Cleaned up the fine-grained permissions system a bit so that Yohoho can make

use of it in good conscience.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5117 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2008-05-22 12:03:30 +00:00
parent 74791b0493
commit 86dd4d75c7
9 changed files with 130 additions and 56 deletions
@@ -1358,7 +1358,7 @@ public class ChatDirector extends BasicDirector
public boolean checkAccess (BodyObject user)
{
return user.checkAccess(ChatCodes.BROADCAST_ACCESS, null) == null;
return user.checkAccess(ChatCodes.BROADCAST_ACCESS) == null;
}
}
@@ -22,6 +22,7 @@
package com.threerings.crowd.chat.data;
import com.threerings.presents.data.InvocationCodes;
import com.threerings.presents.data.Permission;
import com.threerings.crowd.data.BodyObject;
@@ -40,13 +41,11 @@ public interface ChatCodes extends InvocationCodes
/** The message identifier for a chat notification message. */
public static final String CHAT_NOTIFICATION = "chat";
/** The access control identifier for normal chat privileges. See {@link
* BodyObject#checkAccess}. */
public static final String CHAT_ACCESS = "crowd.chat.chat";
/** The access control identifier for normal chat privileges. */
public static final Permission CHAT_ACCESS = new Permission();
/** The access control identifier for broadcast chat privileges. See {@link
* BodyObject#checkAccess}. */
public static final String BROADCAST_ACCESS = "crowd.chat.broadcast";
/** The access control identifier for broadcast chat privileges. */
public static final Permission BROADCAST_ACCESS = new Permission();
/** The configuration key for idle time. */
public static final String IDLE_TIME_KEY = "narya.chat.idle_time";
@@ -52,7 +52,7 @@ import com.threerings.crowd.chat.data.UserMessage;
* The chat provider handles the server side of the chat-related invocation services.
*/
public class ChatProvider
implements ChatCodes, InvocationProvider
implements InvocationProvider
{
/** Interface to allow an auto response to a tell message. */
public static interface TellAutoResponder
@@ -128,13 +128,10 @@ public class ChatProvider
throws InvocationException
{
// ensure that the caller has normal chat privileges
BodyObject source = (BodyObject)caller;
String errmsg = source.checkAccess(CHAT_ACCESS, null);
if (errmsg != null) {
throw new InvocationException(errmsg);
}
InvocationException.requireAccess(caller, ChatCodes.CHAT_ACCESS);
// deliver the tell message to the target
BodyObject source = (BodyObject)caller;
deliverTell(createTellMessage(source, message), target, listener);
// inform the auto-responder if needed
@@ -151,11 +148,8 @@ public class ChatProvider
throws InvocationException
{
// make sure the requesting user has broadcast privileges
InvocationException.requireAccess(caller, ChatCodes.BROADCAST_ACCESS);
BodyObject body = (BodyObject)caller;
String errmsg = body.checkAccess(BROADCAST_ACCESS, null);
if (errmsg != null) {
throw new InvocationException(errmsg);
}
broadcast(body.getVisibleName(), null, message, false, true);
}
@@ -215,12 +209,12 @@ public class ChatProvider
if (_chatForwarder != null && _chatForwarder.forwardTell(message, target, listener)) {
return;
}
throw new InvocationException(USER_NOT_ONLINE);
throw new InvocationException(ChatCodes.USER_NOT_ONLINE);
}
if (tobj.status == OccupantInfo.DISCONNECTED) {
String errmsg = MessageBundle.compose(
USER_DISCONNECTED, TimeUtil.getTimeOrderString(
ChatCodes.USER_DISCONNECTED, TimeUtil.getTimeOrderString(
System.currentTimeMillis() - tobj.statusTime, TimeUtil.SECOND));
throw new InvocationException(errmsg);
}
@@ -275,7 +269,7 @@ public class ChatProvider
}
} else {
SpeakUtil.sendSpeak(object, from, bundle, msg, BROADCAST_MODE);
SpeakUtil.sendSpeak(object, from, bundle, msg, ChatCodes.BROADCAST_MODE);
}
}
@@ -25,6 +25,7 @@ import com.threerings.util.Name;
import com.threerings.presents.data.ClientObject;
import com.threerings.presents.data.InvocationCodes;
import com.threerings.presents.data.Permission;
import com.threerings.crowd.chat.data.ChatCodes;
import com.threerings.crowd.chat.data.SpeakObject;
@@ -87,27 +88,6 @@ public class BodyObject extends ClientObject
return (location == null) ? -1 : location.placeOid;
}
/**
* Checks whether or not this user has access to the specified feature. Currently used by the
* chat system to regulate access to chat broadcasts but also forms the basis of an extensible
* fine-grained permissions system.
*
* @return null if the user has access, a fully-qualified translatable message string
* indicating the reason for denial of access (or just {@link InvocationCodes#ACCESS_DENIED} if
* you don't want to be specific).
*/
public String checkAccess (String feature, Object context)
{
// our default access control policy; how quaint
if (ChatCodes.BROADCAST_ACCESS.equals(feature)) {
return getTokens().isAdmin() ? null : ChatCodes.ACCESS_DENIED;
} else if (ChatCodes.CHAT_ACCESS.equals(feature)) {
return null;
} else {
return InvocationCodes.ACCESS_DENIED;
}
}
/**
* Returns this user's access control tokens.
*/
@@ -157,6 +137,18 @@ public class BodyObject extends ClientObject
setLocation(null);
}
@Override // from ClientObject
public String checkAccess (Permission perm, Object context)
{
if (perm == ChatCodes.BROADCAST_ACCESS) {
return getTokens().isAdmin() ? null : ChatCodes.ACCESS_DENIED;
} else if (perm == ChatCodes.CHAT_ACCESS) {
return null;
} else {
return super.checkAccess(perm, context);
}
}
// documentation inherited
public void applyToListeners (ListenerOp op)
{
@@ -24,8 +24,9 @@ package com.threerings.crowd.data;
import com.threerings.io.SimpleStreamableObject;
/**
* Defines access control tokens that convey certain privileges to users (see {@link
* BodyObject#checkAccess}).
* Defines access control tokens that convey certain privileges to users.
*
* @see BodyObject#checkAccess
*/
public class TokenRing extends SimpleStreamableObject
{