* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
public static final String TABLE = "role";
public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F
-
+
private final HistoryDAO historyDAO;
private final CacheInfoDAO infoDAO;
}
return perms;
}
-
+
public static Data create(NsDAO.Data ns, String name) {
- NsSplit nss = new NsSplit(ns,name);
+ NsSplit nss = new NsSplit(ns,name);
RoleDAO.Data rv = new Data();
rv.ns = nss.ns;
rv.name=nss.name;
return rv;
}
-
+
public String fullName() {
- return ns + '.' + name;
+ StringBuilder sb = new StringBuilder();
+ if(ns==null) {
+ sb.append('.');
+ } else {
+ sb.append(ns);
+ sb.append(ns.indexOf('@')<0?'.':':');
+ }
+ sb.append(name);
+ return sb.toString();
}
-
+
public String encode() {
return ns + '|' + name;
}
-
+
/**
* Decode Perm String, including breaking into appropriate Namespace
- *
+ *
* @param trans
* @param q
* @param r
* @return
*/
public static Result<Data> decode(AuthzTrans trans, Question q, String r) {
- String[] ss = Split.splitTrim('|', r,2);
Data data = new Data();
- if(ss[1]==null) { // older 1 part encoding must be evaluated for NS
- Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
- if(nss.notOK()) {
- return Result.err(nss);
+ if(r.indexOf('@')>=0) {
+ int colon = r.indexOf(':');
+ if(colon<0) {
+ return Result.err(Result.ERR_BadData, "%s is not a valid Role",r);
+ } else {
+ data.ns=r.substring(0, colon);
+ data.name=r.substring(++colon);
+ }
+ } else {
+ String[] ss = Split.splitTrim('|', r,2);
+ if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
+ Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
+ if (nss.notOK()) {
+ return Result.err(nss);
+ }
+ data.ns=nss.value.ns;
+ data.name=nss.value.name;
+ } else { // new 4 part encoding
+ data.ns=ss[0];
+ data.name=ss[1];
}
- data.ns=nss.value.ns;
- data.name=nss.value.name;
- } else { // new 4 part encoding
- data.ns=ss[0];
- data.name=ss[1];
}
return Result.ok(data);
}
/**
* Decode Perm String, including breaking into appropriate Namespace
- *
+ *
* @param trans
* @param q
* @param p
*/
public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {
String[] ss = Split.splitTrim('|', p,2);
- if(ss[1]==null) { // older 1 part encoding must be evaluated for NS
+ if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
- if(nss.notOK()) {
+ if (nss.notOK()) {
return Result.err(nss);
}
ss[0] = nss.value.ns;
}
return Result.ok(ss);
}
-
+
@Override
public int[] invalidate(Cached<?,?> cache) {
return new int[] {
RoleLoader.deflt.marshal(this,new DataOutputStream(baos));
return ByteBuffer.wrap(baos.toByteArray());
}
-
+
@Override
public void reconstitute(ByteBuffer bb) throws IOException {
RoleLoader.deflt.unmarshal(this, toDIS(bb));
public static final int BUFF_SIZE=96;
public static final RoleLoader deflt = new RoleLoader(KEYLIMIT);
-
+
public RoleLoader(int keylimit) {
super(keylimit);
}
-
+
@Override
public Data load(Data data, Row row) {
// Int more efficient
private void init(AuthzTrans trans) {
String[] helpers = setCRUD(trans, TABLE, Data.class, RoleLoader.deflt);
-
+
psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
" WHERE ns = ?", new RoleLoader(1),readConsistency);
psName = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
" WHERE name = ?", new RoleLoader(1),readConsistency);
- psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
- " WHERE ns=? AND name > ? AND name < ?",
+ psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
+ " WHERE ns=? AND name > ? AND name < ?",
new RoleLoader(3) {
@Override
protected void key(Data data, int _idx, Object[] obj) {
obj[++idx]=data.name + DOT_PLUS_ONE;
}
},readConsistency);
-
+
}
public Result<List<Data>> readNS(AuthzTrans trans, String ns) {
}
public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String role) {
- if(role.length()==0 || "*".equals(role)) {
- return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR});
+ if (role.length()==0 || "*".equals(role)) {
+ return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR});
} else {
return psChildren.read(trans, R_TEXT, new Object[]{ns, role+DOT, role+DOT_PLUS_ONE});
}
/**
* Add a single Permission to the Role's Permission Collection
- *
+ *
* @param trans
* @param role
* @param perm
// Note: Prepared Statements for Collection updates aren't supported
String pencode = perm.encode();
try {
- getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" +
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" +
pencode + "'} WHERE " +
"ns = '" + role.ns + "' AND name = '" + role.name + "';");
} catch (DriverException | APIException | IOException e) {
// Note: Prepared Statements for Collection updates aren't supported
String pencode = perm.encode();
-
+
//ResultSet rv =
try {
- getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" +
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" +
pencode + "'} WHERE " +
"ns = '" + role.ns + "' AND name = '" + role.name + "';");
} catch (DriverException | APIException | IOException e) {
wasModified(trans, CRUD.update, role, "Removed permission " + pencode + " from role " + role.fullName() );
return Result.ok();
}
-
+
/**
* Add description to role
- *
+ *
* @param trans
* @param ns
* @param name
*/
public Result<Void> addDescription(AuthzTrans trans, String ns, String name, String description) {
try {
- getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '"
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '"
+ description + "' WHERE ns = '" + ns + "' AND name = '" + name + "';");
} catch (DriverException | APIException | IOException e) {
reportPerhapsReset(trans,e);
wasModified(trans, CRUD.update, data, "Added description " + description + " to role " + data.fullName(), null );
return Result.ok();
}
-
-
+
+
/**
* Log Modification statements to History
* @param modified which CRUD action was done
hd.target = TABLE;
hd.subject = subject ? override[1] : data.fullName();
hd.memo = memo ? override[0] : (data.fullName() + " was " + modified.name() + 'd' );
- if(modified==CRUD.delete) {
+ if (modified==CRUD.delete) {
try {
hd.reconstruct = data.bytify();
} catch (IOException e) {
}
}
- if(historyDAO.create(trans, hd).status!=Status.OK) {
+ if (historyDAO.create(trans, hd).status!=Status.OK) {
trans.error().log("Cannot log to History");
}
- if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {
+ if (infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {
trans.error().log("Cannot touch CacheInfo for Role");
}
}
-
+
}
\ No newline at end of file