Systém přístupových práv
parent
acfc0ce17e
commit
bfd9371a35
@ -0,0 +1,55 @@
|
||||
package info.bukova.isspst;
|
||||
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.Service;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.PermissionEvaluator;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
public class IsspstPermissionEvaluator implements PermissionEvaluator {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@Override
|
||||
public boolean hasPermission(Authentication authentication,
|
||||
Object targetDomainObject, Object permission) {
|
||||
List<Role> perms = (List<Role>) authentication.getAuthorities();
|
||||
String moduleId = "";
|
||||
String perm = "";
|
||||
|
||||
if (permission instanceof String) {
|
||||
perm = (String) permission;
|
||||
}
|
||||
|
||||
if (targetDomainObject instanceof Service<?>)
|
||||
{
|
||||
for (Module m : Constants.MODULES) {
|
||||
if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
|
||||
moduleId = m.getId();
|
||||
}
|
||||
}
|
||||
|
||||
perm += "_" + moduleId;
|
||||
|
||||
for (Role r : perms) {
|
||||
if (r.getAuthority().equals(perm)) {
|
||||
return true;
|
||||
}
|
||||
if (r.getAuthority().equals(Constants.ROLE_ADMIN)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasPermission(Authentication authentication,
|
||||
Serializable targetId, String targetType, Object permission) {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,39 @@
|
||||
package info.bukova.isspst;
|
||||
|
||||
public class Module {
|
||||
|
||||
private String id;
|
||||
private String name;
|
||||
private Class<?> serviceClass;
|
||||
|
||||
public Class<?> getServiceClass() {
|
||||
return serviceClass;
|
||||
}
|
||||
|
||||
public void setServiceClass(Class<?> serviceClass) {
|
||||
this.serviceClass = serviceClass;
|
||||
}
|
||||
|
||||
public Module(String id, String name, Class<?> serviceClass) {
|
||||
this.id = id;
|
||||
this.name = name;
|
||||
this.serviceClass = serviceClass;
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(String id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
package info.bukova.isspst.dao;
|
||||
|
||||
import info.bukova.isspst.data.Permission;
|
||||
|
||||
public interface PermissionDao extends BaseDao<Permission> {
|
||||
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
package info.bukova.isspst.dao.jpa;
|
||||
|
||||
import info.bukova.isspst.dao.PermissionDao;
|
||||
import info.bukova.isspst.data.Permission;
|
||||
|
||||
public class PermissionDaoJPA extends BaseDaoJPA<Permission> implements PermissionDao {
|
||||
|
||||
@Override
|
||||
public String getEntityName() {
|
||||
return Permission.class.getSimpleName();
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,69 @@
|
||||
package info.bukova.isspst.data;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Table;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
@Entity
|
||||
@Table(name="PERMISSION")
|
||||
public class Permission extends BaseSimpleData implements GrantedAuthority {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Column(name="AUTHORITY")
|
||||
private String authority;
|
||||
@Column(name="DESCRIPTION")
|
||||
private String description;
|
||||
@Column(name="MODULE")
|
||||
private String module;
|
||||
|
||||
public Permission(String authority, String description) {
|
||||
this.authority = authority;
|
||||
this.description = description;
|
||||
this.module = "";
|
||||
}
|
||||
|
||||
public Permission() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAuthority() {
|
||||
return authority;
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
public String getModule() {
|
||||
return module;
|
||||
}
|
||||
|
||||
public void setModule(String module) {
|
||||
this.module = module;
|
||||
}
|
||||
|
||||
public void setAuthority(String authority) {
|
||||
this.authority = authority;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if ((o instanceof Permission) && ((Permission)o).getId() == this.getId()) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,10 @@
|
||||
package info.bukova.isspst.services.users;
|
||||
|
||||
import info.bukova.isspst.data.Permission;
|
||||
import info.bukova.isspst.services.Service;
|
||||
|
||||
public interface PermissionService extends Service<Permission> {
|
||||
|
||||
public Permission getPermissionByModule(String moduleId, String permission);
|
||||
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
package info.bukova.isspst.services.users;
|
||||
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import info.bukova.isspst.data.Permission;
|
||||
import info.bukova.isspst.services.AbstractService;
|
||||
|
||||
public class PermissionServiceImpl extends AbstractService<Permission> implements PermissionService {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public Permission getPermissionByModule(String moduleId, String permission) {
|
||||
return selectSingle("from Permission where MODULE = '" + moduleId + "' and AUTHORITY = '" + permission + "'");
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -0,0 +1,44 @@
|
||||
package info.bukova.isspst.ui.users;
|
||||
|
||||
import info.bukova.isspst.data.Permission;
|
||||
import info.bukova.isspst.data.Role;
|
||||
|
||||
public class PermissionCheck {
|
||||
|
||||
private Role role;
|
||||
private Permission permission;
|
||||
private boolean checked;
|
||||
|
||||
public PermissionCheck(Role role, Permission permission) {
|
||||
this.role = role;
|
||||
this.permission = permission;
|
||||
|
||||
if (role.getPermissions().contains(permission)) {
|
||||
checked = true;
|
||||
} else {
|
||||
checked = false;
|
||||
}
|
||||
}
|
||||
|
||||
public Permission getPermission() {
|
||||
return permission;
|
||||
}
|
||||
|
||||
public void setPermission(Permission permission) {
|
||||
this.permission = permission;
|
||||
}
|
||||
|
||||
public boolean isChecked() {
|
||||
return checked;
|
||||
}
|
||||
|
||||
public void setChecked(boolean checked) {
|
||||
this.checked = checked;
|
||||
if (checked && !role.getPermissions().contains(permission)) {
|
||||
role.addPermission(permission);
|
||||
} else {
|
||||
role.getPermissions().remove(permission);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
package info.bukova.isspst.ui.users;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.Module;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.users.PermissionService;
|
||||
import info.bukova.isspst.ui.FormViewModel;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.zkoss.bind.annotation.Init;
|
||||
import org.zkoss.zk.ui.select.annotation.WireVariable;
|
||||
|
||||
public class PermissionForm extends FormViewModel<Role> {
|
||||
|
||||
@WireVariable
|
||||
private PermissionService permissionService;
|
||||
private RolePermissions rolePerms;
|
||||
|
||||
@Init(superclass = true)
|
||||
public void init() {
|
||||
rolePerms = new RolePermissions(getDataBean(), permissionService.getAll());
|
||||
}
|
||||
|
||||
public List<Module> getModules() {
|
||||
return Arrays.asList(Constants.MODULES);
|
||||
}
|
||||
|
||||
public RolePermissions getRolePerms() {
|
||||
return rolePerms;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,31 @@
|
||||
package info.bukova.isspst.ui.users;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.zkoss.bind.annotation.Init;
|
||||
import org.zkoss.zk.ui.select.annotation.WireVariable;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.Module;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.users.RoleService;
|
||||
import info.bukova.isspst.ui.ListViewModel;
|
||||
|
||||
public class PermissionsList extends ListViewModel<Role> {
|
||||
|
||||
@WireVariable
|
||||
private RoleService roleService;
|
||||
|
||||
@Init
|
||||
public void init() {
|
||||
service = roleService;
|
||||
dataClass = Role.class;
|
||||
formZul = "permForm.zul";
|
||||
}
|
||||
|
||||
public List<Module> getModules() {
|
||||
return Arrays.asList(Constants.MODULES);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,24 @@
|
||||
package info.bukova.isspst.ui.users;
|
||||
|
||||
import info.bukova.isspst.data.Permission;
|
||||
import info.bukova.isspst.data.Role;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class RolePermissions {
|
||||
|
||||
private List<PermissionCheck> permissionChecks;
|
||||
|
||||
public RolePermissions(Role role, List<Permission> permissions) {
|
||||
permissionChecks = new ArrayList<PermissionCheck>();
|
||||
for (Permission p : permissions) {
|
||||
permissionChecks.add(new PermissionCheck(role, p));
|
||||
}
|
||||
}
|
||||
|
||||
public List<PermissionCheck> getPermissionChecks() {
|
||||
return permissionChecks;
|
||||
}
|
||||
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
jdbc.driverClassName=com.mysql.jdbc.Driver
|
||||
jdbc.dialect=org.hibernate.dialect.MySQLDialect
|
||||
jdbc.databaseurl=jdbc:mysql://127.0.0.1:3306/isspst
|
||||
jdbc.databaseurl=jdbc:mysql://127.0.0.1:3306/isspst?characterEncoding=utf8
|
||||
jdbc.username=root
|
||||
jdbc.password=xsacfgd
|
@ -0,0 +1,10 @@
|
||||
<?page title="Uživatelé" contentType="text/html;charset=UTF-8"?>
|
||||
<zk>
|
||||
|
||||
<zscript>
|
||||
String gridZul = "permissions.zul";
|
||||
</zscript>
|
||||
|
||||
<include src="../../app/template.zhtml"/>
|
||||
|
||||
</zk>
|
@ -0,0 +1,24 @@
|
||||
<?page title="Uživatel" contentType="text/html;charset=UTF-8"?>
|
||||
<zk>
|
||||
<window id="editWin" title="Uživatel" border="normal" closable="true" width="550px" apply="org.zkoss.bind.BindComposer"
|
||||
viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
|
||||
<style src="/app/form.css"/>
|
||||
|
||||
<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
|
||||
|
||||
<vbox children="@load(vm.modules)" width="530px">
|
||||
<template name="children" var="module">
|
||||
<groupbox closable="false" mold="3d" width="530px">
|
||||
<caption label="@load(module.name)"/>
|
||||
<hbox children="@load(vm.rolePerms.permissionChecks)">
|
||||
<template name="children" var="perm">
|
||||
<checkbox label="@load(perm.permission.description)" checked="@bind(perm.checked)" visible="@load(perm.permission.module eq module.id)"/>
|
||||
</template>
|
||||
</hbox>
|
||||
</groupbox>
|
||||
</template>
|
||||
</vbox>
|
||||
|
||||
<include src="/app/formButtons.zul"/>
|
||||
</window>
|
||||
</zk>
|
@ -0,0 +1,42 @@
|
||||
<?page title="Práva" contentType="text/html;charset=UTF-8"?>
|
||||
<zk>
|
||||
<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
|
||||
<window title="Práva" border="normal" apply="org.zkoss.bind.BindComposer"
|
||||
viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionsList')" height="570px">
|
||||
|
||||
<toolbar>
|
||||
<toolbarbutton image="/img/edit.png" tooltiptext="Upravit" id="btnEdit" onClick="@command('edit')" disabled="@load(empty vm.dataBean ? 'true' : 'false')"/>
|
||||
</toolbar>
|
||||
|
||||
<hbox width="100%">
|
||||
<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" width="300px">
|
||||
<listhead>
|
||||
<listheader label="Role"/>
|
||||
</listhead>
|
||||
<template name="model">
|
||||
<listitem>
|
||||
<listcell label="@load(each.description)"/>
|
||||
</listitem>
|
||||
</template>
|
||||
</listbox>
|
||||
<panel hflex="1" height="480px">
|
||||
<panelchildren style="overflow:auto;">
|
||||
<label value="Práva modulů:" style="font-weight: bold;"/>
|
||||
<vbox children="@load(vm.modules)" hflex="1">
|
||||
<template name="children" var="module">
|
||||
<groupbox closable="false" mold="3d" hflex="1">
|
||||
<caption label="@load(module.name)"/>
|
||||
<hbox children="@load(vm.dataBean.permissions)">
|
||||
<template name="children" var="perm">
|
||||
<label value="@load(perm.description.concat(', '))" visible="@load(module.id eq perm.module)"/>
|
||||
</template>
|
||||
</hbox>
|
||||
</groupbox>
|
||||
</template>
|
||||
</vbox>
|
||||
</panelchildren>
|
||||
</panel>
|
||||
</hbox>
|
||||
|
||||
</window>
|
||||
</zk>
|
Loading…
Reference in New Issue