Revision 57178b7f
Added by Andreas Kohlbecker over 6 years ago
| cdmlib-model/src/main/java/eu/etaxonomy/cdm/model/common/Group.java | ||
|---|---|---|
| 50 | 50 |
private static final Logger logger = Logger.getLogger(Group.class); |
| 51 | 51 |
|
| 52 | 52 |
public final static UUID GROUP_EDITOR_UUID = UUID.fromString("22e5e8af-b99c-4884-a92f-71978efd3770");
|
| 53 |
public final static UUID GROUP_EDITOR_EXTENDED_CREATE_UUID = UUID.fromString("89a7f47f-6f2b-45ac-88d4-a99a4cf29f07");
|
|
| 53 | 54 |
public final static UUID GROUP_PROJECT_MANAGER_UUID = UUID.fromString("645191ae-32a4-4d4e-9b86-c90e0d41944a");
|
| 54 | 55 |
public final static UUID GROUP_PUBLISHER_UUID = UUID.fromString("c1f20ad8-1782-40a7-b06b-ce4773acb5ea");
|
| 55 | 56 |
public final static UUID GROUP_ADMIN_UUID = UUID.fromString("1739df71-bf73-4dc6-8320-aaaf72cb555f");
|
| 56 | 57 |
|
| 58 |
public final static String GROUP_EDITOR_NAME = "Editor"; |
|
| 59 |
/** |
|
| 60 |
* This group will in future replace the group Editor, see issue #7150 |
|
| 61 |
*/ |
|
| 62 |
public final static String GROUP_EDITOR_EXTENDED_CREATE_NAME = "EditorExtendedCreate"; |
|
| 63 |
public final static String GROUP_PROJECT_MANAGER_NAME = "ProjectManager"; |
|
| 64 |
public final static String GROUP_ADMIN_NAME = "Admin"; |
|
| 65 |
|
|
| 66 |
|
|
| 57 | 67 |
//*********************** FACTORY *********************/ |
| 58 | 68 |
|
| 59 | 69 |
public static Group NewInstance(){
|
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/CollectionVoter.java | ||
|---|---|---|
| 1 |
package eu.etaxonomy.cdm.persistence.hibernate.permission.voter; |
|
| 2 |
|
|
| 3 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
|
| 4 |
import eu.etaxonomy.cdm.model.occurrence.Collection; |
|
| 5 |
|
|
| 6 |
public class CollectionVoter extends CdmPermissionVoter {
|
|
| 7 |
|
|
| 8 |
@Override |
|
| 9 |
public Class<? extends CdmBase> getResponsibilityClass() {
|
|
| 10 |
return Collection.class; |
|
| 11 |
} |
|
| 12 |
|
|
| 13 |
/* (non-Javadoc) |
|
| 14 |
* @see eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CdmPermissionVoter#isOrpahn(eu.etaxonomy.cdm.model.common.CdmBase) |
|
| 15 |
*/ |
|
| 16 |
@Override |
|
| 17 |
public boolean isOrpahn(CdmBase object) {
|
|
| 18 |
return false; |
|
| 19 |
} |
|
| 20 |
|
|
| 21 |
} |
|
| cdmlib-persistence/src/main/resources/eu/etaxonomy/cdm/security_base.xml | ||
|---|---|---|
| 45 | 45 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.DescriptionElementVoter" /> |
| 46 | 46 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.TaxonNameVoter" /> |
| 47 | 47 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.ReferenceVoter" /> |
| 48 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CollectionVoter" /> |
|
| 48 | 49 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.TeamOrPersonBaseVoter" /> |
| 49 | 50 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.RegistrationVoter" /> |
| 50 | 51 |
<bean class="eu.etaxonomy.cdm.persistence.hibernate.permission.voter.SpecimenOrObservationBaseVoter" /> |
| cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/application/FirstDataInserter.java | ||
|---|---|---|
| 18 | 18 |
import org.apache.log4j.Logger; |
| 19 | 19 |
import org.springframework.beans.factory.annotation.Autowired; |
| 20 | 20 |
import org.springframework.context.event.ContextRefreshedEvent; |
| 21 |
import org.springframework.context.event.ContextStartedEvent; |
|
| 22 | 21 |
import org.springframework.security.authentication.AuthenticationProvider; |
| 23 | 22 |
import org.springframework.security.core.GrantedAuthority; |
| 24 | 23 |
import org.springframework.transaction.PlatformTransactionManager; |
| ... | ... | |
| 89 | 88 |
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, CREATE_READ_UPDATE_DELETE).toString(), |
| 90 | 89 |
new CdmAuthority(CdmPermissionClass.DESCRIPTIONELEMENTBASE, CREATE_READ_UPDATE_DELETE).toString(), |
| 91 | 90 |
new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, CREATE_READ_UPDATE_DELETE).toString(), |
| 91 |
new CdmAuthority(CdmPermissionClass.COLLECTION, CREATE_READ_UPDATE_DELETE).toString(), |
|
| 92 |
}; |
|
| 93 |
|
|
| 94 |
/** |
|
| 95 |
* This group will in future replace the group Editor, see issue #7150 |
|
| 96 |
*/ |
|
| 97 |
public static final String[] EDITOR_GROUP_EXTENDED_CREATE_GROUP_AUTHORITIES = new String[]{
|
|
| 98 |
new CdmAuthority(CdmPermissionClass.REFERENCE, CREATE_READ).toString(), |
|
| 99 |
new CdmAuthority(CdmPermissionClass.TAXONNAME, CREATE_READ).toString(), |
|
| 100 |
new CdmAuthority(CdmPermissionClass.TEAMORPERSONBASE, CREATE_READ).toString(), |
|
| 101 |
new CdmAuthority(CdmPermissionClass.TAXONBASE, CREATE_READ).toString(), |
|
| 102 |
new CdmAuthority(CdmPermissionClass.DESCRIPTIONBASE, CREATE_READ).toString(), |
|
| 103 |
new CdmAuthority(CdmPermissionClass.DESCRIPTIONELEMENTBASE, CREATE_READ).toString(), |
|
| 104 |
new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, CREATE_READ).toString(), |
|
| 105 |
new CdmAuthority(CdmPermissionClass.COLLECTION, CREATE_READ).toString(), |
|
| 92 | 106 |
}; |
| 93 | 107 |
|
| 94 | 108 |
public static final String[] PROJECT_MANAGER_GROUP_AUTHORITIES = new String[]{
|
| ... | ... | |
| 205 | 219 |
private void checkDefaultGroups(){
|
| 206 | 220 |
|
| 207 | 221 |
progressMonitor.subTask("Checking default groups");
|
| 208 |
checkGroup(Group.GROUP_EDITOR_UUID, "Editor", EDITOR_GROUP_AUTHORITIES); |
|
| 209 |
checkGroup(Group.GROUP_PROJECT_MANAGER_UUID, "ProjectManager", PROJECT_MANAGER_GROUP_AUTHORITIES); |
|
| 210 |
checkGroup(Group.GROUP_ADMIN_UUID, "Admin", ADMIN_GROUP_AUTHORITIES); |
|
| 222 |
checkGroup(Group.GROUP_EDITOR_UUID, Group.GROUP_EDITOR_NAME, EDITOR_GROUP_AUTHORITIES); |
|
| 223 |
checkGroup(Group.GROUP_EDITOR_EXTENDED_CREATE_UUID, Group.GROUP_EDITOR_EXTENDED_CREATE_NAME, EDITOR_GROUP_EXTENDED_CREATE_GROUP_AUTHORITIES); |
|
| 224 |
checkGroup(Group.GROUP_PROJECT_MANAGER_UUID, Group.GROUP_PROJECT_MANAGER_NAME, PROJECT_MANAGER_GROUP_AUTHORITIES); |
|
| 225 |
checkGroup(Group.GROUP_ADMIN_UUID, Group.GROUP_ADMIN_NAME, ADMIN_GROUP_AUTHORITIES); |
|
| 211 | 226 |
progressMonitor.worked(1); |
| 212 | 227 |
} |
| 213 | 228 |
|
| ... | ... | |
| 223 | 238 |
group.setUuid(groupUuid); |
| 224 | 239 |
logger.info("New Group '" + groupName + "' created");
|
| 225 | 240 |
} |
| 226 |
group.setName(groupName); // force name |
|
| 241 |
group.setName(groupName); // force default name
|
|
| 227 | 242 |
|
| 228 | 243 |
Set<GrantedAuthority> grantedAuthorities = group.getGrantedAuthorities(); |
| 229 | 244 |
|
Also available in: Unified diff
ref #7150 implementing CollectionVoter and adding new default PermissionGroup 'EditorExtendedCreate'