Extract our permission policy into a separate class so that a system can more

easily make use of different permission policies in different circumstances
(one can imagine a hypothetical partner who has different access control
requirements, perhaps).


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5118 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2008-05-22 13:12:40 +00:00
parent 86dd4d75c7
commit 591dc1541a
8 changed files with 135 additions and 27 deletions
@@ -44,6 +44,14 @@ public class ClientObject extends DObject
/** Used to publish all invocation service receivers registered on this client. */
public DSet<InvocationReceiver.Registration> receivers = DSet.newDSet();
/**
* Configures this client with a permissions policy. This is done during client resolution.
*/
public void setPermissionPolicy (PermissionPolicy policy)
{
_permPolicy = policy;
}
/**
* Returns a short string identifying this client.
*/
@@ -53,16 +61,16 @@ public class ClientObject extends DObject
}
/**
* Checks whether or not this client has access to the specified feature. Forms the basis of an
* extensible fine-grained permissions system.
* Checks whether or not this client has access to the specified feature.
*
* @return null if the user has access, a fully-qualified translatable message string
* indicating the reason for denial of access (or just {@link InvocationCodes#ACCESS_DENIED} if
* you don't want to be specific).
* indicating the reason for denial of access.
*
* @see PermissionPolicy
*/
public String checkAccess (Permission feature, Object context)
{
return InvocationCodes.ACCESS_DENIED;
return _permPolicy.checkAccess(this, feature, context);
}
/**
@@ -148,6 +156,9 @@ public class ClientObject extends DObject
}
// AUTO-GENERATED: METHODS END
/** Handles our fine-grained permissions. */
protected PermissionPolicy _permPolicy;
/** Used to reference count resolved client objects. */
protected transient int _references;
}
@@ -0,0 +1,44 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.data;
import com.threerings.io.Streamable;
/**
* Encapsulates a fine-grained permissions policy. The default policy is to deny access to
* everything, systems using fine-grained permissions should create a custom policy and provide it
* at client resolution time via the ClientResolver.
*/
public class PermissionPolicy
implements Streamable, InvocationCodes
{
/**
* Returns null if the specified client has the specified permission, an error code explaining
* the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED} should be returned
* if no more specific explanation is available.
*/
public String checkAccess (ClientObject clobj, Permission perm, Object context)
{
// by default, you can't do it!
return ACCESS_DENIED;
}
}