Users, permissions and security in the TaxonomicEditor¶
This page mainly based on the ticket #4055 (action enablement adapts to the users granted authorities)
- Table of contents
- Users, permissions and security in the TaxonomicEditor
Protect UI elements individually¶
Protect UI elements individually. This approach has been chosen in those situations where the UI components are created generically.
The according classes have now several characteristics in common:
implement
java.util.Observer
to get notified on login events from the @LoginManager@.The implementation of the
Observer.update(Observable o, Object arg)
method has the following signature:
public void update(Observable o, Object arg){ if(o instanceof LoginManager){ updateSomething(); } }
- They of course register at the LoginManager as Observer:
CdmStore.getLoginManager().addObserver(this);
- They have a
updateSomething()
method which takes care for setting the enabled state of UI elements or to remove or add them. In this method the permission of the currently authenticated principal to UPDATE the represented entity is evaluated by calling the methodCdmStore.currentAuthentiationHasPermission()
The following classes are protected this way:
eu.etaxonomy.taxeditor.ui.selection.EntitySelectionElement
eu.etaxonomy.taxeditor.ui.section.AbstractCdmDetailElement
eu.etaxonomy.taxeditor.ui.section.AbstractIdentifiableEntityDetailElement
eu.etaxonomy.taxeditor.ui.section.AbstractEntityCollectionSection
Expression-based activities (Activities with activityPatternBinding )¶
This is the mechanism which is officially suggested in the eclpise documentation: The second use for activities, added for Eclipse 3.4, is to filter available UI elements based on other criteria such as the current user's access permissions as defined by the application.
Expression-based activities:
they are solely controlled by expressions (see "org.eclipse.core.expressions.definitions"). All other declarations related to such an activity, such as "categories", "default enabled activities", and "requirement bindings" will be ignored.
they move an UI contribution completely out of reach for users and programmers. The UI contributions cannot be accessed programmatically using API calls, and they do not show up when the user asks to see all contributions to, for example, the New... wizard.
An activity can have multiple activityPatternBindings:
org.eclipse.ui.internal.activities.Activity.setActivityPatternBindings(Set activityPatternBindings)
The activities API:
The workbench activity support includes an API for working with all defined activities (to some extent also expression-based activities) and changing the enabled state (only for conventional activities).
Challenges with activities (from http://www.andrena.de/Entwicklertag/2010/Downloads/Conference-Day/Sicherheit-in-Eclipse-Anwendungen.pdf):
activityPatternBindings sind fehleranfällig (Freitext)
Ändern sich Berechtigungen zur Laufzeit, dann muss der
Entwickler dafür sorgen, dass die UI aktualisiert wird
Anwendung außerhalb des Unternehmenseinsatzes müssen gegen Decomplierung (Änderung der plugin.xml) geschützt werden
Implementation of security using Expression-based activities¶
All Activities are defined in @/eu.etaxonomy.taxeditor.store/plugin.xml@:
Delete (DELETE permission dependent ui contributions)
- activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.delete
Update (UPDATE permission dependent ui contributions)
- activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.command\.update\..*
Create (CREATE permission dependent ui contributions)
- activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.command\.create\..*
UserManagement (ROLE_USER_MANAGER dependent ui contributions)
- activityPatternBindings:
eu\.etaxonomy\.taxeditor\..*/.*.UserManagement .. TODO
Protecting commands¶
The id of commands must be named properly in order to allow the activityPatternBindings (see above) to bind them to the according activity:
CREATE commands:
eu.etaxonomy.taxeditor.*.command.create.*
DELETE commands:
eu.etaxonomy.taxeditor.*.command.delete.*
UPDATE commands:
eu.etaxonomy.taxeditor.*.command.update.*
Commands are defined in the @plugin.xml@. The command id may also be used elsewhere in the code since commands can also be executed programmatically.
Protecting views and editors¶
see also #3106 (secure user administration views)
- Protecting the bulkeditors by this mechanism seem currently impossible, since the bulkditors are added to the menu by a dynamic ui contribution:
<dynamic class="eu.etaxonomy.taxeditor.bulkeditor.command.OpenBulkEditorContributionItem" id="taxeditor-bulkeditor.dynamicopenmenu"> </dynamic>
filter select dialogue lists¶
List of all eu.etaxonomy.taxeditor ui componentIDs exposed to ActivityPatternBinding.isMatch()¶
This list has been compiled by setting a breakpoint at the beginning of the method org.eclipse.ui.internal.activities.ActivityPatternBinding.isMatch(String toMatch)
with the following breakpoint condition:
toMatch.startsWith("eu.etaxonomy.taxeditor") && System.err.append("ui-component: ").append(toMatch).append("\n") == null
This prints all ui-component names which belong to the TaxonomicEditor as error lines to the console of the IDE
The list of the ui component IDs:
eu.etaxonomy.taxeditor.application/eu.etaxonomy.navigation.menu.new eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.close eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.io eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.new eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.filemenu.save eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.help.aboutPlatform eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.help.parser eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.menu.exit eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.perspective.taxonomic eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.application.windowMenu.last eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.editor.main eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.edit.separator1 eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.edit.separator2 eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator0 eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator1 eu.etaxonomy.taxeditor.application/eu.etaxonomy.taxeditor.ui.help.separator2 eu.etaxonomy.taxeditor.application/org.eclipse.equinox.p2.ui.sdk.install eu.etaxonomy.taxeditor.application/org.eclipse.equinox.p2.ui.sdk.update eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.copy eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.cut eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.delete eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.paste eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.redo eu.etaxonomy.taxeditor.application/org.eclipse.ui.edit.undo eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.close eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.closeAll eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.export eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.import eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.save eu.etaxonomy.taxeditor.application/org.eclipse.ui.file.saveAll eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.aboutAction eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.dynamicHelp eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.helpContents eu.etaxonomy.taxeditor.application/org.eclipse.ui.help.helpSearch eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.edit eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.file eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.help eu.etaxonomy.taxeditor.application/org.eclipse.ui.main.menu.window eu.etaxonomy.taxeditor.application/org.eclipse.ui.newWizard eu.etaxonomy.taxeditor.application/org.eclipse.ui.window.preferences eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.mergegroup eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.removemergecandidate eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.setmergecandidate eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.commands.setmergetarget eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.editor eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.menus.openmenu eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.command.derivedunit.addDerivedUnitMedia eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.command.derivedunit.addFieldObjectMedia eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.dynamicMarkerTypeEditingMenu eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.bulkeditor.dynamicNewMenu eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.preferences.bulkeditor.general eu.etaxonomy.taxeditor.bulkeditor/eu.etaxonomy.taxeditor.preferences.bulkeditor.markerTypes eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1d98 eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1d9c eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1dac eu.etaxonomy.taxeditor.bulkeditor/org.eclipse.ui.edit.delete eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.dynamicopenmenu eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator1 eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator2 eu.etaxonomy.taxeditor.bulkeditor/taxeditor-bulkeditor.separator3 eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.description.commands.adddescription eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.description.commands.moveDescriptionElements eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.dynamicFeatureMenu eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.name eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.person eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.reference eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.specimen eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.command.new.team eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.commands.description.moveDescriptionToTaxon eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToAcceptedTaxon eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToMisapplication eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.changeToSynonym eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createHeterotypicSynoym eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createHomotypicSynoym eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.createSynonymInHomotypicalGroup eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.deleteAllEmptyNames eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.name.swapSynonymAndAccepted eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.showViewMenu eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.taxon eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.concept eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.concept.graph eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.descriptive eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.editor.view.media eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.group.cdmauthorities.edit eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator.afterDelete eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator.afterNew eu.etaxonomy.taxeditor.editor/eu.etaxonomy.taxeditor.taxonDescriptionEditor.separator3 eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e16 eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e21 eu.etaxonomy.taxeditor.editor/org.eclipse.core.internal.registry.ConfigurationElementHandle@1e5b eu.etaxonomy.taxeditor.editor/org.eclipse.ui.edit.delete eu.etaxonomy.taxeditor.editor/org.eclipse.ui.file.save eu.etaxonomy.taxeditor.editor/org.eclipse.ui.views.showView eu.etaxonomy.taxeditor.editor/separator1 eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.moveimgdown eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.moveimgup eu.etaxonomy.taxeditor.editor/taxeditor-editor.command.newimagegallery eu.etaxonomy.taxeditor.editor/taxeditor-editor.dynamic.setBasionym eu.etaxonomy.taxeditor.editor/taxeditor-editor.newimage eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator1 eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator2 eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator3 eu.etaxonomy.taxeditor.editor/taxeditor-editor.separator4 eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.eu.polytomousKeyView.separator2 eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.navigation.menu.new eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.navigation.menu.new.separator1 eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.copyTaxonName eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.create.taxonNode eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.update.editSelection eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.command.update.moveTaxon eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.create.classificationHandler eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.editNodes eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.newKey eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.polytomousKeyViewPart eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.refreshKeyList eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.key.polytomous.refreshKeyNodes eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.navigator eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.recentnames eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.recentnames.separator eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigation.search.toolbar eu.etaxonomy.taxeditor.navigation/eu.etaxonomy.taxeditor.navigator.command.update.changeAcceptedToSynonym eu.etaxonomy.taxeditor.navigation/org.eclipse.core.internal.registry.ConfigurationElementHandle@1f55 eu.etaxonomy.taxeditor.navigation/org.eclipse.core.internal.registry.ConfigurationElementHandle@1f5d eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.edit.delete eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.export eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.import eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.file.refresh eu.etaxonomy.taxeditor.navigation/org.eclipse.ui.views.showView eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator1 eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator2 eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator4 eu.etaxonomy.taxeditor.navigation/taxeditor-navigation.separator5 eu.etaxonomy.taxeditor.printpublisher/eu.etaxonomy.printpublisher.plugin.generatePdf eu.etaxonomy.taxeditor.printpublisher/eu.etaxonomy.printpublisher.plugin.separator eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.application.filemenu.login eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.menu.showView eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.defaultFeatureTreePreferenecs eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.description eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.distributionStatus eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.extensionTypes eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.feature eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.featureTree eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.general eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.language eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.languages eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.markerTypes eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.matching eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.matching.nonViralName eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.mobotOpenUrl eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.namedAreaType eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nameRelationshipType eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nameTypeDesignationStatus eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nomenclatural eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.nomenclaturalStatusType eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.preservationMethod eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.ranks eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.specimenTypeDesignationStatus eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.stage eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.taxonomic eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.preferences.typeDesignation eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.reporting.viewPart eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.authentication.trim.toolbar eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.change eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.close eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.create eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.edit eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.separator eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.separator2 eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.datasource.update eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.definedTermEditorMenu eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.operations.showLoginWindow eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.showViewMenu.details eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.store.showViewMenu.internal eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.datasource eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.derivateSearch.DerivateSearchView eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.detail eu.etaxonomy.taxeditor.store/eu.etaxonomy.taxeditor.view.supplementalData eu.etaxonomy.taxeditor.store/org.eclipse.core.internal.registry.ConfigurationElementHandle@2013 eu.etaxonomy.taxeditor.store/org.eclipse.ui.edit.delete eu.etaxonomy.taxeditor.store/org.eclipse.ui.views.showView eu.etaxonomy.taxeditor.store/taxeditor-store.page1
Updated by Katja Luther about 2 years ago · 6 revisions