Skip to content

Commit

Permalink
Add a default role for LDAP users (LdapRegistered)
Browse files Browse the repository at this point in the history 
Issue: #229
  • Loading branch information
@svogt
svogt committed Jan 21, 2015
1 parent e32e825 commit 844ba72
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 44 deletions.
21 changes: 11 additions & 10 deletions org.jabylon.security/src/main/java/org/jabylon/security/CommonPermissions.java
View file
Expand Up @@ -38,6 +38,7 @@ public class CommonPermissions {

public static final String ROLE_ANONYMOUS = "Anonymous";
public static final String ROLE_REGISTERED = "Registered";
public static final String ROLE_LDAP_REGISTERED = "LdapRegistered";
public static final String ROLE_ADMINISTRATOR = "Administrator";

public static final String USER_ANONYMOUS = ROLE_ANONYMOUS;
Expand All @@ -47,22 +48,22 @@ public class CommonPermissions {
public static final String WORKSPACE = "Workspace";
public static final String USER = "User";
public static final String SYSTEM = "System";

/**
* enables to edit resources
*/
public static final String ACTION_EDIT = "edit";

/**
* grants read-only access
*/
public static final String ACTION_VIEW = "view";

/**
* grants access to configuration
*/
public static final String ACTION_CONFIG = "config";

/**
* permission to not directly edit translations, but at least make suggestions
*/
Expand Down Expand Up @@ -94,32 +95,32 @@ public class CommonPermissions {

private static final String PERMISSION_PATTERN = "{0}:{1}:{2}";
private static final String WORKSPACE_PERMISSION_PATTERN = "{0}:{1}";

private static final Set<EClass> KNOWN_TARGETS;
static {
KNOWN_TARGETS = new HashSet<EClass>();
KNOWN_TARGETS.add(PropertiesPackage.Literals.WORKSPACE);
KNOWN_TARGETS.add(PropertiesPackage.Literals.PROJECT);
}

/**
* computes something known to us that we can use to construct a proper permission.
* e.g. we don't have permissions on per descriptor level, so we need to walk up the
* hierarchy until we find something known
* hierarchy until we find something known
* @param target
* @return
* @return
*/
private static Resolvable<?, ?> getActualTarget(Resolvable<?, ?> target) {
Resolvable<?, ?> current = target;
while(current!=null && !KNOWN_TARGETS.contains(current.eClass()))
current = current.getParent();
return current;
}
}

public static String constructPermissionName(String kind, String scope, String action){
return MessageFormat.format(PERMISSION_PATTERN, kind,scope,action);
}

public static String constructPermissionName(Resolvable<?, ?> r, String action){
Resolvable<?, ?> rightsContainer = getActualTarget(r);
if (rightsContainer instanceof Workspace) {
Expand Down
82 changes: 48 additions & 34 deletions org.jabylon.security/src/main/java/org/jabylon/security/GroupMemberAttribute.java
View file
Expand Up @@ -16,43 +16,57 @@
import org.jabylon.users.Role;
import org.jabylon.users.User;
import org.jabylon.users.UserManagement;
import org.jabylon.users.UsersFactory;
import org.jabylon.users.UsersPackage;

public class GroupMemberAttribute extends SubjectAttribute {

public GroupMemberAttribute(Collection<String> groups) {
super(UsersPackage.Literals.USER__ROLES, groups);
}

@SuppressWarnings("unchecked")
@Override
public void applyTo(EObject eobject) {
if (eobject instanceof User) {
User user = (User) eobject;
List<Role> roles = user.getRoles();
Iterator<Role> it = roles.iterator();
while (it.hasNext()) {
Role role = it.next();
if(CommonPermissions.AUTH_TYPE_LDAP.equals(role.getType()))
{
it.remove();
}
}
Collection<String> groups = (Collection<String>) getValue();
EObject container = user.eContainer();
if (container instanceof UserManagement) {
UserManagement management = (UserManagement) container;
List<Role> allRoles = management.getRoles();
for (Role role : allRoles) {
if(CommonPermissions.AUTH_TYPE_LDAP.equals(role.getType()))
{
if(groups.contains(role.getName()))
roles.add(role);
}
}

}
}
}
public GroupMemberAttribute(Collection<String> groups) {
super(UsersPackage.Literals.USER__ROLES, groups);
}

@SuppressWarnings("unchecked")
@Override
public void applyTo(EObject eobject) {
if (eobject instanceof User) {
User user = (User) eobject;
List<Role> roles = user.getRoles();
Iterator<Role> it = roles.iterator();
while (it.hasNext()) {
Role role = it.next();
if(CommonPermissions.AUTH_TYPE_LDAP.equals(role.getType()))
{
it.remove();
}
}
Collection<String> groups = (Collection<String>) getValue();
EObject container = user.eContainer();
if (container instanceof UserManagement) {
UserManagement management = (UserManagement) container;
roles.add(checkLdapRegisteredRole(management));
List<Role> allRoles = management.getRoles();
for (Role role : allRoles) {
if(CommonPermissions.AUTH_TYPE_LDAP.equals(role.getType()))
{
if(groups.contains(role.getName()));
roles.add(role);
}
}

}
}
}

private Role checkLdapRegisteredRole(UserManagement management)
{
Role ldapRegistered = management.findRoleByName(CommonPermissions.ROLE_LDAP_REGISTERED);
if(ldapRegistered==null) {
ldapRegistered = UsersFactory.eINSTANCE.createRole();
ldapRegistered.setName(CommonPermissions.ROLE_LDAP_REGISTERED);
ldapRegistered.setType(CommonPermissions.AUTH_TYPE_LDAP);
management.getRoles().add(ldapRegistered);
}
return ldapRegistered;
}

}
1 change: 1 addition & 0 deletions org.jabylon.security/src/main/java/org/jabylon/security/internal/LDAPLoginModule.java
View file
Expand Up @@ -156,6 +156,7 @@ private String findUser(String user, DirContext ctx) throws NamingException {
if(attribute!=null) {
NamingEnumeration<?> groupsEnum = attribute.getAll();
groups = new HashSet<String>();
groups.add(CommonPermissions.ROLE_LDAP_REGISTERED);
while (groupsEnum.hasMoreElements()) {
Object object = groupsEnum.nextElement();
if (object instanceof String) {
Expand Down

0 comments on commit 844ba72

Please sign in to comment.