Přidáno oprávnění pro úpravy neschválených požadavků.

refs #129

src/main/java/info/bukova/isspst/Constants.java

@@ -86,13 +86,16 @@ public class Constants {
 	public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ";
 	public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
 	public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
+	public final static String PERM_EDIT_NEW = "PERM_EDIT_NEW";
 	
 	public final static Permission SPECIAL_PERMISSIONS[] = {
+		new Permission(PERM_EDIT_NEW, "Upravit neschválené", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
 		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_APPROVE, "Schválení", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
 		
+		new Permission(PERM_EDIT_NEW, "Upravit neschválené", MOD_TRIPREQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_TRIPREQUIREMENTS, PermissionType.WORKGROUP),
 		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_TRIPREQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_TRIPREQUIREMENTS, PermissionType.GLOBAL),

src/main/java/info/bukova/isspst/security/AbstractModuleEvaluator.java

@@ -0,0 +1,43 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
+import info.bukova.isspst.data.Role;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public abstract class AbstractModuleEvaluator implements Evaluator {
+	
+	@SuppressWarnings("unchecked")
+	protected boolean hasModulePermission(Authentication authentication, Class<?> serviceClass, String permission) {
+		List<Role> roles = (List<Role>) authentication.getAuthorities();
+		String moduleId = "";
+		String perm = permission;
+		
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(serviceClass)) {
+				moduleId = m.getId();
+				break;
+			}
+		}
+		
+		perm += "_" + moduleId;
+		
+		for (int i = 0; i < roles.size(); i++) {
+			if (!(roles.get(i) instanceof Role)) {
+				return false;
+			}
+			if (roles.get(i).getAuthority().equals(perm)) {
+				return true;
+			}
+			if (roles.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
+				return true;
+			}
+		}
+		
+		return false;
+	}
+
+}

src/main/java/info/bukova/isspst/security/AbstractRequirementEvaluator.java

@@ -0,0 +1,30 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.RequirementBase;
+import info.bukova.isspst.data.RequirementState;
+
+import org.springframework.security.core.Authentication;
+
+public abstract class AbstractRequirementEvaluator extends AbstractModuleEvaluator implements Evaluator {
+	
+	protected abstract Class<?> getServiceClass();
+	
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		
+		if (!hasModulePermission(authentication, getServiceClass(), permission)) {
+			return false;
+		}
+		
+		RequirementBase req = (RequirementBase) targetDomainObject;
+		
+		if (permission.equals(Constants.PERM_EDIT_NEW)) {
+			return req.getState() == RequirementState.NEW;
+		}
+		
+		return true;
+	}
+
+}

src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java

@@ -6,6 +6,8 @@ import info.bukova.isspst.data.PermissionType;
 
 import java.io.Serializable;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
@@ -15,6 +17,8 @@ public class IsPermissionEvaluator implements PermissionEvaluator {
 	@Autowired
 	private EvaluatorsHolder evalHolder;
 	
+	private static final Logger logger = LoggerFactory.getLogger(IsPermissionEvaluator.class);
+
 	@Override
 	public boolean hasPermission(Authentication authentication,
 			Object targetDomainObject, Object permission) {
@@ -26,12 +30,18 @@ public class IsPermissionEvaluator implements PermissionEvaluator {
 			}
 		}
 
+		if (((String)permission).isEmpty()) {
+			return true;
+		}
+		
 		Evaluator eval = evalHolder.getForObject(targetDomainObject, appPermission != null && appPermission.getType() != PermissionType.GLOBAL);
 		
 		if (eval != null) {
 			return eval.evaluate(authentication, targetDomainObject, (String)permission);
 		}
 		
+		logger.warn("Evaluator for " + targetDomainObject.getClass().getName() + "not registred.");
+		
 		return false;
 	}
 

src/main/java/info/bukova/isspst/security/RequirementEvaluator.java

@@ -0,0 +1,13 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.services.requirement.RequirementService;
+
+public class RequirementEvaluator extends AbstractRequirementEvaluator
+		implements Evaluator {
+
+	@Override
+	protected Class<?> getServiceClass() {
+		return RequirementService.class;
+	}
+
+}

src/main/java/info/bukova/isspst/security/ServiceEvaluator.java

@@ -1,46 +1,14 @@
 package info.bukova.isspst.security;
 
-import info.bukova.isspst.Constants;
-import info.bukova.isspst.Module;
-import info.bukova.isspst.data.Role;
-
-import java.util.List;
-
 import org.springframework.security.core.Authentication;
 
-public class ServiceEvaluator implements Evaluator {
+public class ServiceEvaluator extends AbstractModuleEvaluator implements Evaluator {
 
-	@SuppressWarnings("unchecked")
 	@Override
 	public boolean evaluate(Authentication authentication,
 		Object targetDomainObject, String permission) {
 
-		List<Role> roles = (List<Role>) authentication.getAuthorities();
-		String moduleId = "";
-		String perm = permission;
-		
-		for (Module m : Constants.MODULES) {
-			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
-				moduleId = m.getId();
-				break;
-			}
-		}
-		
-		perm += "_" + moduleId;
-		
-		for (int i = 0; i < roles.size(); i++) {
-			if (!(roles.get(i) instanceof Role)) {
-				return false;
-			}
-			if (roles.get(i).getAuthority().equals(perm)) {
-				return true;
-			}
-			if (roles.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
-				return true;
-			}
-		}
-		
-		return false;
+		return hasModulePermission(authentication, targetDomainObject.getClass(), permission);
 	}
 
 }

src/main/java/info/bukova/isspst/security/TripRequirementEvaluator.java

@@ -0,0 +1,13 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.services.requirement.TripRequirementService;
+
+public class TripRequirementEvaluator extends AbstractRequirementEvaluator
+		implements Evaluator {
+
+	@Override
+	protected Class<?> getServiceClass() {
+		return TripRequirementService.class;
+	}
+
+}

src/main/java/info/bukova/isspst/services/AbstractOwnedService.java

@@ -26,7 +26,7 @@ public class AbstractOwnedService<T extends OwnedDataModel> extends AbstractServ
 	
 	@Override
 	@Transactional
-	@PreAuthorize("hasPermission(this, 'PERM_EDIT')")
+	@PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#entity, this.getUpdateEntityPermission())")
 	public void update(T entity) {
 		validate(entity);
 		entity.setModifiedBy(getLoggedInUser());

src/main/java/info/bukova/isspst/services/AbstractService.java

@@ -52,6 +52,10 @@ public abstract class AbstractService<T extends DataModel> implements Service<T>
 		this.dao = dao;
 	}
 	
+	public String getUpdateEntityPermission() {
+		return "";
+	}
+	
 	@Override
 	@PreAuthorize("hasPermission(this, 'PERM_ADD')")
 	public final T create() {
@@ -69,7 +73,7 @@ public abstract class AbstractService<T extends DataModel> implements Service<T>
 	
 	@Override
 	@Transactional
-	@PreAuthorize("hasPermission(this, 'PERM_EDIT')")
+	@PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#entity, this.getUpdateEntityPermission())")
 	public void update(T entity) {
 		validate(entity);
 		entity.setModified(new Date());

src/main/java/info/bukova/isspst/services/requirement/RequirementBaseServiceImpl.java

@@ -1,5 +1,6 @@
 package info.bukova.isspst.services.requirement;
 
+import info.bukova.isspst.Constants;
 import info.bukova.isspst.data.AuthItem;
 import info.bukova.isspst.data.JobMapping;
 import info.bukova.isspst.data.RequirementBase;
@@ -208,7 +209,7 @@ public abstract class RequirementBaseServiceImpl<T extends RequirementBase> exte
 		entity.setState(e.getState());
 		entity.getAuthorization().add(auth);
 		
-		this.update(e);
+		super.update(e);
 		
 		this.sendToApprovers(e);
 		
@@ -321,4 +322,10 @@ public abstract class RequirementBaseServiceImpl<T extends RequirementBase> exte
 		Query q = dao.getQuery("from " + dao.getEntityName() + " as tr join fetch tr.ownedBy order by tr.numser");
 		return q.list();
 	}
+
+	@Override
+	public String getUpdateEntityPermission() {
+		return Constants.PERM_EDIT_NEW;
+	}
+
 }

src/main/webapp/WEB-INF/spring/root-context.xml

@@ -89,10 +89,16 @@
 		<constructor-arg ref="workgroupServiceNoTx"/>
 	</bean>
 	
+	<bean id="reqEditEval" class="info.bukova.isspst.security.RequirementEvaluator"/>
+	
+	<bean id="tripReqEditEval" class="info.bukova.isspst.security.TripRequirementEvaluator"/>
+	
 	<bean id="evalHolder" class="info.bukova.isspst.security.EvaluatorsHolder">
 		<property name="globalEvaluators">
 			<map>
 				<entry key="#{T(info.bukova.isspst.services.Service)}" value-ref="serviceEval"/>
+				<entry key="#{T(info.bukova.isspst.data.Requirement)}" value-ref="reqEditEval"/>
+				<entry key="#{T(info.bukova.isspst.data.TripRequirement)}" value-ref="tripReqEditEval"/>
 			</map>
 		</property>
 		<property name="specialEvaluators">