Skip to content

Riina Antikainen / Moya

Go to a project
Commit 3509774c by Tuomas Riihimäki
Options

Beanien siivoilua ja oikeustarkastelujen lisäystä.

1 parent 04070bc1
Inline Side-by-side
Showing with 137 additions and 220 deletions
code/LanBortalBeans/as3/fi/insomnia/bortal/beans/RoleBeanBase.as
......@@ -7,6 +7,7 @@
package fi.insomnia.bortal.beans {
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.RoleRightFacade;
import flash.utils.IDataInput;
......@@ -16,20 +17,20 @@ package fi.insomnia.bortal.beans {
[Bindable]
public class RoleBeanBase implements IExternalizable {
private var _accessRightBean:AccessRightBeanLocal;
private var _accessRightFacade:AccessRightFacade;
private var _eventBean:EventBeanLocal;
private var _roleFacade:RoleFacade;
private var _rrfacade:RoleRightFacade;
public function readExternal(input:IDataInput):void {
_accessRightBean = input.readObject() as AccessRightBeanLocal;
_accessRightFacade = input.readObject() as AccessRightFacade;
_eventBean = input.readObject() as EventBeanLocal;
_roleFacade = input.readObject() as RoleFacade;
_rrfacade = input.readObject() as RoleRightFacade;
}
public function writeExternal(output:IDataOutput):void {
output.writeObject(_accessRightBean);
output.writeObject(_accessRightFacade);
output.writeObject(_eventBean);
output.writeObject(_roleFacade);
output.writeObject(_rrfacade);
......
code/LanBortalBeans/as3/fi/insomnia/bortal/beans/UserBeanBase.as
......@@ -7,6 +7,7 @@
package fi.insomnia.bortal.beans {
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.UserFacade;
import flash.utils.IDataInput;
import flash.utils.IDataOutput;
......@@ -16,7 +17,7 @@ package fi.insomnia.bortal.beans {
[Bindable]
public class UserBeanBase implements IExternalizable {
private var _accessRightBeanLocal:AccessRightBeanLocal;
private var _accessRightFacade:AccessRightFacade;
private var _context:SessionContext;
private var _eventBean:EventBeanLocal;
private var _rolebean:RoleBeanLocal;
......@@ -24,7 +25,7 @@ package fi.insomnia.bortal.beans {
private var _userFacade:UserFacade;
public function readExternal(input:IDataInput):void {
_accessRightBeanLocal = input.readObject() as AccessRightBeanLocal;
_accessRightFacade = input.readObject() as AccessRightFacade;
_context = input.readObject() as SessionContext;
_eventBean = input.readObject() as EventBeanLocal;
_rolebean = input.readObject() as RoleBeanLocal;
......@@ -33,7 +34,7 @@ package fi.insomnia.bortal.beans {
}
public function writeExternal(output:IDataOutput):void {
output.writeObject(_accessRightBeanLocal);
output.writeObject(_accessRightFacade);
output.writeObject(_context);
output.writeObject(_eventBean);
output.writeObject(_rolebean);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccessRightBean.java deleted 100644 → 0
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package fi.insomnia.bortal.beans;
import java.util.List;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.model.AccessRight;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* @author tuukka
*/
@Stateless
public class AccessRightBean implements AccessRightBeanLocal {
@EJB
private AccessRightFacade accessRightFacade;
private static final Logger logger = LoggerFactory.getLogger(AccessRightBean.class);
public AccessRight findOrCreate(Permission permission) {
AccessRight right = accessRightFacade.findByPermission(permission);
if (right == null) {
right = new AccessRight();
right.setName(permission.name());
right.setDescription(permission.getDescription());
accessRightFacade.create(right);
logger.info("Access right permission {} not found. created {}", permission, right);
}
return right;
}
public List<AccessRight> findAll() {
return accessRightFacade.findAll();
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
......@@ -62,15 +62,9 @@ public class BillBean implements BillBeanLocal {
Bill bill = billFacade.find(event.getId(), id);
User currentuser = userBean.getCurrentUser();
if (!currentuser.equals(bill.getUser()))
if (!authbean.isAuthorised(currentuser, Right.ADMIN, RightType.READ)) {
{
secubean.logPermissionDenied(currentuser,
"User tried to print the bill with insufficient rights. Bill id: " + bill);
return null;
}
}
if (!currentuser.equals(bill.getUser())) {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "User tried to print the bill with insufficient rights. Bill id: ", bill);
}
return bill;
}
......@@ -129,5 +123,4 @@ public class BillBean implements BillBeanLocal {
return line;
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
......@@ -54,7 +54,7 @@ public class PlaceMapBean implements PlaceMapBeanLocal {
public void printPlaceMapToStream(OutputStream outputStream, String filetype, Integer mapId, List<Integer> placeIds) throws IOException {
User user = userbean.getCurrentUser();
if (!userbean.hasPermission(Permission.TICKET_SALES, user, RolePermission.READ)) {
if (!userbean.hasPermission(Permission.TICKET_SALES, RolePermission.READ)) {
throw new PermissionDeniedException(secubean, user, "User has no right to view placemap ( TICKET_SALES, READ )");
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
......@@ -17,6 +17,8 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.BeanRole;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.EventChildGenericFacade;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.RoleRightFacade;
import fi.insomnia.bortal.model.AccessRight;
......@@ -38,8 +40,8 @@ public class RoleBean implements RoleBeanLocal {
private RoleFacade roleFacade;
@EJB
private RoleRightFacade rrfacade;
@EJB
private AccessRightBeanLocal accessRightBean;
private AccessRightFacade accessRightFacade;
private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);
......@@ -93,7 +95,7 @@ public class RoleBean implements RoleBeanLocal {
public List<RoleRight> getRoleRights(Role r) {
List<AccessRight> rights = accessRightBean.findAll();
List<AccessRight> rights = accessRightFacade.findAll();
List<RoleRight> ret = new ArrayList<RoleRight>();
for (AccessRight ar : rights) {
ret.add(findRoleRight(r, ar));
......@@ -121,7 +123,7 @@ public class RoleBean implements RoleBeanLocal {
}
public RoleRight findRoleRight(Role role, Permission perm) {
AccessRight acr = accessRightBean.findOrCreate(perm);
AccessRight acr = accessRightFacade.findByPermission(perm);
return findRoleRight(role, acr);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
......@@ -18,6 +18,7 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.Role;
......@@ -46,7 +47,7 @@ public class UserBean implements UserBeanLocal {
@EJB
private RoleBeanLocal rolebean;
@EJB
private AccessRightBeanLocal accessRightBeanLocal;
private AccessRightFacade accessRightFacade;
@EJB
private SecurityBeanLocal secubean;
......@@ -72,10 +73,7 @@ public class UserBean implements UserBeanLocal {
}
public List<User> getUsers() {
User curruser = getCurrentUser();
if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.READ)) {
throw new PermissionDeniedException(secubean, curruser, "User tried to execute getUsers function with insufficient permissions");
}
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
List<User> ret = userFacade.findAll();
logger.info("Found {} users from database ", ret.size());
......@@ -84,10 +82,8 @@ public class UserBean implements UserBeanLocal {
@Override
public User mergeChanges(User user) {
User curruser = getCurrentUser();
if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.WRITE) || !user.equals(curruser)) {
throw new PermissionDeniedException(secubean, curruser, "User tried to merge someone others data with insufficient permissions");
}
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
return userFacade.merge(user);
}
......@@ -133,13 +129,12 @@ public class UserBean implements UserBeanLocal {
return defaultUser;
}
public boolean hasPermission(Permission target, User user, RolePermission permission) {
// TODO: Voisi olla hyvä idea cachettaa... Tätä kutsutaan aika paljon..
public boolean hasPermission(Permission target, RolePermission permission) {
if (user == null) {
return false;
}
User user = getCurrentUser();
AccessRight expectedRight = accessRightBeanLocal.findOrCreate(target);
AccessRight expectedRight = accessRightFacade.findByPermission(target);
User dbusr = userFacade.find(user.getId());
if (dbusr != null) {
......@@ -199,17 +194,12 @@ public class UserBean implements UserBeanLocal {
@Override
public boolean hasCurrentUserPermission(Permission permission, RolePermission rolePermission) {
return this.hasPermission(permission, getCurrentUser(), rolePermission);
return this.hasPermission(permission, rolePermission);
}
@Override
public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) {
fatalPermission(getCurrentUser(), target, permission, failmessage);
}
@Override
public void fatalPermission(User user, Permission target, RolePermission permission, Object... failmessage) {
boolean ret = hasPermission(target, user, permission);
boolean ret = hasPermission(target, permission);
if (!ret) {
String message = null;
if (failmessage == null || failmessage.length == 0) {
......@@ -229,5 +219,11 @@ public class UserBean implements UserBeanLocal {
}
}
@Override
public void fatalNotLoggedIn() {
if (!isLoggedIn()) {
throw new PermissionDeniedException(secubean, getCurrentUser(), "User is not logged in!");
}
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
......@@ -27,25 +27,20 @@ public class AccessRightFacade extends IntegerPkGenericFacade<AccessRight> {
protected EntityManager getEm() {
return em;
}
/*
public AccessRight findOrCreateByName(String target) {
// Fetch access right by name
TypedQuery<AccessRight> q = em.createQuery("SELECT a FROM AccessRight a WHERE a.name = :name", AccessRight.class);
q.setParameter("name", target);
AccessRight right = null;
right = this.getSingleNullableResult(q);
// Might not exist yet -> create
if (right == null) {
right = new AccessRight();
right.setName(target);
em.persist(right);
}
return right;
}
*/
/*
* public AccessRight findOrCreateByName(String target) {
*
* // Fetch access right by name TypedQuery<AccessRight> q =
* em.createQuery("SELECT a FROM AccessRight a WHERE a.name = :name",
* AccessRight.class); q.setParameter("name", target); AccessRight right =
* null; right = this.getSingleNullableResult(q);
*
* // Might not exist yet -> create if (right == null) { right = new
* AccessRight(); right.setName(target); em.persist(right); }
*
* return right; }
*/
public AccessRight findByPermission(Permission target) {
......@@ -54,11 +49,15 @@ public class AccessRightFacade extends IntegerPkGenericFacade<AccessRight> {
q.setParameter("name", target.name());
AccessRight right = null;
right = this.getSingleNullableResult(q);
if (right == null) {
right = new AccessRight(target.name());
create(right);
}
return right;
}
public void find(LanEvent e, Role r) {
throw new NotImplementedException();
throw new NotImplementedException();
}
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/AccessRightBeanLocal.java deleted 100644 → 0
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package fi.insomnia.bortal.beans;
import java.util.List;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.model.AccessRight;
import javax.ejb.Local;
/**
*
* @author tuukka
*/
@Local
public interface AccessRightBeanLocal {
public AccessRight findOrCreate(Permission permission);
public List<AccessRight> findAll();
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
......@@ -24,7 +24,7 @@ public interface UserBeanLocal {
User getAnonUser();
boolean hasPermission(Permission target, User user, RolePermission permission);
boolean hasPermission(Permission target, RolePermission permission);
boolean isCurrentUser(User thisuser);
......@@ -32,10 +32,11 @@ public interface UserBeanLocal {
boolean isLoggedIn();
void fatalPermission(User user, Permission target, RolePermission permission, Object ... failmessage);
void fatalPermission(Permission target, RolePermission permission, Object ... failmessage);
void fatalNotLoggedIn();
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
......@@ -10,10 +10,10 @@ package fi.insomnia.bortal.enums;
*/
public enum Permission {
PERMISSION("Description"),
LOGIN("User can see loginbutton. (only defaultuser should have permission to that one)"),
// PERMISSION("Description"),
LOGIN("User can see loginbutton(r). (only defaultuser should have permission to that one), LoggedIn user has (x)"),
USER_MANAGEMENT("User has right to view all users(r), modify users(w), execute actions for user(x), Eg shop! "),
TICKET_SALES("User has right to view, and/or buy tickets"),
TICKET_SALES("User has right to view(r), administer(w) and buy(x)"),
ROLE_MANAGEMENT("User has right to view(r), modify(w) and assign(x) roles"),
PRODUCT("View(r), modify(w), and shop(x) products"),
......
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
......@@ -77,7 +77,7 @@ public class SessionHandler {
if (target == null || permission == null) {
throw new RuntimeException("Empty target or permission!");
}
boolean ret = userbean.hasPermission(target, getUser(), permission);
boolean ret = userbean.hasPermission(target, permission);
return ret;
}
......@@ -101,29 +101,29 @@ public class SessionHandler {
private boolean impersonating = false;
public void impersonateUser(User user) {
if (user == null) {
this.thisuser = getUser();
impersonating = false;
} else if (canExecute("user")) {
secubean.logMessage(userbean.getCurrentUser(), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin());
this.thisuser = user;
impersonating = true;
} else {
secubean.logMessage(userbean.getCurrentUser(), "User tried to impersonate as id: " + user.getId() + " login: " + user.getLogin() + " but did not have enough rights");
}
}
public User getUser() {
boolean iscurruser = userbean.isCurrentUser(thisuser);
logger.debug("Current user {}", (thisuser == null) ? "null" : thisuser.getNick());
if (thisuser == null || (!impersonating && !iscurruser)) {
thisuser = userbean.getCurrentUser();
}
return thisuser;
}
// public void impersonateUser(User user) {
// if (user == null) {
// this.thisuser = getUser();
// impersonating = false;
// } else if (canExecute("user")) {
// secubean.logMessage(userbean.getCurrentUser(), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin());
// this.thisuser = user;
// impersonating = true;
// } else {
// secubean.logMessage(userbean.getCurrentUser(), "User tried to impersonate as id: " + user.getId() + " login: " + user.getLogin() + " but did not have enough rights");
// }
// }
//
// public User getUser() {
//
// boolean iscurruser = userbean.isCurrentUser(thisuser);
// logger.debug("Current user {}", (thisuser == null) ? "null" : thisuser.getNick());
// if (thisuser == null || (!impersonating && !iscurruser)) {
// thisuser = userbean.getCurrentUser();
// }
//
// return thisuser;
// }
public String logout() {
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/BillView.java
......@@ -12,6 +12,8 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.model.Bill;
@ManagedBean(name = "billView")
......@@ -22,12 +24,12 @@ public class BillView {
@EJB
private UserBeanLocal userbean;
@EJB
private BillBeanLocal billbean;
private ListDataModel<Bill> billList;
public ListDataModel<Bill> getUsersBills()
{
userbean.fatalNotLoggedIn();
List<Bill> bills = userbean.getCurrentUser().getBills();
logger.debug("found {} bills for user {}", bills.size(), userbean.getCurrentUser().getLogin());
billList = new ListDataModel<Bill>(bills);
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/MapView.java
......@@ -7,6 +7,9 @@ package fi.insomnia.bortal.view;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.PlaceBeanLocal;
import fi.insomnia.bortal.beans.PlaceMapBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.handler.SessionHandler;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.EventMap;
......@@ -39,9 +42,9 @@ public class MapView {
@EJB
private PlaceBeanLocal placeBean;
@EJB
private UserBeanLocal userBean;
@ManagedProperty("#{sessionHandler}")
private SessionHandler sessionHandler;
private EventMap activeMap = null;
private List<Place> selectedPlaces = new ArrayList<Place>();
@EJB
......@@ -54,6 +57,8 @@ public class MapView {
}
public void placeSelectActionListener(ActionEvent e) {
userBean.fatalPermission(Permission.TICKET_SALES, RolePermission.EXECUTE);
FacesContext context = FacesContext.getCurrentInstance();
String clientId = e.getComponent().getClientId(context);
Map requestParams = context.getExternalContext().getRequestParameterMap();
......@@ -76,7 +81,8 @@ public class MapView {
}
public String getSelectPlaceMapUrl() {
User user = sessionHandler.getUser();
User user = userBean.getCurrentUser();
logger.debug("Select map got user: {}", user);
EventMap map = getActiveMap();
logger.debug("Select map got active map: {}", map);
......@@ -95,6 +101,7 @@ public class MapView {
* this event does not have map, return null.
*/
public EventMap getActiveMap() {
userBean.fatalPermission(Permission.TICKET_SALES, RolePermission.READ);
if (activeMap == null) {
LanEvent event = eventBean.getCurrentEvent();
......@@ -114,23 +121,10 @@ public class MapView {
this.activeMap = activeMap;
}
/**
* @return the sessionHandler
*/
public SessionHandler getSessionHandler() {
return sessionHandler;
}
/**
* @param sessionHandler
* the sessionHandler to set
*/
public void setSessionHandler(SessionHandler sessionHandler) {
this.sessionHandler = sessionHandler;
}
public String placeLeftToSelect() {
long totalPlaces = placeMapBean.selectablePlaceCount(sessionHandler.getUser());
long totalPlaces = placeMapBean.selectablePlaceCount(userBean.getCurrentUser());
return (totalPlaces - selectedPlaces.size()) + "";
}
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/ProductShopView.java
......@@ -23,6 +23,8 @@ import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.ProductBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Product;
......@@ -48,22 +50,15 @@ public class ProductShopView {
private User shoppingUser;
public DataModel<Product> getUserShoppableProducts() {
userBean.fatalNotLoggedIn();
ListDataModel<Product> items = new ListDataModel<Product>(productBean.listUserShoppableProducts());
logger.info("Fetching products. Found {}", items.getRowCount());
return items;
}
public ActionListener getBillCommitAL() {
logger.info("Fetching billCommitAl()");
return new ActionListener() {
@Override
public void processAction(ActionEvent event) throws AbortProcessingException {
logger.info("Executing BillCommit AL");
}
};
}
public void commitBillCart() {
userBean.fatalPermission(Permission.PRODUCT, RolePermission.EXECUTE);
logger.debug("Committing billCart");
Iterator<ProductShopItem> cartIter = billCart.iterator();
Bill bill = null;
......@@ -80,6 +75,8 @@ public class ProductShopView {
}
public DataModel<ProductShopItem> getBillCart() {
userBean.fatalPermission(Permission.TICKET_SALES, RolePermission.EXECUTE);
billCart = new ListDataModel<ProductShopItem>(ProductShopItem.productList(productBean.listUserShoppableProducts()));
return billCart;
}
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/ProductView.java
......@@ -18,6 +18,9 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.ProductBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.BillLine;
import fi.insomnia.bortal.model.EventMap;
......@@ -38,6 +41,9 @@ public class ProductView {
@EJB
private BillBeanLocal billBean;
@EJB
private UserBeanLocal userBean;
private String productname = "";
private BigDecimal productprice = BigDecimal.ZERO;
private EventMap activeMap = null;
......@@ -48,12 +54,15 @@ public class ProductView {
public DataModel<Product> getProducts() {
userBean.fatalPermission(Permission.PRODUCT, RolePermission.READ,"User has no right to view products");
products = new ListDataModel<Product>(productBean.getProducts());
return products;
}
public String createProduct() {
userBean.fatalPermission(Permission.PRODUCT, RolePermission.WRITE);
setProduct(productBean.createProduct(productname, productprice));
productprice = BigDecimal.ZERO;
productname = "";
......@@ -62,11 +71,13 @@ public class ProductView {
}
public String edit() {
userBean.fatalPermission(Permission.PRODUCT, RolePermission.WRITE);
product = products.getRowData();
return "edit";
}
public String saveProduct() {
userBean.fatalPermission(Permission.PRODUCT, RolePermission.WRITE);
productBean.mergeChanges(product);
return "list";
}
......@@ -75,6 +86,7 @@ public class ProductView {
* @return the activeMap
*/
public EventMap getActiveMap() {
userBean.fatalPermission(Permission.TICKET_SALES, RolePermission.READ);
return activeMap;
}
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/RoleView.java
......@@ -34,9 +34,6 @@ import fi.insomnia.bortal.model.RoleRight;
@SessionScoped
public class RoleView {
@ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler;
@EJB
private EventBeanLocal eventbean;
@EJB
......@@ -54,6 +51,8 @@ public class RoleView {
private ListDataModel<RoleRight> rolerights;
public DataModel<Role> getRoles() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ);
items = new ListDataModel<Role>(roleBean.listRoles());
logger.info("Fetching roles. Found {}", items.getRowCount());
......@@ -61,6 +60,8 @@ public class RoleView {
}
public DataModel<RoleRight> getRoleRights() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ);
if (rolerights == null) {
logger.info("Fetching new rolerights from database");
rolerights = new ListDataModel<RoleRight>(roleBean.getRoleRights(role));
......@@ -78,6 +79,8 @@ public class RoleView {
}
public String editRoleRight() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE);
logger.info("Roleright array: {}", rolerights);
RoleRight row = rolerights.getRowData();
roleBean.mergeChanges(row);
......@@ -97,6 +100,8 @@ public class RoleView {
}
public String edit() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ);
setRole(items.getRowData());
rolerights = null;
items = null;
......@@ -112,6 +117,8 @@ public class RoleView {
* @return the role
*/
public Role getRole() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ);
if (role == null) {
role = new Role(eventbean.getCurrentEvent());
}
......@@ -126,20 +133,7 @@ public class RoleView {
this.role = role;
}
/**
* @return the sessionhandler
*/
public SessionHandler getSessionhandler() {
return sessionhandler;
}
/**
* @param sessionhandler
* the sessionhandler to set
*/
public void setSessionhandler(SessionHandler sessionhandler) {
this.sessionhandler = sessionhandler;
}
/**
* @return the possibleParents
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
......@@ -32,11 +32,7 @@ public class TestDataView {
private TestDataBeanLocal testdatabean;
@EJB
private UserBeanLocal userbean;
@ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler;
public void generateData() {
public void generateData() {
User user = testdatabean.createUser();
User admin = testdatabean.createAdmin();
......@@ -75,13 +71,6 @@ public class TestDataView {
public TestDataView() {
}
public void setSessionhandler(SessionHandler sessionhandler) {
this.sessionhandler = sessionhandler;
}
public SessionHandler getSessionhandler() {
return sessionhandler;
}
public String printPlacesInfo() {
testdatabean.printPlacesInfo();
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
......@@ -44,6 +44,8 @@ public class UserView {
private SecurityBeanLocal securitybean;
public String edit() {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
setUser(items.getRowData());
logger.info("Editing: Firstname: {} ", getUser().getFirstnames());
......@@ -51,6 +53,7 @@ public class UserView {
}
public void initSelfedit() {
userBean.fatalNotLoggedIn();
user = userBean.getCurrentUser();
}
......@@ -78,6 +81,8 @@ public class UserView {
}
public String saveUser() {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
setUser(userBean.mergeChanges(getUser()));
logger.info("Firstname: {} ", getUser().getFirstnames());
......@@ -85,6 +90,8 @@ public class UserView {
}
public ListDataModel<User> getUsers() {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
List<User> users;
users = userBean.getUsers();
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!