Přípraveny práva pro agendu "Požadavky". Upraven PermissionEvaluator-

kontrola práv na agendách přemístěna do privátní metody. Opravena notifikace změny property ableToDelete. refs #100
2014-06-23 15:39:49 +02:00
parent bb1ce6514e
commit 4a55467e1e
8 changed files with 74 additions and 30 deletions
@@ -102,6 +102,12 @@ public class AppInitListener implements ServletContextListener {
 				}
 			}
 		}
 		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
 			if (permService.getPermissionByModule(p.getModule(), p.getAuthority()) == null) {
 				permService.add(p);
 			}
 		}
 	}
 	private void checkAllAdminRights()
@@ -1,6 +1,7 @@
 package info.bukova.isspst;
 import info.bukova.isspst.data.Permission;
 import info.bukova.isspst.data.PermissionType;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.reporting.Report;
 import info.bukova.isspst.reporting.ReportMapping;
@@ -55,6 +56,7 @@ public class Constants {
 	public final static String MOD_MUNITS = "MUNITS";
 	public final static String MOD_MATERIAL = "MATERIAL";
 	public final static String MOD_WORKGROUPS = "WORKGROUPS";
 	public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
 	public final static Module MODULES[] = {
 		new Module(MOD_USERS, "Uživatelé", UserService.class),
 		new Module(MOD_PERMISSIONS, "Práva", RoleService.class),
@@ -62,7 +64,26 @@ public class Constants {
 		new Module(MOD_BUILDINGS, "Budovy", BuildingService.class),
 		new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class),
 		new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
-		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class)
+		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
 		new Module(MOD_REQUIREMENTS, "Požadavky", null)
 		};
 	public final static String PERM_APPROVE_WORKGROUP = "PERM_APPROVE_WORKGROUP";
 	public final static String PERM_APPROVE_CENTRE = "PERM_APPROVE_CENTRE";
 	public final static String PERM_APPROVE_LIMIT = "PERM_APPROVE_LIMIT";
 	public final static String PERM_APPROVE_FINAL = "PERM_APPROVE_FINAL";
 	public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ";
 	public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
 	public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
 	public final static Permission SPECIAL_PERMISSIONS[] = {
 		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
 		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_APPROVE_WORKGROUP, "Schválení v komisi", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
 		new Permission(PERM_APPROVE_CENTRE, "Schválení ve středisku", MOD_REQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_APPROVE_LIMIT, "Schválení nadlimitních", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_APPROVE_FINAL, "Konečné schválení", MOD_REQUIREMENTS, PermissionType.CENTRE),
 	};
 	public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";
@@ -18,7 +18,6 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 	public boolean hasPermission(Authentication authentication,
 			Object targetDomainObject, Object permission) {
 		List<Role> perms = (List<Role>) authentication.getAuthorities();
 		String moduleId = "";
 		String perm = "";
 		if (permission instanceof String) {
@@ -27,8 +26,25 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 		if (targetDomainObject instanceof Service<?>)
 		{
 			return evaluateGlobal((Service<?>) targetDomainObject, perm, perms);
 		}
 		return false;
 	}
 	@Override
 	public boolean hasPermission(Authentication authentication,
 			Serializable targetId, String targetType, Object permission) {
 		return false;
 	}
 	private boolean evaluateGlobal(Service<?> service, String permission, List<Role> perms) {
 		String moduleId = "";
 		String perm = "";
 		for (Module m : Constants.MODULES) {
-				if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(service.getClass())) {
 				moduleId = m.getId();
 			}
 		}
@@ -46,15 +62,8 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 				return true;
 			}
 		}
 		}
 		return false;
 	}
 	@Override
 	public boolean hasPermission(Authentication authentication,
 			Serializable targetId, String targetType, Object permission) {
 		return false;
 	}
 }
@@ -206,7 +206,7 @@ public class ListViewModel<T extends DataModel> {
 	}
 	@GlobalCommand
-	@NotifyChange({ "dataList", "dataBean" })
+	@NotifyChange({ "dataList", "dataBean", "ableToDelete" })
 	public void refresh() {
 		if (editBean != null && !editBean.isValid()) {
 			return;
@@ -8,6 +8,7 @@ import java.util.Map;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
 import info.bukova.isspst.data.Workgroup;
 import info.bukova.isspst.services.users.UserService;
 import info.bukova.isspst.services.workgroups.WorkgroupService;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -18,12 +19,19 @@ public class DashBoardVM {
 	@WireVariable
 	private WorkgroupService workgroupService;
 	@WireVariable
 	private UserService userService;
 	private User user;
 	private Map<Workgroup, List<Role>> groupRoles;
 	@Init
 	public void init() {
 		user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
 		if (user.getParents() == null) { // try reload from DB
 			user = userService.getCurrent();
 		}
 		groupRoles = new HashMap<Workgroup, List<Role>>();
 		List<Workgroup> wg = new ArrayList<Workgroup>();
@@ -36,14 +36,14 @@ public class UsersList extends ListViewModel<User> {
 	}
 	@Override
-	@NotifyChange({"permissions", "dataBean"})
+	@NotifyChange({"permissions", "dataBean", "ableToDelete"})
 	public void setDataBean(User user) {
 		super.setDataBean(user);
 	}
 	@Override
 	@GlobalCommand
-	@NotifyChange({"dataList", "dataBean", "permissions"})
+	@NotifyChange({"dataList", "dataBean", "permissions", "ableToDelete"})
 	public void refresh() {
 		super.refresh();
 	}
@@ -80,7 +80,7 @@ public class UsersList extends ListViewModel<User> {
 			return false;
 		}
-		if (getDataBean().getUsername() == "admin")
+		if (getDataBean().getUsername().equals(Constants.DEF_ADMIN))
 		{
 			return false;
 		}
@@ -40,14 +40,14 @@ public class WorkgroupList extends ListViewModel<Workgroup> {
 		return null;
 	}
-	@NotifyChange({"dataBean", "workgroupTreeModel"})
+	@NotifyChange({"dataBean", "workgroupTreeModel", "ableToDelete"})
 	public void setDataBean(Workgroup data) {
 		super.setDataBean(data);
 	}
 	@Override
 	@GlobalCommand
-	@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel" })
+	@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel", "ableToDelete" })
 	public void refresh() {
 		super.refresh();
 	}
@@ -1,6 +1,6 @@
 <?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?>
 <zk>
-<window id="editWin" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer"
+<window id="editWin" border="normal" closable="true" width="750px" apply="org.zkoss.bind.BindComposer"
 	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
 	<caption zclass="form-caption" label="${labels.AgendaRights}" />
 	<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
@@ -9,9 +9,9 @@
 			<checkbox label="Práva středisek" checked="@bind(vm.dataBean.centre)"/>
 		</hbox>
-	<vbox children="@load(vm.modules)" width="530px">
+	<vbox children="@load(vm.modules)" width="730px">
 		<template name="children" var="module">
-			<groupbox closable="false" mold="3d" width="530px">
+			<groupbox closable="false" mold="3d" width="730px">
 				<caption label="@load(module.name)"/>
 				<hbox children="@load(vm.rolePerms.permissionChecks)">
 					<template name="children" var="perm">