
Expand Down Expand Up @@ -203,6 +203,15 @@ public ESOrgUnitResolver getOrgUnitResolverServive() {
return orgUnitResolver;
}

/**
* Returns the {@link ESOrgUnitProvider}.
*
* @return the {@link ESOrgUnitProvider} in use.
*/
public ESOrgUnitProvider getOrgUnitProviderService() {
return orgUnitProvider;
}

/**
* Returns the {@link ESAuthorizationService}.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.RolesFactory;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.RolesPackage;
import org.eclipse.emf.emfstore.internal.server.model.dao.ACDAOFacade;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESGroupImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESUserImpl;
import org.eclipse.emf.emfstore.server.auth.ESAuthorizationService;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.exceptions.ESException;
Expand All @@ -58,8 +59,6 @@
// TODO: bring this interface in new subinterface structure and refactor it
public class AdminEmfStoreImpl extends AbstractEmfstoreInterface implements AdminEmfStore {

private final ACDAOFacade daoFacade;

/**
* Default constructor.
*
Expand All @@ -72,11 +71,10 @@ public class AdminEmfStoreImpl extends AbstractEmfstoreInterface implements Admi
* @throws FatalESException
* in case of failure
*/
public AdminEmfStoreImpl(ACDAOFacade daoFacade, ServerSpace serverSpace,
public AdminEmfStoreImpl(ServerSpace serverSpace,
AccessControl accessControl)
throws FatalESException {
throws FatalESException {
super(serverSpace, accessControl);
this.daoFacade = daoFacade;
}

/**
Expand All @@ -88,7 +86,7 @@ public List<ACGroup> getGroups(SessionId sessionId) throws ESException {
sessionId.toAPI(),
null);
final List<ACGroup> result = new ArrayList<ACGroup>();
for (final ACGroup group : daoFacade.getGroups()) {
for (final ACGroup group : getGroups()) {
// quickfix
final ACGroup copy = ModelUtil.clone(group);
clearMembersFromGroup(copy);
Expand All @@ -97,6 +95,22 @@ public List<ACGroup> getGroups(SessionId sessionId) throws ESException {
return result;
}

private List<ACGroup> getGroups() {
final List<ACGroup> groups = new ArrayList<ACGroup>();
for (final ESGroup group : getAccessControl().getOrgUnitProviderService().getGroups()) {
groups.add((ACGroup) ESGroupImpl.class.cast(group).toInternalAPI());
}
return groups;
}

private List<ACUser> getUsers() {
final List<ACUser> users = new ArrayList<ACUser>();
for (final ESUser user : getAccessControl().getOrgUnitProviderService().getUsers()) {
users.add((ACUser) ESUserImpl.class.cast(user).toInternalAPI());
}
return users;
}

/**
* {@inheritDoc}
*/
Expand All @@ -107,7 +121,7 @@ public List<ACGroup> getGroups(SessionId sessionId, ACOrgUnitId orgUnitId) throw
null);
final List<ACGroup> result = new ArrayList<ACGroup>();
final ACOrgUnit<?> orgUnit = getOrgUnit(orgUnitId);
for (final ACGroup group : daoFacade.getGroups()) {
for (final ACGroup group : getGroups()) {
if (group.getMembers().contains(orgUnit)) {
// quickfix
final ACGroup copy = ModelUtil.clone(group);
Expand Down Expand Up @@ -136,13 +150,13 @@ public ACOrgUnitId createGroup(SessionId sessionId, String name) throws ESExcept
final ACGroup acGroup = AccesscontrolFactory.eINSTANCE.createACGroup();
acGroup.setName(name);
acGroup.setDescription(StringUtils.EMPTY);
daoFacade.add(acGroup);
getAccessControl().getOrgUnitProviderService().addGroup(acGroup.toAPI());
save();
return ModelUtil.clone(acGroup.getId());
}

private boolean groupExists(String name) {
for (final ACGroup group : daoFacade.getGroups()) {
for (final ACGroup group : getGroups()) {
if (group.getName().equals(name)) {
return true;
}
Expand Down Expand Up @@ -197,14 +211,14 @@ public void deleteGroup(SessionId sessionId, ACOrgUnitId groupId) throws ESExcep
member.getId().toAPI());
}

for (final Iterator<ACGroup> iter = daoFacade.getGroups().iterator(); iter.hasNext();) {
for (final Iterator<ACGroup> iter = getGroups().iterator(); iter.hasNext();) {
final ACGroup nextGroup = iter.next();
final List<ACGroup> groups = getGroups(sessionId, groupId);
if (nextGroup.getId().equals(groupId)) {
for (final ACGroup acGroup : groups) {
removeMember(sessionId, acGroup.getId(), nextGroup.getId());
}
daoFacade.remove(nextGroup);
getAccessControl().getOrgUnitProviderService().removeGroup(nextGroup.toAPI());
EcoreUtil.delete(nextGroup);
save();
return;
Expand Down Expand Up @@ -305,7 +319,7 @@ public List<ACOrgUnit> getParticipants(SessionId sessionId, ProjectId projectId)
projectId.toAPI());

final List<ACOrgUnit> result = new ArrayList<ACOrgUnit>();
for (final ACOrgUnit<ESUser> orgUnit : daoFacade.getUsers()) {
for (final ACOrgUnit<ESUser> orgUnit : getUsers()) {

final List<Role> roles = orgUnit.getRoles();
for (final Role role : roles) {
Expand All @@ -315,7 +329,7 @@ public List<ACOrgUnit> getParticipants(SessionId sessionId, ProjectId projectId)
}
}

for (final ACOrgUnit<ESGroup> orgUnit : daoFacade.getGroups()) {
for (final ACOrgUnit<ESGroup> orgUnit : getGroups()) {
final List<Role> roles = orgUnit.getRoles();
for (final Role role : roles) {
if (isServerAdmin(role) || role.getProjects().contains(projectId)) {
Expand Down Expand Up @@ -504,7 +518,7 @@ public void changeRole(SessionId sessionId, ProjectId projectId, ACOrgUnitId org
if (!isServerAdmin && role.canAdministrate(projectId)) {
throw new AccessControlException(
Messages.AdminEmfStoreImpl_RemovePA_Violation_1
+ Messages.AdminEmfStoreImpl_RemovePA_Violation_2);
+ Messages.AdminEmfStoreImpl_RemovePA_Violation_2);
}

role.getProjects().remove(projectId);
Expand Down Expand Up @@ -583,7 +597,7 @@ public List<ACUser> getUsers(SessionId sessionId) throws ESException {
sessionId.toAPI(),
null);
final List<ACUser> result = new ArrayList<ACUser>();
for (final ACUser user : daoFacade.getUsers()) {
for (final ACUser user : getUsers()) {
result.add(user);
}
return result;
Expand All @@ -598,10 +612,10 @@ public List<ACOrgUnit> getOrgUnits(SessionId sessionId) throws ESException {
sessionId.toAPI(),
null);
final List<ACOrgUnit> result = new ArrayList<ACOrgUnit>();
for (final ACOrgUnit<ESUser> user : daoFacade.getUsers()) {
for (final ACOrgUnit<ESUser> user : getUsers()) {
result.add(ModelUtil.clone(user));
}
for (final ACOrgUnit<ESGroup> group : daoFacade.getGroups()) {
for (final ACOrgUnit<ESGroup> group : getGroups()) {
result.add(ModelUtil.clone(group));
}
// quickfix
Expand Down Expand Up @@ -644,13 +658,13 @@ public ACOrgUnitId createUser(SessionId sessionId, String name) throws ESExcepti
final ACUser acUser = AccesscontrolFactory.eINSTANCE.createACUser();
acUser.setName(name);
acUser.setDescription(StringUtils.EMPTY);
daoFacade.add(acUser);
getAccessControl().getOrgUnitProviderService().addUser(acUser.toAPI());
save();
return ModelUtil.clone(acUser.getId());
}

private boolean userExists(String name) {
for (final ACUser user : daoFacade.getUsers()) {
for (final ACUser user : getUsers()) {
if (user.getName().equals(name)) {
return true;
}
Expand All @@ -671,14 +685,14 @@ public void deleteUser(SessionId sessionId, ACOrgUnitId userId) throws ESExcepti
sessionId.toAPI(),
null,
ESProjectAdminPrivileges.DeleteOrgUnit);
for (final Iterator<ACUser> iter = daoFacade.getUsers().iterator(); iter.hasNext();) {
for (final Iterator<ACUser> iter = getUsers().iterator(); iter.hasNext();) {
final ACUser user = iter.next();
final List<ACGroup> groups = getGroups(sessionId, userId);
if (user.getId().equals(userId)) {
for (final ACGroup acGroup : groups) {
removeMember(sessionId, acGroup.getId(), userId);
}
daoFacade.remove(user);
getAccessControl().getOrgUnitProviderService().removeUser(user.toAPI());
// TODO: move ecore delete into ServerSpace#deleteUser implementation
EcoreUtil.delete(user);
save();
Expand Down Expand Up @@ -791,7 +805,7 @@ private ProjectInfo getProjectInfo(ProjectHistory project) {
}

private ACGroup getGroup(ACOrgUnitId orgUnitId) throws ESException {
for (final ACGroup group : daoFacade.getGroups()) {
for (final ACGroup group : getGroups()) {
if (group.getId().equals(orgUnitId)) {
return group;
}
Expand All @@ -800,12 +814,12 @@ private ACGroup getGroup(ACOrgUnitId orgUnitId) throws ESException {
}

private ACOrgUnit<?> getOrgUnit(ACOrgUnitId orgUnitId) throws ESException {
for (final ACOrgUnit<ESUser> unit : daoFacade.getUsers()) {
for (final ACOrgUnit<ESUser> unit : getUsers()) {
if (unit.getId().equals(orgUnitId)) {
return unit;
}
}
for (final ACOrgUnit<ESGroup> unit : daoFacade.getGroups()) {
for (final ACOrgUnit<ESGroup> unit : getGroups()) {
if (unit.getId().equals(orgUnitId)) {
return unit;
}
Expand All @@ -826,7 +840,7 @@ private Role getRole(ProjectId projectId, ACOrgUnit<?> orgUnit) {

private void save() throws ESException {
try {
daoFacade.save();
getAccessControl().getOrgUnitProviderService().save();
} catch (final IOException e) {
throw new StorageException(StorageException.NOSAVE, e);
} catch (final NullPointerException e) {
Expand Down
Loading

0 comments on commit dc57ab4

Please sign in to comment.