Changeset 2013

Timestamp:

07/17/09 02:05:20 (3 years ago)

Author:

mswertz

Message:

Feature: enhanced security system

Location:

molgenis3_3/src/org/molgenis

Files:

• MolgenisOptions.java (modified) (1 diff)
• framework/auth/Login.java (modified) (5 diffs)
• framework/auth/SimpleLogin.java (modified) (5 diffs)
• framework/data/MappingDecorator.java (modified) (1 diff)
• framework/data/jdbc/JDBCConnectionHelper.java (modified) (1 diff)
• framework/data/jdbc/JDBCDatabase.java (modified) (1 diff)
• framework/screen/form/FormController.java (modified) (3 diffs)
• framework/screen/form/FormScreen.java (modified) (1 diff)
• framework/server/AbstractMolgenisServlet.java (modified) (5 diffs)
• framework/style/original/UserInterface.ftl (modified) (2 diffs)
• generators/screen/FormScreenGen.java.ftl (modified) (1 diff)
• generators/servlet/MolgenisServletGen.ftl (modified) (2 diffs)
• generators/servlet/MolgenisServletGen.java (modified) (1 diff)

molgenis3_3/src/org/molgenis/MolgenisOptions.java

@@ -77 +77 @@
         @Option(name = "force_molgenis_package", param = "force_molgenis_package", type = Option.Type.REQUIRED_ARGUMENT, usage = "Expert option. Whether the generated package should be 'molgenis' or the name specified in the model. Default: false")
         public boolean force_molgenis_package = false;
+        
+        @Option(name = "auth_loginclass", param = "auth_loginclass", type = Option.Type.REQUIRED_ARGUMENT, usage = "Expert option.")
+        public String auth_loginclass = "org.molgenis.framework.auth.SimpleLogin";
 
         // @Option(name = "force_lowercase_names", param = "force_lowercase_names",

molgenis3_3/src/org/molgenis/framework/auth/Login.java

@@ -2 +2 @@
 
 import java.text.ParseException;
+import java.util.List;
 
 import org.molgenis.framework.Database;
@@ -16 +17 @@
          * Authenticate the user
          * 
-         * @param database to login to
-         * @param name of user
-         * @param password of user
+         * @param database
+         *            to login to
+         * @param name
+         *            of user
+         * @param password
+         *            of user
          * @return
          */
@@ -30 +34 @@
         /**
          * Reloads all permission settings for this user.
-         * @throws ParseException 
-         * @throws DatabaseException 
+         * 
+         * @throws ParseException
+         * @throws DatabaseException
          */
         public void reload(Database db) throws DatabaseException, ParseException;
@@ -44 +49 @@
 
         /** does the user have permissions to read data from this entity */
-        public boolean hasReadPermission(Entity entity);
+        public <E extends Entity> boolean  hasReadPermission(Class<E> entityClass);
 
         /** Does the user have create, update, delete permissions for this entity */
-        public boolean hasEditPermission(Entity entity) throws DatabaseException;
+        public <E extends Entity> boolean hasEditPermission(Class<E> entityClass) throws DatabaseException;
+        
+        /** Does the user have the right to write these entities*/
+        public <E extends Entity> boolean hasEditPermission(E entity) throws DatabaseException;
+        
+        public <E extends Entity> boolean hasEditPermission(List<E> entities) throws DatabaseException;
 
         /** create a filter for only those records the user/group is allowed to view */
-        public QueryRule getUserFilters(Entity entity);
+        public QueryRule getRowlevelSecurityFilters(Entity entity);
 
         /**
@@ -65 +75 @@
          */
         public Integer getUserId();
+
+        /**
+         * Indicate if login is required
+         * 
+         * @return
+         */
+        public boolean isLoginRequired();
 }

molgenis3_3/src/org/molgenis/framework/auth/SimpleLogin.java

@@ -1 +1 @@
 package org.molgenis.framework.auth;
 
+import java.util.List;
+
 import org.molgenis.framework.Database;
+import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.data.QueryRule;
 import org.molgenis.util.Entity;
@@ -23 +26 @@
 
         @Override
-        public boolean hasReadPermission(Entity entity) 
+        public <E extends Entity> boolean hasReadPermission(Class<E> entity) 
         {
                 return true;
@@ -29 +32 @@
 
         @Override
-        public boolean hasEditPermission(Entity entity) 
+        public <E extends Entity> boolean hasEditPermission(Class<E> entity) 
         {
                 return true;
@@ -35 +38 @@
 
         @Override
-        public QueryRule getUserFilters(Entity entity) 
+        public QueryRule getRowlevelSecurityFilters(Entity entity) 
         {
                 return null;
@@ -81 +84 @@
                 return false;
         }
+
+        @Override
+        public boolean isLoginRequired()
+        {
+                // TODO Auto-generated method stub
+                return false;
+        }
+
+// door Martijn erbij gezet 3 juli 2009
+        @Override 
+        public <E extends Entity> boolean hasEditPermission(E entity)
+                        throws DatabaseException {
+                // TODO Auto-generated method stub
+                return true;
+        }
+
+        @Override
+        public <E extends Entity> boolean hasEditPermission(List<E> entities)
+                        throws DatabaseException {
+                // TODO Auto-generated method stub
+                return true;
+        }
 }

molgenis3_3/src/org/molgenis/framework/data/MappingDecorator.java

@@ -17 +17 @@
 public class MappingDecorator<E extends Entity> implements JDBCMapper<E>
 {
-        protected JDBCMapper<E> mapper;
+        private JDBCMapper<E> mapper;
 
         public MappingDecorator(JDBCMapper<E> generatedMapper)

molgenis3_3/src/org/molgenis/framework/data/jdbc/JDBCConnectionHelper.java

@@ -399 +399 @@
                                                 + " " + value + "");
                                 else
-                                        where_clause.append(rule.getField() + " " + operator + " '" + value + "'");
+                                {               
+                                        if("NULL".equals(value) && operator.equals("=")) where_clause.append(rule.getField() + " IS NULL");
+                                        else where_clause.append(rule.getField() + " " + operator + " '" + value + "'");
+                                }
                                 // }
                         }

molgenis3_3/src/org/molgenis/framework/data/jdbc/JDBCDatabase.java

@@ -282 +282 @@
         public <E extends Entity> int add(List<E> entities) throws DatabaseException, IOException
         {
+                if(!this.getLogin().hasEditPermission(entities)) throw new DatabaseException("Add not allowed for this user");
                 if (entities.size() > 0) return getMapperFor(entities).add(entities);
                 return 0;

molgenis3_3/src/org/molgenis/framework/screen/form/FormController.java

@@ -305 +305 @@
                 try
                 {
-                        // reload login
-                        view.getRootScreen().getLogin().reload(db);
+                        // reload login only on login/logout events
+                        // view.getRootScreen().getLogin().reload(db);
 
                         pager.setDirty(true);
@@ -398 +398 @@
 
                 // set form level rights
-                boolean formReadonly = view.isReadonly() || !view.getLogin().hasEditPermission(view.create());
+                boolean formReadonly = view.isReadonly() || !view.getLogin().hasEditPermission(view.create().getClass());
                 view.setReadonly(formReadonly);
 
@@ -411 +411 @@
                 for (E record : allRecords)
                 {
-                        boolean rowReadonly = formReadonly || !view.getLogin().hasEditPermission(record);
+                        boolean rowReadonly = formReadonly || !view.getLogin().hasEditPermission(record.getClass());
 
                         if (rowReadonly) record.setReadonly(true);

molgenis3_3/src/org/molgenis/framework/screen/form/FormScreen.java

@@ -277 +277 @@
         public boolean isVisible()
         {
-                return this.getLogin().hasReadPermission(this.create());
+                return this.getLogin().hasReadPermission(this.create().getClass());
         }
 

molgenis3_3/src/org/molgenis/framework/server/AbstractMolgenisServlet.java

@@ -23 +23 @@
 
 import javax.naming.NamingException;
-import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -242 +241 @@
                 {                                       
                         userLogin = createLogin(db, request);
-                        if (!userLogin.isAuthenticated() || (request.getParameter("logout") != null && !session.isNew()))
+                        if ( (!userLogin.isAuthenticated() && userLogin.isLoginRequired())  || (request.getParameter("logout") != null && !session.isNew()))
                         {
                                 response.setHeader("WWW-Authenticate", "BASIC realm=\"MOLGENIS\"");
@@ -253 +252 @@
                 //((UserInterface)molgenis).setDatabase(db);
                 userLogin = ((UserInterface)molgenis).getLogin();
+                db.setLogin(userLogin);
 
                 // handle request
@@ -263 +263 @@
                         if (FileInput.ACTION_DOWNLOAD.equals(requestTuple.getString(Screen.INPUT_ACTION)))
                         {
-                                logger.debug(requestTuple);
+                                logger.info(requestTuple);
 
                                 File file = new File(db.getFilesource() + "/"
@@ -960 +960 @@
                         if (xref_filter != null && xref_filter != "") for (int i = 0; i < xref_label.size(); i++)
                         {
-                                q.like((String) xref_label.get(i), xref_filter + "%");
+                                q.like((String) xref_label.get(i), "%"+xref_filter + "%");
                                 if (i > 0) q.or();
                                 q.orderASC((String) xref_label.get(i));

molgenis3_3/src/org/molgenis/framework/style/original/UserInterface.ftl

@@ -40 +40 @@
                         <td id="navigation">
 
-<#if username != "">
+<#--if username?exists && username != "">
                         <span id="logout">
                                 Logged in as <b>${username}</b> [<a href="" onClick="logout.submit();return false;">logout</a>]
@@ -47 +47 @@
                                 </form>
                         </span>
-</#if>          
+</#if-->                
                                 <form name="navigationForm" method="get">
                                         <input type="hidden" name="__target" value=""/>

molgenis3_3/src/org/molgenis/generators/screen/FormScreenGen.java.ftl

@@ -238 +238 @@
 </#if>
                 {
-                        QueryRule rule = super.getRootScreen().getLogin().getUserFilters(new ${entity}());
+                        QueryRule rule = super.getRootScreen().getLogin().getRowlevelSecurityFilters(new ${entity}());
                         if (rule != null /*&& !rule.equals(new QueryRule())*/)
                                 rules.add(rule);

molgenis3_3/src/org/molgenis/generators/servlet/MolgenisServletGen.ftl

@@ -19 +19 @@
 import org.molgenis.framework.Database;
 import org.molgenis.framework.auth.Login;
-import org.molgenis.framework.auth.SimpleLogin;
 import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.screen.UserInterface;
@@ -50 +49 @@
         public Login createLogin( Database db, HttpServletRequest request )
         {
-                return new SimpleLogin();
+                return new ${loginclass}();
         }
 

molgenis3_3/src/org/molgenis/generators/servlet/MolgenisServletGen.java

@@ -36 +36 @@
                 templateArgs.put("model", model);               
                 templateArgs.put("package", model.getName().toLowerCase());             
-                templateArgs.put("db_filepath", options.db_filepath);   
+                templateArgs.put("db_filepath", options.db_filepath);
+                templateArgs.put("loginclass", options.auth_loginclass);