Author: mir
Date: Tue Mar 23 17:51:06 2010
New Revision: 926683
URL: http://svn.apache.org/viewvc?rev=926683&view=rev
Log:
CLEREZZA-172: made the BasePermissionsRole undeletable in usermanager. Now this
role is assigned every newly created agent
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.config/src/main/resources/META-INF/config.rdf
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-overview-template.xhtml
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager/src/main/java/org/apache/clerezza/platform/usermanager/UserManagerImpl.java
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.ontologies/src/main/resources/org/apache/clerezza/rdf/ontologies/permission.rdf
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.config/src/main/resources/META-INF/config.rdf
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.config/src/main/resources/META-INF/config.rdf?rev=926683&r1=926682&r2=926683&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.config/src/main/resources/META-INF/config.rdf
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.config/src/main/resources/META-INF/config.rdf
Tue Mar 23 17:51:06 2010
@@ -20,6 +20,7 @@
<sioc:has_function>
<perm:Role>
<dc:title>BasePermissionsRole</dc:title>
+ <rdf:type
rdf:resource="http://clerezza.org/2008/10/permission#BaseRole"/>
<perm:hasPermission rdf:parseType="Resource">
<perm:javaPermissionEntry>(java.util.PropertyPermission "*"
"read")</perm:javaPermissionEntry>
</perm:hasPermission>
@@ -39,7 +40,6 @@
</sioc:has_function>
</foaf:Agent>
<perm:Role>
- <rdf:type
rdf:resource="http://clerezza.org/2008/10/permission#BaseRole"/>
<dc:title>DefaultRole</dc:title>
<perm:hasPermission rdf:parseType="Resource">
<perm:javaPermissionEntry>(org.apache.clerezza.platform.accountcontrolpanel.AccountControlAccessPermission
"{username}" "")</perm:javaPermissionEntry>
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java?rev=926683&r1=926682&r2=926683&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
Tue Mar 23 17:51:06 2010
@@ -316,7 +316,6 @@ public class UserManagerWeb implements G
for (int i = 0; i < userRole.length; i++) {
userRoles.add(userRole[i]);
}
-
StringWriter writer = new StringWriter();
checkParamLength(writer, userName, "Username");
checkQuote(writer, userName, "Username");
@@ -325,14 +324,11 @@ public class UserManagerWeb implements G
checkQuote(writer, pathPrefix, "Path-Prefix");
checkParamLength(writer, psw, "Password");
checkQuote(writer, psw, "Password");
-
String message = writer.toString();
if (!message.isEmpty()) {
returnInputErrorMessages(message);
}
-
userManager.storeUser(userName, email, psw, userRoles,
pathPrefix);
-
MGraph contentGraph = cgProvider.getContentGraph();
NonLiteral user = new BNode();
contentGraph.add(new TripleImpl(user, RDF.type, FOAF.Agent));
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-overview-template.xhtml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-overview-template.xhtml?rev=926683&r1=926682&r2=926683&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-overview-template.xhtml
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-overview-template.xhtml
Tue Mar 23 17:51:06 2010
@@ -1,6 +1,7 @@
def permission(s: Any) = new UriRef("http://clerezza.org/2008/10/permission#";
+ s)
def umr(s: Any) = new UriRef("http://clerezza.org/2009/05/usermanager#"; + s)
def dc(s: Any) = new UriRef("http://purl.org/dc/elements/1.1/"; + s)
+def rdf(s: Any) = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#"; + s)
resultDocModifier.addStyleSheet("js/fancybox/jquery.fancybox.css");
resultDocModifier.addScriptReference("js/fancybox/jquery.fancybox-1.2.1.pack.js");
@@ -16,48 +17,58 @@ resultDocModifier.addNodes2Elem("tx-modu
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="deleteButton" class="tx-button tx-button-remove" href="#">Remove</a></li>);
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="addButton" class="tx-button tx-button-create"
href="add-role.xhtml">Create</a></li>)
+ <div id="tx-content">
+ <div class="tx-panel">
+ </div>
- <div id="tx-content">
- <div class="tx-panel">
-
- </div>
-
- <div class="tx-list">
- <fieldset>
- <table>
+ <div class="tx-list">
+ <fieldset>
+ <table>
<colgroup>
<col width="40" />
<col width="40" />
<col width="80" />
<col width="100" />
</colgroup>
- <thead>
- <tr>
- <th colspan="2"><a href="">Name</a></th>
- <th><a href="">Special</a></th>
- <th><a href="">Permissions</a></th>
- </tr>
- </thead>
- <tbody>
-
- {for (role <- (res/umr("role"))) yield {
- <tr id={role/dc("title")*}>
- <td>
- <input type="checkbox" value={role/dc("title")*} />
- </td>
- <td>{role/dc("title")*}</td>
- <td>
- <a href={"add-single-property?roleTitle=" +
(role/dc("title")*)} >add single-valued property</a> /
- <a href={"add-multiple-property?roleTitle=" +
(role/dc("title")*)} >add multiple-valued property</a> /
- <a href={"manage-custom-properties?role=" +
(role/dc("title")*)} >manage customfields</a>
- </td>
- <td><a href={"manage-role-permissions?roleTitle=" +
(role/dc("title")*)}>show permissions</a></td>
- </tr>
- }
- }
- </tbody>
- </table>
- </fieldset>
- </div>
- </div>
+ <thead>
+ <tr>
+ <th
colspan="2"><a href="">Name</a></th>
+ <th><a
href="">Special</a></th>
+ <th><a
href="">Permissions</a></th>
+ </tr>
+ </thead>
+ <tbody>
+
+ {
+ for (role <- (res/umr("role")))
yield {
+ <tr
id={role/dc("title")*}>
+ <td>
+ {
+
var isBaseRole:Boolean = false
+
for (rdfType <- (role/rdf("type"))) yield {
+
if (rdfType.getNode.equals(permission("BaseRole"))) {
+
isBaseRole = true;
+
} else {}
+
}
+
if (!isBaseRole) {
+
<input type="checkbox" value={role/dc("title")*}/>
+
} else {}
+
+ }
+ </td>
+
<td>{role/dc("title")*}</td>
+ <td>
+ <a
href={"add-single-property?roleTitle=" + (role/dc("title")*)} >add
single-valued property</a> /
+ <a
href={"add-multiple-property?roleTitle=" + (role/dc("title")*)} >add
multiple-valued property</a> /
+ <a
href={"manage-custom-properties?role=" + (role/dc("title")*)} >manage
customfields</a>
+ </td>
+ <td><a
href={"manage-role-permissions?roleTitle=" + (role/dc("title")*)}>show
permissions</a></td>
+ </tr>
+ }
+ }
+ </tbody>
+ </table>
+ </fieldset>
+ </div>
+ </div>
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager/src/main/java/org/apache/clerezza/platform/usermanager/UserManagerImpl.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager/src/main/java/org/apache/clerezza/platform/usermanager/UserManagerImpl.java?rev=926683&r1=926682&r2=926683&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager/src/main/java/org/apache/clerezza/platform/usermanager/UserManagerImpl.java
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager/src/main/java/org/apache/clerezza/platform/usermanager/UserManagerImpl.java
Tue Mar 23 17:51:06 2010
@@ -103,29 +103,11 @@ public class UserManagerImpl implements
@Override
public Iterator<NonLiteral> getRoles() {
- return getRoles(PERMISSION.Role);
- }
-
- private Iterator<NonLiteral> getRoles(UriRef type) {
- final Iterator<Triple> triples =
- systemGraph.filter(null, RDF.type, type);
- return new Iterator<NonLiteral>() {
-
- @Override
- public boolean hasNext() {
- return triples.hasNext();
- }
-
- @Override
- public NonLiteral next() {
- return triples.next().getSubject();
- }
-
- @Override
- public void remove() {
- throw new UnsupportedOperationException("Not
supported yet.");
- }
- };
+ final Iterator<NonLiteral> rolesIter =
getResourcesOfType(PERMISSION.Role);
+ if (!rolesIter.hasNext()) {
+ return rolesIter;
+ }
+ return rolesIter;
}
@Override
@@ -160,9 +142,17 @@ public class UserManagerImpl implements
if (role == null) {
return;
}
+ if (isBaseRole(role)) {
+ return;
+ }
deleteTriplesOfASubject(role);
}
+ private boolean isBaseRole(NonLiteral role) {
+ GraphNode roleNode = new GraphNode(role, systemGraph);
+ return roleNode.hasProperty(RDF.type, PERMISSION.BaseRole);
+ }
+
private void deleteTriplesOfASubject(NonLiteral subject) {
Iterator<Triple> triples = systemGraph.filter(subject, null,
null);
while (triples.hasNext()) {
@@ -340,18 +330,7 @@ public class UserManagerImpl implements
new PlainLiteralImpl(pathPrefix)));
}
if (!assignedRoles.isEmpty()) {
- for (String roleTitle : assignedRoles) {
-
- // skip empty strings
- if ((roleTitle == null) ||
(roleTitle.trim().length() == 0)) {
- continue;
- }
- NonLiteral role = getRoleByTitle(roleTitle);
- if (role == null) {
- throw new
RoleUnavailableException(roleTitle);
- }
- systemGraph.add(new TripleImpl(user,
SIOC.has_function, role));
- }
+ addRolesToUser(assignedRoles, user);
}
}
@@ -417,23 +396,31 @@ public class UserManagerImpl implements
}
if (!assignedRoles.isEmpty()) {
userGraphNode.deleteProperties(SIOC.has_function);
- for (String roleTitle : assignedRoles) {
-
- // skip empty strings
- if ((roleTitle == null) ||
(roleTitle.trim().length() == 0)) {
- continue;
- }
- NonLiteral role = getRoleByTitle(roleTitle);
- if (role == null) {
- throw new
RoleUnavailableException(roleTitle);
- }
- userGraphNode.addProperty(SIOC.has_function,
role);
- }
+ addRolesToUser(assignedRoles,
(BNode)userGraphNode.getNode());
//refresh the policy so it will recheck the permissions
Policy.getPolicy().refresh();
}
}
+ private void addRolesToUser(List<String> assignedRoles, BNode user)
throws RoleUnavailableException {
+ for (String roleTitle : assignedRoles) {
+ // skip empty strings
+ if ((roleTitle == null) || (roleTitle.trim().length()
== 0)) {
+ continue;
+ }
+ NonLiteral role = getRoleByTitle(roleTitle);
+ if (role == null) {
+ throw new RoleUnavailableException(roleTitle);
+ }
+ systemGraph.add(new TripleImpl(user, SIOC.has_function,
role));
+ }
+ Iterator<NonLiteral> baseRoles =
getResourcesOfType(PERMISSION.BaseRole);
+ while (baseRoles.hasNext()) {
+ NonLiteral baseRole = baseRoles.next();
+ systemGraph.add(new TripleImpl(user, SIOC.has_function,
baseRole));
+ }
+ }
+
private void updateProperty(GraphNode node, UriRef predicate, Resource
object) {
node.deleteProperties(predicate);
node.addProperty(predicate, object);
@@ -460,7 +447,29 @@ public class UserManagerImpl implements
@Override
public Iterator<NonLiteral> getUsers() {
- return getRoles(FOAF.Agent);
+ return getResourcesOfType(FOAF.Agent);
+ }
+
+ private Iterator<NonLiteral> getResourcesOfType(UriRef type) {
+ final Iterator<Triple> triples =
+ systemGraph.filter(null, RDF.type, type);
+ return new Iterator<NonLiteral>() {
+
+ @Override
+ public boolean hasNext() {
+ return triples.hasNext();
+ }
+
+ @Override
+ public NonLiteral next() {
+ return triples.next().getSubject();
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException("Not
supported yet.");
+ }
+ };
}
@Override
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.ontologies/src/main/resources/org/apache/clerezza/rdf/ontologies/permission.rdf
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.ontologies/src/main/resources/org/apache/clerezza/rdf/ontologies/permission.rdf?rev=926683&r1=926682&r2=926683&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.ontologies/src/main/resources/org/apache/clerezza/rdf/ontologies/permission.rdf
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.ontologies/src/main/resources/org/apache/clerezza/rdf/ontologies/permission.rdf
Tue Mar 23 17:51:06 2010
@@ -26,6 +26,13 @@
rights</skos:definition>
<rdfs:isDefinedBy
rdf:resource="http://clerezza.org/2008/10/permission#"; />
</rdfs:Class>
+<rdfs:Class rdf:about="http://clerezza.org/2008/10/permission#BaseRole";>
+ <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#Class"/>
+ <rdfs:label xml:lang="en">Base Role</rdfs:label>
+ <skos:definition xml:lang="en">A base role is a set of connected
+ rights that every user automatically has.</skos:definition>
+ <rdfs:isDefinedBy
rdf:resource="http://clerezza.org/2008/10/permission#"; />
+</rdfs:Class>
<rdfs:Class rdf:about="http://clerezza.org/2008/10/permission#Permission";>
<rdf:type rdf:resource="http://www.w3.org/2002/07/owl#Class"/>
<rdfs:label xml:lang="en">Permission</rdfs:label>
