Systém přístupových práv

src/main/webapp/WEB-INF/jdbc.properties

@@ -1,5 +1,5 @@
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.dialect=org.hibernate.dialect.MySQLDialect
-jdbc.databaseurl=jdbc:mysql://127.0.0.1:3306/isspst
+jdbc.databaseurl=jdbc:mysql://127.0.0.1:3306/isspst?characterEncoding=utf8
 jdbc.username=root
 jdbc.password=xsacfgd

src/main/webapp/WEB-INF/spring/root-context.xml

@@ -50,11 +50,23 @@
     </bean>
     
     <!-- Security -->
-    <security:global-method-security secured-annotations="enabled" />
+    <security:global-method-security pre-post-annotations="enabled">
+		<security:expression-handler ref="expressionHandler" />
+	</security:global-method-security>
+ 
+
+	<bean id="expressionHandler"
+  		class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
+		<property name="permissionEvaluator" ref="permissionEvaluator" />
+	</bean>
+	
+	<bean id="permissionEvaluator" class="info.bukova.isspst.IsspstPermissionEvaluator"/>
     
-	<security:http auto-config="true">
-		<security:intercept-url pattern="/app/**" access="ROLE_USER, ROLE_ADMIN"/>
-		<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
+	<security:http auto-config="true" use-expressions="true">
+		<security:intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>
+		<security:intercept-url pattern="/admin/users/**" access="hasRole('ROLE_ADMIN')"/>
+		<security:intercept-url pattern="/admin/permissions/**" access="hasRole('ROLE_ADMIN')"/>
+		<security:intercept-url pattern="/admin/addressbook/**" access="hasRole('PERM_READ_ADDRESSBOOK')"/>
 		<security:form-login login-page="/login.zhtml"
 			authentication-failure-handler-ref="loginFail"/>
 		<security:http-basic/>
@@ -96,6 +108,10 @@
     	<property name="sessionFactory" ref="sessionFactory"/>
     </bean>
     
+    <bean id="permissionDao" class="info.bukova.isspst.dao.jpa.PermissionDaoJPA">
+    	<property name="sessionFactory" ref="sessionFactory"/>
+    </bean>
+    
     <!-- Business logic -->
     <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"/>
     
@@ -137,5 +153,9 @@
 	<bean id="unmarshallerAres" class="org.castor.spring.xml.CastorUnmarshallerFactoryBean">
 		<property name="xmlContext" ref="xmlCtxAres"/>
 	</bean>
+	
+	<bean id="permissionService" class="info.bukova.isspst.services.users.PermissionServiceImpl">
+		<property name="dao" ref="permissionDao"/>
+	</bean>
 		
 </beans>

src/main/webapp/admin/permissions/index.zul

@@ -0,0 +1,10 @@
+<?page title="Uživatelé" contentType="text/html;charset=UTF-8"?>
+<zk>
+
+<zscript>
+	String gridZul = "permissions.zul";
+</zscript>
+
+<include src="../../app/template.zhtml"/>
+
+</zk>

src/main/webapp/admin/permissions/permForm.zul

@@ -0,0 +1,24 @@
+<?page title="Uživatel" contentType="text/html;charset=UTF-8"?>
+<zk>
+<window id="editWin" title="Uživatel" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer"
+	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
+	<style src="/app/form.css"/>
+	
+	<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
+
+	<vbox children="@load(vm.modules)" width="530px">
+		<template name="children" var="module">
+			<groupbox closable="false" mold="3d" width="530px">
+				<caption label="@load(module.name)"/>
+				<hbox children="@load(vm.rolePerms.permissionChecks)">
+					<template name="children" var="perm">
+						<checkbox label="@load(perm.permission.description)" checked="@bind(perm.checked)" visible="@load(perm.permission.module eq module.id)"/>
+					</template>
+				</hbox>
+			</groupbox>
+		</template>
+	</vbox>
+	
+	<include src="/app/formButtons.zul"/>
+</window>
+</zk>

src/main/webapp/admin/permissions/permissions.zul

@@ -0,0 +1,42 @@
+<?page title="Práva" contentType="text/html;charset=UTF-8"?>
+<zk>
+<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
+<window title="Práva" border="normal" apply="org.zkoss.bind.BindComposer"
+	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionsList')" height="570px">
+	
+	<toolbar>
+		<toolbarbutton image="/img/edit.png" tooltiptext="Upravit" id="btnEdit" onClick="@command('edit')" disabled="@load(empty vm.dataBean ? 'true' : 'false')"/>
+	</toolbar>
+	
+	<hbox width="100%">	
+	<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" width="300px">
+		<listhead>
+			<listheader label="Role"/>
+		</listhead>
+		<template name="model">
+			<listitem>
+				<listcell label="@load(each.description)"/>
+			</listitem>
+		</template>
+	</listbox>
+	<panel hflex="1" height="480px">
+		<panelchildren style="overflow:auto;">
+			<label value="Práva modulů:" style="font-weight: bold;"/>
+			<vbox children="@load(vm.modules)" hflex="1">
+				<template name="children" var="module">
+					<groupbox closable="false" mold="3d" hflex="1">
+						<caption label="@load(module.name)"/>
+						<hbox children="@load(vm.dataBean.permissions)">
+							<template name="children" var="perm">
+								<label value="@load(perm.description.concat(', '))" visible="@load(module.id eq perm.module)"/>
+							</template>
+						</hbox>
+					</groupbox>
+				</template>	
+			</vbox>
+		</panelchildren>
+	</panel>
+	</hbox>
+		
+</window>
+</zk>

src/main/webapp/admin/users/users.zul

@@ -5,8 +5,9 @@
 	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.UsersList')" height="570px">
 	
 	<include src="/app/toolbar.zul"/>
-		
-	<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)">
+	
+	<hbox width="100%" height="500px">	
+	<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" width="650px" height="480px">
 		<auxhead sclass="category-center" visible="@load(vm.filter)">
             <auxheader>
             	<image src="/img/funnel.png" />
@@ -40,6 +41,26 @@
 			</listitem>
 		</template>
 	</listbox>
+	<panel hflex="1" height="480px" width="70%">
+		<panelchildren style="overflow:auto;">
+		<label value="Efektivní práva:" style="font-weight: bold;"/>
+		<vbox children="@load(vm.modules)" hflex="1">
+			<template name="children" var="module">
+				<groupbox closable="false" mold="3d" hflex="1">
+					<caption label="@load(module.name)"/>
+					<hbox children="@load(vm.permissions)">
+						<template name="children" var="perm">
+							<label value="@load(perm.description.concat(', '))" visible="@load(module.id eq perm.module)"/>
+						</template>				
+					</hbox>
+				</groupbox>
+			</template>
+		</vbox>
+		</panelchildren>
+		
+	</panel>
+	
+	</hbox>
 		
 </window>
 </zk>

src/main/webapp/app/navigation.zul

@@ -27,11 +27,12 @@
 		</tabpanel>
 		<tabpanel>
 			<menubar orient="vertical">
-				<menuitem label="Uživatelé" href="/admin/users" width="120px"/>
+				<menuitem label="Uživatelé" href="/admin/users" disabled="${not sec:isAllGranted('ROLE_ADMIN')}" width="120px"/>
+				<menuitem label="Práva" href="/admin/permissions" disabled="${not sec:isAllGranted('ROLE_ADMIN')}"/>
 				<menuitem label="Střediska" href="/admin/users" disabled="${not sec:isAllGranted('ROLE_ADMIN')}"/>
-				<menuitem label="${labels.AgendaBuildings}" href="/buildings"/>
+				<menuitem label="${labels.AgendaBuildings}" href="/buildings" disabled="${not sec:isAllGranted('PERM_READ_BUILDINGS')}"/>
 				<menuitem label="Místnosti" href="/admin/users"/>
-				<menuitem label="Dodavatelé" href="/admin/addressbook"/>
+				<menuitem label="Dodavatelé" href="/admin/addressbook" disabled="${not sec:isAllGranted('PERM_READ_ADDRESSBOOK')}"/>
 			</menubar>
 		</tabpanel>
 		<tabpanel>