Reorganized basic permissions handling to be more cleanly extensible.

git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@3375 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2005-03-02 03:22:27 +00:00
parent 713e76373b
commit 01592d2593
5 changed files with 17 additions and 72 deletions
@@ -34,6 +34,10 @@ public interface ChatCodes extends InvocationCodes
/** The message identifier for a chat notification message. */
public static final String CHAT_NOTIFICATION = "chat";
/** The access control identifier for broadcast chat privileges. See
* {@link BodyObject#checkAccess}. */
public static final String BROADCAST_ACCESS = "crowd.chat.broadcast";
/** The configuration key for idle time. */
public static final String IDLE_TIME_KEY = "narya.chat.idle_time";
@@ -40,7 +40,6 @@ import com.threerings.presents.server.InvocationProvider;
import com.threerings.crowd.data.BodyObject;
import com.threerings.crowd.data.OccupantInfo;
import com.threerings.crowd.data.PlaceObject;
import com.threerings.crowd.server.AccessControl;
import com.threerings.crowd.server.CrowdServer;
import com.threerings.crowd.chat.client.ChatService.TellListener;
@@ -55,9 +54,6 @@ import com.threerings.crowd.chat.data.UserMessage;
public class ChatProvider
implements ChatCodes, InvocationProvider
{
/** The access control identifier for broadcast chat privileges. */
public static final String BROADCAST_TOKEN = "crowd.chat.broadcast";
/** Interface to allow an auto response to a tell message. */
public static interface TellAutoResponder
{
@@ -170,8 +166,8 @@ public class ChatProvider
BodyObject body = (BodyObject)caller;
// make sure the requesting user has broadcast privileges
if (!CrowdServer.actrl.checkAccess(body, BROADCAST_TOKEN)) {
throw new InvocationException(AccessControl.LACK_ACCESS);
if (!body.checkAccess(BROADCAST_ACCESS, null)) {
throw new InvocationException(ACCESS_DENIED);
}
broadcast(body.username, null, message, false);
@@ -75,6 +75,17 @@ public class BodyObject extends ClientObject
*/
public String awayMessage;
/**
* Checks whether or not this user has access to the specified
* feature. Currently used by the chat system to regulate access to
* chat broadcasts but also forms the basis of an extensible
* fine-grained permissions system.
*/
public boolean checkAccess (String feature, Object context)
{
return false;
}
// documentation inherited
public void applyToListeners (ListenerOp op)
{
@@ -1,43 +0,0 @@
//
// $Id: AccessControl.java,v 1.3 2004/08/27 02:12:34 mdb Exp $
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2004 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.crowd.server;
import com.threerings.crowd.data.BodyObject;
/**
* Used to ratify access control on a feature by feature basis.
*/
public interface AccessControl
{
/** An error code that can be delivered when a user lacks access for a
* particular feature. */
public static final String LACK_ACCESS = "m.lack_access";
/**
* Checks to see if the specified user has access to the feature with
* the specified name. Features are named according to their
* containing package, e.g. <code>crowd.chat.broadcast</code>.
*
* @param user the user requesting the feature.
* @param feature the string identifying the feature.
*/
public boolean checkAccess (BodyObject user, String feature);
}
@@ -42,12 +42,6 @@ public class CrowdServer extends PresentsServer
/** The place registry. */
public static PlaceRegistry plreg;
/** An object that is used to ratify access control on an action by
* action basis. Systems will want to override {@link
* #createAccessControl} to provide an implementation that will
* enforce their access control requirements. */
public static AccessControl actrl;
/**
* Initializes all of the server services and prepares for operation.
*/
@@ -66,9 +60,6 @@ public class CrowdServer extends PresentsServer
// create our place registry
plreg = createPlaceRegistry(invmgr, omgr);
// create our access control implementation
actrl = createAccessControl();
// initialize the body services
BodyProvider.init(invmgr);
@@ -87,20 +78,6 @@ public class CrowdServer extends PresentsServer
return new PlaceRegistry(invmgr, omgr);
}
/**
* Creates the {@link AccessControl} instance used to limit access to
* system features. The default implementation refuses access to
* everything.
*/
protected AccessControl createAccessControl ()
{
return new AccessControl() {
public boolean checkAccess (BodyObject user, String feature) {
return false;
}
};
}
/**
* Enumerates the body objects for all active users on the server.
* This should only be called from the dobjmgr thread. The caller had