1. 20 Jul, 2018 1 commit
  2. 03 Jul, 2018 1 commit
  3. 26 Jun, 2018 3 commits
  4. 20 Jun, 2018 1 commit
    • Refactor AccessControlListVoter and related functinality · 7284fe54
      Sergey Sokolenko authored
      - make sure SID/OID metadata is not written to the cache
      - cleanup old or complicated code at AccessControlListVoter class
      - add some docs to the DefaultPermissionManager class
      - make SID/OID and DefaultDomainPermission look nicer when printed to console
      - etc.
  5. 11 Jun, 2018 1 commit
    • Implement ability to remove users · c882bec6
      Anton Sudak authored
      Add actions column to users list with remove link. Add remove user confirmation dialog. Clean up user related data on removal.
  6. 07 Jun, 2018 1 commit
    • PLAY-111 Optimize AccessControlEntry storage layout · 2d731fe9
      Sergey Sokolenko authored
      This commit smashes separate allow/deny DomainActionEntry collections into single json serialized fields on AccessControlEntry, thus dramatically reducing the number of total db records and avoiding extra JOIN queries.
  7. 29 May, 2018 1 commit
  8. 25 May, 2018 1 commit
  9. 15 May, 2018 1 commit
  10. 15 Mar, 2018 2 commits
  11. 09 Mar, 2018 1 commit
  12. 12 Jan, 2018 1 commit
  13. 02 Jan, 2018 1 commit
  14. 15 Dec, 2017 1 commit
  15. 22 Nov, 2017 1 commit
    • Fallback to permission domain authorizer if it is not resolved on the permission target · 87aeb116
      Sergey Sokolenko authored
      This fixes a behavior of permission checks with ObjectIdentity.ALL targets, e.g.:
      
        @WithAuthorizer(MyProductAuthorizer.class)
        public class Product { .. }
      
        public enum ProductPermission<Product> { ADD, EDIT, ...; }
      
        // this works well, MyProductAuthorizer is resolved from product object
        plauAuthApi.isPermitted(ProductPermission.EDIT, product);
      
        // this failed to work because default ObjectIdentity.ALL does not have any metadata
        // now the AccessControlManager will fall back to resolve Authorizer from the
        // permission's class ProductPermission.ADD reflectively
        plauAuthApi.isPermitted(ProductPermission.ADD);
  16. 21 Nov, 2017 3 commits
  17. 14 Nov, 2017 1 commit
    • Fix permission implication to respect permission scopes · 5fa85940
      Sergey Sokolenko authored
      The given permission can only allow/imply other permissions if they're
      applied to the same target or the given permission is applied to a
      domain (isClassIdentity) rather than to a specific object.
      
      This rule ensures that more specific permission won't imply more generic ones, e.g.:
      
        "allow Block.EDIT(b1)" can imply "allow Block.SHOW(b1)"
         but NOT "allow Block.SHOW(b2)" or "allow Block.SHOW(*)"
      
      P.S. This fix does not affect the behavior of the DefaultAccessControlListVoter
      since it already performed proper checks.
  18. 05 Oct, 2017 1 commit
  19. 29 Sep, 2017 2 commits
  20. 20 Sep, 2017 2 commits
  21. 15 Sep, 2017 1 commit
  22. 22 Aug, 2017 1 commit
  23. 27 Jul, 2017 1 commit
  24. 14 Mar, 2017 1 commit
  25. 08 Mar, 2017 1 commit
  26. 07 Mar, 2017 1 commit
  27. 03 Mar, 2017 2 commits
  28. 21 Feb, 2017 1 commit
  29. 14 Feb, 2017 1 commit
  30. 06 Feb, 2017 1 commit
    • RASCHCM-3 Refactor play-cms in order to reduce static state and improve DI flexibility · bfff359e
      Sergey Sokolenko authored
      - Deprecate static CMS in favor of injectable CMSApi
      - Make Metrics non-static and injectable; also, had to remove metrics from BlockFinder as it cannot rely on DI
      - Move the "reset" logic into it's own class from CMSApi; the setup logic should be simplified further...
      - Move Formatters registration from CMSApi into injectable Provider as suggested by official play docs
      - Split DI modules into more fine grained modules for more flexiblity when overriding them in child projects
      - Add convenient default to multisite setup to make it less painful
      - Update to the latest stable playframework
  31. 10 Jan, 2017 2 commits
    • PLAY-8 Fix tests · 08806fe2
      Anton Orlov authored
    • HOTFIX Move DomainPermission.ALL to GlobalDomainPermission.ALL · e8d2e62b
      Sergey Sokolenko authored
      The static final member `ALL` in the interface `DomainPermission` was inherited by permission enums which lead to confusion when people see inherited
      `ALL` member among other enum constants, e.g. accessing PartyPermission.ALL will actually access DomainPermission.ALL and may lead to programming
      errors like assigning global superuser permission to unrelated party or role, e.g.:
      
          // allow cmsAdminRole to do everything on cms blocks
           acm.allowPermission(cmsAdminRole, BlockPermission.ALL)
      
       but actually we're getting
      
           acm.allowPermission(cmsAdminRole, DomainPermission.ALL)
      
       So, in this HOTFIX the `ALL` constant is moved to dedicated final noninstantiatable class `GlobalDomainPermission`, so `ALL` constant is no logner available among other enum constants and won't be misused as shown above.