From: <pn...@hy...> - 2008-08-18 07:36:42
|
Author: pnguyen Date: 2008-08-18 00:36:29 -0700 (Mon, 18 Aug 2008) New Revision: 10716 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=10716 Modified: trunk/src/org/hyperic/hq/bizapp/server/session/EventsBossEJBImpl.java trunk/src/org/hyperic/hq/events/server/session/MaintenanceEventManagerEJBImpl.java trunk/src/org/hyperic/hq/events/shared/MaintenanceEventManagerInterface.java trunk/src/org/hyperic/hq/ui/service/RESTService.java Log: Updated permission logic Modified: trunk/src/org/hyperic/hq/bizapp/server/session/EventsBossEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/bizapp/server/session/EventsBossEJBImpl.java 2008-08-18 06:35:51 UTC (rev 10715) +++ trunk/src/org/hyperic/hq/bizapp/server/session/EventsBossEJBImpl.java 2008-08-18 07:36:29 UTC (rev 10716) @@ -1777,8 +1777,9 @@ throws SessionNotFoundException, SessionTimeoutException, PermissionException, SchedulerException { - manager.authenticate(sessionId); - return getMaintEvtMgr().getMaintenanceEvent(groupId); + AuthzSubject subject = manager.getSubject(sessionId); + + return getMaintEvtMgr().getMaintenanceEvent(subject, groupId); } /** Modified: trunk/src/org/hyperic/hq/events/server/session/MaintenanceEventManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/events/server/session/MaintenanceEventManagerEJBImpl.java 2008-08-18 06:35:51 UTC (rev 10715) +++ trunk/src/org/hyperic/hq/events/server/session/MaintenanceEventManagerEJBImpl.java 2008-08-18 07:36:29 UTC (rev 10716) @@ -59,8 +59,9 @@ * * @ejb:interface-method */ - public MaintenanceEvent getMaintenanceEvent(Integer groupId) - throws SchedulerException + public MaintenanceEvent getMaintenanceEvent(AuthzSubject subject, + Integer groupId) + throws PermissionException, SchedulerException { throw new UnsupportedOperationException(); } @@ -105,8 +106,7 @@ * * @ejb:interface-method */ - public void checkPermission(AuthzSubject subject, MaintenanceEvent event) - throws PermissionException + public boolean canSchedule(AuthzSubject subject, MaintenanceEvent event) { throw new UnsupportedOperationException(); } Modified: trunk/src/org/hyperic/hq/events/shared/MaintenanceEventManagerInterface.java =================================================================== --- trunk/src/org/hyperic/hq/events/shared/MaintenanceEventManagerInterface.java 2008-08-18 06:35:51 UTC (rev 10715) +++ trunk/src/org/hyperic/hq/events/shared/MaintenanceEventManagerInterface.java 2008-08-18 07:36:29 UTC (rev 10716) @@ -40,8 +40,9 @@ /** * Get the maintenance event for the group */ - public MaintenanceEvent getMaintenanceEvent(Integer groupId) - throws SchedulerException; + public MaintenanceEvent getMaintenanceEvent(AuthzSubject subject, + Integer groupId) + throws PermissionException, SchedulerException; /** * Disable or enable monitors (alerts, measurements) for the group and its @@ -65,9 +66,8 @@ throws PermissionException, SchedulerException; /** - * Perform group permission check + * Check to see if user is authorized to schedule a maintenance event */ - public void checkPermission(AuthzSubject subject, MaintenanceEvent event) - throws PermissionException; + public boolean canSchedule(AuthzSubject subject, MaintenanceEvent event); } Modified: trunk/src/org/hyperic/hq/ui/service/RESTService.java =================================================================== --- trunk/src/org/hyperic/hq/ui/service/RESTService.java 2008-08-18 06:35:51 UTC (rev 10715) +++ trunk/src/org/hyperic/hq/ui/service/RESTService.java 2008-08-18 07:36:29 UTC (rev 10716) @@ -472,13 +472,10 @@ .put(PARAM_START_TIME, event.getStartTime()) .put(PARAM_END_TIME, event.getEndTime()); - try { - // Get permissions - PermissionManagerFactory.getInstance() - .getMaintenanceEventManager() - .checkPermission(me, event); - jRes.put("permission", true); - } catch (PermissionException pe) {} + boolean canSchedule = PermissionManagerFactory.getInstance() + .getMaintenanceEventManager() + .canSchedule(me, event); + jRes.put("permission", canSchedule); } } catch (Exception e) { |