We can't use the type systesm to enforce our requirements, but we can use
obtain containment and a stack of specifically typed outer class references to accomplish what we need without misleading casts. This will require changes to Yohoho which I shall make forthwith. git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6320 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -25,7 +25,9 @@ import javax.annotation.Generated;
|
|||||||
import com.threerings.util.Name;
|
import com.threerings.util.Name;
|
||||||
|
|
||||||
import com.threerings.presents.data.ClientObject;
|
import com.threerings.presents.data.ClientObject;
|
||||||
|
import com.threerings.presents.data.Permission;
|
||||||
|
|
||||||
|
import com.threerings.crowd.chat.data.ChatCodes;
|
||||||
import com.threerings.crowd.chat.data.SpeakObject;
|
import com.threerings.crowd.chat.data.SpeakObject;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -210,6 +212,26 @@ public class BodyObject extends ClientObject
|
|||||||
return OccupantInfo.X_STATUS[status];
|
return OccupantInfo.X_STATUS[status];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PermissionPolicy createPermissionPolicy ()
|
||||||
|
{
|
||||||
|
return new CrowdPermissionPolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected class CrowdPermissionPolicy extends PermissionPolicy
|
||||||
|
{
|
||||||
|
@Override // from PermissionPolicy
|
||||||
|
public String checkAccess (Permission perm, Object context) {
|
||||||
|
if (perm == ChatCodes.BROADCAST_ACCESS) {
|
||||||
|
return getTokens().isAdmin() ? null : ACCESS_DENIED;
|
||||||
|
} else if (perm == ChatCodes.CHAT_ACCESS) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
return super.checkAccess(perm, context);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** The default (no tokens) access control. */
|
/** The default (no tokens) access control. */
|
||||||
protected static final TokenRing EMPTY_TOKENS = new TokenRing();
|
protected static final TokenRing EMPTY_TOKENS = new TokenRing();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,49 +0,0 @@
|
|||||||
//
|
|
||||||
// $Id$
|
|
||||||
//
|
|
||||||
// Narya library - tools for developing networked games
|
|
||||||
// Copyright (C) 2002-2010 Three Rings Design, Inc., All Rights Reserved
|
|
||||||
// http://code.google.com/p/narya/
|
|
||||||
//
|
|
||||||
// This library is free software; you can redistribute it and/or modify it
|
|
||||||
// under the terms of the GNU Lesser General Public License as published
|
|
||||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
|
||||||
// (at your option) any later version.
|
|
||||||
//
|
|
||||||
// This library is distributed in the hope that it will be useful,
|
|
||||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
// Lesser General Public License for more details.
|
|
||||||
//
|
|
||||||
// You should have received a copy of the GNU Lesser General Public
|
|
||||||
// License along with this library; if not, write to the Free Software
|
|
||||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
|
|
||||||
package com.threerings.crowd.data;
|
|
||||||
|
|
||||||
import com.threerings.presents.data.ClientObject;
|
|
||||||
import com.threerings.presents.data.Permission;
|
|
||||||
import com.threerings.presents.data.PermissionPolicy;
|
|
||||||
|
|
||||||
import com.threerings.crowd.chat.data.ChatCodes;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Implements some Crowd permissions. Note: this is stored <em>inside</em> a {@link BodyObject} and
|
|
||||||
* will only ever be called by a BodyObject. It is sent over the wire and must be usable on the
|
|
||||||
* client and server.
|
|
||||||
*/
|
|
||||||
public class CrowdPermissionPolicy extends PermissionPolicy
|
|
||||||
{
|
|
||||||
@Override // from PermissionPolicy
|
|
||||||
public String checkAccess (ClientObject clobj, Permission perm, Object context)
|
|
||||||
{
|
|
||||||
BodyObject body = (BodyObject)clobj;
|
|
||||||
if (perm == ChatCodes.BROADCAST_ACCESS) {
|
|
||||||
return body.getTokens().isAdmin() ? null : ACCESS_DENIED;
|
|
||||||
} else if (perm == ChatCodes.CHAT_ACCESS) {
|
|
||||||
return null;
|
|
||||||
} else {
|
|
||||||
return super.checkAccess(clobj, perm, context);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -26,7 +26,7 @@ import com.threerings.io.SimpleStreamableObject;
|
|||||||
/**
|
/**
|
||||||
* Defines access control tokens that convey certain privileges to users.
|
* Defines access control tokens that convey certain privileges to users.
|
||||||
*
|
*
|
||||||
* @see CrowdPermissionPolicy
|
* @see BodyObject#CrowdPermissionPolicy
|
||||||
*/
|
*/
|
||||||
public class TokenRing extends SimpleStreamableObject
|
public class TokenRing extends SimpleStreamableObject
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -22,12 +22,10 @@
|
|||||||
package com.threerings.crowd.server;
|
package com.threerings.crowd.server;
|
||||||
|
|
||||||
import com.threerings.presents.data.ClientObject;
|
import com.threerings.presents.data.ClientObject;
|
||||||
import com.threerings.presents.data.PermissionPolicy;
|
|
||||||
import com.threerings.presents.server.ClientLocal;
|
import com.threerings.presents.server.ClientLocal;
|
||||||
import com.threerings.presents.server.ClientResolver;
|
import com.threerings.presents.server.ClientResolver;
|
||||||
|
|
||||||
import com.threerings.crowd.data.BodyObject;
|
import com.threerings.crowd.data.BodyObject;
|
||||||
import com.threerings.crowd.data.CrowdPermissionPolicy;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Used to configure crowd-specific client object data.
|
* Used to configure crowd-specific client object data.
|
||||||
@@ -45,10 +43,4 @@ public class CrowdClientResolver extends ClientResolver
|
|||||||
{
|
{
|
||||||
return new BodyLocal();
|
return new BodyLocal();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override // from ClientResolver
|
|
||||||
public PermissionPolicy createPermissionPolicy ()
|
|
||||||
{
|
|
||||||
return new CrowdPermissionPolicy();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -54,14 +54,6 @@ public class ClientObject extends DObject
|
|||||||
/** Used to publish all invocation service receivers registered on this client. */
|
/** Used to publish all invocation service receivers registered on this client. */
|
||||||
public DSet<InvocationReceiver.Registration> receivers = DSet.newDSet();
|
public DSet<InvocationReceiver.Registration> receivers = DSet.newDSet();
|
||||||
|
|
||||||
/**
|
|
||||||
* Configures this client with a permissions policy. This is done during client resolution.
|
|
||||||
*/
|
|
||||||
public void setPermissionPolicy (PermissionPolicy policy)
|
|
||||||
{
|
|
||||||
_permPolicy = policy;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a short string identifying this client.
|
* Returns a short string identifying this client.
|
||||||
*/
|
*/
|
||||||
@@ -80,7 +72,10 @@ public class ClientObject extends DObject
|
|||||||
*/
|
*/
|
||||||
public String checkAccess (Permission perm, Object context)
|
public String checkAccess (Permission perm, Object context)
|
||||||
{
|
{
|
||||||
return _permPolicy.checkAccess(this, perm, context);
|
if (_permPolicy == null) {
|
||||||
|
_permPolicy = createPermissionPolicy();
|
||||||
|
}
|
||||||
|
return _permPolicy.checkAccess(perm, context);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -203,8 +198,34 @@ public class ClientObject extends DObject
|
|||||||
}
|
}
|
||||||
// AUTO-GENERATED: METHODS END
|
// AUTO-GENERATED: METHODS END
|
||||||
|
|
||||||
|
protected PermissionPolicy createPermissionPolicy ()
|
||||||
|
{
|
||||||
|
return new PermissionPolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ClientObject derived classes can extend this class to provide more sophisticated permission
|
||||||
|
* policies, and should return their customized classes from {@link #createPermissionPolicy}.
|
||||||
|
* This class, and its children must <em>only</em> make use of data available in the
|
||||||
|
* ClientObject (and its children). Permissions may be checked on the client or server.
|
||||||
|
*/
|
||||||
|
protected class PermissionPolicy implements InvocationCodes
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Returns null if the specified client has the specified permission, an error code
|
||||||
|
* explaining the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED}
|
||||||
|
* should be returned if no more specific explanation is available.
|
||||||
|
*
|
||||||
|
* @param perm the permission to be checked.
|
||||||
|
* @param context a potential context for the request, if any.
|
||||||
|
*/
|
||||||
|
public String checkAccess (Permission perm, Object context) {
|
||||||
|
return ACCESS_DENIED; // by default, you can't do it!
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** Handles our fine-grained permissions. */
|
/** Handles our fine-grained permissions. */
|
||||||
protected PermissionPolicy _permPolicy;
|
protected transient PermissionPolicy _permPolicy;
|
||||||
|
|
||||||
/** Used to reference count resolved client objects. */
|
/** Used to reference count resolved client objects. */
|
||||||
protected transient int _references;
|
protected transient int _references;
|
||||||
|
|||||||
@@ -1,48 +0,0 @@
|
|||||||
//
|
|
||||||
// $Id$
|
|
||||||
//
|
|
||||||
// Narya library - tools for developing networked games
|
|
||||||
// Copyright (C) 2002-2010 Three Rings Design, Inc., All Rights Reserved
|
|
||||||
// http://code.google.com/p/narya/
|
|
||||||
//
|
|
||||||
// This library is free software; you can redistribute it and/or modify it
|
|
||||||
// under the terms of the GNU Lesser General Public License as published
|
|
||||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
|
||||||
// (at your option) any later version.
|
|
||||||
//
|
|
||||||
// This library is distributed in the hope that it will be useful,
|
|
||||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
// Lesser General Public License for more details.
|
|
||||||
//
|
|
||||||
// You should have received a copy of the GNU Lesser General Public
|
|
||||||
// License along with this library; if not, write to the Free Software
|
|
||||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
|
|
||||||
package com.threerings.presents.data;
|
|
||||||
|
|
||||||
import com.threerings.io.Streamable;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Encapsulates a fine-grained permissions policy. The default policy is to deny access to
|
|
||||||
* everything, systems using fine-grained permissions should create a custom policy and provide it
|
|
||||||
* at client resolution time via the ClientResolver.
|
|
||||||
*/
|
|
||||||
public class PermissionPolicy
|
|
||||||
implements Streamable, InvocationCodes
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Returns null if the specified client has the specified permission, an error code explaining
|
|
||||||
* the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED} should be returned
|
|
||||||
* if no more specific explanation is available.
|
|
||||||
*
|
|
||||||
* @param clobj the client
|
|
||||||
* @param perm what permission they'd like to know if they have
|
|
||||||
* @param context potential context for the request, if that matters
|
|
||||||
*/
|
|
||||||
public String checkAccess (ClientObject clobj, Permission perm, Object context)
|
|
||||||
{
|
|
||||||
// by default, you can't do it!
|
|
||||||
return ACCESS_DENIED;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -298,7 +298,6 @@ public class ClientManager
|
|||||||
public void run () {
|
public void run () {
|
||||||
ClientObject clobj = fclr.createClientObject();
|
ClientObject clobj = fclr.createClientObject();
|
||||||
clobj.setLocal(ClientLocal.class, fclr.createLocalAttribute());
|
clobj.setLocal(ClientLocal.class, fclr.createLocalAttribute());
|
||||||
clobj.setPermissionPolicy(fclr.createPermissionPolicy());
|
|
||||||
fclr.objectAvailable(_omgr.registerObject(clobj));
|
fclr.objectAvailable(_omgr.registerObject(clobj));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -32,7 +32,6 @@ import com.threerings.util.Name;
|
|||||||
|
|
||||||
import com.threerings.presents.annotation.MainInvoker;
|
import com.threerings.presents.annotation.MainInvoker;
|
||||||
import com.threerings.presents.data.ClientObject;
|
import com.threerings.presents.data.ClientObject;
|
||||||
import com.threerings.presents.data.PermissionPolicy;
|
|
||||||
import com.threerings.presents.dobj.RootDObjectManager;
|
import com.threerings.presents.dobj.RootDObjectManager;
|
||||||
|
|
||||||
import static com.threerings.presents.Log.log;
|
import static com.threerings.presents.Log.log;
|
||||||
@@ -87,14 +86,6 @@ public class ClientResolver extends Invoker.Unit
|
|||||||
return new ClientLocal();
|
return new ClientLocal();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a permission policy for use by our client.
|
|
||||||
*/
|
|
||||||
public PermissionPolicy createPermissionPolicy ()
|
|
||||||
{
|
|
||||||
return new PermissionPolicy();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Called once our client object is registered with the distributed object system.
|
* Called once our client object is registered with the distributed object system.
|
||||||
*/
|
*/
|
||||||
|
|||||||
Reference in New Issue
Block a user