Přípraveny práva pro agendu "Požadavky". Upraven PermissionEvaluator-

kontrola práv na agendách přemístěna do privátní metody. Opravena
notifikace změny property ableToDelete. 
refs #100
multitenant
Josef Rokos 11 years ago
parent bb1ce6514e
commit 4a55467e1e

@ -102,6 +102,12 @@ public class AppInitListener implements ServletContextListener {
}
}
}
for (Permission p : Constants.SPECIAL_PERMISSIONS) {
if (permService.getPermissionByModule(p.getModule(), p.getAuthority()) == null) {
permService.add(p);
}
}
}
private void checkAllAdminRights()

@ -1,6 +1,7 @@
package info.bukova.isspst;
import info.bukova.isspst.data.Permission;
import info.bukova.isspst.data.PermissionType;
import info.bukova.isspst.data.Role;
import info.bukova.isspst.reporting.Report;
import info.bukova.isspst.reporting.ReportMapping;
@ -55,6 +56,7 @@ public class Constants {
public final static String MOD_MUNITS = "MUNITS";
public final static String MOD_MATERIAL = "MATERIAL";
public final static String MOD_WORKGROUPS = "WORKGROUPS";
public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
public final static Module MODULES[] = {
new Module(MOD_USERS, "Uživatelé", UserService.class),
new Module(MOD_PERMISSIONS, "Práva", RoleService.class),
@ -62,7 +64,26 @@ public class Constants {
new Module(MOD_BUILDINGS, "Budovy", BuildingService.class),
new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class),
new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class)
new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
new Module(MOD_REQUIREMENTS, "Požadavky", null)
};
public final static String PERM_APPROVE_WORKGROUP = "PERM_APPROVE_WORKGROUP";
public final static String PERM_APPROVE_CENTRE = "PERM_APPROVE_CENTRE";
public final static String PERM_APPROVE_LIMIT = "PERM_APPROVE_LIMIT";
public final static String PERM_APPROVE_FINAL = "PERM_APPROVE_FINAL";
public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ";
public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
public final static Permission SPECIAL_PERMISSIONS[] = {
new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
new Permission(PERM_APPROVE_WORKGROUP, "Schválení v komisi", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
new Permission(PERM_APPROVE_CENTRE, "Schválení ve středisku", MOD_REQUIREMENTS, PermissionType.CENTRE),
new Permission(PERM_APPROVE_LIMIT, "Schválení nadlimitních", MOD_REQUIREMENTS, PermissionType.GLOBAL),
new Permission(PERM_APPROVE_FINAL, "Konečné schválení", MOD_REQUIREMENTS, PermissionType.CENTRE),
};
public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";

@ -18,7 +18,6 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
public boolean hasPermission(Authentication authentication,
Object targetDomainObject, Object permission) {
List<Role> perms = (List<Role>) authentication.getAuthorities();
String moduleId = "";
String perm = "";
if (permission instanceof String) {
@ -27,8 +26,25 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
if (targetDomainObject instanceof Service<?>)
{
return evaluateGlobal((Service<?>) targetDomainObject, perm, perms);
}
return false;
}
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Object permission) {
return false;
}
private boolean evaluateGlobal(Service<?> service, String permission, List<Role> perms) {
String moduleId = "";
String perm = "";
for (Module m : Constants.MODULES) {
if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(service.getClass())) {
moduleId = m.getId();
}
}
@ -46,15 +62,8 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
return true;
}
}
}
return false;
}
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Object permission) {
return false;
}
}

@ -206,7 +206,7 @@ public class ListViewModel<T extends DataModel> {
}
@GlobalCommand
@NotifyChange({ "dataList", "dataBean" })
@NotifyChange({ "dataList", "dataBean", "ableToDelete" })
public void refresh() {
if (editBean != null && !editBean.isValid()) {
return;

@ -8,6 +8,7 @@ import java.util.Map;
import info.bukova.isspst.data.Role;
import info.bukova.isspst.data.User;
import info.bukova.isspst.data.Workgroup;
import info.bukova.isspst.services.users.UserService;
import info.bukova.isspst.services.workgroups.WorkgroupService;
import org.springframework.security.core.context.SecurityContextHolder;
@ -18,12 +19,19 @@ public class DashBoardVM {
@WireVariable
private WorkgroupService workgroupService;
@WireVariable
private UserService userService;
private User user;
private Map<Workgroup, List<Role>> groupRoles;
@Init
public void init() {
user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
if (user.getParents() == null) { // try reload from DB
user = userService.getCurrent();
}
groupRoles = new HashMap<Workgroup, List<Role>>();
List<Workgroup> wg = new ArrayList<Workgroup>();

@ -36,14 +36,14 @@ public class UsersList extends ListViewModel<User> {
}
@Override
@NotifyChange({"permissions", "dataBean"})
@NotifyChange({"permissions", "dataBean", "ableToDelete"})
public void setDataBean(User user) {
super.setDataBean(user);
}
@Override
@GlobalCommand
@NotifyChange({"dataList", "dataBean", "permissions"})
@NotifyChange({"dataList", "dataBean", "permissions", "ableToDelete"})
public void refresh() {
super.refresh();
}
@ -80,7 +80,7 @@ public class UsersList extends ListViewModel<User> {
return false;
}
if (getDataBean().getUsername() == "admin")
if (getDataBean().getUsername().equals(Constants.DEF_ADMIN))
{
return false;
}

@ -40,14 +40,14 @@ public class WorkgroupList extends ListViewModel<Workgroup> {
return null;
}
@NotifyChange({"dataBean", "workgroupTreeModel"})
@NotifyChange({"dataBean", "workgroupTreeModel", "ableToDelete"})
public void setDataBean(Workgroup data) {
super.setDataBean(data);
}
@Override
@GlobalCommand
@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel" })
@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel", "ableToDelete" })
public void refresh() {
super.refresh();
}

@ -1,6 +1,6 @@
<?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?>
<zk>
<window id="editWin" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer"
<window id="editWin" border="normal" closable="true" width="750px" apply="org.zkoss.bind.BindComposer"
viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
<caption zclass="form-caption" label="${labels.AgendaRights}" />
<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
@ -9,9 +9,9 @@
<checkbox label="Práva středisek" checked="@bind(vm.dataBean.centre)"/>
</hbox>
<vbox children="@load(vm.modules)" width="530px">
<vbox children="@load(vm.modules)" width="730px">
<template name="children" var="module">
<groupbox closable="false" mold="3d" width="530px">
<groupbox closable="false" mold="3d" width="730px">
<caption label="@load(module.name)"/>
<hbox children="@load(vm.rolePerms.permissionChecks)">
<template name="children" var="perm">

Loading…
Cancel
Save