[Bedework-commit] r484 - in trunk/calendar3:
access/src/edu/rpi/cct/uwcal/access
calCore/src/org/bedework/calcore/hibernate
caldav/src/edu/rpi/cct/uwcal/caldav/calquery
calsvc/src/org/bedework/calsvc deployment/termination/jboss
svnadmin at bedework.org
svnadmin at bedework.org
Tue May 16 11:01:30 EDT 2006
Author: douglm
Date: 2006-05-16 11:01:30 -0400 (Tue, 16 May 2006)
New Revision: 484
Modified:
trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Access.java
trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Acl.java
trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeDefs.java
trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeSet.java
trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AccessUtil.java
trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/Calendars.java
trunk/calendar3/caldav/src/edu/rpi/cct/uwcal/caldav/calquery/FreeBusyQuery.java
trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java
trunk/calendar3/deployment/termination/jboss/build.xml
Log:
Allow checking for any access to an entity
Use that in getCalendar method. This requires better access checking elsewhere.
Fix caldav FreeBusy query to get user object for query
Skip servlet.jsp.jar in jboss build
Modified: trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Access.java
===================================================================
--- trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Access.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Access.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -85,6 +85,9 @@
/** Defines write access to an object */
public final static Privilege writeContent = Privileges.makePriv(Privileges.privWriteContent);
+ /** Privilege set giving any access to an object */
+ public final static Privilege[] privSetAny = {};
+
/** Privilege set giving read access to an object */
public final static Privilege[] privSetRead = {read};
@@ -250,6 +253,23 @@
filter);
}
+ /** convenience method - check for any access
+ *
+ * @param who Acl.Principal defining who is trying to get access
+ * @param owner String owner of object
+ * @param aclChars char[] defining current acls for object
+ * @param filter if not null specifies maximum access
+ * @return CurrentAccess access + allowed/disallowed
+ * @throws AccessException
+ */
+ public CurrentAccess checkAny(AccessPrincipal who, String owner,
+ char[] aclChars,
+ PrivilegeSet filter)
+ throws AccessException {
+ return new Acl(debug).evaluateAccess(who, owner, privSetAny, aclChars,
+ filter);
+ }
+
/** convenience method - check for given access
*
* @param who Acl.Principal defining who is trying to get access
Modified: trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Acl.java
===================================================================
--- trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Acl.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/Acl.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -288,6 +288,13 @@
ca.privileges.filterPrivileges(filter);
}
+ if (how.length == 0) {
+ // Means any access will do
+
+ ca.accessAllowed = ca.privileges.getAnyAllowed();
+ return ca;
+ }
+
for (int i = 0; i < how.length; i++) {
char priv = ca.privileges.getPrivilege(how[i].getIndex());
Modified: trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeDefs.java
===================================================================
--- trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeDefs.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeDefs.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -159,6 +159,11 @@
*/
public static final int privMaxType = 12;
+ /** Indicate any allowed access will do
+ */
+ public static final int privAny = privMaxType + 1;
+
+
/* !!!!!!!!!!!!!!!!!! need default access - i.e. remove any mention of who
*/
Modified: trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeSet.java
===================================================================
--- trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeSet.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/access/src/edu/rpi/cct/uwcal/access/PrivilegeSet.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -259,6 +259,30 @@
}
}
+ /** Retrun true if there is any allowed access
+ *
+ * @return boolean
+ */
+ public boolean getAnyAllowed() {
+ if (privileges == null) {
+ return false;
+ }
+
+ for (int pi = 0; pi < privileges.length; pi++) {
+ char pr = privileges[pi];
+
+ if (pr == allowed) {
+ return true;
+ }
+
+ if (pr == allowedInherited) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
/** If current is null it is set to a cloned copy of morePriv otherwise the
* privilege(s) in morePriv are merged into current.
*
Modified: trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AccessUtil.java
===================================================================
--- trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AccessUtil.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AccessUtil.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -324,7 +324,9 @@
// Not special
aclChars = getAclChars(ent);
- if (desiredAccess == privRead) {
+ if (desiredAccess == privAny) {
+ ca = access.checkAny(authUser, account, aclChars, maxPrivs);
+ } else if (desiredAccess == privRead) {
ca = access.checkRead(authUser, account, aclChars, maxPrivs);
} else if (desiredAccess == privWrite) {
ca = access.checkReadWrite(authUser, account, aclChars, maxPrivs);
Modified: trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/Calendars.java
===================================================================
--- trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/Calendars.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/Calendars.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -391,6 +391,7 @@
}
public void updateCalendar(BwCalendar val) throws CalFacadeException {
+ access.checkAccess(val, privWrite, false);
getSess().update(val);
}
Modified: trunk/calendar3/caldav/src/edu/rpi/cct/uwcal/caldav/calquery/FreeBusyQuery.java
===================================================================
--- trunk/calendar3/caldav/src/edu/rpi/cct/uwcal/caldav/calquery/FreeBusyQuery.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/caldav/src/edu/rpi/cct/uwcal/caldav/calquery/FreeBusyQuery.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -65,6 +65,7 @@
import edu.rpi.cct.webdav.servlet.common.MethodBase;
import edu.rpi.cct.webdav.servlet.shared.WebdavBadRequest;
import edu.rpi.cct.webdav.servlet.shared.WebdavException;
+import edu.rpi.cct.webdav.servlet.shared.WebdavIntfException;
import edu.rpi.cct.webdav.servlet.shared.WebdavNsIntf;
import org.apache.log4j.Logger;
@@ -122,13 +123,17 @@
/**
* @param svci
- * @param user
+ * @param account
* @return BwFreeBusy
* @throws WebdavException
*/
- public BwFreeBusy getFreeBusy(CalSvcI svci, String user) throws WebdavException {
+ public BwFreeBusy getFreeBusy(CalSvcI svci, String account) throws WebdavException {
try {
- BwFreeBusy fb = svci.getFreeBusy(null, new BwUser(user),
+ BwUser user = svci.findUser(account);
+ if (user == null) {
+ throw WebdavIntfException.unauthorized();
+ }
+ BwFreeBusy fb = svci.getFreeBusy(null, user,
timeRange.getStart(), timeRange.getEnd(),
null, false);
Modified: trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java
===================================================================
--- trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java 2006-05-16 15:01:30 UTC (rev 484)
@@ -668,11 +668,10 @@
}
if ((path.length() > 1) && path.endsWith("/")) {
- return getCal().getCalendar(path.substring(0, path.length() - 1),
- PrivilegeDefs.privRead);
+ path = path.substring(0, path.length() - 1);
}
- return getCal().getCalendar(path, PrivilegeDefs.privRead);
+ return getCal().getCalendar(path, PrivilegeDefs.privAny);
}
/** set the default calendar for the current user.
Modified: trunk/calendar3/deployment/termination/jboss/build.xml
===================================================================
--- trunk/calendar3/deployment/termination/jboss/build.xml 2006-05-16 13:07:36 UTC (rev 483)
+++ trunk/calendar3/deployment/termination/jboss/build.xml 2006-05-16 15:01:30 UTC (rev 484)
@@ -40,6 +40,7 @@
<fileset dir="${org.bedework.temp.home}/earlib">
<exclude name="commons-logging*" />
<exclude name="log4j*" />
+ <exclude name="servlet.jsp*" />
</fileset>
</copy>
More information about the Bedework-commit
mailing list