Revision 42af5bd2
Added by Andreas Kohlbecker almost 7 years ago
| src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java | ||
|---|---|---|
| 1 |
/** |
|
| 2 |
* Copyright (C) 2017 EDIT |
|
| 3 |
* European Distributed Institute of Taxonomy |
|
| 4 |
* http://www.e-taxonomy.eu |
|
| 5 |
* |
|
| 6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
| 7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
| 8 |
*/ |
|
| 9 |
package eu.etaxonomy.cdm.service; |
|
| 10 |
|
|
| 11 |
import java.util.EnumSet; |
|
| 12 |
|
|
| 13 |
import org.springframework.beans.factory.annotation.Autowired; |
|
| 14 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
|
| 15 |
import org.springframework.security.core.Authentication; |
|
| 16 |
import org.springframework.security.core.context.SecurityContext; |
|
| 17 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
| 18 |
|
|
| 19 |
import com.vaadin.spring.annotation.SpringComponent; |
|
| 20 |
import com.vaadin.spring.annotation.UIScope; |
|
| 21 |
|
|
| 22 |
import eu.etaxonomy.cdm.database.PermissionDeniedException; |
|
| 23 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
| 24 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
| 25 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator; |
|
| 26 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
| 27 |
import eu.etaxonomy.cdm.vaadin.security.RolesAndPermissions; |
|
| 28 |
import eu.etaxonomy.cdm.vaadin.security.VaadinUserHelper; |
|
| 29 |
|
|
| 30 |
/** |
|
| 31 |
* @author a.kohlbecker |
|
| 32 |
* @since May 19, 2017 |
|
| 33 |
* |
|
| 34 |
*/ |
|
| 35 |
@SpringComponent |
|
| 36 |
@UIScope |
|
| 37 |
public class CdmUserHelper extends VaadinUserHelper {
|
|
| 38 |
|
|
| 39 |
@Autowired |
|
| 40 |
private ICdmPermissionEvaluator permissionEvaluator; |
|
| 41 |
|
|
| 42 |
public CdmUserHelper(){
|
|
| 43 |
super(); |
|
| 44 |
} |
|
| 45 |
|
|
| 46 |
@Override |
|
| 47 |
public boolean userIsAutheticated() {
|
|
| 48 |
Authentication authentication = getAuthentication(); |
|
| 49 |
if(authentication != null){
|
|
| 50 |
return authentication.isAuthenticated(); |
|
| 51 |
} |
|
| 52 |
return false; |
|
| 53 |
} |
|
| 54 |
|
|
| 55 |
|
|
| 56 |
@Override |
|
| 57 |
public boolean userIsAnnonymous() {
|
|
| 58 |
Authentication authentication = getAuthentication(); |
|
| 59 |
return authentication != null |
|
| 60 |
&& authentication.isAuthenticated() |
|
| 61 |
&& authentication instanceof AnonymousAuthenticationToken; |
|
| 62 |
} |
|
| 63 |
|
|
| 64 |
@Override |
|
| 65 |
public String userName() {
|
|
| 66 |
Authentication authentication = getAuthentication(); |
|
| 67 |
if(authentication != null) {
|
|
| 68 |
return authentication.getName(); |
|
| 69 |
} |
|
| 70 |
return null; |
|
| 71 |
} |
|
| 72 |
|
|
| 73 |
@Override |
|
| 74 |
public boolean userIsAdmin() {
|
|
| 75 |
Authentication authentication = getAuthentication(); |
|
| 76 |
if(authentication != null) {
|
|
| 77 |
return authentication.getAuthorities().stream().anyMatch(a -> {
|
|
| 78 |
return a.getAuthority().equals(Role.ROLE_ADMIN.getAuthority()); |
|
| 79 |
}); |
|
| 80 |
} |
|
| 81 |
return false; |
|
| 82 |
} |
|
| 83 |
|
|
| 84 |
@Override |
|
| 85 |
public boolean userIsRegistrationCurator() {
|
|
| 86 |
Authentication authentication = getAuthentication(); |
|
| 87 |
if(authentication != null) {
|
|
| 88 |
return authentication.getAuthorities().stream().anyMatch(a -> {
|
|
| 89 |
return a.equals(RolesAndPermissions.ROLE_CURATION) |
|
| 90 |
// doing faster regex check here instreas of using CdmAuthoritiy.fromString() |
|
| 91 |
|| a.getAuthority().matches("^Registration\\.\\[.*UPDATE");
|
|
| 92 |
}); |
|
| 93 |
} |
|
| 94 |
return false; |
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
@Override |
|
| 98 |
public boolean userHasPermission(CdmBase entity, Object ... args){
|
|
| 99 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
|
| 100 |
try {
|
|
| 101 |
return permissionEvaluator.hasPermission(getAuthentication(), entity, crudSet); |
|
| 102 |
} catch (PermissionDeniedException e){
|
|
| 103 |
//IGNORE |
|
| 104 |
} |
|
| 105 |
return false; |
|
| 106 |
} |
|
| 107 |
|
|
| 108 |
@Override |
|
| 109 |
public boolean userHasPermission(Class<? extends CdmBase> cdmType, Integer entitiyId, Object ... args){
|
|
| 110 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
|
| 111 |
try {
|
|
| 112 |
return permissionEvaluator.hasPermission(getAuthentication(), cdmType, entitiyId.toString(), crudSet); |
|
| 113 |
} catch (PermissionDeniedException e){
|
|
| 114 |
//IGNORE |
|
| 115 |
} |
|
| 116 |
return false; |
|
| 117 |
} |
|
| 118 |
|
|
| 119 |
|
|
| 120 |
private EnumSet<CRUD> crudSetFromArgs(Object[] args) {
|
|
| 121 |
EnumSet<CRUD> crudSet = EnumSet.noneOf(CRUD.class); |
|
| 122 |
for(int i = 0; i < args.length; i++){
|
|
| 123 |
try {
|
|
| 124 |
crudSet.add(CRUD.valueOf(args[i].toString())); |
|
| 125 |
} catch (Exception e){
|
|
| 126 |
throw new IllegalArgumentException("could not add " + args[i], e);
|
|
| 127 |
} |
|
| 128 |
} |
|
| 129 |
return crudSet; |
|
| 130 |
} |
|
| 131 |
|
|
| 132 |
|
|
| 133 |
/** |
|
| 134 |
* @return |
|
| 135 |
* |
|
| 136 |
* FIXME is it ok to use the SecurityContextHolder or do we need to hold the context in the vaadin session? |
|
| 137 |
*/ |
|
| 138 |
private SecurityContext currentSecurityContext() {
|
|
| 139 |
return SecurityContextHolder.getContext(); |
|
| 140 |
} |
|
| 141 |
|
|
| 142 |
/** |
|
| 143 |
* @return |
|
| 144 |
*/ |
|
| 145 |
private Authentication getAuthentication() {
|
|
| 146 |
return currentSecurityContext().getAuthentication(); |
|
| 147 |
} |
|
| 148 |
|
|
| 149 |
} |
|
| src/main/java/eu/etaxonomy/cdm/vaadin/component/common/PersonField.java | ||
|---|---|---|
| 16 | 16 |
import com.vaadin.ui.themes.ValoTheme; |
| 17 | 17 |
|
| 18 | 18 |
import eu.etaxonomy.cdm.model.agent.Person; |
| 19 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper; |
|
| 19 | 20 |
import eu.etaxonomy.vaadin.component.CompositeCustomField; |
| 20 | 21 |
import eu.etaxonomy.vaadin.component.SwitchButton; |
| 21 | 22 |
|
| ... | ... | |
| 53 | 54 |
private TextField suffixField = new TextField(); |
| 54 | 55 |
private SwitchButton unlockSwitch = new SwitchButton(); |
| 55 | 56 |
|
| 56 |
|
|
| 57 |
|
|
| 58 | 57 |
/** |
| 59 | 58 |
* @param caption |
| 60 | 59 |
*/ |
| ... | ... | |
| 79 | 78 |
addStyledComponent(unlockSwitch); |
| 80 | 79 |
|
| 81 | 80 |
addSizedComponent(root); |
| 81 |
|
|
| 82 |
} |
|
| 83 |
|
|
| 84 |
/** |
|
| 85 |
* |
|
| 86 |
*/ |
|
| 87 |
private void checkUserPermissions(Person newValue) {
|
|
| 88 |
boolean userCanEdit = UserHelper.fromSession().userHasPermission(newValue, "DELETE", "UPDATE"); |
|
| 89 |
cacheField.setEnabled(userCanEdit); |
|
| 90 |
firstNameField.setEnabled(userCanEdit); |
|
| 91 |
lastNameField.setEnabled(userCanEdit); |
|
| 92 |
prefixField.setEnabled(userCanEdit); |
|
| 93 |
suffixField.setEnabled(userCanEdit); |
|
| 82 | 94 |
} |
| 83 | 95 |
|
| 84 | 96 |
private void setMode(Mode mode){
|
| ... | ... | |
| 188 | 200 |
protected void setInternalValue(Person newValue) {
|
| 189 | 201 |
super.setInternalValue(newValue); |
| 190 | 202 |
fieldGroup.setItemDataSource(newValue); |
| 191 |
// refreshMode();
|
|
| 203 |
checkUserPermissions(newValue);
|
|
| 192 | 204 |
} |
| 193 | 205 |
|
| 194 | 206 |
@Override |
| src/main/java/eu/etaxonomy/cdm/vaadin/security/UserHelper.java | ||
|---|---|---|
| 8 | 8 |
*/ |
| 9 | 9 |
package eu.etaxonomy.cdm.vaadin.security; |
| 10 | 10 |
|
| 11 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
|
| 12 |
import org.springframework.security.core.Authentication; |
|
| 13 |
import org.springframework.security.core.context.SecurityContext; |
|
| 14 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
| 11 |
import com.vaadin.server.VaadinSession; |
|
| 15 | 12 |
|
| 16 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
|
|
| 13 |
import eu.etaxonomy.cdm.model.common.CdmBase;
|
|
| 17 | 14 |
|
| 18 | 15 |
/** |
| 16 |
* UserHelper interface. Imeplemtations should use the {@link #VADDIN_SESSION_KEY} to auto registers
|
|
| 17 |
* in the VaadinSession. |
|
| 18 |
* |
|
| 19 | 19 |
* @author a.kohlbecker |
| 20 |
* @since May 19, 2017
|
|
| 20 |
* @since May 23, 2017
|
|
| 21 | 21 |
* |
| 22 | 22 |
*/ |
| 23 |
public class UserHelper {
|
|
| 23 |
public interface UserHelper {
|
|
| 24 | 24 |
|
| 25 |
public static final String VADDIN_SESSION_KEY = "USER_HELPER"; |
|
| 25 | 26 |
|
| 26 |
public static boolean userIsAutheticated() {
|
|
| 27 |
Authentication authentication = getAuthentication(); |
|
| 28 |
if(authentication != null){
|
|
| 29 |
return authentication.isAuthenticated(); |
|
| 30 |
} |
|
| 31 |
return false; |
|
| 27 |
/** |
|
| 28 |
* Static accessor method to obtain the auto-registered UserHelper-Bean from the |
|
| 29 |
* VaadinSession. |
|
| 30 |
* |
|
| 31 |
* @return |
|
| 32 |
*/ |
|
| 33 |
public static UserHelper fromSession() {
|
|
| 34 |
return (UserHelper)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
| 32 | 35 |
} |
| 33 | 36 |
|
| 37 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, Integer entitiyId, Object ... args); |
|
| 34 | 38 |
|
| 35 |
public static boolean userIsAnnonymous() {
|
|
| 36 |
Authentication authentication = getAuthentication(); |
|
| 37 |
return authentication != null |
|
| 38 |
&& authentication.isAuthenticated() |
|
| 39 |
&& authentication instanceof AnonymousAuthenticationToken; |
|
| 40 |
} |
|
| 39 |
boolean userHasPermission(CdmBase entity, Object ... args); |
|
| 41 | 40 |
|
| 42 |
public static String userName() {
|
|
| 43 |
Authentication authentication = getAuthentication(); |
|
| 44 |
if(authentication != null) {
|
|
| 45 |
return authentication.getName(); |
|
| 46 |
} |
|
| 47 |
return null; |
|
| 48 |
} |
|
| 41 |
boolean userIsRegistrationCurator(); |
|
| 49 | 42 |
|
| 50 |
public static boolean userIsAdmin() {
|
|
| 51 |
Authentication authentication = getAuthentication(); |
|
| 52 |
if(authentication != null) {
|
|
| 53 |
return authentication.getAuthorities().stream().anyMatch(a -> {
|
|
| 54 |
return a.getAuthority().equals(Role.ROLE_ADMIN.getAuthority()); |
|
| 55 |
}); |
|
| 56 |
} |
|
| 57 |
return false; |
|
| 58 |
} |
|
| 43 |
boolean userIsAdmin(); |
|
| 59 | 44 |
|
| 60 |
public static boolean userIsRegistrationCurator() {
|
|
| 61 |
Authentication authentication = getAuthentication(); |
|
| 62 |
if(authentication != null) {
|
|
| 63 |
return authentication.getAuthorities().stream().anyMatch(a -> {
|
|
| 64 |
return a.equals(RolesAndPermissions.ROLE_CURATION) |
|
| 65 |
// doing faster regex check here instreas of using CdmAuthoritiy.fromString() |
|
| 66 |
|| a.getAuthority().matches("^Registration\\.\\[.*UPDATE");
|
|
| 67 |
}); |
|
| 68 |
} |
|
| 69 |
return false; |
|
| 70 |
} |
|
| 45 |
String userName(); |
|
| 71 | 46 |
|
| 72 |
/** |
|
| 73 |
* @return |
|
| 74 |
* |
|
| 75 |
* FIXME is it ok to use the SecurityContextHolder or do we need to hold the context in the vaadin session? |
|
| 76 |
*/ |
|
| 77 |
private static SecurityContext currentSecurityContext() {
|
|
| 78 |
return SecurityContextHolder.getContext(); |
|
| 79 |
} |
|
| 47 |
boolean userIsAnnonymous(); |
|
| 80 | 48 |
|
| 81 |
/** |
|
| 82 |
* @return |
|
| 83 |
*/ |
|
| 84 |
private static Authentication getAuthentication() {
|
|
| 85 |
return currentSecurityContext().getAuthentication(); |
|
| 86 |
} |
|
| 49 |
boolean userIsAutheticated(); |
|
| 87 | 50 |
|
| 88 | 51 |
} |
| src/main/java/eu/etaxonomy/cdm/vaadin/security/VaadinUserHelper.java | ||
|---|---|---|
| 1 |
/** |
|
| 2 |
* Copyright (C) 2017 EDIT |
|
| 3 |
* European Distributed Institute of Taxonomy |
|
| 4 |
* http://www.e-taxonomy.eu |
|
| 5 |
* |
|
| 6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
| 7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
| 8 |
*/ |
|
| 9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
| 10 |
|
|
| 11 |
import com.vaadin.server.VaadinSession; |
|
| 12 |
|
|
| 13 |
/** |
|
| 14 |
* Abstract UserHelper which auto registers in the VaadinSession. |
|
| 15 |
* |
|
| 16 |
* @author a.kohlbecker |
|
| 17 |
* @since May 23, 2017 |
|
| 18 |
* |
|
| 19 |
*/ |
|
| 20 |
public abstract class VaadinUserHelper implements UserHelper {
|
|
| 21 |
|
|
| 22 |
public VaadinUserHelper() {
|
|
| 23 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
| 24 |
} |
|
| 25 |
|
|
| 26 |
} |
|
| src/main/java/eu/etaxonomy/cdm/vaadin/view/registration/ListPresenter.java | ||
|---|---|---|
| 63 | 63 |
// list all if the authenticated user is having the role CURATION of if it is an admin |
| 64 | 64 |
Authentication authentication = currentSecurityContext().getAuthentication(); |
| 65 | 65 |
User submitter = null; |
| 66 |
if(!(UserHelper.userIsRegistrationCurator() || UserHelper.userIsAdmin())) {
|
|
| 66 |
if(!(UserHelper.fromSession().userIsRegistrationCurator() || UserHelper.fromSession().userIsAdmin())) {
|
|
| 67 | 67 |
submitter = (User) authentication.getPrincipal(); |
| 68 | 68 |
} |
| 69 | 69 |
|
| src/main/java/eu/etaxonomy/cdm/vaadin/view/registration/ListViewBean.java | ||
|---|---|---|
| 210 | 210 |
|
| 211 | 211 |
public void populateList(Collection<RegistrationDTO> registrations) {
|
| 212 | 212 |
|
| 213 |
boolean isCurator = UserHelper.userIsRegistrationCurator() || UserHelper.userIsAdmin();
|
|
| 213 |
boolean isCurator = UserHelper.fromSession().userIsRegistrationCurator() || UserHelper.fromSession().userIsAdmin();
|
|
| 214 | 214 |
for(RegistrationDTO regDto : registrations) {
|
| 215 | 215 |
RegistrationItem item = new RegistrationItem(regDto, this); |
| 216 | 216 |
item.getSubmitterLabel().setVisible(isCurator); |
| src/main/java/eu/etaxonomy/cdm/vaadin/view/registration/RegistrationWorkflowViewBean.java | ||
|---|---|---|
| 134 | 134 |
|
| 135 | 135 |
registration.addComponent(createWorkflowTabSheet(workingset, null)); |
| 136 | 136 |
RegistrationItem registrationItem = new RegistrationItem(workingset, this); |
| 137 |
if(UserHelper.userIsRegistrationCurator() || UserHelper.userIsAdmin()){
|
|
| 137 |
if(UserHelper.fromSession().userIsRegistrationCurator() || UserHelper.fromSession().userIsAdmin()){
|
|
| 138 | 138 |
registrationItem.getSubmitterLabel().setVisible(true); |
| 139 | 139 |
}; |
| 140 | 140 |
registration.addComponent(registrationItem); |
| ... | ... | |
| 234 | 234 |
messageButton.setCaptionAsHtml(true); |
| 235 | 235 |
buttonGroup.addComponent(messageButton); |
| 236 | 236 |
|
| 237 |
if(UserHelper.userIsRegistrationCurator() || UserHelper.userIsAdmin()) {
|
|
| 237 |
if(UserHelper.fromSession().userIsRegistrationCurator() || UserHelper.fromSession().userIsAdmin()) {
|
|
| 238 | 238 |
Button editButton = new Button(FontAwesome.EDIT); |
| 239 | 239 |
editButton.setStyleName(ValoTheme.BUTTON_TINY + " " + ValoTheme.BUTTON_PRIMARY); |
| 240 | 240 |
editButton.addClickListener(e -> getEventBus().publishEvent(new RegistrationEditorAction( |
| src/main/java/eu/etaxonomy/cdm/vaadin/view/taxon/TaxonNamePopupEditor.java | ||
|---|---|---|
| 47 | 47 |
|
| 48 | 48 |
private final static int GRID_ROWS = 7; |
| 49 | 49 |
|
| 50 |
private TextField titleField; |
|
| 51 |
|
|
| 52 | 50 |
private TextField genusOrUninomialField; |
| 53 | 51 |
|
| 54 | 52 |
private TextField infraGenericEpithetField; |
| ... | ... | |
| 62 | 60 |
private SwitchableTextField protectedNameCacheField; |
| 63 | 61 |
|
| 64 | 62 |
|
| 65 |
|
|
| 66 | 63 |
/** |
| 67 | 64 |
* @param layout |
| 68 | 65 |
* @param dtoType |
| ... | ... | |
| 160 | 157 |
ListSelect rankSelect = selectFieldFactory.createListSelect("Rank", Rank.class, OrderHint.BY_ORDER_INDEX.asList(), "label");
|
| 161 | 158 |
rankSelect.setNullSelectionAllowed(false); |
| 162 | 159 |
rankSelect.setRows(1); |
| 163 |
rankSelect.addValidator(e -> updateFieldVisibility());
|
|
| 160 |
rankSelect.addValueChangeListener(e -> updateFieldVisibility((Rank)e.getProperty().getValue()));
|
|
| 164 | 161 |
addField(rankSelect, "rank", 3, row); |
| 165 | 162 |
grid.setComponentAlignment(rankSelect, Alignment.TOP_RIGHT); |
| 166 | 163 |
row++; |
| ... | ... | |
| 197 | 194 |
} |
| 198 | 195 |
|
| 199 | 196 |
/** |
| 197 |
* @param rank |
|
| 200 | 198 |
* @return |
| 201 | 199 |
*/ |
| 202 |
private Object updateFieldVisibility() {
|
|
| 203 |
// TODO Auto-generated method stub |
|
| 204 |
// TODO change label of |
|
| 205 |
// - genusOrUninomialField |
|
| 206 |
return null; |
|
| 200 |
private void updateFieldVisibility(Rank rank) {
|
|
| 201 |
boolean isSpeciesOrBelow = !rank.isHigher(Rank.SPECIES()); |
|
| 202 |
infraSpecificEpithetField.setVisible(rank.isInfraSpecific()); |
|
| 203 |
specificEpithetField.setVisible(isSpeciesOrBelow); |
|
| 204 |
infraGenericEpithetField.setVisible(rank.isInfraGenericButNotSpeciesGroup()); |
|
| 205 |
genusOrUninomialField.setCaption(isSpeciesOrBelow ? "Genus" : "Uninomial"); |
|
| 207 | 206 |
} |
| 208 | 207 |
|
| 209 | 208 |
/** |
| src/main/java/eu/etaxonomy/vaadin/ui/navigation/NavigationManagerBean.java | ||
|---|---|---|
| 24 | 24 |
import com.vaadin.ui.UI; |
| 25 | 25 |
import com.vaadin.ui.Window; |
| 26 | 26 |
|
| 27 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper; |
|
| 27 | 28 |
import eu.etaxonomy.vaadin.ui.UIInitializedEvent; |
| 28 | 29 |
import eu.etaxonomy.vaadin.ui.view.DoneWithPopupEvent; |
| 29 | 30 |
import eu.etaxonomy.vaadin.ui.view.PopupView; |
| ... | ... | |
| 44 | 45 |
@Autowired |
| 45 | 46 |
private ViewChangeListener viewChangeListener; |
| 46 | 47 |
|
| 48 |
@Autowired |
|
| 49 |
private UserHelper userHelper; |
|
| 50 |
|
|
| 47 | 51 |
private Map<PopupView, Window> popupMap; |
| 48 | 52 |
|
| 49 | 53 |
public NavigationManagerBean() {
|
Also available in: Unified diff
ref #6169 UserHelper checking permissions: