Skip to content

Max Mecklin / Moya

Go to a project
Commit c47a65a9 by Juho
Options

Actionlogiin roolioikeudet asetettu

1 parent 30656f48
Inline Side-by-side
Showing with 213 additions and 201 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ActionLogBean.java
......@@ -3,11 +3,13 @@ package fi.insomnia.bortal.beans;
import java.util.Date;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.enums.ActionLogMessageState;
import fi.insomnia.bortal.enums.apps.ContentPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.ActionLogFacade;
import fi.insomnia.bortal.model.ActionLogMessage;
......@@ -22,6 +24,7 @@ import fi.insomnia.bortal.model.Role;
* - deletointi
*/
@Stateless
@DeclareRoles(ContentPermission.S_MANAGE_ACTIONLOG)
public class ActionLogBean implements ActionLogBeanLocal {
// TODO: Permissions
......@@ -38,6 +41,7 @@ public class ActionLogBean implements ActionLogBeanLocal {
// TODO Auto-generated constructor stub
}
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public void createActionLogEvent(String message, Role crew, boolean isTask) {
ActionLogMessage alm = new ActionLogMessage();
alm.setCrew(crew);
......@@ -53,18 +57,22 @@ public class ActionLogBean implements ActionLogBeanLocal {
actionLogFacade.saveToActionLog(alm);
}
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public List<ActionLogMessage> getAllActionLogEvents() {
return actionLogFacade.getAllSortedByTimestamp();
}
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public List<Role> getAssignableRoles() {
return roleBean.listRoles();
}
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public List<ActionLogMessageResponse> getActionLogMessageResponses(ActionLogMessage alm) {
return actionLogFacade.getActionLogMessageResponses(alm);
}
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public void addActionLogMessageResponse(ActionLogMessage alm, String message, ActionLogMessageState state) {
if(alm.getState() != state && state != null) {
alm.setState(state);
......@@ -80,6 +88,7 @@ public class ActionLogBean implements ActionLogBeanLocal {
}
@Override
@RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
public ActionLogMessage find(Integer id) {
return actionLogFacade.find(id);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
package fi.insomnia.bortal.beans;
import java.security.Principal;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.apps.BillPermission;
import fi.insomnia.bortal.enums.apps.ContentPermission;
import fi.insomnia.bortal.enums.apps.IAppPermission;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.enums.apps.PollPermission;
import fi.insomnia.bortal.enums.apps.ShopPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;
@Stateless
@DeclareRoles({
UserPermission.S_CREATE_NEW,
UserPermission.S_LOGIN,
UserPermission.S_LOGOUT,
UserPermission.S_MODIFY,
UserPermission.S_MODIFY_ACCOUNTEVENTS,
UserPermission.S_VIEW_ACCOUNTEVENTS,
UserPermission.S_VIEW_ALL,
UserPermission.S_VIEW_SELF,
UserPermission.S_WRITE_ROLES,
UserPermission.S_READ_ROLES,
UserPermission.S_ANYUSER,
UserPermission.S_MANAGE_HTTP_SESSION,
MapPermission.S_VIEW,
MapPermission.S_MANAGE_MAPS,
MapPermission.S_MANAGE_OTHERS,
MapPermission.S_BUY_PLACES,
ShopPermission.S_LIST_ALL_PRODUCTS,
ShopPermission.S_LIST_USERPRODUCTS,
ShopPermission.S_SHOP_TO_OTHERS,
ShopPermission.S_MANAGE_PRODUCTS,
ShopPermission.S_SHOP_PRODUCTS,
BillPermission.S_CREATE_BILL,
BillPermission.S_READ_ALL,
BillPermission.S_WRITE_ALL,
BillPermission.S_VIEW_OWN,
ContentPermission.S_MANAGE_NEWS,
ContentPermission.S_MANAGE_PAGES,
PollPermission.S_ANSWER,
PollPermission.S_VIEW_RESULTS,
PollPermission.S_CREATE,
SpecialPermission.S_SUPERADMIN,
SpecialPermission.S_USER,
SpecialPermission.S_ANONYMOUS
})
public class PermissionBean implements PermissionBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);
@Resource
private SessionContext context;
@EJB
private LoggingBeanLocal loggingbean;
@EJB
private UserFacade userfacade;
//
// @Override
// public boolean hasPermission(String perm) {
// return context.isCallerInRole(perm);
// }
@Override
public boolean hasPermission(IAppPermission perm) {
if (perm == null)
{
return false;
}
return context.isCallerInRole(perm.getFullName());
}
@Override
public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
boolean ret = hasPermission(permission);
if (!ret) {
StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
if (failmessage == null || failmessage.length == 0) {
message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
.append(permission);
} else {
for (Object part : failmessage) {
message.append(part == null ? "NULL" : part.toString());
}
}
// throw new SecurityException("Foobar");
throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
}
return true;
}
@Override
public void fatalNotLoggedIn() throws PermissionDeniedException {
if (!isLoggedIn()) {
throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
}
}
@Override
public boolean isCurrentUser(User user) {
return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
}
@Override
public boolean isLoggedIn() {
return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
}
@Override
public User getCurrentUser() {
Principal principal = context.getCallerPrincipal();
User ret = userfacade.findByLogin(principal.getName());
if (ret == null) {
ret = getAnonUser();
}
return ret;
}
/**
* Makes sure default user and public role exist and the user is member of
* the role.
*/
@Override
public User getAnonUser() {
User defaultUser = userfacade.findByLogin(User.ANONYMOUS_LOGINNAME);
if (defaultUser == null) {
defaultUser = new User();
defaultUser.setLogin(User.ANONYMOUS_LOGINNAME);
defaultUser.setNick(User.ANONYMOUS_LOGINNAME);
userfacade.create(defaultUser);
// defaultUser.setSuperadmin(true);
}
return defaultUser;
}
}
package fi.insomnia.bortal.beans;
import java.security.Principal;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.apps.BillPermission;
import fi.insomnia.bortal.enums.apps.ContentPermission;
import fi.insomnia.bortal.enums.apps.IAppPermission;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.enums.apps.PollPermission;
import fi.insomnia.bortal.enums.apps.ShopPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;
@Stateless
@DeclareRoles({
UserPermission.S_CREATE_NEW,
UserPermission.S_LOGIN,
UserPermission.S_LOGOUT,
UserPermission.S_MODIFY,
UserPermission.S_MODIFY_ACCOUNTEVENTS,
UserPermission.S_VIEW_ACCOUNTEVENTS,
UserPermission.S_VIEW_ALL,
UserPermission.S_VIEW_SELF,
UserPermission.S_WRITE_ROLES,
UserPermission.S_READ_ROLES,
UserPermission.S_ANYUSER,
UserPermission.S_MANAGE_HTTP_SESSION,
MapPermission.S_VIEW,
MapPermission.S_MANAGE_MAPS,
MapPermission.S_MANAGE_OTHERS,
MapPermission.S_BUY_PLACES,
ShopPermission.S_LIST_ALL_PRODUCTS,
ShopPermission.S_LIST_USERPRODUCTS,
ShopPermission.S_SHOP_TO_OTHERS,
ShopPermission.S_MANAGE_PRODUCTS,
ShopPermission.S_SHOP_PRODUCTS,
BillPermission.S_CREATE_BILL,
BillPermission.S_READ_ALL,
BillPermission.S_WRITE_ALL,
BillPermission.S_VIEW_OWN,
ContentPermission.S_MANAGE_NEWS,
ContentPermission.S_MANAGE_PAGES,
ContentPermission.S_MANAGE_ACTIONLOG,
PollPermission.S_ANSWER,
PollPermission.S_VIEW_RESULTS,
PollPermission.S_CREATE,
SpecialPermission.S_SUPERADMIN,
SpecialPermission.S_USER,
SpecialPermission.S_ANONYMOUS
})
public class PermissionBean implements PermissionBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);
@Resource
private SessionContext context;
@EJB
private LoggingBeanLocal loggingbean;
@EJB
private UserFacade userfacade;
//
// @Override
// public boolean hasPermission(String perm) {
// return context.isCallerInRole(perm);
// }
@Override
public boolean hasPermission(IAppPermission perm) {
if (perm == null)
{
return false;
}
return context.isCallerInRole(perm.getFullName());
}
@Override
public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
boolean ret = hasPermission(permission);
if (!ret) {
StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
if (failmessage == null || failmessage.length == 0) {
message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
.append(permission);
} else {
for (Object part : failmessage) {
message.append(part == null ? "NULL" : part.toString());
}
}
// throw new SecurityException("Foobar");
throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
}
return true;
}
@Override
public void fatalNotLoggedIn() throws PermissionDeniedException {
if (!isLoggedIn()) {
throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
}
}
@Override
public boolean isCurrentUser(User user) {
return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
}
@Override
public boolean isLoggedIn() {
return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
}
@Override
public User getCurrentUser() {
Principal principal = context.getCallerPrincipal();
User ret = userfacade.findByLogin(principal.getName());
if (ret == null) {
ret = getAnonUser();
}
return ret;
}
/**
* Makes sure default user and public role exist and the user is member of
* the role.
*/
@Override
public User getAnonUser() {
User defaultUser = userfacade.findByLogin(User.ANONYMOUS_LOGINNAME);
if (defaultUser == null) {
defaultUser = new User();
defaultUser.setLogin(User.ANONYMOUS_LOGINNAME);
defaultUser.setNick(User.ANONYMOUS_LOGINNAME);
userfacade.create(defaultUser);
// defaultUser.setSuperadmin(true);
}
return defaultUser;
}
}
code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/ContentPermission.java
package fi.insomnia.bortal.enums.apps;
import fi.insomnia.bortal.enums.BortalApplication;
public enum ContentPermission implements IAppPermission {
MANAGE_NEWS("Manage newsgroups"),
MANAGE_PAGES("Manage pages"),
;
public static final String S_MANAGE_NEWS = "CONTENT/MANAGE_NEWS";
public static final String S_MANAGE_PAGES = "CONTENT/MANAGE_PAGES";
private String description;
private String fullName;
private ContentPermission(String desc) {
this.description = desc;
fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
}
@Override
public BortalApplication getParent() {
return BortalApplication.CONTENT;
}
@Override
public String getDescription() {
return this.description;
}
@Override
public String getFullName() {
return fullName;
}
}
package fi.insomnia.bortal.enums.apps;
import fi.insomnia.bortal.enums.BortalApplication;
public enum ContentPermission implements IAppPermission {
MANAGE_NEWS("Manage newsgroups"),
MANAGE_PAGES("Manage pages"),
MANAGE_ACTIONLOG(""),
;
public static final String S_MANAGE_NEWS = "CONTENT/MANAGE_NEWS";
public static final String S_MANAGE_PAGES = "CONTENT/MANAGE_PAGES";
public static final String S_MANAGE_ACTIONLOG = "CONTENT/MANAGE_ACTIONLOG";
private String description;
private String fullName;
private ContentPermission(String desc) {
this.description = desc;
fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
}
@Override
public BortalApplication getParent() {
return BortalApplication.CONTENT;
}
@Override
public String getDescription() {
return this.description;
}
@Override
public String getFullName() {
return fullName;
}
}
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/actionlog/TaskModificationView.java
......@@ -10,6 +10,7 @@ import java.util.List;
import fi.insomnia.bortal.beans.ActionLogBeanLocal;
import fi.insomnia.bortal.enums.ActionLogMessageState;
import fi.insomnia.bortal.enums.apps.ContentPermission;
import fi.insomnia.bortal.model.ActionLogMessage;
import fi.insomnia.bortal.model.ActionLogMessageResponse;
import fi.insomnia.bortal.web.cdiview.GenericCDIView;
......@@ -27,8 +28,8 @@ public class TaskModificationView extends GenericCDIView {
private ActionLogBeanLocal logbean;
public void initView(){
super.beginConversation();
if(message == null) {
if(super.requirePermissions(ContentPermission.MANAGE_ACTIONLOG) && message == null) {
super.beginConversation();
message = logbean.find(id);
}
}
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!