Sometimes my mind drifts away and forgets that I live in a world where I have
to write everything in two languages, and now have to take special care that things written in one of those languages works properly in a wholly separate and somewhat limited deployment environment. Ah such sweet forgetting. git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5119 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -84,6 +84,8 @@ com/threerings/presents/data/InvocationMarshaller_ConfirmMarshaller.as
|
||||
com/threerings/presents/data/InvocationMarshaller_ResultMarshaller.as
|
||||
com/threerings/presents/data/TimeBaseMarshaller.as
|
||||
com/threerings/presents/data/TimeBaseMarshaller_GotTimeBaseMarshaller.as
|
||||
com/threerings/presents/data/Permission.as
|
||||
com/threerings/presents/data/PermissionPolicy.as
|
||||
com/threerings/presents/dobj/AttributeChangeListener.as
|
||||
com/threerings/presents/dobj/AttributeChangedEvent.as
|
||||
com/threerings/presents/dobj/ChangeListener.as
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
package com.threerings.crowd.chat.data {
|
||||
|
||||
import com.threerings.presents.data.InvocationCodes;
|
||||
import com.threerings.presents.data.Permission;
|
||||
|
||||
import com.threerings.crowd.data.BodyObject;
|
||||
|
||||
@@ -40,13 +41,11 @@ public class ChatCodes extends InvocationCodes
|
||||
/** The message identifier for a chat notification message. */
|
||||
public static const CHAT_NOTIFICATION :String = "chat";
|
||||
|
||||
/** The access control identifier for normal chat privileges. See
|
||||
* {@link BodyObject#checkAccess}. */
|
||||
public static const CHAT_ACCESS :String = "crowd.chat.chat";
|
||||
/** The access control identifier for normal chat privileges. */
|
||||
public static const CHAT_ACCESS :Permission = new Permission();
|
||||
|
||||
/** The access control identifier for broadcast chat privileges. See
|
||||
* {@link BodyObject#checkAccess}. */
|
||||
public static const BROADCAST_ACCESS :String = "crowd.chat.broadcast";
|
||||
/** The access control identifier for broadcast chat privileges. */
|
||||
public static const BROADCAST_ACCESS :Permission = new Permission();
|
||||
|
||||
/** The configuration key for idle time. */
|
||||
public static const IDLE_TIME_KEY :String = "narya.chat.idle_time";
|
||||
|
||||
@@ -75,27 +75,6 @@ public class BodyObject extends ClientObject
|
||||
*/
|
||||
public var awayMessage :String;
|
||||
|
||||
/**
|
||||
* Checks whether or not this user has access to the specified feature. Currently used by the
|
||||
* chat system to regulate access to chat broadcasts but also forms the basis of an extensible
|
||||
* fine-grained permissions system.
|
||||
*
|
||||
* @return null if the user has access, a fully-qualified translatable message string
|
||||
* indicating the reason for denial of access (or just {@link InvocationCodes#ACCESS_DENIED} if
|
||||
* you don't want to be specific).
|
||||
*/
|
||||
public function checkAccess (feature :String, context :Object) :String
|
||||
{
|
||||
// our default access control policy; how quaint
|
||||
if (ChatCodes.BROADCAST_ACCESS == feature) {
|
||||
return getTokens().isAdmin() ? null : InvocationCodes.ACCESS_DENIED;
|
||||
} else if (ChatCodes.CHAT_ACCESS == feature) {
|
||||
return null;
|
||||
} else {
|
||||
return InvocationCodes.ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns this user's access control tokens.
|
||||
*/
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
//
|
||||
// $Id$
|
||||
//
|
||||
// Narya library - tools for developing networked games
|
||||
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
|
||||
// http://www.threerings.net/code/narya/
|
||||
//
|
||||
// This library is free software; you can redistribute it and/or modify it
|
||||
// under the terms of the GNU Lesser General Public License as published
|
||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// Lesser General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Lesser General Public
|
||||
// License along with this library; if not, write to the Free Software
|
||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
package com.threerings.crowd.data {
|
||||
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.InvocationCodes;
|
||||
import com.threerings.presents.data.Permission;
|
||||
import com.threerings.presents.data.PermissionPolicy;
|
||||
|
||||
import com.threerings.crowd.chat.data.ChatCodes;
|
||||
|
||||
/**
|
||||
* Implements some Crowd permissions.
|
||||
*/
|
||||
public class CrowdPermissionPolicy extends PermissionPolicy
|
||||
{
|
||||
// from PermissionPolicy
|
||||
override public function checkAccess (
|
||||
clobj :ClientObject, perm :Permission, context :Object) :String
|
||||
{
|
||||
if (!(clobj is BodyObject)) {
|
||||
return super.checkAccess(clobj, perm, context);
|
||||
}
|
||||
|
||||
var body :BodyObject = (clobj as BodyObject);
|
||||
if (perm == ChatCodes.BROADCAST_ACCESS) {
|
||||
return body.getTokens().isAdmin() ? null : InvocationCodes.ACCESS_DENIED;
|
||||
} else if (perm == ChatCodes.CHAT_ACCESS) {
|
||||
return null;
|
||||
} else {
|
||||
return super.checkAccess(clobj, perm, context);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -57,6 +57,19 @@ public class ClientObject extends DObject
|
||||
return "(" + getOid() + ")";
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether or not this client has the specified permission.
|
||||
*
|
||||
* @return null if the user has access, a fully-qualified translatable message string
|
||||
* indicating the reason for denial of access.
|
||||
*
|
||||
* @see PermissionPolicy
|
||||
*/
|
||||
public function checkAccess (perm :Permission, context :Object = null) :String
|
||||
{
|
||||
return _permPolicy.checkAccess(this, perm, context);
|
||||
}
|
||||
|
||||
// AUTO-GENERATED: METHODS START
|
||||
public function addToReceivers (elem :DSet_Entry) :void
|
||||
{
|
||||
@@ -91,6 +104,9 @@ public class ClientObject extends DObject
|
||||
{
|
||||
super.readObject(ins);
|
||||
receivers = (ins.readObject() as DSet);
|
||||
_permPolicy = (ins.readObject() as PermissionPolicy);
|
||||
}
|
||||
|
||||
protected var _permPolicy :PermissionPolicy;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
//
|
||||
// $Id$
|
||||
//
|
||||
// Narya library - tools for developing networked games
|
||||
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
|
||||
// http://www.threerings.net/code/narya/
|
||||
//
|
||||
// This library is free software; you can redistribute it and/or modify it
|
||||
// under the terms of the GNU Lesser General Public License as published
|
||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// Lesser General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Lesser General Public
|
||||
// License along with this library; if not, write to the Free Software
|
||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
package com.threerings.presents.data {
|
||||
|
||||
/**
|
||||
* A value class used by ClientObject.checkAccess to do fine-grained access control.
|
||||
*/
|
||||
public class Permission
|
||||
{
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,59 @@
|
||||
//
|
||||
// $Id$
|
||||
//
|
||||
// Narya library - tools for developing networked games
|
||||
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
|
||||
// http://www.threerings.net/code/narya/
|
||||
//
|
||||
// This library is free software; you can redistribute it and/or modify it
|
||||
// under the terms of the GNU Lesser General Public License as published
|
||||
// by the Free Software Foundation; either version 2.1 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// Lesser General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Lesser General Public
|
||||
// License along with this library; if not, write to the Free Software
|
||||
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
package com.threerings.presents.data {
|
||||
|
||||
import com.threerings.io.ObjectInputStream;
|
||||
import com.threerings.io.ObjectOutputStream;
|
||||
import com.threerings.io.Streamable;
|
||||
|
||||
/**
|
||||
* Encapsulates a fine-grained permissions policy. The default policy is to deny access to
|
||||
* everything, systems using fine-grained permissions should create a custom policy and provide it
|
||||
* at client resolution time via the ClientResolver.
|
||||
*/
|
||||
public class PermissionPolicy
|
||||
implements Streamable
|
||||
{
|
||||
/**
|
||||
* Returns null if the specified client has the specified permission, an error code explaining
|
||||
* the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED} should be returned
|
||||
* if no more specific explanation is available.
|
||||
*/
|
||||
public function checkAccess (clobj :ClientObject, perm :Permission, context :Object) :String
|
||||
{
|
||||
// by default, you can't do it!
|
||||
return InvocationCodes.ACCESS_DENIED;
|
||||
}
|
||||
|
||||
// from interface Streamable
|
||||
public function writeObject (out :ObjectOutputStream) :void
|
||||
{
|
||||
// nothing needed
|
||||
}
|
||||
|
||||
// from interface Streamable
|
||||
public function readObject (ins :ObjectInputStream) :void
|
||||
{
|
||||
// nothing needed
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -61,24 +61,24 @@ public class ClientObject extends DObject
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether or not this client has access to the specified feature.
|
||||
* Checks whether or not this client has the specified permission.
|
||||
*
|
||||
* @return null if the user has access, a fully-qualified translatable message string
|
||||
* indicating the reason for denial of access.
|
||||
*
|
||||
* @see PermissionPolicy
|
||||
*/
|
||||
public String checkAccess (Permission feature, Object context)
|
||||
public String checkAccess (Permission perm, Object context)
|
||||
{
|
||||
return _permPolicy.checkAccess(this, feature, context);
|
||||
return _permPolicy.checkAccess(this, perm, context);
|
||||
}
|
||||
|
||||
/**
|
||||
* A version of {@link #checkAccess(Permission,Object} that provides no context.
|
||||
*/
|
||||
public String checkAccess (Permission feature)
|
||||
public String checkAccess (Permission perm)
|
||||
{
|
||||
return checkAccess(feature, null);
|
||||
return checkAccess(perm, null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user