Extract our permission policy into a separate class so that a system can more
easily make use of different permission policies in different circumstances (one can imagine a hypothetical partner who has different access control requirements, perhaps). git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5118 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -24,10 +24,7 @@ package com.threerings.crowd.data;
|
||||
import com.threerings.util.Name;
|
||||
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.InvocationCodes;
|
||||
import com.threerings.presents.data.Permission;
|
||||
|
||||
import com.threerings.crowd.chat.data.ChatCodes;
|
||||
import com.threerings.crowd.chat.data.SpeakObject;
|
||||
|
||||
/**
|
||||
@@ -137,18 +134,6 @@ public class BodyObject extends ClientObject
|
||||
setLocation(null);
|
||||
}
|
||||
|
||||
@Override // from ClientObject
|
||||
public String checkAccess (Permission perm, Object context)
|
||||
{
|
||||
if (perm == ChatCodes.BROADCAST_ACCESS) {
|
||||
return getTokens().isAdmin() ? null : ChatCodes.ACCESS_DENIED;
|
||||
} else if (perm == ChatCodes.CHAT_ACCESS) {
|
||||
return null;
|
||||
} else {
|
||||
return super.checkAccess(perm, context);
|
||||
}
|
||||
}
|
||||
|
||||
// documentation inherited
|
||||
public void applyToListeners (ListenerOp op)
|
||||
{
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
//
|
||||
// $Id$
|
||||
//
|
||||
// Narya library - tools for developing networked games
|
||||
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
|
||||
// http://www.threerings.net/code/narya/
|
||||
//
|
||||
// This library is free software; you can redistribute it and/or modify it
|
||||
// under the terms of the GNU Lesser General Public License as published
|
||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// Lesser General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Lesser General Public
|
||||
// License along with this library; if not, write to the Free Software
|
||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
package com.threerings.crowd.data;
|
||||
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.Permission;
|
||||
import com.threerings.presents.data.PermissionPolicy;
|
||||
|
||||
import com.threerings.crowd.chat.data.ChatCodes;
|
||||
|
||||
/**
|
||||
* Implements some Crowd permissions.
|
||||
*/
|
||||
public class CrowdPermissionPolicy extends PermissionPolicy
|
||||
{
|
||||
@Override // from PermissionPolicy
|
||||
public String checkAccess (ClientObject clobj, Permission perm, Object context)
|
||||
{
|
||||
if (!(clobj instanceof BodyObject)) {
|
||||
return super.checkAccess(clobj, perm, context);
|
||||
}
|
||||
|
||||
BodyObject body = (BodyObject)clobj;
|
||||
if (perm == ChatCodes.BROADCAST_ACCESS) {
|
||||
return body.getTokens().isAdmin() ? null : ACCESS_DENIED;
|
||||
} else if (perm == ChatCodes.CHAT_ACCESS) {
|
||||
return null;
|
||||
} else {
|
||||
return super.checkAccess(clobj, perm, context);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -26,12 +26,11 @@ import com.threerings.io.SimpleStreamableObject;
|
||||
/**
|
||||
* Defines access control tokens that convey certain privileges to users.
|
||||
*
|
||||
* @see BodyObject#checkAccess
|
||||
* @see CrowdPermissionPolicy
|
||||
*/
|
||||
public class TokenRing extends SimpleStreamableObject
|
||||
{
|
||||
/** Indicates that this user is an administrator and can do things like broadcast, shutdown the
|
||||
* server and whatnot. */
|
||||
/** Indicates that this user is an administrator. */
|
||||
public static final int ADMIN = (1 << 0);
|
||||
|
||||
/**
|
||||
|
||||
@@ -22,22 +22,30 @@
|
||||
package com.threerings.crowd.server;
|
||||
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.PermissionPolicy;
|
||||
import com.threerings.presents.server.ClientResolver;
|
||||
|
||||
import com.threerings.crowd.data.BodyObject;
|
||||
import com.threerings.crowd.data.CrowdPermissionPolicy;
|
||||
|
||||
/**
|
||||
* Used to configure crowd-specific client object data.
|
||||
*/
|
||||
public class CrowdClientResolver extends ClientResolver
|
||||
{
|
||||
// documentation inherited
|
||||
@Override // from ClientResolver
|
||||
public ClientObject createClientObject ()
|
||||
{
|
||||
return new BodyObject();
|
||||
}
|
||||
|
||||
// documentation inherited
|
||||
@Override // from ClientResolver
|
||||
public PermissionPolicy createPermissionPolicy ()
|
||||
{
|
||||
return new CrowdPermissionPolicy();
|
||||
}
|
||||
|
||||
@Override // from ClientResolver
|
||||
protected void resolveClientData (ClientObject clobj)
|
||||
throws Exception
|
||||
{
|
||||
|
||||
@@ -44,6 +44,14 @@ public class ClientObject extends DObject
|
||||
/** Used to publish all invocation service receivers registered on this client. */
|
||||
public DSet<InvocationReceiver.Registration> receivers = DSet.newDSet();
|
||||
|
||||
/**
|
||||
* Configures this client with a permissions policy. This is done during client resolution.
|
||||
*/
|
||||
public void setPermissionPolicy (PermissionPolicy policy)
|
||||
{
|
||||
_permPolicy = policy;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a short string identifying this client.
|
||||
*/
|
||||
@@ -53,16 +61,16 @@ public class ClientObject extends DObject
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether or not this client has access to the specified feature. Forms the basis of an
|
||||
* extensible fine-grained permissions system.
|
||||
* Checks whether or not this client has access to the specified feature.
|
||||
*
|
||||
* @return null if the user has access, a fully-qualified translatable message string
|
||||
* indicating the reason for denial of access (or just {@link InvocationCodes#ACCESS_DENIED} if
|
||||
* you don't want to be specific).
|
||||
* indicating the reason for denial of access.
|
||||
*
|
||||
* @see PermissionPolicy
|
||||
*/
|
||||
public String checkAccess (Permission feature, Object context)
|
||||
{
|
||||
return InvocationCodes.ACCESS_DENIED;
|
||||
return _permPolicy.checkAccess(this, feature, context);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -148,6 +156,9 @@ public class ClientObject extends DObject
|
||||
}
|
||||
// AUTO-GENERATED: METHODS END
|
||||
|
||||
/** Handles our fine-grained permissions. */
|
||||
protected PermissionPolicy _permPolicy;
|
||||
|
||||
/** Used to reference count resolved client objects. */
|
||||
protected transient int _references;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
//
|
||||
// $Id$
|
||||
//
|
||||
// Narya library - tools for developing networked games
|
||||
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
|
||||
// http://www.threerings.net/code/narya/
|
||||
//
|
||||
// This library is free software; you can redistribute it and/or modify it
|
||||
// under the terms of the GNU Lesser General Public License as published
|
||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// Lesser General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Lesser General Public
|
||||
// License along with this library; if not, write to the Free Software
|
||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
package com.threerings.presents.data;
|
||||
|
||||
import com.threerings.io.Streamable;
|
||||
|
||||
/**
|
||||
* Encapsulates a fine-grained permissions policy. The default policy is to deny access to
|
||||
* everything, systems using fine-grained permissions should create a custom policy and provide it
|
||||
* at client resolution time via the ClientResolver.
|
||||
*/
|
||||
public class PermissionPolicy
|
||||
implements Streamable, InvocationCodes
|
||||
{
|
||||
/**
|
||||
* Returns null if the specified client has the specified permission, an error code explaining
|
||||
* the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED} should be returned
|
||||
* if no more specific explanation is available.
|
||||
*/
|
||||
public String checkAccess (ClientObject clobj, Permission perm, Object context)
|
||||
{
|
||||
// by default, you can't do it!
|
||||
return ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
@@ -268,8 +268,9 @@ public class ClientManager
|
||||
final ClientResolver fclr = clr;
|
||||
PresentsServer.omgr.postRunnable(new Runnable() {
|
||||
public void run () {
|
||||
fclr.objectAvailable(
|
||||
PresentsServer.omgr.registerObject(fclr.createClientObject()));
|
||||
ClientObject clobj = fclr.createClientObject();
|
||||
clobj.setPermissionPolicy(fclr.createPermissionPolicy());
|
||||
fclr.objectAvailable(PresentsServer.omgr.registerObject(clobj));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -28,6 +28,7 @@ import com.threerings.util.Name;
|
||||
|
||||
import com.threerings.presents.Log;
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.PermissionPolicy;
|
||||
import com.threerings.presents.dobj.DObject;
|
||||
import com.threerings.presents.dobj.ObjectAccessException;
|
||||
|
||||
@@ -66,6 +67,14 @@ public class ClientResolver extends Invoker.Unit
|
||||
return new ClientObject();
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a permission policy for use by our client.
|
||||
*/
|
||||
public PermissionPolicy createPermissionPolicy ()
|
||||
{
|
||||
return new PermissionPolicy();
|
||||
}
|
||||
|
||||
/**
|
||||
* Called once our client object is registered with the distributed object system.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user