Revision 3d14d701
Added by Patrick Plitzner about 6 years ago
| eu.etaxonomy.taxeditor.store/plugin.xml | ||
|---|---|---|
| 112 | 112 |
class="eu.etaxonomy.taxeditor.security.PermissionPropertyTester" |
| 113 | 113 |
id="eu.etaxonomy.taxeditor.security.permissionTester" |
| 114 | 114 |
namespace="eu.etaxonomy.taxeditor.security.permissionTester" |
| 115 |
properties="hasPermissions, hasRoles"
|
|
| 116 |
type="org.eclipse.jface.viewers.IStructuredSelection">
|
|
| 115 |
properties="hasPermissions, hasRoleUserManager, hasRoleAdmin, hasRoleProjectManager"
|
|
| 116 |
type="java.lang.Object">
|
|
| 117 | 117 |
</propertyTester> |
| 118 | 118 |
</extension> |
| 119 | 119 |
<extension |
| ... | ... | |
| 192 | 192 |
</definition> |
| 193 | 193 |
<definition |
| 194 | 194 |
id="hasROLE_USER_MANAGER"> |
| 195 |
<with |
|
| 196 |
variable="eu.etaxonomy.taxeditor.security.userRoles"> |
|
| 197 |
<iterate |
|
| 198 |
ifEmpty="false" |
|
| 199 |
operator="or"> |
|
| 200 |
<or> |
|
| 201 |
<equals |
|
| 202 |
value="ROLE_ADMIN"> |
|
| 203 |
</equals> |
|
| 204 |
<equals |
|
| 205 |
value="ROLE_USER_MANAGER"> |
|
| 206 |
</equals> |
|
| 207 |
</or> |
|
| 208 |
</iterate> |
|
| 209 |
</with> |
|
| 195 |
<or> |
|
| 196 |
<test |
|
| 197 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleAdmin"> |
|
| 198 |
</test> |
|
| 199 |
<test |
|
| 200 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleUserManager"> |
|
| 201 |
</test> |
|
| 202 |
</or> |
|
| 210 | 203 |
</definition> |
| 211 | 204 |
<definition |
| 212 | 205 |
id="hasROLE_PROJECT_MANAGER"> |
| 213 |
<with |
|
| 214 |
variable="eu.etaxonomy.taxeditor.security.userRoles"> |
|
| 215 |
<iterate |
|
| 216 |
ifEmpty="false" |
|
| 217 |
operator="or"> |
|
| 218 |
<or> |
|
| 219 |
<equals |
|
| 220 |
value="ROLE_ADMIN"> |
|
| 221 |
</equals> |
|
| 222 |
<equals |
|
| 223 |
value="ROLE_PROJECT_MANAGER"> |
|
| 224 |
</equals> |
|
| 225 |
</or> |
|
| 226 |
</iterate> |
|
| 227 |
</with> |
|
| 206 |
<or> |
|
| 207 |
<test |
|
| 208 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleAdmin"> |
|
| 209 |
</test> |
|
| 210 |
<test |
|
| 211 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleProjectManager"> |
|
| 212 |
</test> |
|
| 213 |
</or> |
|
| 228 | 214 |
</definition> |
| 229 | 215 |
<definition |
| 230 | 216 |
id="hasROLE_PROJECT_MANAGER_AND_isCdmStoreConnected"> |
| ... | ... | |
| 331 | 317 |
isEqualityPattern="true"> |
| 332 | 318 |
</activityPatternBinding> |
| 333 | 319 |
</extension> |
| 334 |
<extension |
|
| 335 |
point="org.eclipse.ui.services"> |
|
| 336 |
<sourceProvider |
|
| 337 |
provider="eu.etaxonomy.taxeditor.security.AuthenticationSourceProvider"> |
|
| 338 |
<variable |
|
| 339 |
name="eu.etaxonomy.taxeditor.security.userRoles" |
|
| 340 |
priorityLevel="workbench"> |
|
| 341 |
</variable> |
|
| 342 |
</sourceProvider> |
|
| 343 |
</extension> |
|
| 344 | 320 |
<extension |
| 345 | 321 |
point="eu.etaxonomy.taxeditor.store.cdmViewer"> |
| 346 | 322 |
<viewCommandMapping |
| eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/AuthenticationSourceProvider.java | ||
|---|---|---|
| 1 |
package eu.etaxonomy.taxeditor.security; |
|
| 2 |
|
|
| 3 |
import java.util.ArrayList; |
|
| 4 |
import java.util.Collection; |
|
| 5 |
import java.util.HashMap; |
|
| 6 |
import java.util.List; |
|
| 7 |
import java.util.Map; |
|
| 8 |
import java.util.Observable; |
|
| 9 |
import java.util.Observer; |
|
| 10 |
|
|
| 11 |
import org.eclipse.ui.AbstractSourceProvider; |
|
| 12 |
import org.eclipse.ui.ISources; |
|
| 13 |
import org.springframework.security.core.Authentication; |
|
| 14 |
import org.springframework.security.core.GrantedAuthority; |
|
| 15 |
|
|
| 16 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
| 17 |
import eu.etaxonomy.taxeditor.store.CdmStore; |
|
| 18 |
import eu.etaxonomy.taxeditor.store.LoginManager; |
|
| 19 |
|
|
| 20 |
/** |
|
| 21 |
* Provides the Roles assigned to the currently authenticated principal as the |
|
| 22 |
* variable {@code eu.etaxonomy.taxeditor.security.userRoles}
|
|
| 23 |
* |
|
| 24 |
* @author a.kohlbecker |
|
| 25 |
* |
|
| 26 |
*/ |
|
| 27 |
public class AuthenticationSourceProvider extends AbstractSourceProvider implements Observer {
|
|
| 28 |
|
|
| 29 |
public final static String USER_ROLES_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles"; |
|
| 30 |
public final static String USER_NAME_VARIABLE = "eu.etaxonomy.taxeditor.security.userName"; |
|
| 31 |
public final static String USER_VARIABLE = "eu.etaxonomy.taxeditor.security.user"; |
|
| 32 |
|
|
| 33 |
private final static String[] PROVIDED_SOURCE_NAMES = new String[] {
|
|
| 34 |
USER_ROLES_VARIABLE, |
|
| 35 |
USER_NAME_VARIABLE, |
|
| 36 |
USER_VARIABLE |
|
| 37 |
}; |
|
| 38 |
|
|
| 39 |
private final static Map<String, Object> stateMap = new HashMap<String, Object>(); |
|
| 40 |
|
|
| 41 |
public AuthenticationSourceProvider() {
|
|
| 42 |
super(); |
|
| 43 |
initialize(); |
|
| 44 |
} |
|
| 45 |
|
|
| 46 |
private void initialize() {
|
|
| 47 |
CdmStore.getLoginManager().addObserver(this); |
|
| 48 |
} |
|
| 49 |
|
|
| 50 |
@Override |
|
| 51 |
public void dispose() {
|
|
| 52 |
CdmStore.getLoginManager().deleteObserver(this); |
|
| 53 |
} |
|
| 54 |
|
|
| 55 |
@Override |
|
| 56 |
public Map getCurrentState() {
|
|
| 57 |
|
|
| 58 |
// SecurityContextHolder.getContext(). |
|
| 59 |
List<Role> roles = getCurrentAuthenticationsRoles(); |
|
| 60 |
List<String> rolesStr = new ArrayList<String>(roles.size()); |
|
| 61 |
for(Role r : roles){
|
|
| 62 |
rolesStr.add(r.getAuthority()); |
|
| 63 |
} |
|
| 64 |
|
|
| 65 |
stateMap.put(USER_ROLES_VARIABLE, rolesStr); |
|
| 66 |
stateMap.put(USER_VARIABLE, getCurrentAutheticationPrincipal()); |
|
| 67 |
stateMap.put(USER_NAME_VARIABLE, getCurrentAutheticationName()); |
|
| 68 |
return stateMap; |
|
| 69 |
} |
|
| 70 |
|
|
| 71 |
/** |
|
| 72 |
* @return |
|
| 73 |
*/ |
|
| 74 |
private String getCurrentAutheticationName() {
|
|
| 75 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
| 76 |
if (authentication != null) {
|
|
| 77 |
return authentication.getName(); |
|
| 78 |
} |
|
| 79 |
return null; |
|
| 80 |
} |
|
| 81 |
|
|
| 82 |
/** |
|
| 83 |
* @return most probably a Cdm User instance or null |
|
| 84 |
*/ |
|
| 85 |
private Object getCurrentAutheticationPrincipal() {
|
|
| 86 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
| 87 |
if (authentication != null) {
|
|
| 88 |
return authentication.getPrincipal(); |
|
| 89 |
} |
|
| 90 |
return null; |
|
| 91 |
} |
|
| 92 |
|
|
| 93 |
|
|
| 94 |
/* |
|
| 95 |
* TODO refactor into User once Role is a model class |
|
| 96 |
*/ |
|
| 97 |
private List<Role> getCurrentAuthenticationsRoles() {
|
|
| 98 |
|
|
| 99 |
List<Role> roles = new ArrayList<Role>(); |
|
| 100 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
| 101 |
if (authentication == null) {
|
|
| 102 |
return roles; |
|
| 103 |
} |
|
| 104 |
|
|
| 105 |
Collection<? extends GrantedAuthority> authorities = authentication |
|
| 106 |
.getAuthorities(); |
|
| 107 |
if (authorities == null) {
|
|
| 108 |
return roles; |
|
| 109 |
} |
|
| 110 |
|
|
| 111 |
Role role = null; |
|
| 112 |
for (GrantedAuthority ga : authorities) {
|
|
| 113 |
try {
|
|
| 114 |
// check if it is a valid role |
|
| 115 |
role = Role.fromString(ga.getAuthority()); |
|
| 116 |
if (role != null) {
|
|
| 117 |
roles.add(role); |
|
| 118 |
} |
|
| 119 |
} catch (Exception e) {
|
|
| 120 |
/* IGNORE */ |
|
| 121 |
} |
|
| 122 |
} |
|
| 123 |
return roles; |
|
| 124 |
|
|
| 125 |
} |
|
| 126 |
|
|
| 127 |
@Override |
|
| 128 |
public String[] getProvidedSourceNames() {
|
|
| 129 |
return PROVIDED_SOURCE_NAMES; |
|
| 130 |
} |
|
| 131 |
|
|
| 132 |
@Override |
|
| 133 |
public void update(Observable o, Object arg) {
|
|
| 134 |
if(o instanceof LoginManager){
|
|
| 135 |
/* |
|
| 136 |
* This triggers an update of the variable state, and will update also |
|
| 137 |
* all listeners to the evaluation service. So that every menu point, |
|
| 138 |
* which is also expression controlled, gets updated too. |
|
| 139 |
*/ |
|
| 140 |
fireSourceChanged(ISources.WORKBENCH, getCurrentState()); |
|
| 141 |
} |
|
| 142 |
} |
|
| 143 |
|
|
| 144 |
} |
|
| eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java | ||
|---|---|---|
| 9 | 9 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
| 10 | 10 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
| 11 | 11 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
| 12 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
| 12 | 13 |
import eu.etaxonomy.taxeditor.store.CdmStore; |
| 13 | 14 |
import eu.etaxonomy.taxeditor.store.StoreUtil; |
| 14 | 15 |
|
| ... | ... | |
| 21 | 22 |
public class PermissionPropertyTester extends PropertyTester {
|
| 22 | 23 |
|
| 23 | 24 |
private static final String HAS_PERMISSIONS = "hasPermissions"; |
| 24 |
|
|
| 25 |
private static final String CREATE = CRUD.CREATE.toString(); |
|
| 26 |
private static final String READ = CRUD.READ.toString(); |
|
| 27 |
private static final String UPDATE = CRUD.UPDATE.toString(); |
|
| 28 |
private static final String DELETE = CRUD.DELETE.toString(); |
|
| 25 |
private static final String HAS_ROLE_USER_MANAGER = "hasRoleUserManager"; |
|
| 26 |
private static final String HAS_ROLE_ADMIN = "hasRoleAdmin"; |
|
| 27 |
private static final String HAS_ROLE_PROJECT_MANAGER = "hasRoleProjectManager"; |
|
| 29 | 28 |
|
| 30 | 29 |
@Override |
| 31 | 30 |
public boolean test(Object receiver, String property, Object[] args, |
| ... | ... | |
| 34 | 33 |
if(property.equals(HAS_PERMISSIONS)){
|
| 35 | 34 |
return checkHasPermission(receiver, args); |
| 36 | 35 |
} |
| 36 |
else if(property.equals(HAS_ROLE_ADMIN)){
|
|
| 37 |
return checkHasRoleAdmin(); |
|
| 38 |
} |
|
| 39 |
else if(property.equals(HAS_ROLE_PROJECT_MANAGER)){
|
|
| 40 |
return checkHasRoleProjectManager(); |
|
| 41 |
} |
|
| 42 |
else if(property.equals(HAS_ROLE_USER_MANAGER)){
|
|
| 43 |
return checkHasRoleUserManager(); |
|
| 44 |
} |
|
| 37 | 45 |
|
| 38 | 46 |
return false; |
| 39 | 47 |
} |
| 40 | 48 |
|
| 41 |
private boolean checkHasPermission(Object receiver, Object[] args) {
|
|
| 49 |
private boolean checkHasRoleAdmin() {
|
|
| 50 |
if(CdmStore.isActive()){
|
|
| 51 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN); |
|
| 52 |
} |
|
| 53 |
return false; |
|
| 54 |
} |
|
| 55 |
|
|
| 56 |
private boolean checkHasRoleProjectManager() {
|
|
| 57 |
if(CdmStore.isActive()){
|
|
| 58 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN, Role.ROLE_PROJECT_MANAGER); |
|
| 59 |
} |
|
| 60 |
return false; |
|
| 61 |
} |
|
| 62 |
|
|
| 63 |
private boolean checkHasRoleUserManager() {
|
|
| 64 |
if(CdmStore.isActive()){
|
|
| 65 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN, Role.ROLE_USER_MANAGER); |
|
| 66 |
} |
|
| 67 |
return false; |
|
| 68 |
} |
|
| 69 |
|
|
| 70 |
private boolean checkHasPermission(Object receiver, Object[] args) {
|
|
| 42 | 71 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
| 43 | 72 |
|
| 44 | 73 |
|
| eu.etaxonomy.taxeditor.workbench/fragment.e4xmi | ||
|---|---|---|
| 27 | 27 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_FaGntCQNEeen_7LZsZSNoA" elementId="eu.etaxonomy.taxeditor.application.handledmenuitem.exit" label="%command.label.5" mnemonics="x" command="_V040UBC4EeihNvjJtDdlyA"/> |
| 28 | 28 |
</children> |
| 29 | 29 |
<children xsi:type="menu:Menu" xmi:id="_FaGntiQNEeen_7LZsZSNoA" elementId="eu.etaxonomy.taxeditor.workbench.menu.edit" label="%menu.label.0" mnemonics="E"> |
| 30 |
<visibleWhen xsi:type="ui:CoreExpression" xmi:id="_O7JxAFJ5EeeL4Lhic-6yjw" coreExpressionId="isCdmStoreConnected"/> |
|
| 31 | 30 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_19-hwFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel8" label="%command.label.8" mnemonics="u" command="_PhIAwB7EEeeRW_RHu3JLqQ"/> |
| 32 | 31 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_7V-hMFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel9" label="%command.label.9" mnemonics="o" command="_RxxNsB7EEeeRW_RHu3JLqQ"/> |
| 33 | 32 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_9PVPgFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel10" label="%command.label.10" mnemonics="P" command="_TmIHQB7EEeeRW_RHu3JLqQ"/> |
Also available in: Unified diff
ref #6622 Migrate "Admin" menu