Google Git
Sign in
eclipse / emf-store / org.eclipse.emf.emfstore.core / refs/tags/1.9.0^! / .
commit257530c5853e663b889dbffcfac970636339a2a5[log] [tgz]
authorJohannes Faltermeier <jfaltermeier@eclipsesource.com>Wed May 24 17:14:41 2017 +0200
committerJohannes Faltermeier <jfaltermeier@eclipsesource.com>Wed May 24 17:15:01 2017 +0200
tree5a81a96b31ce35518a2df9a7fa79d8218b03e2d8
parentb6a0f70c015392b6b6e71933df2c07fe81293f7c [diff]
TCI - Make DefaultESAuthorizationService more extensible

* as adding a more fine grained config would not be easier for clients
than writing code, the DefaultESAuthorizationService should allow
changing the access map by overriding it

Change-Id: I61d8c6ba4a5ff480f6e03de0572028f13ef2384a
Signed-off-by: Johannes Faltermeier <jfaltermeier@eclipsesource.com>

diff --git a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
index df2e7b7..fa7d574 100644
--- a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
+++ b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java

@@ -67,7 +67,7 @@
 	/**
 	 * Contains possible access levels.
 	 */
-	private enum AccessLevel {
+	protected enum AccessLevel {
 		PROJECT_READ, PROJECT_WRITE, PROJECT_ADMIN, SERVER_ADMIN, NONE
 	}
 
@@ -127,9 +127,25 @@
 		}
 
 		addAccessMapping(AccessLevel.NONE, MethodId.GETPROJECTLIST, MethodId.RESOLVEUSER);
+
+		updateAccessMappings();
 	}
 
-	private void addAccessMapping(AccessLevel type, MethodId... operationTypes) {
+	/**
+	 * Override this method in order to {@link #addAccessMapping(AccessLevel, MethodId...) change} the default access
+	 * mappings.
+	 */
+	protected void updateAccessMappings() {
+		/* no op, may be overriden by clients */
+	}
+
+	/**
+	 * Adds mappings for the given operation types and the access level.
+	 *
+	 * @param type the {@link AccessLevel}
+	 * @param operationTypes the {@link MethodId operation types}
+	 */
+	protected final void addAccessMapping(AccessLevel type, MethodId... operationTypes) {
 		for (final MethodId opType : operationTypes) {
 			accessMap.put(opType, type);
 		}
@@ -236,7 +252,7 @@
 	 */
 	public boolean checkProjectAdminAccessForOrgUnit(ESSessionId sessionId, ESOrgUnitId orgUnitId,
 		Set<ESGlobalProjectId> projectIds)
-		throws AccessControlException {
+			throws AccessControlException {
 
 		checkSession(sessionId);
 		cleanupPARole(orgUnitId);