Revision 3d14d701
Added by Patrick Plitzner about 6 years ago
eu.etaxonomy.taxeditor.store/plugin.xml | ||
---|---|---|
112 | 112 |
class="eu.etaxonomy.taxeditor.security.PermissionPropertyTester" |
113 | 113 |
id="eu.etaxonomy.taxeditor.security.permissionTester" |
114 | 114 |
namespace="eu.etaxonomy.taxeditor.security.permissionTester" |
115 |
properties="hasPermissions, hasRoles"
|
|
116 |
type="org.eclipse.jface.viewers.IStructuredSelection">
|
|
115 |
properties="hasPermissions, hasRoleUserManager, hasRoleAdmin, hasRoleProjectManager"
|
|
116 |
type="java.lang.Object">
|
|
117 | 117 |
</propertyTester> |
118 | 118 |
</extension> |
119 | 119 |
<extension |
... | ... | |
192 | 192 |
</definition> |
193 | 193 |
<definition |
194 | 194 |
id="hasROLE_USER_MANAGER"> |
195 |
<with |
|
196 |
variable="eu.etaxonomy.taxeditor.security.userRoles"> |
|
197 |
<iterate |
|
198 |
ifEmpty="false" |
|
199 |
operator="or"> |
|
200 |
<or> |
|
201 |
<equals |
|
202 |
value="ROLE_ADMIN"> |
|
203 |
</equals> |
|
204 |
<equals |
|
205 |
value="ROLE_USER_MANAGER"> |
|
206 |
</equals> |
|
207 |
</or> |
|
208 |
</iterate> |
|
209 |
</with> |
|
195 |
<or> |
|
196 |
<test |
|
197 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleAdmin"> |
|
198 |
</test> |
|
199 |
<test |
|
200 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleUserManager"> |
|
201 |
</test> |
|
202 |
</or> |
|
210 | 203 |
</definition> |
211 | 204 |
<definition |
212 | 205 |
id="hasROLE_PROJECT_MANAGER"> |
213 |
<with |
|
214 |
variable="eu.etaxonomy.taxeditor.security.userRoles"> |
|
215 |
<iterate |
|
216 |
ifEmpty="false" |
|
217 |
operator="or"> |
|
218 |
<or> |
|
219 |
<equals |
|
220 |
value="ROLE_ADMIN"> |
|
221 |
</equals> |
|
222 |
<equals |
|
223 |
value="ROLE_PROJECT_MANAGER"> |
|
224 |
</equals> |
|
225 |
</or> |
|
226 |
</iterate> |
|
227 |
</with> |
|
206 |
<or> |
|
207 |
<test |
|
208 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleAdmin"> |
|
209 |
</test> |
|
210 |
<test |
|
211 |
property="eu.etaxonomy.taxeditor.security.permissionTester.hasRoleProjectManager"> |
|
212 |
</test> |
|
213 |
</or> |
|
228 | 214 |
</definition> |
229 | 215 |
<definition |
230 | 216 |
id="hasROLE_PROJECT_MANAGER_AND_isCdmStoreConnected"> |
... | ... | |
331 | 317 |
isEqualityPattern="true"> |
332 | 318 |
</activityPatternBinding> |
333 | 319 |
</extension> |
334 |
<extension |
|
335 |
point="org.eclipse.ui.services"> |
|
336 |
<sourceProvider |
|
337 |
provider="eu.etaxonomy.taxeditor.security.AuthenticationSourceProvider"> |
|
338 |
<variable |
|
339 |
name="eu.etaxonomy.taxeditor.security.userRoles" |
|
340 |
priorityLevel="workbench"> |
|
341 |
</variable> |
|
342 |
</sourceProvider> |
|
343 |
</extension> |
|
344 | 320 |
<extension |
345 | 321 |
point="eu.etaxonomy.taxeditor.store.cdmViewer"> |
346 | 322 |
<viewCommandMapping |
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/AuthenticationSourceProvider.java | ||
---|---|---|
1 |
package eu.etaxonomy.taxeditor.security; |
|
2 |
|
|
3 |
import java.util.ArrayList; |
|
4 |
import java.util.Collection; |
|
5 |
import java.util.HashMap; |
|
6 |
import java.util.List; |
|
7 |
import java.util.Map; |
|
8 |
import java.util.Observable; |
|
9 |
import java.util.Observer; |
|
10 |
|
|
11 |
import org.eclipse.ui.AbstractSourceProvider; |
|
12 |
import org.eclipse.ui.ISources; |
|
13 |
import org.springframework.security.core.Authentication; |
|
14 |
import org.springframework.security.core.GrantedAuthority; |
|
15 |
|
|
16 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
17 |
import eu.etaxonomy.taxeditor.store.CdmStore; |
|
18 |
import eu.etaxonomy.taxeditor.store.LoginManager; |
|
19 |
|
|
20 |
/** |
|
21 |
* Provides the Roles assigned to the currently authenticated principal as the |
|
22 |
* variable {@code eu.etaxonomy.taxeditor.security.userRoles} |
|
23 |
* |
|
24 |
* @author a.kohlbecker |
|
25 |
* |
|
26 |
*/ |
|
27 |
public class AuthenticationSourceProvider extends AbstractSourceProvider implements Observer { |
|
28 |
|
|
29 |
public final static String USER_ROLES_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles"; |
|
30 |
public final static String USER_NAME_VARIABLE = "eu.etaxonomy.taxeditor.security.userName"; |
|
31 |
public final static String USER_VARIABLE = "eu.etaxonomy.taxeditor.security.user"; |
|
32 |
|
|
33 |
private final static String[] PROVIDED_SOURCE_NAMES = new String[] { |
|
34 |
USER_ROLES_VARIABLE, |
|
35 |
USER_NAME_VARIABLE, |
|
36 |
USER_VARIABLE |
|
37 |
}; |
|
38 |
|
|
39 |
private final static Map<String, Object> stateMap = new HashMap<String, Object>(); |
|
40 |
|
|
41 |
public AuthenticationSourceProvider() { |
|
42 |
super(); |
|
43 |
initialize(); |
|
44 |
} |
|
45 |
|
|
46 |
private void initialize() { |
|
47 |
CdmStore.getLoginManager().addObserver(this); |
|
48 |
} |
|
49 |
|
|
50 |
@Override |
|
51 |
public void dispose() { |
|
52 |
CdmStore.getLoginManager().deleteObserver(this); |
|
53 |
} |
|
54 |
|
|
55 |
@Override |
|
56 |
public Map getCurrentState() { |
|
57 |
|
|
58 |
// SecurityContextHolder.getContext(). |
|
59 |
List<Role> roles = getCurrentAuthenticationsRoles(); |
|
60 |
List<String> rolesStr = new ArrayList<String>(roles.size()); |
|
61 |
for(Role r : roles){ |
|
62 |
rolesStr.add(r.getAuthority()); |
|
63 |
} |
|
64 |
|
|
65 |
stateMap.put(USER_ROLES_VARIABLE, rolesStr); |
|
66 |
stateMap.put(USER_VARIABLE, getCurrentAutheticationPrincipal()); |
|
67 |
stateMap.put(USER_NAME_VARIABLE, getCurrentAutheticationName()); |
|
68 |
return stateMap; |
|
69 |
} |
|
70 |
|
|
71 |
/** |
|
72 |
* @return |
|
73 |
*/ |
|
74 |
private String getCurrentAutheticationName() { |
|
75 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
76 |
if (authentication != null) { |
|
77 |
return authentication.getName(); |
|
78 |
} |
|
79 |
return null; |
|
80 |
} |
|
81 |
|
|
82 |
/** |
|
83 |
* @return most probably a Cdm User instance or null |
|
84 |
*/ |
|
85 |
private Object getCurrentAutheticationPrincipal() { |
|
86 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
87 |
if (authentication != null) { |
|
88 |
return authentication.getPrincipal(); |
|
89 |
} |
|
90 |
return null; |
|
91 |
} |
|
92 |
|
|
93 |
|
|
94 |
/* |
|
95 |
* TODO refactor into User once Role is a model class |
|
96 |
*/ |
|
97 |
private List<Role> getCurrentAuthenticationsRoles() { |
|
98 |
|
|
99 |
List<Role> roles = new ArrayList<Role>(); |
|
100 |
Authentication authentication = CdmStore.getCurrentAuthentiation(); |
|
101 |
if (authentication == null) { |
|
102 |
return roles; |
|
103 |
} |
|
104 |
|
|
105 |
Collection<? extends GrantedAuthority> authorities = authentication |
|
106 |
.getAuthorities(); |
|
107 |
if (authorities == null) { |
|
108 |
return roles; |
|
109 |
} |
|
110 |
|
|
111 |
Role role = null; |
|
112 |
for (GrantedAuthority ga : authorities) { |
|
113 |
try { |
|
114 |
// check if it is a valid role |
|
115 |
role = Role.fromString(ga.getAuthority()); |
|
116 |
if (role != null) { |
|
117 |
roles.add(role); |
|
118 |
} |
|
119 |
} catch (Exception e) { |
|
120 |
/* IGNORE */ |
|
121 |
} |
|
122 |
} |
|
123 |
return roles; |
|
124 |
|
|
125 |
} |
|
126 |
|
|
127 |
@Override |
|
128 |
public String[] getProvidedSourceNames() { |
|
129 |
return PROVIDED_SOURCE_NAMES; |
|
130 |
} |
|
131 |
|
|
132 |
@Override |
|
133 |
public void update(Observable o, Object arg) { |
|
134 |
if(o instanceof LoginManager){ |
|
135 |
/* |
|
136 |
* This triggers an update of the variable state, and will update also |
|
137 |
* all listeners to the evaluation service. So that every menu point, |
|
138 |
* which is also expression controlled, gets updated too. |
|
139 |
*/ |
|
140 |
fireSourceChanged(ISources.WORKBENCH, getCurrentState()); |
|
141 |
} |
|
142 |
} |
|
143 |
|
|
144 |
} |
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java | ||
---|---|---|
9 | 9 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
10 | 10 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
11 | 11 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
12 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
|
12 | 13 |
import eu.etaxonomy.taxeditor.store.CdmStore; |
13 | 14 |
import eu.etaxonomy.taxeditor.store.StoreUtil; |
14 | 15 |
|
... | ... | |
21 | 22 |
public class PermissionPropertyTester extends PropertyTester { |
22 | 23 |
|
23 | 24 |
private static final String HAS_PERMISSIONS = "hasPermissions"; |
24 |
|
|
25 |
private static final String CREATE = CRUD.CREATE.toString(); |
|
26 |
private static final String READ = CRUD.READ.toString(); |
|
27 |
private static final String UPDATE = CRUD.UPDATE.toString(); |
|
28 |
private static final String DELETE = CRUD.DELETE.toString(); |
|
25 |
private static final String HAS_ROLE_USER_MANAGER = "hasRoleUserManager"; |
|
26 |
private static final String HAS_ROLE_ADMIN = "hasRoleAdmin"; |
|
27 |
private static final String HAS_ROLE_PROJECT_MANAGER = "hasRoleProjectManager"; |
|
29 | 28 |
|
30 | 29 |
@Override |
31 | 30 |
public boolean test(Object receiver, String property, Object[] args, |
... | ... | |
34 | 33 |
if(property.equals(HAS_PERMISSIONS)){ |
35 | 34 |
return checkHasPermission(receiver, args); |
36 | 35 |
} |
36 |
else if(property.equals(HAS_ROLE_ADMIN)){ |
|
37 |
return checkHasRoleAdmin(); |
|
38 |
} |
|
39 |
else if(property.equals(HAS_ROLE_PROJECT_MANAGER)){ |
|
40 |
return checkHasRoleProjectManager(); |
|
41 |
} |
|
42 |
else if(property.equals(HAS_ROLE_USER_MANAGER)){ |
|
43 |
return checkHasRoleUserManager(); |
|
44 |
} |
|
37 | 45 |
|
38 | 46 |
return false; |
39 | 47 |
} |
40 | 48 |
|
41 |
private boolean checkHasPermission(Object receiver, Object[] args) { |
|
49 |
private boolean checkHasRoleAdmin() { |
|
50 |
if(CdmStore.isActive()){ |
|
51 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN); |
|
52 |
} |
|
53 |
return false; |
|
54 |
} |
|
55 |
|
|
56 |
private boolean checkHasRoleProjectManager() { |
|
57 |
if(CdmStore.isActive()){ |
|
58 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN, Role.ROLE_PROJECT_MANAGER); |
|
59 |
} |
|
60 |
return false; |
|
61 |
} |
|
62 |
|
|
63 |
private boolean checkHasRoleUserManager() { |
|
64 |
if(CdmStore.isActive()){ |
|
65 |
return CdmStore.currentAuthentiationHasOneOfRoles(Role.ROLE_ADMIN, Role.ROLE_USER_MANAGER); |
|
66 |
} |
|
67 |
return false; |
|
68 |
} |
|
69 |
|
|
70 |
private boolean checkHasPermission(Object receiver, Object[] args) { |
|
42 | 71 |
EnumSet<CRUD> crudSet = crudSetFromArgs(args); |
43 | 72 |
|
44 | 73 |
|
eu.etaxonomy.taxeditor.workbench/fragment.e4xmi | ||
---|---|---|
27 | 27 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_FaGntCQNEeen_7LZsZSNoA" elementId="eu.etaxonomy.taxeditor.application.handledmenuitem.exit" label="%command.label.5" mnemonics="x" command="_V040UBC4EeihNvjJtDdlyA"/> |
28 | 28 |
</children> |
29 | 29 |
<children xsi:type="menu:Menu" xmi:id="_FaGntiQNEeen_7LZsZSNoA" elementId="eu.etaxonomy.taxeditor.workbench.menu.edit" label="%menu.label.0" mnemonics="E"> |
30 |
<visibleWhen xsi:type="ui:CoreExpression" xmi:id="_O7JxAFJ5EeeL4Lhic-6yjw" coreExpressionId="isCdmStoreConnected"/> |
|
31 | 30 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_19-hwFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel8" label="%command.label.8" mnemonics="u" command="_PhIAwB7EEeeRW_RHu3JLqQ"/> |
32 | 31 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_7V-hMFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel9" label="%command.label.9" mnemonics="o" command="_RxxNsB7EEeeRW_RHu3JLqQ"/> |
33 | 32 |
<children xsi:type="menu:HandledMenuItem" xmi:id="_9PVPgFJ4EeeL4Lhic-6yjw" elementId="eu.etaxonomy.taxeditor.workbench.handledmenuitem.commandlabel10" label="%command.label.10" mnemonics="P" command="_TmIHQB7EEeeRW_RHu3JLqQ"/> |
Also available in: Unified diff
ref #6622 Migrate "Admin" menu