IS_Trebic
/
isspst
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Přípraveny práva pro agendu "Požadavky". Upraven PermissionEvaluator-

Browse Source 
kontrola práv na agendách přemístěna do privátní metody. Opravena
notifikace změny property ableToDelete. 
refs #100
multitenant
Josef Rokos 11 years ago
parent bb1ce6514e
commit 4a55467e1e
8 changed files with 74 additions and 30 deletions
Show Stats Download Patch File Download Diff File

6
src/main/java/info/bukova/isspst/AppInitListener.java
Unescape Escape View File

@ -102,6 +102,12 @@ public class AppInitListener implements ServletContextListener {
} }
} }
} }
for (Permission p : Constants.SPECIAL_PERMISSIONS) {
if (permService.getPermissionByModule(p.getModule(), p.getAuthority()) == null) {
permService.add(p);
}
}
} }
private void checkAllAdminRights() private void checkAllAdminRights()

23
src/main/java/info/bukova/isspst/Constants.java
Unescape Escape View File

@ -1,6 +1,7 @@
package info.bukova.isspst; package info.bukova.isspst;
import info.bukova.isspst.data.Permission; import info.bukova.isspst.data.Permission;
import info.bukova.isspst.data.PermissionType;
import info.bukova.isspst.data.Role; import info.bukova.isspst.data.Role;
import info.bukova.isspst.reporting.Report; import info.bukova.isspst.reporting.Report;
import info.bukova.isspst.reporting.ReportMapping; import info.bukova.isspst.reporting.ReportMapping;
@ -55,6 +56,7 @@ public class Constants {
public final static String MOD_MUNITS = "MUNITS"; public final static String MOD_MUNITS = "MUNITS";
public final static String MOD_MATERIAL = "MATERIAL"; public final static String MOD_MATERIAL = "MATERIAL";
public final static String MOD_WORKGROUPS = "WORKGROUPS"; public final static String MOD_WORKGROUPS = "WORKGROUPS";
public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
public final static Module MODULES[] = { public final static Module MODULES[] = {
new Module(MOD_USERS, "Uživatelé", UserService.class), new Module(MOD_USERS, "Uživatelé", UserService.class),
new Module(MOD_PERMISSIONS, "Práva", RoleService.class), new Module(MOD_PERMISSIONS, "Práva", RoleService.class),
@ -62,7 +64,26 @@ public class Constants {
new Module(MOD_BUILDINGS, "Budovy", BuildingService.class), new Module(MOD_BUILDINGS, "Budovy", BuildingService.class),
new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class), new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class),
new Module(MOD_MATERIAL, "Materiál", MaterialService.class), new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class) new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
new Module(MOD_REQUIREMENTS, "Požadavky", null)
};
public final static String PERM_APPROVE_WORKGROUP = "PERM_APPROVE_WORKGROUP";
public final static String PERM_APPROVE_CENTRE = "PERM_APPROVE_CENTRE";
public final static String PERM_APPROVE_LIMIT = "PERM_APPROVE_LIMIT";
public final static String PERM_APPROVE_FINAL = "PERM_APPROVE_FINAL";
public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ";
public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
public final static Permission SPECIAL_PERMISSIONS[] = {
new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
new Permission(PERM_APPROVE_WORKGROUP, "Schválení v komisi", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
new Permission(PERM_APPROVE_CENTRE, "Schválení ve středisku", MOD_REQUIREMENTS, PermissionType.CENTRE),
new Permission(PERM_APPROVE_LIMIT, "Schválení nadlimitních", MOD_REQUIREMENTS, PermissionType.GLOBAL),
new Permission(PERM_APPROVE_FINAL, "Konečné schválení", MOD_REQUIREMENTS, PermissionType.CENTRE),
}; };
public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava"; public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";

27
src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java
Unescape Escape View File

@ -18,7 +18,6 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
public boolean hasPermission(Authentication authentication, public boolean hasPermission(Authentication authentication,
Object targetDomainObject, Object permission) { Object targetDomainObject, Object permission) {
List<Role> perms = (List<Role>) authentication.getAuthorities(); List<Role> perms = (List<Role>) authentication.getAuthorities();
String moduleId = "";
String perm = ""; String perm = "";
if (permission instanceof String) { if (permission instanceof String) {
@ -27,8 +26,25 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
if (targetDomainObject instanceof Service<?>) if (targetDomainObject instanceof Service<?>)
{ {
return evaluateGlobal((Service<?>) targetDomainObject, perm, perms);
}
return false;
}
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Object permission) {
return false;
}
private boolean evaluateGlobal(Service<?> service, String permission, List<Role> perms) {
String moduleId = "";
String perm = "";
for (Module m : Constants.MODULES) { for (Module m : Constants.MODULES) {
if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) { if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(service.getClass())) {
moduleId = m.getId(); moduleId = m.getId();
} }
} }
@ -46,15 +62,8 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
return true; return true;
} }
} }
}
return false; return false;
} }
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Object permission) {
return false;
}
} }

2
src/main/java/info/bukova/isspst/ui/ListViewModel.java
Unescape Escape View File

@ -206,7 +206,7 @@ public class ListViewModel<T extends DataModel> {
} }
@GlobalCommand @GlobalCommand
@NotifyChange({ "dataList", "dataBean" }) @NotifyChange({ "dataList", "dataBean", "ableToDelete" })
public void refresh() { public void refresh() {
if (editBean != null && !editBean.isValid()) { if (editBean != null && !editBean.isValid()) {
return; return;

8
src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java
Unescape Escape View File

@ -8,6 +8,7 @@ import java.util.Map;
import info.bukova.isspst.data.Role; import info.bukova.isspst.data.Role;
import info.bukova.isspst.data.User; import info.bukova.isspst.data.User;
import info.bukova.isspst.data.Workgroup; import info.bukova.isspst.data.Workgroup;
import info.bukova.isspst.services.users.UserService;
import info.bukova.isspst.services.workgroups.WorkgroupService; import info.bukova.isspst.services.workgroups.WorkgroupService;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
@ -18,12 +19,19 @@ public class DashBoardVM {
@WireVariable @WireVariable
private WorkgroupService workgroupService; private WorkgroupService workgroupService;
@WireVariable
private UserService userService;
private User user; private User user;
private Map<Workgroup, List<Role>> groupRoles; private Map<Workgroup, List<Role>> groupRoles;
@Init @Init
public void init() { public void init() {
user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal()); user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
if (user.getParents() == null) { // try reload from DB
user = userService.getCurrent();
}
groupRoles = new HashMap<Workgroup, List<Role>>(); groupRoles = new HashMap<Workgroup, List<Role>>();
List<Workgroup> wg = new ArrayList<Workgroup>(); List<Workgroup> wg = new ArrayList<Workgroup>();

6
src/main/java/info/bukova/isspst/ui/users/UsersList.java
Unescape Escape View File

@ -36,14 +36,14 @@ public class UsersList extends ListViewModel<User> {
} }
@Override @Override
@NotifyChange({"permissions", "dataBean"}) @NotifyChange({"permissions", "dataBean", "ableToDelete"})
public void setDataBean(User user) { public void setDataBean(User user) {
super.setDataBean(user); super.setDataBean(user);
} }
@Override @Override
@GlobalCommand @GlobalCommand
@NotifyChange({"dataList", "dataBean", "permissions"}) @NotifyChange({"dataList", "dataBean", "permissions", "ableToDelete"})
public void refresh() { public void refresh() {
super.refresh(); super.refresh();
} }
@ -80,7 +80,7 @@ public class UsersList extends ListViewModel<User> {
return false; return false;
} }
if (getDataBean().getUsername() == "admin") if (getDataBean().getUsername().equals(Constants.DEF_ADMIN))
{ {
return false; return false;
} }

4
src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java
Unescape Escape View File

@ -40,14 +40,14 @@ public class WorkgroupList extends ListViewModel<Workgroup> {
return null; return null;
} }
@NotifyChange({"dataBean", "workgroupTreeModel"}) @NotifyChange({"dataBean", "workgroupTreeModel", "ableToDelete"})
public void setDataBean(Workgroup data) { public void setDataBean(Workgroup data) {
super.setDataBean(data); super.setDataBean(data);
} }
@Override @Override
@GlobalCommand @GlobalCommand
@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel" }) @NotifyChange({ "dataList", "dataBean", "workgroupTreeModel", "ableToDelete" })
public void refresh() { public void refresh() {
super.refresh(); super.refresh();
} }

6
src/main/webapp/admin/permissions/permForm.zul
Unescape Escape View File

@ -1,6 +1,6 @@
<?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?> <?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?>
<zk> <zk>
<window id="editWin" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer" <window id="editWin" border="normal" closable="true" width="750px" apply="org.zkoss.bind.BindComposer"
viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')"> viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
<caption zclass="form-caption" label="${labels.AgendaRights}" /> <caption zclass="form-caption" label="${labels.AgendaRights}" />
<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/> <label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
@ -9,9 +9,9 @@
<checkbox label="Práva středisek" checked="@bind(vm.dataBean.centre)"/> <checkbox label="Práva středisek" checked="@bind(vm.dataBean.centre)"/>
</hbox> </hbox>
<vbox children="@load(vm.modules)" width="530px"> <vbox children="@load(vm.modules)" width="730px">
<template name="children" var="module"> <template name="children" var="module">
<groupbox closable="false" mold="3d" width="530px"> <groupbox closable="false" mold="3d" width="730px">
<caption label="@load(module.name)"/> <caption label="@load(module.name)"/>
<hbox children="@load(vm.rolePerms.permissionChecks)"> <hbox children="@load(vm.rolePerms.permissionChecks)">
<template name="children" var="perm"> <template name="children" var="perm">

Write Preview
Loading…
Cancel
Save