TCI - Make DefaultESAuthorizationService more extensible
* as adding a more fine grained config would not be easier for clients
than writing code, the DefaultESAuthorizationService should allow
changing the access map by overriding it
Change-Id: I61d8c6ba4a5ff480f6e03de0572028f13ef2384a
Signed-off-by: Johannes Faltermeier <jfaltermeier@eclipsesource.com>
diff --git a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
index df2e7b7..fa7d574 100644
--- a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
+++ b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
@@ -67,7 +67,7 @@
/**
* Contains possible access levels.
*/
- private enum AccessLevel {
+ protected enum AccessLevel {
PROJECT_READ, PROJECT_WRITE, PROJECT_ADMIN, SERVER_ADMIN, NONE
}
@@ -127,9 +127,25 @@
}
addAccessMapping(AccessLevel.NONE, MethodId.GETPROJECTLIST, MethodId.RESOLVEUSER);
+
+ updateAccessMappings();
}
- private void addAccessMapping(AccessLevel type, MethodId... operationTypes) {
+ /**
+ * Override this method in order to {@link #addAccessMapping(AccessLevel, MethodId...) change} the default access
+ * mappings.
+ */
+ protected void updateAccessMappings() {
+ /* no op, may be overriden by clients */
+ }
+
+ /**
+ * Adds mappings for the given operation types and the access level.
+ *
+ * @param type the {@link AccessLevel}
+ * @param operationTypes the {@link MethodId operation types}
+ */
+ protected final void addAccessMapping(AccessLevel type, MethodId... operationTypes) {
for (final MethodId opType : operationTypes) {
accessMap.put(opType, type);
}
@@ -236,7 +252,7 @@
*/
public boolean checkProjectAdminAccessForOrgUnit(ESSessionId sessionId, ESOrgUnitId orgUnitId,
Set<ESGlobalProjectId> projectIds)
- throws AccessControlException {
+ throws AccessControlException {
checkSession(sessionId);
cleanupPARole(orgUnitId);