Revision 68b2628a
Added by Andreas Kohlbecker over 6 years ago
- ID 68b2628aa8d5a04a8ce343e1298b0ca7f462e722
- Parent 5613f613
src/main/java/eu/etaxonomy/cdm/addon/config/CdmVaadinConfiguration.java | ||
---|---|---|
251 | 251 |
@Override |
252 | 252 |
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { |
253 | 253 |
this.applicationContext = applicationContext; |
254 |
|
|
255 | 254 |
} |
256 | 255 |
|
257 | 256 |
|
src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java | ||
---|---|---|
11 | 11 |
import java.util.EnumSet; |
12 | 12 |
|
13 | 13 |
import org.springframework.beans.factory.annotation.Autowired; |
14 |
import org.springframework.beans.factory.annotation.Qualifier; |
|
14 | 15 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
15 | 16 |
import org.springframework.security.core.Authentication; |
16 | 17 |
import org.springframework.security.core.context.SecurityContext; |
... | ... | |
19 | 20 |
import com.vaadin.spring.annotation.SpringComponent; |
20 | 21 |
import com.vaadin.spring.annotation.UIScope; |
21 | 22 |
|
23 |
import eu.etaxonomy.cdm.api.application.CdmRepository; |
|
22 | 24 |
import eu.etaxonomy.cdm.database.PermissionDeniedException; |
23 | 25 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
24 | 26 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
... | ... | |
39 | 41 |
@Autowired |
40 | 42 |
private ICdmPermissionEvaluator permissionEvaluator; |
41 | 43 |
|
44 |
@Autowired |
|
45 |
@Qualifier("cdmRepository") |
|
46 |
private CdmRepository repo; |
|
47 |
|
|
42 | 48 |
public CdmUserHelper(){ |
43 | 49 |
super(); |
44 | 50 |
} |
... | ... | |
98 | 104 |
public boolean userHasPermission(CdmBase entity, Object ... args){ |
99 | 105 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
100 | 106 |
try { |
101 |
return permissionEvaluator.hasPermission(getAuthentication(), entity, crudSet); |
|
107 |
return permissionEvaluator.hasPermission(getAuthentication(), entity, crudSet);
|
|
102 | 108 |
} catch (PermissionDeniedException e){ |
103 | 109 |
//IGNORE |
104 | 110 |
} |
... | ... | |
109 | 115 |
public boolean userHasPermission(Class<? extends CdmBase> cdmType, Integer entitiyId, Object ... args){ |
110 | 116 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
111 | 117 |
try { |
112 |
return permissionEvaluator.hasPermission(getAuthentication(), cdmType, entitiyId.toString(), crudSet); |
|
118 |
CdmBase entity = repo.getCommonService().find(cdmType, entitiyId); |
|
119 |
return permissionEvaluator.hasPermission(getAuthentication(), entity, crudSet); |
|
113 | 120 |
} catch (PermissionDeniedException e){ |
114 | 121 |
//IGNORE |
115 | 122 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/component/registration/RegistrationItemEditButtonGroup.java | ||
---|---|---|
25 | 25 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationBase; |
26 | 26 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
27 | 27 |
import eu.etaxonomy.cdm.vaadin.model.TypedEntityReference; |
28 |
import eu.etaxonomy.cdm.vaadin.security.PermissionDebugUtils; |
|
28 | 29 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper; |
29 | 30 |
import eu.etaxonomy.cdm.vaadin.util.converter.TypeDesignationSetManager.TypeDesignationWorkingSet; |
30 | 31 |
import eu.etaxonomy.cdm.vaadin.util.converter.TypeDesignationSetManager.TypeDesignationWorkingSetType; |
... | ... | |
74 | 75 |
nameIdButton = new IdButton<TaxonName>(TaxonName.class, regDto.getName().getId(), nameButton); |
75 | 76 |
Label nameLabel = new Label(regDto.getName().getLabel()); |
76 | 77 |
nameLabel.setWidthUndefined(); |
77 |
nameButton.setEnabled(!isRegistrationLocked && UserHelper.fromSession().userHasPermission(TaxonName.class, regDto.getName().getId(), CRUD.UPDATE)); |
|
78 |
boolean userHasPermission = UserHelper.fromSession().userHasPermission(regDto.registration().getName(), CRUD.UPDATE); |
|
79 |
nameButton.setEnabled(!isRegistrationLocked && userHasPermission); |
|
78 | 80 |
|
79 | 81 |
addComponent(nameIdButton.getButton()); |
80 |
// PermissionDebugUtils.fromSession().addGainPerEntityPermissionButton(this, TaxonName.class, regDto.getName().getId(), CRUD.UPDATE);
|
|
82 |
PermissionDebugUtils.fromSession().addGainPerEntityPermissionButton(this, TaxonName.class, regDto.getName().getId(), EnumSet.of(CRUD.UPDATE, CRUD.DELETE));
|
|
81 | 83 |
addComponent(nameLabel); |
82 | 84 |
} else { |
83 | 85 |
// no name in the registration! we only show the typified name as label |
src/main/java/eu/etaxonomy/cdm/vaadin/security/PermissionDebugUtils.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.util.EnumSet; |
|
12 |
|
|
13 |
import org.apache.log4j.Logger; |
|
14 |
import org.springframework.beans.factory.annotation.Autowired; |
|
15 |
import org.springframework.beans.factory.annotation.Qualifier; |
|
16 |
import org.springframework.context.annotation.Profile; |
|
17 |
import org.springframework.security.core.Authentication; |
|
18 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
19 |
import org.springframework.security.core.userdetails.UserDetails; |
|
20 |
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; |
|
21 |
|
|
22 |
import com.vaadin.server.FontAwesome; |
|
23 |
import com.vaadin.server.VaadinSession; |
|
24 |
import com.vaadin.spring.annotation.SpringComponent; |
|
25 |
import com.vaadin.spring.annotation.UIScope; |
|
26 |
import com.vaadin.ui.AbstractComponentContainer; |
|
27 |
import com.vaadin.ui.Button; |
|
28 |
import com.vaadin.ui.themes.ValoTheme; |
|
29 |
|
|
30 |
import eu.etaxonomy.cdm.api.application.CdmRepository; |
|
31 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
32 |
import eu.etaxonomy.cdm.model.common.User; |
|
33 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
34 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
35 |
import sun.security.provider.PolicyParser.ParsingException; |
|
36 |
|
|
37 |
/** |
|
38 |
* PermissionDebugUtils provide the following tools: |
|
39 |
* <ul> |
|
40 |
* <li>{@link #addGainPerEntityPermissionButton(AbstractComponentContainer, Class, Integer, EnumSet)}: |
|
41 |
* A button which gives a per entity authority to the current user.</li> |
|
42 |
* </ul> |
|
43 |
* |
|
44 |
* |
|
45 |
* |
|
46 |
* To enable the PermissionDebugUtils you need to activate the spring profile <code>debug</code>. You can add |
|
47 |
* <code>-Dspring.profiles.active=debug</code> to the command starting the jvm |
|
48 |
* or set this as an environment variable. |
|
49 |
* |
|
50 |
* @author a.kohlbecker |
|
51 |
* @since Oct 11, 2017 |
|
52 |
* |
|
53 |
*/ |
|
54 |
@SpringComponent |
|
55 |
@UIScope |
|
56 |
@Profile("debug") |
|
57 |
public class PermissionDebugUtils { |
|
58 |
|
|
59 |
|
|
60 |
private final static Logger logger = Logger.getLogger(PermissionDebugUtils.class); |
|
61 |
|
|
62 |
public static final String VADDIN_SESSION_KEY = "PERMISSION_DEBUG_UTILS"; |
|
63 |
|
|
64 |
public static final String SYSTEM_PROP_KEY = "GainPerEntityPermissionButtons"; |
|
65 |
|
|
66 |
|
|
67 |
@Autowired |
|
68 |
@Qualifier("cdmRepository") |
|
69 |
private CdmRepository repo; |
|
70 |
|
|
71 |
public PermissionDebugUtils() { |
|
72 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
73 |
} |
|
74 |
|
|
75 |
public static PermissionDebugUtils fromSession() { |
|
76 |
return (PermissionDebugUtils)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
77 |
} |
|
78 |
|
|
79 |
public Button addGainPerEntityPermissionButton(AbstractComponentContainer toContainer, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud){ |
|
80 |
Button button = gainPerEntityPermissionButton(cdmType, entitiyId, crud); |
|
81 |
if(button != null){ |
|
82 |
toContainer.addComponent(button); |
|
83 |
} |
|
84 |
return button; |
|
85 |
} |
|
86 |
|
|
87 |
public Button gainPerEntityPermissionButton(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud){ |
|
88 |
|
|
89 |
Button button = new Button(FontAwesome.BOLT); |
|
90 |
button.addClickListener(e -> createAuthority(cdmType, entitiyId, crud)); |
|
91 |
button.addStyleName(ValoTheme.BUTTON_DANGER); |
|
92 |
return button; |
|
93 |
|
|
94 |
} |
|
95 |
|
|
96 |
/** |
|
97 |
* @param cdmType |
|
98 |
* @param entitiyId |
|
99 |
* @param crud |
|
100 |
* @return |
|
101 |
*/ |
|
102 |
private void createAuthority(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud) { |
|
103 |
String username = UserHelper.fromSession().userName(); |
|
104 |
UserDetails userDetails = repo.getUserService().loadUserByUsername(username); |
|
105 |
if(userDetails != null){ |
|
106 |
User user = (User)userDetails; |
|
107 |
CdmBase entity = repo.getCommonService().find(cdmType, entitiyId); |
|
108 |
CdmAuthority authority = new CdmAuthority(entity, crud); |
|
109 |
try { |
|
110 |
user.getGrantedAuthorities().add(authority.asNewGrantedAuthority()); |
|
111 |
} catch (ParsingException e) { |
|
112 |
throw new RuntimeException(e); |
|
113 |
} |
|
114 |
repo.getUserService().saveOrUpdate(user); |
|
115 |
Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities()); |
|
116 |
SecurityContextHolder.getContext().setAuthentication(authentication); |
|
117 |
} |
|
118 |
} |
|
119 |
} |
src/main/java/eu/etaxonomy/vaadin/ui/navigation/NavigationManagerBean.java | ||
---|---|---|
22 | 22 |
import com.vaadin.ui.UI; |
23 | 23 |
import com.vaadin.ui.Window; |
24 | 24 |
|
25 |
import eu.etaxonomy.cdm.vaadin.security.PermissionDebugUtils; |
|
25 | 26 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper; |
26 | 27 |
import eu.etaxonomy.vaadin.mvp.AbstractEditorPresenter; |
27 | 28 |
import eu.etaxonomy.vaadin.mvp.AbstractPopupEditor; |
... | ... | |
52 | 53 |
@Autowired |
53 | 54 |
private PopupEditorFactory popupEditorFactory; |
54 | 55 |
|
56 |
/** |
|
57 |
* This reference will cause the scoped UserHelper being initialized |
|
58 |
* It is not used in this class but attaches itself to the vaadin session |
|
59 |
* from where it will be accessible via UserHelper.fromSession() |
|
60 |
*/ |
|
55 | 61 |
@Autowired |
56 | 62 |
private UserHelper userHelper; |
57 | 63 |
|
64 |
/** |
|
65 |
* This reference will cause the scoped PermissionDebugUtils being initialized. |
|
66 |
* It is not used in this class but attaches itself to the vaadin session |
|
67 |
* from where it will be accessible via UserHelper.fromSession() |
|
68 |
* |
|
69 |
* <b>NOTE:</b> PermissionDebugUtils is only available if the spring profile "debug" is active, |
|
70 |
* See |
|
71 |
*/ |
|
72 |
@Autowired(required=false) |
|
73 |
private PermissionDebugUtils permissionDebugUtils; |
|
74 |
|
|
58 | 75 |
private Map<PopupView, Window> popupMap; |
59 | 76 |
|
60 | 77 |
public NavigationManagerBean() { |
... | ... | |
179 | 196 |
* |
180 | 197 |
* @return the current view name or <code>null</code> |
181 | 198 |
*/ |
199 |
@Override |
|
182 | 200 |
public String getCurrentViewName() { |
183 | 201 |
SpringView springViewAnnotation = getCurrentView().getClass().getAnnotation(SpringView.class); |
184 | 202 |
if(springViewAnnotation != null){ |
Also available in: Unified diff
ref #6999 fixing permission evaluation and adding debug button to gain per entitiy permissions