Revision 877a8283
Added by Andreas Kohlbecker about 6 years ago
src/main/java/eu/etaxonomy/cdm/addon/config/CdmVaadinConfiguration.java | ||
---|---|---|
49 | 49 |
import eu.etaxonomy.cdm.cache.CdmTransientEntityCacher; |
50 | 50 |
import eu.etaxonomy.cdm.dataInserter.RegistrationRequiredDataInserter; |
51 | 51 |
import eu.etaxonomy.cdm.persistence.hibernate.GrantedAuthorityRevokingRegistrationUpdateLister; |
52 |
import eu.etaxonomy.cdm.vaadin.security.annotation.EnableAnnotationBasedAccessControl;
|
|
52 |
import eu.etaxonomy.cdm.vaadin.permission.annotation.EnableAnnotationBasedAccessControl;
|
|
53 | 53 |
import eu.etaxonomy.cdm.vaadin.ui.ConceptRelationshipUI; |
54 | 54 |
import eu.etaxonomy.cdm.vaadin.ui.DistributionStatusUI; |
55 | 55 |
import eu.etaxonomy.cdm.vaadin.ui.RegistrationUI; |
src/main/java/eu/etaxonomy/cdm/dataInserter/RegistrationRequiredDataInserter.java | ||
---|---|---|
54 | 54 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
55 | 55 |
import eu.etaxonomy.cdm.persistence.query.MatchMode; |
56 | 56 |
import eu.etaxonomy.cdm.vaadin.model.registration.KindOfUnitTerms; |
57 |
import eu.etaxonomy.cdm.vaadin.security.RolesAndPermissions;
|
|
57 |
import eu.etaxonomy.cdm.vaadin.permission.RolesAndPermissions;
|
|
58 | 58 |
|
59 | 59 |
/** |
60 | 60 |
* |
src/main/java/eu/etaxonomy/cdm/persistence/hibernate/GrantedAuthorityRevokingRegistrationUpdateLister.java | ||
---|---|---|
86 | 86 |
/** |
87 | 87 |
* Walks the entity graph of the Registration instance and collects all authorities which |
88 | 88 |
* could have been granted to users. Code parts in which this could have happened can be |
89 |
* found by searching for usage of the methods {@link eu.etaxonomy.cdm.vaadin.security.UserHelper#createAuthorityForCurrentUser(eu.etaxonomy.cdm.model.common.CdmBase, EnumSet, String)
|
|
90 |
* UserHelper.createAuthorityForCurrentUser(eu.etaxonomy.cdm.model.common.CdmBase, EnumSet, String)} and {@link eu.etaxonomy.cdm.vaadin.security.UserHelper#createAuthorityForCurrentUser(Class, Integer, EnumSet, String)
|
|
89 |
* found by searching for usage of the methods {@link eu.etaxonomy.cdm.vaadin.permission.UserHelper#createAuthorityForCurrentUser(eu.etaxonomy.cdm.model.common.CdmBase, EnumSet, String)
|
|
90 |
* UserHelper.createAuthorityForCurrentUser(eu.etaxonomy.cdm.model.common.CdmBase, EnumSet, String)} and {@link eu.etaxonomy.cdm.vaadin.permission.UserHelper#createAuthorityForCurrentUser(Class, Integer, EnumSet, String)
|
|
91 | 91 |
* UserHelper.createAuthorityForCurrentUser(Class, Integer, EnumSet, String)} |
92 | 92 |
* <p> |
93 | 93 |
* At the time of implementing this function these places are: |
src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java | ||
---|---|---|
38 | 38 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthorityParsingException; |
39 | 39 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator; |
40 | 40 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
41 |
import eu.etaxonomy.cdm.vaadin.security.RolesAndPermissions;
|
|
42 |
import eu.etaxonomy.cdm.vaadin.security.VaadinUserHelper;
|
|
41 |
import eu.etaxonomy.cdm.vaadin.permission.RolesAndPermissions;
|
|
42 |
import eu.etaxonomy.cdm.vaadin.permission.VaadinUserHelper;
|
|
43 | 43 |
|
44 | 44 |
/** |
45 | 45 |
* @author a.kohlbecker |
src/main/java/eu/etaxonomy/cdm/vaadin/component/common/PersonField.java | ||
---|---|---|
28 | 28 |
import eu.etaxonomy.cdm.model.agent.Person; |
29 | 29 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
30 | 30 |
import eu.etaxonomy.cdm.vaadin.component.TextFieldNFix; |
31 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
31 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
32 | 32 |
import eu.etaxonomy.vaadin.component.CompositeCustomField; |
33 | 33 |
import eu.etaxonomy.vaadin.component.SwitchButton; |
34 | 34 |
|
src/main/java/eu/etaxonomy/cdm/vaadin/component/common/TeamOrPersonField.java | ||
---|---|---|
33 | 33 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
34 | 34 |
import eu.etaxonomy.cdm.service.CdmFilterablePagingProvider; |
35 | 35 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityReloader; |
36 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
36 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
37 | 37 |
import eu.etaxonomy.cdm.vaadin.util.TeamOrPersonBaseCaptionGenerator; |
38 | 38 |
import eu.etaxonomy.cdm.vaadin.util.converter.CdmBaseDeproxyConverter; |
39 | 39 |
import eu.etaxonomy.cdm.vaadin.view.name.CachingPresenter; |
src/main/java/eu/etaxonomy/cdm/vaadin/component/registration/RegistrationItem.java | ||
---|---|---|
42 | 42 |
import eu.etaxonomy.cdm.vaadin.event.ReferenceEditorAction; |
43 | 43 |
import eu.etaxonomy.cdm.vaadin.event.ShowDetailsEvent; |
44 | 44 |
import eu.etaxonomy.cdm.vaadin.model.registration.RegistrationWorkingSet; |
45 |
import eu.etaxonomy.cdm.vaadin.security.PermissionDebugUtils;
|
|
46 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
45 |
import eu.etaxonomy.cdm.vaadin.permission.PermissionDebugUtils;
|
|
46 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
47 | 47 |
import eu.etaxonomy.cdm.vaadin.theme.EditValoTheme; |
48 | 48 |
import eu.etaxonomy.cdm.vaadin.util.formatter.DateTimeFormat; |
49 | 49 |
import eu.etaxonomy.cdm.vaadin.util.formatter.TimePeriodFormatter; |
src/main/java/eu/etaxonomy/cdm/vaadin/component/registration/RegistrationItemNameAndTypeButtons.java | ||
---|---|---|
32 | 32 |
import eu.etaxonomy.cdm.model.name.TypeDesignationBase; |
33 | 33 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationBase; |
34 | 34 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
35 |
import eu.etaxonomy.cdm.vaadin.security.PermissionDebugUtils;
|
|
36 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
35 |
import eu.etaxonomy.cdm.vaadin.permission.PermissionDebugUtils;
|
|
36 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
37 | 37 |
import eu.etaxonomy.vaadin.component.CompositeStyledComponent; |
38 | 38 |
|
39 | 39 |
/** |
src/main/java/eu/etaxonomy/cdm/vaadin/event/ToOneRelatedEntityButtonUpdater.java | ||
---|---|---|
13 | 13 |
|
14 | 14 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
15 | 15 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
16 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
16 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
17 | 17 |
import eu.etaxonomy.vaadin.component.ToOneRelatedEntityField; |
18 | 18 |
|
19 | 19 |
/** |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/AccessRestrictedView.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import java.util.Collection; |
|
12 |
|
|
13 |
import org.springframework.security.core.GrantedAuthority; |
|
14 |
|
|
15 |
/** |
|
16 |
* @author a.kohlbecker |
|
17 |
* @since Apr 25, 2017 |
|
18 |
* |
|
19 |
*/ |
|
20 |
public interface AccessRestrictedView extends ReleasableResourcesView { |
|
21 |
|
|
22 |
/** |
|
23 |
* @return |
|
24 |
*/ |
|
25 |
public boolean allowAnonymousAccess(); |
|
26 |
|
|
27 |
/** |
|
28 |
* The collections of {@link GrantedAuthority} objects returned by this method are |
|
29 |
* evaluated by the {@link AnnotationBasedAccessControlBean} to determine if the |
|
30 |
* current authentication is having sufficient grants to access the view. |
|
31 |
* <p> |
|
32 |
* The collections are alternative sets of GrantedAuthorities to check. |
|
33 |
* The GrantedAuthorities of each of the inner collections must instead all be satisfied. |
|
34 |
* |
|
35 |
* @return |
|
36 |
*/ |
|
37 |
public Collection<Collection<GrantedAuthority>> allowedGrantedAuthorities(); |
|
38 |
|
|
39 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/AnnotationBasedAccessControlBean.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import java.io.Serializable; |
|
12 |
|
|
13 |
import org.apache.log4j.Logger; |
|
14 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
|
15 |
import org.springframework.security.core.Authentication; |
|
16 |
import org.springframework.security.core.context.SecurityContext; |
|
17 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
18 |
|
|
19 |
import com.vaadin.navigator.View; |
|
20 |
import com.vaadin.spring.access.ViewInstanceAccessControl; |
|
21 |
import com.vaadin.ui.UI; |
|
22 |
|
|
23 |
/** |
|
24 |
* @author a.kohlbecker |
|
25 |
* @since Apr 24, 2017 |
|
26 |
* |
|
27 |
* |
|
28 |
* FIMXE consider renaming this class and its interface, since it is no longer annotation based!!!! |
|
29 |
*/ |
|
30 |
public class AnnotationBasedAccessControlBean implements ViewInstanceAccessControl, Serializable { |
|
31 |
|
|
32 |
private static final long serialVersionUID = -4232241572782673248L; |
|
33 |
|
|
34 |
private final static Logger logger = Logger.getLogger(AnnotationBasedAccessControlBean.class); |
|
35 |
|
|
36 |
/** |
|
37 |
* {@inheritDoc} |
|
38 |
*/ |
|
39 |
@Override |
|
40 |
public boolean isAccessGranted(UI ui, String beanName, View view) { |
|
41 |
|
|
42 |
// if(view.getClass().isAnnotationPresent(RequireAuthentication.class)){ |
|
43 |
// return currentSecurityContext().getAuthentication().isAuthenticated(); |
|
44 |
// } |
|
45 |
// no RequireAuthentication annotation => grant access |
|
46 |
|
|
47 |
if(AccessRestrictedView.class.isAssignableFrom(view.getClass())){ |
|
48 |
AccessRestrictedView restricedView = (AccessRestrictedView)view; |
|
49 |
if(restricedView.allowAnonymousAccess()){ |
|
50 |
if(logger.isTraceEnabled()){ |
|
51 |
logger.trace("anonymous access to " + view.getClass().getName() + " allowed"); |
|
52 |
} |
|
53 |
return true; |
|
54 |
} else { |
|
55 |
Authentication authentication = currentSecurityContext().getAuthentication(); |
|
56 |
if(authentication != null && authentication.isAuthenticated() && !(authentication instanceof AnonymousAuthenticationToken)) { |
|
57 |
if(logger.isTraceEnabled()){ |
|
58 |
logger.trace("allowing authenticated user " + authentication.getName() + " to access " + view.getClass().getName() ); |
|
59 |
} |
|
60 |
return true; |
|
61 |
} |
|
62 |
|
|
63 |
if(logger.isTraceEnabled()){ |
|
64 |
logger.trace("denying access to " + view.getClass().getName()); |
|
65 |
} |
|
66 |
restricedView.releaseResourcesOnAccessDenied(); |
|
67 |
return false; |
|
68 |
// FIMXE implement further checks |
|
69 |
// TODO use the UserHelperBean? |
|
70 |
} |
|
71 |
} |
|
72 |
|
|
73 |
return true; |
|
74 |
} |
|
75 |
|
|
76 |
/** |
|
77 |
* @return |
|
78 |
* |
|
79 |
* FIXME is it ok to use the SecurityContextHolder or do we need to hold the context in the vaadin session? |
|
80 |
*/ |
|
81 |
private SecurityContext currentSecurityContext() { |
|
82 |
return SecurityContextHolder.getContext(); |
|
83 |
} |
|
84 |
|
|
85 |
|
|
86 |
|
|
87 |
|
|
88 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/AnnotationBasedAccessControlConfiguration.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import org.springframework.context.annotation.Bean; |
|
12 |
import org.springframework.context.annotation.Configuration; |
|
13 |
|
|
14 |
import com.vaadin.spring.annotation.UIScope; |
|
15 |
|
|
16 |
/** |
|
17 |
* @author a.kohlbecker |
|
18 |
* @since Apr 24, 2017 |
|
19 |
* |
|
20 |
*/ |
|
21 |
@Configuration |
|
22 |
public class AnnotationBasedAccessControlConfiguration { |
|
23 |
|
|
24 |
@Bean |
|
25 |
@UIScope |
|
26 |
public AnnotationBasedAccessControlBean annotationBasedAccessControlBean() { |
|
27 |
return new AnnotationBasedAccessControlBean(); |
|
28 |
} |
|
29 |
|
|
30 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/CdmEditDeletePermissionTester.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2018 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
12 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
13 |
import eu.etaxonomy.vaadin.permission.EditPermissionTester; |
|
14 |
|
|
15 |
/** |
|
16 |
* To be used for {@link ToManyRelatedEntitiesComboboxSelect} |
|
17 |
* |
|
18 |
* @author a.kohlbecker |
|
19 |
* @since Apr 20, 2018 |
|
20 |
* |
|
21 |
*/ |
|
22 |
public class CdmEditDeletePermissionTester implements EditPermissionTester { |
|
23 |
@Override |
|
24 |
public boolean userHasEditPermission(Object bean) { |
|
25 |
return UserHelper.fromSession().userHasPermission((CdmBase)bean, CRUD.UPDATE, CRUD.DELETE); |
|
26 |
} |
|
27 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/PermissionDebugUtils.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import java.io.Serializable; |
|
12 |
import java.util.EnumSet; |
|
13 |
import java.util.UUID; |
|
14 |
|
|
15 |
import org.apache.log4j.Logger; |
|
16 |
import org.springframework.context.annotation.Profile; |
|
17 |
|
|
18 |
import com.vaadin.server.FontAwesome; |
|
19 |
import com.vaadin.server.VaadinSession; |
|
20 |
import com.vaadin.spring.annotation.SpringComponent; |
|
21 |
import com.vaadin.spring.annotation.UIScope; |
|
22 |
import com.vaadin.ui.AbstractComponentContainer; |
|
23 |
import com.vaadin.ui.Button; |
|
24 |
import com.vaadin.ui.themes.ValoTheme; |
|
25 |
|
|
26 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
27 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
28 |
|
|
29 |
/** |
|
30 |
* PermissionDebugUtils provide the following tools: |
|
31 |
* <ul> |
|
32 |
* <li>{@link #addGainPerEntityPermissionButton(AbstractComponentContainer, Class, Integer, EnumSet)}: |
|
33 |
* A button which gives a per entity authority to the current user.</li> |
|
34 |
* </ul> |
|
35 |
* |
|
36 |
* |
|
37 |
* |
|
38 |
* To enable the PermissionDebugUtils you need to activate the spring profile <code>debug</code>. You can add |
|
39 |
* <code>-Dspring.profiles.active=debug</code> to the command starting the jvm |
|
40 |
* or set this as an environment variable. |
|
41 |
* |
|
42 |
* @author a.kohlbecker |
|
43 |
* @since Oct 11, 2017 |
|
44 |
* |
|
45 |
*/ |
|
46 |
@SpringComponent |
|
47 |
@UIScope |
|
48 |
@Profile("debug") |
|
49 |
public class PermissionDebugUtils implements Serializable { |
|
50 |
|
|
51 |
private static final long serialVersionUID = -210079304170235459L; |
|
52 |
|
|
53 |
private final static Logger logger = Logger.getLogger(PermissionDebugUtils.class); |
|
54 |
|
|
55 |
public static final String VADDIN_SESSION_KEY = "PERMISSION_DEBUG_UTILS"; |
|
56 |
|
|
57 |
public static final String SYSTEM_PROP_KEY = "GainPerEntityPermissionButtons"; |
|
58 |
|
|
59 |
|
|
60 |
public PermissionDebugUtils() { |
|
61 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
62 |
} |
|
63 |
|
|
64 |
public static PermissionDebugUtils fromSession() { |
|
65 |
return (PermissionDebugUtils)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
66 |
} |
|
67 |
|
|
68 |
public static Button addGainPerEntityPermissionButton(AbstractComponentContainer toContainer, Class<? extends CdmBase> cdmType, |
|
69 |
UUID entitiyUuid, EnumSet<CRUD> crud, String property){ |
|
70 |
|
|
71 |
PermissionDebugUtils pu = PermissionDebugUtils.fromSession(); |
|
72 |
if(pu != null){ |
|
73 |
Button button = pu.gainPerEntityPermissionButton(cdmType, entitiyUuid, crud, property); |
|
74 |
if(button != null){ |
|
75 |
toContainer.addComponent(button); |
|
76 |
} |
|
77 |
return button; |
|
78 |
} |
|
79 |
return null; |
|
80 |
} |
|
81 |
|
|
82 |
public Button gainPerEntityPermissionButton(Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property){ |
|
83 |
|
|
84 |
Button button = new Button(FontAwesome.BOLT); |
|
85 |
button.addClickListener(e -> UserHelper.fromSession().createAuthorityFor(UserHelper.fromSession().userName(), cdmType, entitiyUuid, crud, property)); |
|
86 |
button.addStyleName(ValoTheme.BUTTON_DANGER); |
|
87 |
return button; |
|
88 |
|
|
89 |
} |
|
90 |
|
|
91 |
|
|
92 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/ReleasableResourcesView.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
/** |
|
12 |
* @author a.kohlbecker |
|
13 |
* @since 25.10.2017 |
|
14 |
* |
|
15 |
*/ |
|
16 |
public interface ReleasableResourcesView { |
|
17 |
|
|
18 |
/** |
|
19 |
* Callback |
|
20 |
*/ |
|
21 |
public void releaseResourcesOnAccessDenied(); |
|
22 |
|
|
23 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/RolesAndPermissions.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import java.util.UUID; |
|
12 |
|
|
13 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
14 |
|
|
15 |
/** |
|
16 |
* Provides the Roles required by the |
|
17 |
* vaadin applications. |
|
18 |
* |
|
19 |
* @author a.kohlbecker |
|
20 |
* @since May 8, 2017 |
|
21 |
* |
|
22 |
*/ |
|
23 |
public class RolesAndPermissions { |
|
24 |
|
|
25 |
public static final Role ROLE_CURATION = new Role(UUID.fromString("642d9ea7-f18c-4ac3-b437-ed05ce5461c3"), "ROLE_CURATION"); |
|
26 |
|
|
27 |
|
|
28 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/UserHelper.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import java.util.EnumSet; |
|
12 |
import java.util.UUID; |
|
13 |
|
|
14 |
import com.vaadin.server.VaadinSession; |
|
15 |
|
|
16 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
17 |
import eu.etaxonomy.cdm.model.common.User; |
|
18 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
19 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
20 |
|
|
21 |
/** |
|
22 |
* UserHelper interface. Implementations should use the {@link #VADDIN_SESSION_KEY} to auto registers |
|
23 |
* in the VaadinSession. |
|
24 |
* |
|
25 |
* @author a.kohlbecker |
|
26 |
* @since May 23, 2017 |
|
27 |
* |
|
28 |
*/ |
|
29 |
public interface UserHelper { |
|
30 |
|
|
31 |
public static final String VADDIN_SESSION_KEY = "USER_HELPER"; |
|
32 |
|
|
33 |
/** |
|
34 |
* Static accessor method to obtain the auto-registered UserHelper-Bean from the |
|
35 |
* VaadinSession. |
|
36 |
* |
|
37 |
* @return |
|
38 |
*/ |
|
39 |
public static UserHelper fromSession() { |
|
40 |
return (UserHelper)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
41 |
} |
|
42 |
|
|
43 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, Integer entitiyId, Object ... args); |
|
44 |
|
|
45 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, UUID entitiyUUID, Object ... args); |
|
46 |
|
|
47 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, Object ... args); |
|
48 |
|
|
49 |
boolean userHasPermission(CdmBase entity, Object ... args); |
|
50 |
|
|
51 |
boolean userIsRegistrationCurator(); |
|
52 |
|
|
53 |
boolean userIsAdmin(); |
|
54 |
|
|
55 |
User user(); |
|
56 |
|
|
57 |
String userName(); |
|
58 |
|
|
59 |
boolean userIsAnnonymous(); |
|
60 |
|
|
61 |
boolean userIsAutheticated(); |
|
62 |
|
|
63 |
/** |
|
64 |
* |
|
65 |
* @param username |
|
66 |
* @param cdmEntity |
|
67 |
* @param crud |
|
68 |
* @param property |
|
69 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
70 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
71 |
*/ |
|
72 |
public CdmAuthority createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property); |
|
73 |
|
|
74 |
/** |
|
75 |
* |
|
76 |
* @param username |
|
77 |
* @param cdmType |
|
78 |
* @param entitiyId |
|
79 |
* @param crud |
|
80 |
* @param property |
|
81 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
82 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
83 |
*/ |
|
84 |
public CdmAuthority createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property); |
|
85 |
|
|
86 |
|
|
87 |
/** |
|
88 |
* |
|
89 |
* @param username |
|
90 |
* @param cdmType |
|
91 |
* @param entitiyUuid |
|
92 |
* @param crud |
|
93 |
* @param property |
|
94 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
95 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
96 |
*/ |
|
97 |
public CdmAuthority createAuthorityFor(String username, Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property); |
|
98 |
|
|
99 |
|
|
100 |
/** |
|
101 |
* @param cdmType |
|
102 |
* @param entitiyId |
|
103 |
* @param crud |
|
104 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
105 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
106 |
*/ |
|
107 |
public CdmAuthority createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property); |
|
108 |
|
|
109 |
/** |
|
110 |
* @param cdmType |
|
111 |
* @param entitiyUuid |
|
112 |
* @param crud |
|
113 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
114 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
115 |
*/ |
|
116 |
public CdmAuthority createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property); |
|
117 |
|
|
118 |
/** |
|
119 |
* @param cdmType |
|
120 |
* @param entitiyId |
|
121 |
* @param crud |
|
122 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
123 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
124 |
*/ |
|
125 |
public CdmAuthority createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property); |
|
126 |
|
|
127 |
/** |
|
128 |
* @param newAuthority |
|
129 |
*/ |
|
130 |
public void removeAuthorityForCurrentUser(CdmAuthority newAuthority); |
|
131 |
|
|
132 |
/** |
|
133 |
* @param username |
|
134 |
* @param newAuthority |
|
135 |
*/ |
|
136 |
public void removeAuthorityForCurrentUser(String username, CdmAuthority newAuthority); |
|
137 |
|
|
138 |
|
|
139 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/VaadinUserHelper.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission; |
|
10 |
|
|
11 |
import com.vaadin.server.VaadinSession; |
|
12 |
|
|
13 |
/** |
|
14 |
* Abstract UserHelper which auto registers in the VaadinSession. |
|
15 |
* |
|
16 |
* @author a.kohlbecker |
|
17 |
* @since May 23, 2017 |
|
18 |
* |
|
19 |
*/ |
|
20 |
public abstract class VaadinUserHelper implements UserHelper { |
|
21 |
|
|
22 |
public VaadinUserHelper() { |
|
23 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
24 |
} |
|
25 |
|
|
26 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/annotation/EnableAnnotationBasedAccessControl.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission.annotation; |
|
10 |
|
|
11 |
import static java.lang.annotation.ElementType.TYPE; |
|
12 |
import static java.lang.annotation.RetentionPolicy.RUNTIME; |
|
13 |
|
|
14 |
import java.lang.annotation.Documented; |
|
15 |
import java.lang.annotation.Retention; |
|
16 |
import java.lang.annotation.Target; |
|
17 |
|
|
18 |
import org.springframework.context.annotation.Import; |
|
19 |
|
|
20 |
import eu.etaxonomy.cdm.vaadin.permission.AnnotationBasedAccessControlConfiguration; |
|
21 |
|
|
22 |
@Documented |
|
23 |
@Retention(RUNTIME) |
|
24 |
@Target(TYPE) |
|
25 |
@Import(AnnotationBasedAccessControlConfiguration.class) |
|
26 |
/** |
|
27 |
* @author a.kohlbecker |
|
28 |
* @since Apr 24, 2017 |
|
29 |
* |
|
30 |
*/ |
|
31 |
public @interface EnableAnnotationBasedAccessControl { |
|
32 |
|
|
33 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/permission/annotation/RequireAuthentication.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.permission.annotation; |
|
10 |
|
|
11 |
import java.lang.annotation.Documented; |
|
12 |
import java.lang.annotation.ElementType; |
|
13 |
import java.lang.annotation.Retention; |
|
14 |
import java.lang.annotation.RetentionPolicy; |
|
15 |
import java.lang.annotation.Target; |
|
16 |
|
|
17 |
/** |
|
18 |
* Annotate a Spring View with this to require users to authenticate. |
|
19 |
* |
|
20 |
* @author a.kohlbecker |
|
21 |
* @since Apr 24, 2017 |
|
22 |
* |
|
23 |
*/ |
|
24 |
|
|
25 |
@Target({ ElementType.TYPE}) |
|
26 |
@Retention(RetentionPolicy.RUNTIME) |
|
27 |
@Documented |
|
28 |
public @interface RequireAuthentication { |
|
29 |
|
|
30 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/AccessRestrictedView.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.util.Collection; |
|
12 |
|
|
13 |
import org.springframework.security.core.GrantedAuthority; |
|
14 |
|
|
15 |
/** |
|
16 |
* @author a.kohlbecker |
|
17 |
* @since Apr 25, 2017 |
|
18 |
* |
|
19 |
*/ |
|
20 |
public interface AccessRestrictedView extends ReleasableResourcesView { |
|
21 |
|
|
22 |
/** |
|
23 |
* @return |
|
24 |
*/ |
|
25 |
public boolean allowAnonymousAccess(); |
|
26 |
|
|
27 |
/** |
|
28 |
* The collections of {@link GrantedAuthority} objects returned by this method are |
|
29 |
* evaluated by the {@link AnnotationBasedAccessControlBean} to determine if the |
|
30 |
* current authentication is having sufficient grants to access the view. |
|
31 |
* <p> |
|
32 |
* The collections are alternative sets of GrantedAuthorities to check. |
|
33 |
* The GrantedAuthorities of each of the inner collections must instead all be satisfied. |
|
34 |
* |
|
35 |
* @return |
|
36 |
*/ |
|
37 |
public Collection<Collection<GrantedAuthority>> allowedGrantedAuthorities(); |
|
38 |
|
|
39 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/AnnotationBasedAccessControlBean.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.io.Serializable; |
|
12 |
|
|
13 |
import org.apache.log4j.Logger; |
|
14 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
|
15 |
import org.springframework.security.core.Authentication; |
|
16 |
import org.springframework.security.core.context.SecurityContext; |
|
17 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
18 |
|
|
19 |
import com.vaadin.navigator.View; |
|
20 |
import com.vaadin.spring.access.ViewInstanceAccessControl; |
|
21 |
import com.vaadin.ui.UI; |
|
22 |
|
|
23 |
/** |
|
24 |
* @author a.kohlbecker |
|
25 |
* @since Apr 24, 2017 |
|
26 |
* |
|
27 |
* |
|
28 |
* FIMXE consider renaming this class and its interface, since it is no longer annotation based!!!! |
|
29 |
*/ |
|
30 |
public class AnnotationBasedAccessControlBean implements ViewInstanceAccessControl, Serializable { |
|
31 |
|
|
32 |
private static final long serialVersionUID = -4232241572782673248L; |
|
33 |
|
|
34 |
private final static Logger logger = Logger.getLogger(AnnotationBasedAccessControlBean.class); |
|
35 |
|
|
36 |
/** |
|
37 |
* {@inheritDoc} |
|
38 |
*/ |
|
39 |
@Override |
|
40 |
public boolean isAccessGranted(UI ui, String beanName, View view) { |
|
41 |
|
|
42 |
// if(view.getClass().isAnnotationPresent(RequireAuthentication.class)){ |
|
43 |
// return currentSecurityContext().getAuthentication().isAuthenticated(); |
|
44 |
// } |
|
45 |
// no RequireAuthentication annotation => grant access |
|
46 |
|
|
47 |
if(AccessRestrictedView.class.isAssignableFrom(view.getClass())){ |
|
48 |
AccessRestrictedView restricedView = (AccessRestrictedView)view; |
|
49 |
if(restricedView.allowAnonymousAccess()){ |
|
50 |
if(logger.isTraceEnabled()){ |
|
51 |
logger.trace("anonymous access to " + view.getClass().getName() + " allowed"); |
|
52 |
} |
|
53 |
return true; |
|
54 |
} else { |
|
55 |
Authentication authentication = currentSecurityContext().getAuthentication(); |
|
56 |
if(authentication != null && authentication.isAuthenticated() && !(authentication instanceof AnonymousAuthenticationToken)) { |
|
57 |
if(logger.isTraceEnabled()){ |
|
58 |
logger.trace("allowing authenticated user " + authentication.getName() + " to access " + view.getClass().getName() ); |
|
59 |
} |
|
60 |
return true; |
|
61 |
} |
|
62 |
|
|
63 |
if(logger.isTraceEnabled()){ |
|
64 |
logger.trace("denying access to " + view.getClass().getName()); |
|
65 |
} |
|
66 |
restricedView.releaseResourcesOnAccessDenied(); |
|
67 |
return false; |
|
68 |
// FIMXE implement further checks |
|
69 |
// TODO use the UserHelperBean? |
|
70 |
} |
|
71 |
} |
|
72 |
|
|
73 |
return true; |
|
74 |
} |
|
75 |
|
|
76 |
/** |
|
77 |
* @return |
|
78 |
* |
|
79 |
* FIXME is it ok to use the SecurityContextHolder or do we need to hold the context in the vaadin session? |
|
80 |
*/ |
|
81 |
private SecurityContext currentSecurityContext() { |
|
82 |
return SecurityContextHolder.getContext(); |
|
83 |
} |
|
84 |
|
|
85 |
|
|
86 |
|
|
87 |
|
|
88 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/AnnotationBasedAccessControlConfiguration.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import org.springframework.context.annotation.Bean; |
|
12 |
import org.springframework.context.annotation.Configuration; |
|
13 |
|
|
14 |
import com.vaadin.spring.annotation.UIScope; |
|
15 |
|
|
16 |
/** |
|
17 |
* @author a.kohlbecker |
|
18 |
* @since Apr 24, 2017 |
|
19 |
* |
|
20 |
*/ |
|
21 |
@Configuration |
|
22 |
public class AnnotationBasedAccessControlConfiguration { |
|
23 |
|
|
24 |
@Bean |
|
25 |
@UIScope |
|
26 |
public AnnotationBasedAccessControlBean annotationBasedAccessControlBean() { |
|
27 |
return new AnnotationBasedAccessControlBean(); |
|
28 |
} |
|
29 |
|
|
30 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/CdmEditDeletePermissionTester.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2018 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
12 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
13 |
import eu.etaxonomy.vaadin.permission.EditPermissionTester; |
|
14 |
|
|
15 |
/** |
|
16 |
* To be used for {@link ToManyRelatedEntitiesComboboxSelect} |
|
17 |
* |
|
18 |
* @author a.kohlbecker |
|
19 |
* @since Apr 20, 2018 |
|
20 |
* |
|
21 |
*/ |
|
22 |
public class CdmEditDeletePermissionTester implements EditPermissionTester { |
|
23 |
@Override |
|
24 |
public boolean userHasEditPermission(Object bean) { |
|
25 |
return UserHelper.fromSession().userHasPermission((CdmBase)bean, CRUD.UPDATE, CRUD.DELETE); |
|
26 |
} |
|
27 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/PermissionDebugUtils.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.io.Serializable; |
|
12 |
import java.util.EnumSet; |
|
13 |
import java.util.UUID; |
|
14 |
|
|
15 |
import org.apache.log4j.Logger; |
|
16 |
import org.springframework.context.annotation.Profile; |
|
17 |
|
|
18 |
import com.vaadin.server.FontAwesome; |
|
19 |
import com.vaadin.server.VaadinSession; |
|
20 |
import com.vaadin.spring.annotation.SpringComponent; |
|
21 |
import com.vaadin.spring.annotation.UIScope; |
|
22 |
import com.vaadin.ui.AbstractComponentContainer; |
|
23 |
import com.vaadin.ui.Button; |
|
24 |
import com.vaadin.ui.themes.ValoTheme; |
|
25 |
|
|
26 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
27 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
28 |
|
|
29 |
/** |
|
30 |
* PermissionDebugUtils provide the following tools: |
|
31 |
* <ul> |
|
32 |
* <li>{@link #addGainPerEntityPermissionButton(AbstractComponentContainer, Class, Integer, EnumSet)}: |
|
33 |
* A button which gives a per entity authority to the current user.</li> |
|
34 |
* </ul> |
|
35 |
* |
|
36 |
* |
|
37 |
* |
|
38 |
* To enable the PermissionDebugUtils you need to activate the spring profile <code>debug</code>. You can add |
|
39 |
* <code>-Dspring.profiles.active=debug</code> to the command starting the jvm |
|
40 |
* or set this as an environment variable. |
|
41 |
* |
|
42 |
* @author a.kohlbecker |
|
43 |
* @since Oct 11, 2017 |
|
44 |
* |
|
45 |
*/ |
|
46 |
@SpringComponent |
|
47 |
@UIScope |
|
48 |
@Profile("debug") |
|
49 |
public class PermissionDebugUtils implements Serializable { |
|
50 |
|
|
51 |
private static final long serialVersionUID = -210079304170235459L; |
|
52 |
|
|
53 |
private final static Logger logger = Logger.getLogger(PermissionDebugUtils.class); |
|
54 |
|
|
55 |
public static final String VADDIN_SESSION_KEY = "PERMISSION_DEBUG_UTILS"; |
|
56 |
|
|
57 |
public static final String SYSTEM_PROP_KEY = "GainPerEntityPermissionButtons"; |
|
58 |
|
|
59 |
|
|
60 |
public PermissionDebugUtils() { |
|
61 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
62 |
} |
|
63 |
|
|
64 |
public static PermissionDebugUtils fromSession() { |
|
65 |
return (PermissionDebugUtils)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
66 |
} |
|
67 |
|
|
68 |
public static Button addGainPerEntityPermissionButton(AbstractComponentContainer toContainer, Class<? extends CdmBase> cdmType, |
|
69 |
UUID entitiyUuid, EnumSet<CRUD> crud, String property){ |
|
70 |
|
|
71 |
PermissionDebugUtils pu = PermissionDebugUtils.fromSession(); |
|
72 |
if(pu != null){ |
|
73 |
Button button = pu.gainPerEntityPermissionButton(cdmType, entitiyUuid, crud, property); |
|
74 |
if(button != null){ |
|
75 |
toContainer.addComponent(button); |
|
76 |
} |
|
77 |
return button; |
|
78 |
} |
|
79 |
return null; |
|
80 |
} |
|
81 |
|
|
82 |
public Button gainPerEntityPermissionButton(Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property){ |
|
83 |
|
|
84 |
Button button = new Button(FontAwesome.BOLT); |
|
85 |
button.addClickListener(e -> UserHelper.fromSession().createAuthorityFor(UserHelper.fromSession().userName(), cdmType, entitiyUuid, crud, property)); |
|
86 |
button.addStyleName(ValoTheme.BUTTON_DANGER); |
|
87 |
return button; |
|
88 |
|
|
89 |
} |
|
90 |
|
|
91 |
|
|
92 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/ReleasableResourcesView.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
/** |
|
12 |
* @author a.kohlbecker |
|
13 |
* @since 25.10.2017 |
|
14 |
* |
|
15 |
*/ |
|
16 |
public interface ReleasableResourcesView { |
|
17 |
|
|
18 |
/** |
|
19 |
* Callback |
|
20 |
*/ |
|
21 |
public void releaseResourcesOnAccessDenied(); |
|
22 |
|
|
23 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/RolesAndPermissions.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.util.UUID; |
|
12 |
|
|
13 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
14 |
|
|
15 |
/** |
|
16 |
* Provides the Roles required by the |
|
17 |
* vaadin applications. |
|
18 |
* |
|
19 |
* @author a.kohlbecker |
|
20 |
* @since May 8, 2017 |
|
21 |
* |
|
22 |
*/ |
|
23 |
public class RolesAndPermissions { |
|
24 |
|
|
25 |
public static final Role ROLE_CURATION = new Role(UUID.fromString("642d9ea7-f18c-4ac3-b437-ed05ce5461c3"), "ROLE_CURATION"); |
|
26 |
|
|
27 |
|
|
28 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/UserHelper.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import java.util.EnumSet; |
|
12 |
import java.util.UUID; |
|
13 |
|
|
14 |
import com.vaadin.server.VaadinSession; |
|
15 |
|
|
16 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
17 |
import eu.etaxonomy.cdm.model.common.User; |
|
18 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
19 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
20 |
|
|
21 |
/** |
|
22 |
* UserHelper interface. Implementations should use the {@link #VADDIN_SESSION_KEY} to auto registers |
|
23 |
* in the VaadinSession. |
|
24 |
* |
|
25 |
* @author a.kohlbecker |
|
26 |
* @since May 23, 2017 |
|
27 |
* |
|
28 |
*/ |
|
29 |
public interface UserHelper { |
|
30 |
|
|
31 |
public static final String VADDIN_SESSION_KEY = "USER_HELPER"; |
|
32 |
|
|
33 |
/** |
|
34 |
* Static accessor method to obtain the auto-registered UserHelper-Bean from the |
|
35 |
* VaadinSession. |
|
36 |
* |
|
37 |
* @return |
|
38 |
*/ |
|
39 |
public static UserHelper fromSession() { |
|
40 |
return (UserHelper)VaadinSession.getCurrent().getAttribute(VADDIN_SESSION_KEY); |
|
41 |
} |
|
42 |
|
|
43 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, Integer entitiyId, Object ... args); |
|
44 |
|
|
45 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, UUID entitiyUUID, Object ... args); |
|
46 |
|
|
47 |
boolean userHasPermission(Class<? extends CdmBase> cdmType, Object ... args); |
|
48 |
|
|
49 |
boolean userHasPermission(CdmBase entity, Object ... args); |
|
50 |
|
|
51 |
boolean userIsRegistrationCurator(); |
|
52 |
|
|
53 |
boolean userIsAdmin(); |
|
54 |
|
|
55 |
User user(); |
|
56 |
|
|
57 |
String userName(); |
|
58 |
|
|
59 |
boolean userIsAnnonymous(); |
|
60 |
|
|
61 |
boolean userIsAutheticated(); |
|
62 |
|
|
63 |
/** |
|
64 |
* |
|
65 |
* @param username |
|
66 |
* @param cdmEntity |
|
67 |
* @param crud |
|
68 |
* @param property |
|
69 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
70 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
71 |
*/ |
|
72 |
public CdmAuthority createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property); |
|
73 |
|
|
74 |
/** |
|
75 |
* |
|
76 |
* @param username |
|
77 |
* @param cdmType |
|
78 |
* @param entitiyId |
|
79 |
* @param crud |
|
80 |
* @param property |
|
81 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
82 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
83 |
*/ |
|
84 |
public CdmAuthority createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property); |
|
85 |
|
|
86 |
|
|
87 |
/** |
|
88 |
* |
|
89 |
* @param username |
|
90 |
* @param cdmType |
|
91 |
* @param entitiyUuid |
|
92 |
* @param crud |
|
93 |
* @param property |
|
94 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
95 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
96 |
*/ |
|
97 |
public CdmAuthority createAuthorityFor(String username, Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property); |
|
98 |
|
|
99 |
|
|
100 |
/** |
|
101 |
* @param cdmType |
|
102 |
* @param entitiyId |
|
103 |
* @param crud |
|
104 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
105 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
106 |
*/ |
|
107 |
public CdmAuthority createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property); |
|
108 |
|
|
109 |
/** |
|
110 |
* @param cdmType |
|
111 |
* @param entitiyUuid |
|
112 |
* @param crud |
|
113 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
114 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
115 |
*/ |
|
116 |
public CdmAuthority createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, UUID entitiyUuid, EnumSet<CRUD> crud, String property); |
|
117 |
|
|
118 |
/** |
|
119 |
* @param cdmType |
|
120 |
* @param entitiyId |
|
121 |
* @param crud |
|
122 |
* @return the newly created CdmAuthority only if a new CdmAuthority has been added to the user otherwise |
|
123 |
* <code>null</code> in case the operation failed of if the user was already granted with this authority. |
|
124 |
*/ |
|
125 |
public CdmAuthority createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property); |
|
126 |
|
|
127 |
/** |
|
128 |
* @param newAuthority |
|
129 |
*/ |
|
130 |
public void removeAuthorityForCurrentUser(CdmAuthority newAuthority); |
|
131 |
|
|
132 |
/** |
|
133 |
* @param username |
|
134 |
* @param newAuthority |
|
135 |
*/ |
|
136 |
public void removeAuthorityForCurrentUser(String username, CdmAuthority newAuthority); |
|
137 |
|
|
138 |
|
|
139 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/VaadinUserHelper.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security; |
|
10 |
|
|
11 |
import com.vaadin.server.VaadinSession; |
|
12 |
|
|
13 |
/** |
|
14 |
* Abstract UserHelper which auto registers in the VaadinSession. |
|
15 |
* |
|
16 |
* @author a.kohlbecker |
|
17 |
* @since May 23, 2017 |
|
18 |
* |
|
19 |
*/ |
|
20 |
public abstract class VaadinUserHelper implements UserHelper { |
|
21 |
|
|
22 |
public VaadinUserHelper() { |
|
23 |
VaadinSession.getCurrent().setAttribute(VADDIN_SESSION_KEY, this); |
|
24 |
} |
|
25 |
|
|
26 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/annotation/EnableAnnotationBasedAccessControl.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security.annotation; |
|
10 |
|
|
11 |
import static java.lang.annotation.ElementType.TYPE; |
|
12 |
import static java.lang.annotation.RetentionPolicy.RUNTIME; |
|
13 |
|
|
14 |
import java.lang.annotation.Documented; |
|
15 |
import java.lang.annotation.Retention; |
|
16 |
import java.lang.annotation.Target; |
|
17 |
|
|
18 |
import org.springframework.context.annotation.Import; |
|
19 |
|
|
20 |
import eu.etaxonomy.cdm.vaadin.security.AnnotationBasedAccessControlConfiguration; |
|
21 |
|
|
22 |
@Documented |
|
23 |
@Retention(RUNTIME) |
|
24 |
@Target(TYPE) |
|
25 |
@Import(AnnotationBasedAccessControlConfiguration.class) |
|
26 |
/** |
|
27 |
* @author a.kohlbecker |
|
28 |
* @since Apr 24, 2017 |
|
29 |
* |
|
30 |
*/ |
|
31 |
public @interface EnableAnnotationBasedAccessControl { |
|
32 |
|
|
33 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/security/annotation/RequireAuthentication.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.vaadin.security.annotation; |
|
10 |
|
|
11 |
import java.lang.annotation.Documented; |
|
12 |
import java.lang.annotation.ElementType; |
|
13 |
import java.lang.annotation.Retention; |
|
14 |
import java.lang.annotation.RetentionPolicy; |
|
15 |
import java.lang.annotation.Target; |
|
16 |
|
|
17 |
/** |
|
18 |
* Annotate a Spring View with this to require users to authenticate. |
|
19 |
* |
|
20 |
* @author a.kohlbecker |
|
21 |
* @since Apr 24, 2017 |
|
22 |
* |
|
23 |
*/ |
|
24 |
|
|
25 |
@Target({ ElementType.TYPE}) |
|
26 |
@Retention(RetentionPolicy.RUNTIME) |
|
27 |
@Documented |
|
28 |
public @interface RequireAuthentication { |
|
29 |
|
|
30 |
} |
src/main/java/eu/etaxonomy/cdm/vaadin/ui/DistributionStatusUI.java | ||
---|---|---|
17 | 17 |
import com.vaadin.spring.navigator.SpringViewProvider; |
18 | 18 |
import com.vaadin.ui.UI; |
19 | 19 |
|
20 |
import eu.etaxonomy.cdm.vaadin.security.ReleasableResourcesView;
|
|
20 |
import eu.etaxonomy.cdm.vaadin.permission.ReleasableResourcesView;
|
|
21 | 21 |
import eu.etaxonomy.cdm.vaadin.view.RedirectToLoginView; |
22 | 22 |
import eu.etaxonomy.cdm.vaadin.view.distributionStatus.DistributionTableViewBean; |
23 | 23 |
import eu.etaxonomy.vaadin.ui.UIInitializedEvent; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/distributionStatus/DistributionTableViewBean.java | ||
---|---|---|
53 | 53 |
import eu.etaxonomy.cdm.vaadin.container.CdmSQLContainer; |
54 | 54 |
import eu.etaxonomy.cdm.vaadin.event.error.DelegatingErrorHandler; |
55 | 55 |
import eu.etaxonomy.cdm.vaadin.event.error.HibernateExceptionHandler; |
56 |
import eu.etaxonomy.cdm.vaadin.security.AccessRestrictedView;
|
|
56 |
import eu.etaxonomy.cdm.vaadin.permission.AccessRestrictedView;
|
|
57 | 57 |
import eu.etaxonomy.cdm.vaadin.util.CdmQueryFactory; |
58 | 58 |
import eu.etaxonomy.cdm.vaadin.util.CdmSpringContextHelper; |
59 | 59 |
import eu.etaxonomy.cdm.vaadin.util.DistributionEditorUtil; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/NameTypeDesignationPopupEditor.java | ||
---|---|---|
21 | 21 |
import eu.etaxonomy.cdm.model.name.TaxonName; |
22 | 22 |
import eu.etaxonomy.cdm.model.reference.Reference; |
23 | 23 |
import eu.etaxonomy.cdm.vaadin.event.TaxonNameEditorAction; |
24 |
import eu.etaxonomy.cdm.vaadin.security.CdmEditDeletePermissionTester;
|
|
24 |
import eu.etaxonomy.cdm.vaadin.permission.CdmEditDeletePermissionTester;
|
|
25 | 25 |
import eu.etaxonomy.cdm.vaadin.util.converter.SetToListConverter; |
26 | 26 |
import eu.etaxonomy.vaadin.component.ToManyRelatedEntitiesComboboxSelect; |
27 | 27 |
import eu.etaxonomy.vaadin.component.ToOneRelatedEntityCombobox; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/NameTypeDesignationPresenter.java | ||
---|---|---|
36 | 36 |
import eu.etaxonomy.cdm.vaadin.event.EditorActionTypeFilter; |
37 | 37 |
import eu.etaxonomy.cdm.vaadin.event.EntityChangeEvent; |
38 | 38 |
import eu.etaxonomy.cdm.vaadin.event.EntityChangeEvent.Type; |
39 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper; |
|
39 | 40 |
import eu.etaxonomy.cdm.vaadin.event.TaxonNameEditorAction; |
40 | 41 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityButtonUpdater; |
41 | 42 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityReloader; |
42 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper; |
|
43 | 43 |
import eu.etaxonomy.cdm.vaadin.util.CdmTitleCacheCaptionGenerator; |
44 | 44 |
import eu.etaxonomy.vaadin.mvp.AbstractCdmEditorPresenter; |
45 | 45 |
import eu.etaxonomy.vaadin.mvp.AbstractView; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/SpecimenTypeDesignationWorkingsetEditorPresenter.java | ||
---|---|---|
48 | 48 |
import eu.etaxonomy.cdm.vaadin.model.registration.RegistrationTermLists; |
49 | 49 |
import eu.etaxonomy.cdm.vaadin.model.registration.SpecimenTypeDesignationDTO; |
50 | 50 |
import eu.etaxonomy.cdm.vaadin.model.registration.SpecimenTypeDesignationWorkingSetDTO; |
51 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
51 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
52 | 52 |
import eu.etaxonomy.cdm.vaadin.ui.RegistrationUIDefaults; |
53 | 53 |
import eu.etaxonomy.cdm.vaadin.util.CdmTitleCacheCaptionGenerator; |
54 | 54 |
import eu.etaxonomy.cdm.vaadin.view.occurrence.CollectionPopupEditor; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/SpecimenTypeDesignationWorkingsetPopupEditor.java | ||
---|---|---|
32 | 32 |
import eu.etaxonomy.cdm.vaadin.component.common.TeamOrPersonField; |
33 | 33 |
import eu.etaxonomy.cdm.vaadin.model.registration.SpecimenTypeDesignationDTO; |
34 | 34 |
import eu.etaxonomy.cdm.vaadin.model.registration.SpecimenTypeDesignationWorkingSetDTO; |
35 |
import eu.etaxonomy.cdm.vaadin.security.AccessRestrictedView;
|
|
35 |
import eu.etaxonomy.cdm.vaadin.permission.AccessRestrictedView;
|
|
36 | 36 |
import eu.etaxonomy.cdm.vaadin.util.TeamOrPersonBaseCaptionGenerator; |
37 | 37 |
import eu.etaxonomy.cdm.vaadin.util.converter.DoubleConverter; |
38 | 38 |
import eu.etaxonomy.cdm.vaadin.util.converter.IntegerConverter; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/TaxonNameEditorPresenter.java | ||
---|---|---|
45 | 45 |
import eu.etaxonomy.cdm.vaadin.event.TaxonNameEditorAction; |
46 | 46 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityButtonUpdater; |
47 | 47 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityReloader; |
48 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
48 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
49 | 49 |
import eu.etaxonomy.cdm.vaadin.ui.RegistrationUIDefaults; |
50 | 50 |
import eu.etaxonomy.cdm.vaadin.util.CdmTitleCacheCaptionGenerator; |
51 | 51 |
import eu.etaxonomy.cdm.vaadin.view.reference.ReferencePopupEditor; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/name/TaxonNamePopupEditor.java | ||
---|---|---|
40 | 40 |
import eu.etaxonomy.cdm.vaadin.component.common.TeamOrPersonField; |
41 | 41 |
import eu.etaxonomy.cdm.vaadin.event.ReferenceEditorAction; |
42 | 42 |
import eu.etaxonomy.cdm.vaadin.event.TaxonNameEditorAction; |
43 |
import eu.etaxonomy.cdm.vaadin.security.AccessRestrictedView;
|
|
44 |
import eu.etaxonomy.cdm.vaadin.security.CdmEditDeletePermissionTester;
|
|
43 |
import eu.etaxonomy.cdm.vaadin.permission.AccessRestrictedView;
|
|
44 |
import eu.etaxonomy.cdm.vaadin.permission.CdmEditDeletePermissionTester;
|
|
45 | 45 |
import eu.etaxonomy.cdm.vaadin.util.TeamOrPersonBaseCaptionGenerator; |
46 | 46 |
import eu.etaxonomy.cdm.vaadin.util.converter.SetToListConverter; |
47 | 47 |
import eu.etaxonomy.vaadin.component.ReloadableLazyComboBox; |
src/main/java/eu/etaxonomy/cdm/vaadin/view/occurrence/CollectionEditorPresenter.java | ||
---|---|---|
24 | 24 |
import eu.etaxonomy.cdm.vaadin.event.EditorActionTypeFilter; |
25 | 25 |
import eu.etaxonomy.cdm.vaadin.event.EntityChangeEvent; |
26 | 26 |
import eu.etaxonomy.cdm.vaadin.event.ToOneRelatedEntityReloader; |
27 |
import eu.etaxonomy.cdm.vaadin.security.UserHelper;
|
|
27 |
import eu.etaxonomy.cdm.vaadin.permission.UserHelper;
|
|
28 | 28 |
import eu.etaxonomy.vaadin.mvp.AbstractCdmEditorPresenter; |
29 | 29 |
|
30 | 30 |
/** |
Also available in: Unified diff
renaming package from eu.eu.etaxonomy.cdm.vaadin.security to etaxonomy.cdm.vaadin.permission