Project

General

Profile

Users, permissions and security in the TaxonomicEditor

This page mainly based on the ticket #4055 (action enablement adapts to the users granted authorities)

Protect UI elements individually

Protect UI elements individually. This approach has been chosen in those situations where the UI components are created generically.

The according classes have now several characteristics in common:

  • implement java.util.Observer to get notified on login events from the @LoginManager@.

  • The implementation of the Observer.update(Observable o, Object arg) method has the following signature:

public void update(Observable o, Object arg){
    if(o instanceof LoginManager){
        updateSomething();
    }
}
  • They of course register at the LoginManager as Observer:
CdmStore.getLoginManager().addObserver(this);
  • They have a updateSomething() method which takes care for setting the enabled state of UI elements or to remove or add them. In this method the permission of the currently authenticated principal to UPDATE the represented entity is evaluated by calling the method CdmStore.currentAuthentiationHasPermission()

The following classes are protected this way:

  • eu.etaxonomy.taxeditor.ui.selection.EntitySelectionElement

  • eu.etaxonomy.taxeditor.ui.section.AbstractCdmDetailElement

  • eu.etaxonomy.taxeditor.ui.section.AbstractIdentifiableEntityDetailElement

  • eu.etaxonomy.taxeditor.ui.section.AbstractEntityCollectionSection

Expression-based activities (Activities with activityPatternBinding )

This is the mechanism which is officially suggested in the eclpise documentation: The second use for activities, added for Eclipse 3.4, is to filter available UI elements based on other criteria such as the current user's access permissions as defined by the application.

Expression-based activities:

  • they are solely controlled by expressions (see "org.eclipse.core.expressions.definitions"). All other declarations related to such an activity, such as "categories", "default enabled activities", and "requirement bindings" will be ignored.

  • they move an UI contribution completely out of reach for users and programmers. The UI contributions cannot be accessed programmatically using API calls, and they do not show up when the user asks to see all contributions to, for example, the New... wizard.

  • An activity can have multiple activityPatternBindings: org.eclipse.ui.internal.activities.Activity.setActivityPatternBindings(Set activityPatternBindings)

The activities API:

The workbench activity support includes an API for working with all defined activities (to some extent also expression-based activities) and changing the enabled state (only for conventional activities).

Challenges with activities (from http://www.andrena.de/Entwicklertag/2010/Downloads/Conference-Day/Sicherheit-in-Eclipse-Anwendungen.pdf):

  • activityPatternBindings sind fehleranfällig (Freitext)

  • Ändern sich Berechtigungen zur Laufzeit, dann muss der

  • Entwickler dafür sorgen, dass die UI aktualisiert wird

  • Anwendung außerhalb des Unternehmenseinsatzes müssen gegen Decomplierung (Änderung der plugin.xml) geschützt werden

Implementation of security using Expression-based activities

All Activities are defined in @/eu.etaxonomy.taxeditor.store/plugin.xml@:

  • Delete (DELETE permission dependent ui contributions)

    • activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.delete
  • Update (UPDATE permission dependent ui contributions)

    • activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.command\.update\..*
  • Create (CREATE permission dependent ui contributions)

    • activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.command\.create\..*
  • UserManagement (ROLE_USER_MANAGER dependent ui contributions)

    • activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.UserManagement .. TODO

Protecting commands

The id of commands must be named properly in order to allow the activityPatternBindings (see above) to bind them to the according activity:

  • CREATE commands: eu.etaxonomy.taxeditor.*.command.create.*

  • DELETE commands: eu.etaxonomy.taxeditor.*.command.delete.*

  • UPDATE commands: eu.etaxonomy.taxeditor.*.command.update.*

Commands are defined in the @plugin.xml@. The command id may also be used elsewhere in the code since commands can also be executed programmatically.

Protecting views and editors

see also #3106 (secure user administration views)

  • Protecting the bulkeditors by this mechanism seem currently impossible, since the bulkditors are added to the menu by a dynamic ui contribution:
<dynamic
    class="eu.etaxonomy.taxeditor.bulkeditor.command.OpenBulkEditorContributionItem"
    id="taxeditor-bulkeditor.dynamicopenmenu">
</dynamic>

filter select dialogue lists

List of all eu.etaxonomy.taxeditor ui componentIDs exposed to ActivityPatternBinding.isMatch()

This list has been compiled by setting a breakpoint at the beginning of the method org.eclipse.ui.internal.activities.ActivityPatternBinding.isMatch(String toMatch) with the following breakpoint condition:

toMatch.startsWith("eu.etaxonomy.taxeditor") && System.err.append("ui-component: ").append(toMatch).append("\n") == null

This prints all ui-component names which belong to the TaxonomicEditor as error lines to the console of the IDE

The list of the ui component IDs:

eu.etaxonomy.taxeditor.application/eu.etaxonomy.navigation.menu.new
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.close
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.io
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.new
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.save
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.help.aboutPlatform
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.help.parser
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.menu.exit
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.perspective.taxonomic
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.windowMenu.last
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.editor.main
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.edit.separator1
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.edit.separator2
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator0
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator1
eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator2
eu.etaxonomy.taxeditor.application/org.eclipse.equinox.p2.ui.sdk.install
eu.etaxonomy.taxeditor.application/org.eclipse.equinox.p2.ui.sdk.update
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.copy
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.cut
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.delete
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.paste
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.redo
eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.undo
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.close
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.closeAll
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.export
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.import
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.save
eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.saveAll
eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.aboutAction
eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.dynamicHelp
eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.helpContents
eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.helpSearch
eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.edit
eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.file
eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.help
eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.window
eu.etaxonomy.taxeditor.application/org.eclipse.ui.newWizard
eu.etaxonomy.taxeditor.application/org.eclipse.ui.window.preferences
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.mergegroup
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.removemergecandidate
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.setmergecandidate
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.setmergetarget
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.editor
eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.menus.openmenu
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.command.derivedunit.addDerivedUnitMedia
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.command.derivedunit.addFieldObjectMedia
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.dynamicMarkerTypeEditingMenu
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.dynamicNewMenu
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.preferences.bulkeditor.general
eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.preferences.bulkeditor.markerTypes
eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1d98
eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1d9c
eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1dac
eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.ui.edit.delete
eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.dynamicopenmenu
eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator1
eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator2
eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator3
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.description.commands.adddescription
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.description.commands.moveDescriptionElements
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.dynamicFeatureMenu
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.name
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.person
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.reference
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.specimen
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.team
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.commands.description.moveDescriptionToTaxon
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToAcceptedTaxon
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToMisapplication
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToSynonym
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createHeterotypicSynoym
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createHomotypicSynoym
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createSynonymInHomotypicalGroup
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.deleteAllEmptyNames
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.swapSynonymAndAccepted
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.showViewMenu
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.taxon
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.concept
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.concept.graph
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.descriptive
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.media
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.group.cdmauthorities.edit
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator.afterDelete
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator.afterNew
eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator3
eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e16
eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e21
eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e5b
eu.etaxonomy.taxeditor.editor/org.eclipse.ui.edit.delete
eu.etaxonomy.taxeditor.editor/org.eclipse.ui.file.save
eu.etaxonomy.taxeditor.editor/org.eclipse.ui.views.showView
eu.etaxonomy.taxeditor.editor/separator1
eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.moveimgdown
eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.moveimgup
eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.newimagegallery
eu.etaxonomy.taxeditor.editor/taxeditor-editor.dynamic.setBasionym
eu.etaxonomy.taxeditor.editor/taxeditor-editor.newimage
eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator1
eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator2
eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator3
eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator4
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.eu.polytomousKeyView.separator2
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.navigation.menu.new
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.navigation.menu.new.separator1
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.copyTaxonName
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.create.taxonNode
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.update.editSelection
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.update.moveTaxon
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.create.classificationHandler
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.editNodes
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.newKey
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.polytomousKeyViewPart
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.refreshKeyList
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.refreshKeyNodes
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.navigator
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.recentnames
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.recentnames.separator
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.search.toolbar
eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigator.command.update.changeAcceptedToSynonym
eu.etaxonomy.taxeditor.navigation/org.eclipse.core.internal.registry.ConfigurationElementHandle@1f55
eu.etaxonomy.taxeditor.navigation/org.eclipse.core.internal.registry.ConfigurationElementHandle@1f5d
eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.edit.delete
eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.export
eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.import
eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.refresh
eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.views.showView
eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator1
eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator2
eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator4
eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator5
eu.etaxonomy.taxeditor.printpublisher/eu.etaxonomy.printpublisher.plugin.generatePdf
eu.etaxonomy.taxeditor.printpublisher/eu.etaxonomy.printpublisher.plugin.separator
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.application.filemenu.login
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.menu.showView
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.defaultFeatureTreePreferenecs
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.description
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.distributionStatus
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.extensionTypes
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.feature
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.featureTree
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.general
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.language
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.languages
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.markerTypes
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.matching
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.matching.nonViralName
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.mobotOpenUrl
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.namedAreaType
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nameRelationshipType
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nameTypeDesignationStatus
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nomenclatural
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nomenclaturalStatusType
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.preservationMethod
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.ranks
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.specimenTypeDesignationStatus
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.stage
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.taxonomic
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.typeDesignation
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.reporting.viewPart
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.authentication.trim.toolbar
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.change
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.close
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.create
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.edit
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.separator
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.separator2
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.update
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.definedTermEditorMenu
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.operations.showLoginWindow
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.showViewMenu.details
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.showViewMenu.internal
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.datasource
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.derivateSearch.DerivateSearchView
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.detail
eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.supplementalData
eu.etaxonomy.taxeditor.store/org.eclipse.core.internal.registry.ConfigurationElementHandle@2013
eu.etaxonomy.taxeditor.store/org.eclipse.ui.edit.delete
eu.etaxonomy.taxeditor.store/org.eclipse.ui.views.showView
eu.etaxonomy.taxeditor.store/taxeditor-store.page1
Add picture from clipboard (Maximum size: 40 MB)