Actionlogiin roolioikeudet asetettu

Juho
Commit c47a65a9 authored Apr 07, 2012 by Juho
Showing with 213 additions and 201 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ActionLogBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/ContentPermission.java
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/actionlog/TaskModificationView.java
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ActionLogBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ActionLogBean.java
@@ -3,11 +3,13 @@ package fi.insomnia.bortal.beans;
 import java.util.Date;
 import java.util.List;
+import javax.annotation.security.DeclareRoles;
 import javax.annotation.security.RolesAllowed;
 import javax.ejb.EJB;
 import javax.ejb.Stateless;
 import fi.insomnia.bortal.enums.ActionLogMessageState;
+import fi.insomnia.bortal.enums.apps.ContentPermission;
 import fi.insomnia.bortal.enums.apps.UserPermission;
 import fi.insomnia.bortal.facade.ActionLogFacade;
 import fi.insomnia.bortal.model.ActionLogMessage;
@@ -22,6 +24,7 @@ import fi.insomnia.bortal.model.Role;
 *  - deletointi
 */
 @Stateless
+@DeclareRoles(ContentPermission.S_MANAGE_ACTIONLOG)
 public class ActionLogBean implements ActionLogBeanLocal {
 	// TODO: Permissions
@@ -38,6 +41,7 @@ public class ActionLogBean implements ActionLogBeanLocal {
        // TODO Auto-generated constructor stub
    }
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
    public void createActionLogEvent(String message, Role crew, boolean isTask) {
    	ActionLogMessage alm = new ActionLogMessage();
    	alm.setCrew(crew);
@@ -53,18 +57,22 @@ public class ActionLogBean implements ActionLogBeanLocal {
    	actionLogFacade.saveToActionLog(alm);
    }
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
    public List<ActionLogMessage> getAllActionLogEvents() {
    	return actionLogFacade.getAllSortedByTimestamp();
    }
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
    public List<Role> getAssignableRoles() {
    	return roleBean.listRoles();
    }
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
    public List<ActionLogMessageResponse> getActionLogMessageResponses(ActionLogMessage alm) {
    	return actionLogFacade.getActionLogMessageResponses(alm);
    }
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
    public void addActionLogMessageResponse(ActionLogMessage alm, String message, ActionLogMessageState state) {
    	if(alm.getState() != state && state != null) {
    		alm.setState(state);
@@ -80,6 +88,7 @@ public class ActionLogBean implements ActionLogBeanLocal {
    }
 	@Override
+    @RolesAllowed(ContentPermission.S_MANAGE_ACTIONLOG)
 	public ActionLogMessage find(Integer id) {
 		return actionLogFacade.find(id);

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
 package fi.insomnia.bortal.beans;
 import java.security.Principal;
 import javax.annotation.Resource;
 import javax.annotation.security.DeclareRoles;
 import javax.ejb.EJB;
 import javax.ejb.SessionContext;
 import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.enums.apps.BillPermission;
 import fi.insomnia.bortal.enums.apps.ContentPermission;
 import fi.insomnia.bortal.enums.apps.IAppPermission;
 import fi.insomnia.bortal.enums.apps.MapPermission;
 import fi.insomnia.bortal.enums.apps.PollPermission;
 import fi.insomnia.bortal.enums.apps.ShopPermission;
 import fi.insomnia.bortal.enums.apps.SpecialPermission;
 import fi.insomnia.bortal.enums.apps.UserPermission;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.User;
 @Stateless
 @DeclareRoles({
 		UserPermission.S_CREATE_NEW,
 		UserPermission.S_LOGIN,
 		UserPermission.S_LOGOUT,
 		UserPermission.S_MODIFY,
 		UserPermission.S_MODIFY_ACCOUNTEVENTS,
 		UserPermission.S_VIEW_ACCOUNTEVENTS,
 		UserPermission.S_VIEW_ALL,
 		UserPermission.S_VIEW_SELF,
 		UserPermission.S_WRITE_ROLES,
 		UserPermission.S_READ_ROLES,
 		UserPermission.S_ANYUSER,
 		UserPermission.S_MANAGE_HTTP_SESSION,
 		MapPermission.S_VIEW,
 		MapPermission.S_MANAGE_MAPS,
 		MapPermission.S_MANAGE_OTHERS,
 		MapPermission.S_BUY_PLACES,
 		ShopPermission.S_LIST_ALL_PRODUCTS,
 		ShopPermission.S_LIST_USERPRODUCTS,
 		ShopPermission.S_SHOP_TO_OTHERS,
 		ShopPermission.S_MANAGE_PRODUCTS,
 		ShopPermission.S_SHOP_PRODUCTS,
 		BillPermission.S_CREATE_BILL,
 		BillPermission.S_READ_ALL,
 		BillPermission.S_WRITE_ALL,
 		BillPermission.S_VIEW_OWN,
 		ContentPermission.S_MANAGE_NEWS,
 		ContentPermission.S_MANAGE_PAGES,
+		ContentPermission.S_MANAGE_ACTIONLOG,
-		PollPermission.S_ANSWER,
-		PollPermission.S_VIEW_RESULTS,
+		PollPermission.S_ANSWER,
-		PollPermission.S_CREATE,
+		PollPermission.S_VIEW_RESULTS,
+		PollPermission.S_CREATE,
-		SpecialPermission.S_SUPERADMIN,
-		SpecialPermission.S_USER,
+		SpecialPermission.S_SUPERADMIN,
-		SpecialPermission.S_ANONYMOUS
+		SpecialPermission.S_USER,
-})
+		SpecialPermission.S_ANONYMOUS
-public class PermissionBean implements PermissionBeanLocal {
+})
+public class PermissionBean implements PermissionBeanLocal {
-	private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);
+	private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);
-	@Resource
-	private SessionContext context;
+	@Resource
+	private SessionContext context;
-	@EJB
-	private LoggingBeanLocal loggingbean;
+	@EJB
+	private LoggingBeanLocal loggingbean;
-	@EJB
-	private UserFacade userfacade;
+	@EJB
+	private UserFacade userfacade;
-	//
-	// @Override
+	//
-	// public boolean hasPermission(String perm) {
+	// @Override
-	// return context.isCallerInRole(perm);
+	// public boolean hasPermission(String perm) {
-	// }
+	// return context.isCallerInRole(perm);
+	// }
-	@Override
-	public boolean hasPermission(IAppPermission perm) {
+	@Override
+	public boolean hasPermission(IAppPermission perm) {
-		if (perm == null)
-		{
+		if (perm == null)
-			return false;
+		{
-		}
+			return false;
-		return context.isCallerInRole(perm.getFullName());
+		}
+		return context.isCallerInRole(perm.getFullName());
-	}
+	}
-	@Override
-	public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
+	@Override
-		boolean ret = hasPermission(permission);
+	public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
-		if (!ret) {
+		boolean ret = hasPermission(permission);
-			StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
+		if (!ret) {
-			if (failmessage == null || failmessage.length == 0) {
+			StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
-				message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
+			if (failmessage == null || failmessage.length == 0) {
-						.append(permission);
+				message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
-			} else {
+						.append(permission);
-				for (Object part : failmessage) {
+			} else {
-					message.append(part == null ? "NULL" : part.toString());
+				for (Object part : failmessage) {
-				}
+					message.append(part == null ? "NULL" : part.toString());
-			}
+				}
-			// throw new SecurityException("Foobar");
+			}
+			// throw new SecurityException("Foobar");
-			throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
-		}
+			throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
-		return true;
+		}
-	}
+		return true;
+	}
-	@Override
-	public void fatalNotLoggedIn() throws PermissionDeniedException {
+	@Override
-		if (!isLoggedIn()) {
+	public void fatalNotLoggedIn() throws PermissionDeniedException {
-			throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
+		if (!isLoggedIn()) {
-		}
+			throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
-	}
+		}
+	}
-	@Override
-	public boolean isCurrentUser(User user) {
+	@Override
-		return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
+	public boolean isCurrentUser(User user) {
-	}
+		return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
+	}
-	@Override
-	public boolean isLoggedIn() {
+	@Override
+	public boolean isLoggedIn() {
-		return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
-	}
+		return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
+	}
-	@Override
-	public User getCurrentUser() {
+	@Override
-		Principal principal = context.getCallerPrincipal();
+	public User getCurrentUser() {
+		Principal principal = context.getCallerPrincipal();
-		User ret = userfacade.findByLogin(principal.getName());
-		if (ret == null) {
+		User ret = userfacade.findByLogin(principal.getName());
-			ret = getAnonUser();
+		if (ret == null) {
-		}
+			ret = getAnonUser();
-		return ret;
+		}
-	}
+		return ret;
+	}
-	/**
-	 * Makes sure default user and public role exist and the user is member of
+	/**
-	 * the role.
+	 * Makes sure default user and public role exist and the user is member of
-	 */
+	 * the role.
-	@Override
+	 */
-	public User getAnonUser() {
+	@Override
-		User defaultUser = userfacade.findByLogin(User.ANONYMOUS_LOGINNAME);
+	public User getAnonUser() {
-		if (defaultUser == null) {
+		User defaultUser = userfacade.findByLogin(User.ANONYMOUS_LOGINNAME);
-			defaultUser = new User();
+		if (defaultUser == null) {
-			defaultUser.setLogin(User.ANONYMOUS_LOGINNAME);
+			defaultUser = new User();
-			defaultUser.setNick(User.ANONYMOUS_LOGINNAME);
+			defaultUser.setLogin(User.ANONYMOUS_LOGINNAME);
-			userfacade.create(defaultUser);
+			defaultUser.setNick(User.ANONYMOUS_LOGINNAME);
+			userfacade.create(defaultUser);
-			// defaultUser.setSuperadmin(true);
-		}
+			// defaultUser.setSuperadmin(true);
-		return defaultUser;
+		}
-	}
+		return defaultUser;
-}
+	}
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/ContentPermission.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/ContentPermission.java
 package fi.insomnia.bortal.enums.apps;
 import fi.insomnia.bortal.enums.BortalApplication;
 public enum ContentPermission implements IAppPermission {
 	MANAGE_NEWS("Manage newsgroups"),
 	MANAGE_PAGES("Manage pages"),
+	MANAGE_ACTIONLOG(""),
 	;
 	public static final String S_MANAGE_NEWS = "CONTENT/MANAGE_NEWS";
 	public static final String S_MANAGE_PAGES = "CONTENT/MANAGE_PAGES";
+	public static final String S_MANAGE_ACTIONLOG = "CONTENT/MANAGE_ACTIONLOG";
-	private String description;
-	private String fullName;
+	private String description;
+	private String fullName;
-	private ContentPermission(String desc) {
-		this.description = desc;
+	private ContentPermission(String desc) {
-		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
+		this.description = desc;
-	}
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
+	}
-	@Override
-	public BortalApplication getParent() {
+	@Override
-		return BortalApplication.CONTENT;
+	public BortalApplication getParent() {
-	}
+		return BortalApplication.CONTENT;
+	}
-	@Override
-	public String getDescription() {
+	@Override
-		return this.description;
+	public String getDescription() {
-	}
+		return this.description;
+	}
-	@Override
-	public String getFullName() {
+	@Override
-		return fullName;
+	public String getFullName() {
-	}
+		return fullName;
-}
+	}
+}
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/actionlog/TaskModificationView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/actionlog/TaskModificationView.java
@@ -10,6 +10,7 @@ import java.util.List;
 import fi.insomnia.bortal.beans.ActionLogBeanLocal;
 import fi.insomnia.bortal.enums.ActionLogMessageState;
+import fi.insomnia.bortal.enums.apps.ContentPermission;
 import fi.insomnia.bortal.model.ActionLogMessage;
 import fi.insomnia.bortal.model.ActionLogMessageResponse;
 import fi.insomnia.bortal.web.cdiview.GenericCDIView;
@@ -27,8 +28,8 @@ public class TaskModificationView extends GenericCDIView {
 	private ActionLogBeanLocal logbean;
 	public void initView(){
-		super.beginConversation();
+		if(super.requirePermissions(ContentPermission.MANAGE_ACTIONLOG) && message == null) {
-		if(message == null) {
+			super.beginConversation();
 			message = logbean.find(id);
 		}
 	}