Přípraveny práva pro agendu "Požadavky". Upraven PermissionEvaluator-

kontrola práv na agendách přemístěna do privátní metody. Opravena notifikace změny property ableToDelete. refs #100
11 years ago · 4a55467e1e
parent bb1ce6514e
commit 4a55467e1e
8 changed files with 74 additions and 30 deletions
--- a/src/main/java/info/bukova/isspst/AppInitListener.java
+++ b/src/main/java/info/bukova/isspst/AppInitListener.java
@ -102,6 +102,12 @@ public class AppInitListener implements ServletContextListener {
 				}
 			}
 		}
+		
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (permService.getPermissionByModule(p.getModule(), p.getAuthority()) == null) {
+				permService.add(p);
+			}
+		}
 	}
 	
 	private void checkAllAdminRights()
--- a/src/main/java/info/bukova/isspst/Constants.java
+++ b/src/main/java/info/bukova/isspst/Constants.java
@ -1,6 +1,7 @@
 package info.bukova.isspst;

 import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.reporting.Report;
 import info.bukova.isspst.reporting.ReportMapping;
@ -55,6 +56,7 @@ public class Constants {
 	public final static String MOD_MUNITS = "MUNITS";
 	public final static String MOD_MATERIAL = "MATERIAL";
 	public final static String MOD_WORKGROUPS = "WORKGROUPS";
+	public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
 	public final static Module MODULES[] = {
 		new Module(MOD_USERS, "Uživatelé", UserService.class),
 		new Module(MOD_PERMISSIONS, "Práva", RoleService.class),
@ -62,9 +64,28 @@ public class Constants {
 		new Module(MOD_BUILDINGS, "Budovy", BuildingService.class),
 		new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class),
 		new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
-		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class)
+		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
+		new Module(MOD_REQUIREMENTS, "Požadavky", null)
 		};
 	
+	public final static String PERM_APPROVE_WORKGROUP = "PERM_APPROVE_WORKGROUP";
+	public final static String PERM_APPROVE_CENTRE = "PERM_APPROVE_CENTRE";
+	public final static String PERM_APPROVE_LIMIT = "PERM_APPROVE_LIMIT";
+	public final static String PERM_APPROVE_FINAL = "PERM_APPROVE_FINAL";
+	public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ";
+	public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
+	public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
+	
+	public final static Permission SPECIAL_PERMISSIONS[] = {
+		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
+		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
+		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
+		new Permission(PERM_APPROVE_WORKGROUP, "Schválení v komisi", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
+		new Permission(PERM_APPROVE_CENTRE, "Schválení ve středisku", MOD_REQUIREMENTS, PermissionType.CENTRE),
+		new Permission(PERM_APPROVE_LIMIT, "Schválení nadlimitních", MOD_REQUIREMENTS, PermissionType.GLOBAL),
+		new Permission(PERM_APPROVE_FINAL, "Konečné schválení", MOD_REQUIREMENTS, PermissionType.CENTRE),
+	};
+	
 	public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";
 	public final static ReportMapping REPORTS[] = {
 		new ReportMapping(MOD_ADDRESSBOOK, new Report("Adresní karty", "address")),
--- a/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java
+++ b/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java
@ -18,7 +18,6 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 	public boolean hasPermission(Authentication authentication,
 			Object targetDomainObject, Object permission) {
 		List<Role> perms = (List<Role>) authentication.getAuthorities();
-		String moduleId = "";
 		String perm = "";
 		
 		if (permission instanceof String) {
@ -27,25 +26,7 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 		
 		if (targetDomainObject instanceof Service<?>)
 		{
-			for (Module m : Constants.MODULES) {
-				if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
-					moduleId = m.getId();
-				}
-			}
-			
-			perm += "_" + moduleId;
-			
-			for (int i = 0; i < perms.size(); i++) {
-				if (!(perms.get(i) instanceof Role)) {
-					return false;
-				}
-				if (perms.get(i).getAuthority().equals(perm)) {
-					return true;
-				}
-				if (perms.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
-					return true;
-				}
-			}
+			return evaluateGlobal((Service<?>) targetDomainObject, perm, perms);
 		}
 		
 		return false;
@ -56,5 +37,33 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator {
 			Serializable targetId, String targetType, Object permission) {
 		return false;
 	}
+	
+	private boolean evaluateGlobal(Service<?> service, String permission, List<Role> perms) {
+		
+		String moduleId = "";
+		String perm = "";
+		
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(service.getClass())) {
+				moduleId = m.getId();
+			}
+		}
+		
+		perm += "_" + moduleId;
+		
+		for (int i = 0; i < perms.size(); i++) {
+			if (!(perms.get(i) instanceof Role)) {
+				return false;
+			}
+			if (perms.get(i).getAuthority().equals(perm)) {
+				return true;
+			}
+			if (perms.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
+				return true;
+			}
+		}
+		
+		return false;
+	}

 }
--- a/src/main/java/info/bukova/isspst/ui/ListViewModel.java
+++ b/src/main/java/info/bukova/isspst/ui/ListViewModel.java
@ -206,7 +206,7 @@ public class ListViewModel<T extends DataModel> {
 	}

 	@GlobalCommand
-	@NotifyChange({ "dataList", "dataBean" })
+	@NotifyChange({ "dataList", "dataBean", "ableToDelete" })
 	public void refresh() {
 		if (editBean != null && !editBean.isValid()) {
 			return;
--- a/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java
+++ b/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java
@ -8,6 +8,7 @@ import java.util.Map;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
 import info.bukova.isspst.data.Workgroup;
+import info.bukova.isspst.services.users.UserService;
 import info.bukova.isspst.services.workgroups.WorkgroupService;

 import org.springframework.security.core.context.SecurityContextHolder;
@ -18,12 +19,19 @@ public class DashBoardVM {
 	
 	@WireVariable
 	private WorkgroupService workgroupService;
+	@WireVariable
+	private UserService userService;
 	private User user;
 	private Map<Workgroup, List<Role>> groupRoles;
 	
 	@Init
 	public void init() {
 		user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
+		
+		if (user.getParents() == null) { // try reload from DB
+			user = userService.getCurrent();
+		}
+		
 		groupRoles = new HashMap<Workgroup, List<Role>>();
 		
 		List<Workgroup> wg = new ArrayList<Workgroup>();
--- a/src/main/java/info/bukova/isspst/ui/users/UsersList.java
+++ b/src/main/java/info/bukova/isspst/ui/users/UsersList.java
@ -36,14 +36,14 @@ public class UsersList extends ListViewModel<User> {
 	}
 	
 	@Override
-	@NotifyChange({"permissions", "dataBean"})
+	@NotifyChange({"permissions", "dataBean", "ableToDelete"})
 	public void setDataBean(User user) {
 		super.setDataBean(user);
 	}
 	
 	@Override
 	@GlobalCommand
-	@NotifyChange({"dataList", "dataBean", "permissions"})
+	@NotifyChange({"dataList", "dataBean", "permissions", "ableToDelete"})
 	public void refresh() {
 		super.refresh();
 	}
@ -80,7 +80,7 @@ public class UsersList extends ListViewModel<User> {
 			return false;
 		}
 		
-		if (getDataBean().getUsername() == "admin")
+		if (getDataBean().getUsername().equals(Constants.DEF_ADMIN))
 		{
 			return false;
 		}
--- a/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java
+++ b/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java
@ -40,14 +40,14 @@ public class WorkgroupList extends ListViewModel<Workgroup> {
 		return null;
 	}
 	
-	@NotifyChange({"dataBean", "workgroupTreeModel"})
+	@NotifyChange({"dataBean", "workgroupTreeModel", "ableToDelete"})
 	public void setDataBean(Workgroup data) {
 		super.setDataBean(data);
 	}

 	@Override
 	@GlobalCommand
-	@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel" })
+	@NotifyChange({ "dataList", "dataBean", "workgroupTreeModel", "ableToDelete" })
 	public void refresh() {
 		super.refresh();
 	}
--- a/src/main/webapp/admin/permissions/permForm.zul
+++ b/src/main/webapp/admin/permissions/permForm.zul
@ -1,6 +1,6 @@
 <?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?>
 <zk>
-<window id="editWin" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer"
+<window id="editWin" border="normal" closable="true" width="750px" apply="org.zkoss.bind.BindComposer"
 	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
 	<caption zclass="form-caption" label="${labels.AgendaRights}" />
 	<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
@ -9,9 +9,9 @@
 			<checkbox label="Práva středisek" checked="@bind(vm.dataBean.centre)"/>
 		</hbox>
 	
-	<vbox children="@load(vm.modules)" width="530px">
+	<vbox children="@load(vm.modules)" width="730px">
 		<template name="children" var="module">
-			<groupbox closable="false" mold="3d" width="530px">
+			<groupbox closable="false" mold="3d" width="730px">
 				<caption label="@load(module.name)"/>
 				<hbox children="@load(vm.rolePerms.permissionChecks)">
 					<template name="children" var="perm">