Sometimes my mind drifts away and forgets that I live in a world where I have

to write everything in two languages, and now have to take special care that
things written in one of those languages works properly in a wholly separate
and somewhat limited deployment environment. Ah such sweet forgetting.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5119 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2008-05-22 14:12:10 +00:00
parent 591dc1541a
commit da9d8701c2
8 changed files with 171 additions and 32 deletions
+2
View File
@@ -84,6 +84,8 @@ com/threerings/presents/data/InvocationMarshaller_ConfirmMarshaller.as
com/threerings/presents/data/InvocationMarshaller_ResultMarshaller.as
com/threerings/presents/data/TimeBaseMarshaller.as
com/threerings/presents/data/TimeBaseMarshaller_GotTimeBaseMarshaller.as
com/threerings/presents/data/Permission.as
com/threerings/presents/data/PermissionPolicy.as
com/threerings/presents/dobj/AttributeChangeListener.as
com/threerings/presents/dobj/AttributeChangedEvent.as
com/threerings/presents/dobj/ChangeListener.as
@@ -22,6 +22,7 @@
package com.threerings.crowd.chat.data {
import com.threerings.presents.data.InvocationCodes;
import com.threerings.presents.data.Permission;
import com.threerings.crowd.data.BodyObject;
@@ -40,13 +41,11 @@ public class ChatCodes extends InvocationCodes
/** The message identifier for a chat notification message. */
public static const CHAT_NOTIFICATION :String = "chat";
/** The access control identifier for normal chat privileges. See
* {@link BodyObject#checkAccess}. */
public static const CHAT_ACCESS :String = "crowd.chat.chat";
/** The access control identifier for normal chat privileges. */
public static const CHAT_ACCESS :Permission = new Permission();
/** The access control identifier for broadcast chat privileges. See
* {@link BodyObject#checkAccess}. */
public static const BROADCAST_ACCESS :String = "crowd.chat.broadcast";
/** The access control identifier for broadcast chat privileges. */
public static const BROADCAST_ACCESS :Permission = new Permission();
/** The configuration key for idle time. */
public static const IDLE_TIME_KEY :String = "narya.chat.idle_time";
@@ -75,27 +75,6 @@ public class BodyObject extends ClientObject
*/
public var awayMessage :String;
/**
* Checks whether or not this user has access to the specified feature. Currently used by the
* chat system to regulate access to chat broadcasts but also forms the basis of an extensible
* fine-grained permissions system.
*
* @return null if the user has access, a fully-qualified translatable message string
* indicating the reason for denial of access (or just {@link InvocationCodes#ACCESS_DENIED} if
* you don't want to be specific).
*/
public function checkAccess (feature :String, context :Object) :String
{
// our default access control policy; how quaint
if (ChatCodes.BROADCAST_ACCESS == feature) {
return getTokens().isAdmin() ? null : InvocationCodes.ACCESS_DENIED;
} else if (ChatCodes.CHAT_ACCESS == feature) {
return null;
} else {
return InvocationCodes.ACCESS_DENIED;
}
}
/**
* Returns this user's access control tokens.
*/
@@ -0,0 +1,54 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.crowd.data {
import com.threerings.presents.data.ClientObject;
import com.threerings.presents.data.InvocationCodes;
import com.threerings.presents.data.Permission;
import com.threerings.presents.data.PermissionPolicy;
import com.threerings.crowd.chat.data.ChatCodes;
/**
* Implements some Crowd permissions.
*/
public class CrowdPermissionPolicy extends PermissionPolicy
{
// from PermissionPolicy
override public function checkAccess (
clobj :ClientObject, perm :Permission, context :Object) :String
{
if (!(clobj is BodyObject)) {
return super.checkAccess(clobj, perm, context);
}
var body :BodyObject = (clobj as BodyObject);
if (perm == ChatCodes.BROADCAST_ACCESS) {
return body.getTokens().isAdmin() ? null : InvocationCodes.ACCESS_DENIED;
} else if (perm == ChatCodes.CHAT_ACCESS) {
return null;
} else {
return super.checkAccess(clobj, perm, context);
}
}
}
}
@@ -57,6 +57,19 @@ public class ClientObject extends DObject
return "(" + getOid() + ")";
}
/**
* Checks whether or not this client has the specified permission.
*
* @return null if the user has access, a fully-qualified translatable message string
* indicating the reason for denial of access.
*
* @see PermissionPolicy
*/
public function checkAccess (perm :Permission, context :Object = null) :String
{
return _permPolicy.checkAccess(this, perm, context);
}
// AUTO-GENERATED: METHODS START
public function addToReceivers (elem :DSet_Entry) :void
{
@@ -91,6 +104,9 @@ public class ClientObject extends DObject
{
super.readObject(ins);
receivers = (ins.readObject() as DSet);
_permPolicy = (ins.readObject() as PermissionPolicy);
}
protected var _permPolicy :PermissionPolicy;
}
}
@@ -0,0 +1,30 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.data {
/**
* A value class used by ClientObject.checkAccess to do fine-grained access control.
*/
public class Permission
{
}
}
@@ -0,0 +1,59 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.data {
import com.threerings.io.ObjectInputStream;
import com.threerings.io.ObjectOutputStream;
import com.threerings.io.Streamable;
/**
* Encapsulates a fine-grained permissions policy. The default policy is to deny access to
* everything, systems using fine-grained permissions should create a custom policy and provide it
* at client resolution time via the ClientResolver.
*/
public class PermissionPolicy
implements Streamable
{
/**
* Returns null if the specified client has the specified permission, an error code explaining
* the lack of access if they do not. {@link InvocationCodes#ACCESS_DENIED} should be returned
* if no more specific explanation is available.
*/
public function checkAccess (clobj :ClientObject, perm :Permission, context :Object) :String
{
// by default, you can't do it!
return InvocationCodes.ACCESS_DENIED;
}
// from interface Streamable
public function writeObject (out :ObjectOutputStream) :void
{
// nothing needed
}
// from interface Streamable
public function readObject (ins :ObjectInputStream) :void
{
// nothing needed
}
}
}
@@ -61,24 +61,24 @@ public class ClientObject extends DObject
}
/**
* Checks whether or not this client has access to the specified feature.
* Checks whether or not this client has the specified permission.
*
* @return null if the user has access, a fully-qualified translatable message string
* indicating the reason for denial of access.
*
* @see PermissionPolicy
*/
public String checkAccess (Permission feature, Object context)
public String checkAccess (Permission perm, Object context)
{
return _permPolicy.checkAccess(this, feature, context);
return _permPolicy.checkAccess(this, perm, context);
}
/**
* A version of {@link #checkAccess(Permission,Object} that provides no context.
*/
public String checkAccess (Permission feature)
public String checkAccess (Permission perm)
{
return checkAccess(feature, null);
return checkAccess(perm, null);
}
/**