WIP

24027394 · Timm Fitschen · fe87cd69 · 24027394 · 24027394 · 24027394
Verified Commit 24027394 authored 4 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/permissions/CaosPermission.java
+++ b/src/main/java/org/caosdb/server/permissions/CaosPermission.java
@@ -24,7 +24,9 @@ package org.caosdb.server.permissions;

 import java.util.HashSet;
 import java.util.Map;
+import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.Permission;
+import org.apache.shiro.subject.Subject;
 import org.eclipse.jetty.util.ajax.JSON;

 public class CaosPermission extends HashSet<PermissionRule> implements Permission {
@@ -52,9 +54,10 @@ public class CaosPermission extends HashSet<PermissionRule> implements Permissio
    boolean grant = false;
    boolean deny = false;
    boolean grant_priority = false;
+    Subject subject = SecurityUtils.getSubject();

    for (final PermissionRule r : this) {
-      if (r.getPermission().implies(p)) {
+      if (r.getPermission(subject).implies(p)) {
        if (r.isGrant()) {
          if (r.isPriority()) {
            grant_priority = true;

--- a/src/main/java/org/caosdb/server/permissions/PermissionRule.java
+++ b/src/main/java/org/caosdb/server/permissions/PermissionRule.java
@@ -26,23 +26,21 @@ import java.util.HashMap;
 import java.util.Map;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.authz.permission.WildcardPermission;
+import org.apache.shiro.subject.Subject;
+import org.caosdb.server.accessControl.Principal;
 import org.jdom2.Element;

 public class PermissionRule {

-  private final WildcardPermission permission;
+  private final String permission;
  private final boolean priority;
  private final boolean grant;

  public PermissionRule(final String grant, final String priority, final String permission) {
-    this(
-        Boolean.parseBoolean(grant),
-        Boolean.parseBoolean(priority),
-        new WildcardPermission(permission));
+    this(Boolean.parseBoolean(grant), Boolean.parseBoolean(priority), permission);
  }

-  public PermissionRule(
-      final boolean grant, final boolean priority, final WildcardPermission permission) {
+  public PermissionRule(final boolean grant, final boolean priority, final String permission) {
    this.grant = grant;
    this.priority = priority;
    this.permission = permission;
@@ -56,8 +54,9 @@ public class PermissionRule {
    return this.priority;
  }

-  public Permission getPermission() {
-    return this.permission;
+  public Permission getPermission(String realm, String username) {
+    return new WildcardPermission(
+        permission.replaceAll("\\?REALM\\?", realm).replaceAll("\\?USERNAME\\?", username));
  }

  public static PermissionRule parse(final Map<String, String> rule) {
@@ -69,7 +68,7 @@ public class PermissionRule {
    if (isPriority()) {
      ret.setAttribute("priority", Boolean.toString(true));
    }
-    ret.setAttribute("permission", getPermission().toString());
+    ret.setAttribute("permission", permission);
    return ret;
  }

@@ -77,14 +76,19 @@ public class PermissionRule {
    return new PermissionRule(
        e.getName().equalsIgnoreCase("Grant"),
        e.getAttribute("priority") != null && Boolean.parseBoolean(e.getAttributeValue("priority")),
-        new WildcardPermission(e.getAttributeValue("permission")));
+        e.getAttributeValue("permission"));
  }

  public Map<String, String> getMap() {
    final HashMap<String, String> ret = new HashMap<String, String>();
    ret.put("priority", Boolean.toString(isPriority()));
    ret.put("grant", Boolean.toString(isGrant()));
-    ret.put("permission", getPermission().toString());
+    ret.put("permission", permission);
    return ret;
  }
+
+  public Permission getPermission(Subject subject) {
+    Principal principal = (Principal) subject.getPrincipal();
+    return getPermission(principal.getRealm(), principal.getUsername());
+  }
 }
--- a/src/test/java/org/caosdb/server/resource/TestScriptingResource.java
+++ b/src/test/java/org/caosdb/server/resource/TestScriptingResource.java
@@ -29,7 +29,6 @@ import java.util.Date;
 import java.util.HashSet;
 import java.util.List;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.permission.WildcardPermission;
 import org.apache.shiro.subject.Subject;
 import org.caosdb.server.CaosDBServer;
 import org.caosdb.server.accessControl.AnonymousAuthenticationToken;
@@ -95,9 +94,7 @@ public class TestScriptingResource {
      HashSet<PermissionRule> result = new HashSet<>();
      result.add(
          new PermissionRule(
-              true,
-              false,
-              new WildcardPermission(ScriptingPermissions.PERMISSION_EXECUTION("anonymous_ok"))));
+              true, false, ScriptingPermissions.PERMISSION_EXECUTION("anonymous_ok")));
      return result;
    }