Fiksailtu oikeushärdelliä lisää

code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java

@@ -18,10 +18,8 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
-import fi.insomnia.bortal.facade.RoleFacade;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.AccessRight;
-import fi.insomnia.bortal.model.LanEvent;
 import fi.insomnia.bortal.model.Role;
 import fi.insomnia.bortal.model.RoleRight;
 import fi.insomnia.bortal.model.User;
@@ -101,10 +99,10 @@ public class UserBean implements UserBeanLocal {
         return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getNick());
     }
 
-    public boolean isLoggedIn()
-    {
+    public boolean isLoggedIn() {
         return !getAnonUser().equals(getCurrentUser());
     }
+
     @Override
     public User getCurrentUser() {
         Principal principal = context.getCallerPrincipal();
@@ -204,4 +202,32 @@ public class UserBean implements UserBeanLocal {
         return this.hasPermission(permission, getCurrentUser(), rolePermission);
     }
 
+    @Override
+    public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) {
+        fatalPermission(getCurrentUser(), target, permission, failmessage);
+    }
+
+    @Override
+    public void fatalPermission(User user, Permission target, RolePermission permission, Object... failmessage) {
+        boolean ret = hasPermission(target, user, permission);
+        if (!ret) {
+            String message = null;
+            if (failmessage == null || failmessage.length == 0) {
+                message = new StringBuilder("SessionHandler mbean permission exception: Target: ")
+                        .append(target.toString())
+                        .append(", Permission: ")
+                        .append(permission.toString())
+                        .toString();
+            } else {
+                StringBuilder msgbuilder = new StringBuilder();
+                for (Object part : failmessage) {
+                    msgbuilder.append(part.toString());
+                }
+                message = msgbuilder.toString();
+            }
+            throw new PermissionDeniedException(secubean, getCurrentUser(), message);
+        }
+    }
+
+
 }

code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java

@@ -32,6 +32,10 @@ public interface UserBeanLocal {
 
     boolean isLoggedIn();
 
+    void fatalPermission(User user, Permission target, RolePermission permission, Object ... failmessage);
+
+    void fatalPermission(Permission target, RolePermission permission, Object ... failmessage);
+
 
 
 

code/LanBortalWeb/WebContent/permissionDenied.xhtml

@@ -10,7 +10,11 @@
  	<ui:composition template="/layout/insomnia1/template.xhtml">
 	<ui:param name="thispage" value="page.permissionDenied" />
 		<ui:define name="content">
-			<h1>Permission Denied!</h1>
+			<h1>#{i18n['permissiondenied.header']}</h1>
+			<p>
+			<h:outputText rendered="#{!sessionHandler.isLoggedIn()}" value="#{i18n['permissiondenied.notLoggedIn']}" />
+			<h:outputText rendered="#{sessionHandler.isLoggedIn()}" value="#{i18n['permissiondenied.alreadyLoggedIn']}" />
+			</p>
 		</ui:define>
 	</ui:composition>
 </h:body>

code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java

@@ -45,7 +45,7 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper {
                 errorpage(i, t, "viewExpired");
             }
             Throwable cause = t;
-            while (cause != null) {
+            for(int loop = 0; loop < 20 && cause != null; ++loop) {
                 logger.debug("Cause not null, but {}, checking" + t.getClass().toString());
                 if (cause instanceof PermissionDeniedException ||
                         cause instanceof EJBAccessException ||

code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java

@@ -19,6 +19,7 @@ import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.enums.RolePermission;
+import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.model.User;
 
 /**
@@ -44,12 +45,12 @@ public class SessionHandler {
     }
 
     public String getLocale() {
-        //TODO: Locale selection code missing
+        // TODO: Locale selection code missing
         return "en_ST_v7";
     }
 
     public String getLayout() {
-        //TODO: layout selection code missing!!
+        // TODO: layout selection code missing!!
         return "insomnia1";
     }
 
@@ -73,10 +74,12 @@ public class SessionHandler {
     }
 
     public boolean hasPermission(Permission target, RolePermission permission) {
-        if (target == null) {
-            throw new RuntimeException("Empty target");
+        if (target == null || permission == null) {
+            throw new RuntimeException("Empty target or permission!");
         }
-        return userbean.hasPermission(target, getUser(), permission);
+        boolean ret = userbean.hasPermission(target, getUser(), permission);
+
+        return ret;
     }
 
     public boolean hasPermission(String target, RolePermission permission) {
@@ -84,10 +87,6 @@ public class SessionHandler {
         return hasPermission(Permission.getPermission(target), permission);
     }
 
-    public boolean canWrite(Permission p) {
-        return hasPermission(p, RolePermission.WRITE);
-    }
-
     public boolean canWrite(String target) {
         return hasPermission(target, RolePermission.WRITE);
     }
@@ -96,21 +95,12 @@ public class SessionHandler {
         return hasPermission(target, RolePermission.READ);
     }
 
-    public boolean canRead(Permission target) {
-        return hasPermission(target, RolePermission.READ);
-    }
-
     public boolean canExecute(String target) {
         return hasPermission(target, RolePermission.EXECUTE);
     }
 
-    public boolean canExecute(Permission target) {
-        return hasPermission(target, RolePermission.EXECUTE);
-    }
-
     private boolean impersonating = false;
 
-   
     public void impersonateUser(User user) {
         if (user == null) {
             this.thisuser = getUser();
@@ -147,10 +137,11 @@ public class SessionHandler {
         return "logout";
     }
 
-    public boolean isLoggedIn()
-    {
+    public boolean isLoggedIn() {
 
         boolean ret = userbean.isLoggedIn();
         return ret;
     }
+
+  
 }

code/LanBortalWeb/src/fi/insomnia/bortal/view/RoleView.java

@@ -4,26 +4,28 @@
  */
 package fi.insomnia.bortal.view;
 
-import fi.insomnia.bortal.beans.EventBeanLocal;
-import fi.insomnia.bortal.beans.RoleBeanLocal;
-import fi.insomnia.bortal.beans.SecurityBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
-import fi.insomnia.bortal.exceptions.PermissionDeniedException;
-import fi.insomnia.bortal.handler.SessionHandler;
-import fi.insomnia.bortal.model.AccessRight;
-import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
-
 import java.util.List;
+
 import javax.ejb.EJB;
 import javax.faces.bean.ManagedBean;
 import javax.faces.bean.ManagedProperty;
 import javax.faces.bean.SessionScoped;
 import javax.faces.model.DataModel;
 import javax.faces.model.ListDataModel;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import fi.insomnia.bortal.beans.EventBeanLocal;
+import fi.insomnia.bortal.beans.RoleBeanLocal;
+import fi.insomnia.bortal.beans.SecurityBeanLocal;
+import fi.insomnia.bortal.beans.UserBeanLocal;
+import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.RolePermission;
+import fi.insomnia.bortal.handler.SessionHandler;
+import fi.insomnia.bortal.model.Role;
+import fi.insomnia.bortal.model.RoleRight;
+
 /**
  * 
  * @author tuukka
@@ -43,6 +45,9 @@ public class RoleView {
 
     @EJB
     private SecurityBeanLocal securitybean;
+    @EJB
+    private UserBeanLocal userbean;
+
     private Role role;
     private DataModel<Role> items;
 
@@ -65,10 +70,7 @@ public class RoleView {
 
     public String save() {
 
-        if (!sessionhandler.canWrite(Permission.ROLE_MANAGEMENT)) {
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to modify role!");
-        }
+        userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "Does not have permission to modify role!");
 
         role = roleBean.mergeChanges(getRole());
 
@@ -76,7 +78,7 @@ public class RoleView {
     }
 
     public String editRoleRight() {
-        logger.info("Roleright array: {}" ,rolerights);
+        logger.info("Roleright array: {}", rolerights);
         RoleRight row = rolerights.getRowData();
         roleBean.mergeChanges(row);
         logger.info("Saving roleright {}, r {}, w {}, x {}", new String[] { row.getAccessRight().getName(), new Boolean(row.isRead()).toString(), new Boolean(row.isWrite()).toString(), new Boolean(row.isExecute()).toString() });
@@ -87,10 +89,7 @@ public class RoleView {
 
     public String create() {
 
-        if (!sessionhandler.canWrite(Permission.ROLE_MANAGEMENT)) {
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create role!");
-        }
+        userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "Does not have permission to create role!");
         logger.debug("Creating role {}", getRole());
         role = roleBean.create(getRole());
 

code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java

@@ -18,6 +18,7 @@ import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.JaasBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.User;
@@ -54,10 +55,7 @@ public class UserView {
     }
 
     public String createUser() {
-        if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT)) {
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!");
-        }
+        userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE, "does not have permission to create user!");
 
         if (null != userBean.getUser(login)) {
             FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(I18n.get("userview.userExists")));

code/LanBortalWeb/src/resources/i18n_en.properties

@@ -100,3 +100,7 @@ sidebar.role.create=Create role
 sidebar.role.list=List roles
 sidebar.map.placemap=Select places
 
+permissiondenied.header=Permission denied!
+permissiondenied.notLoggedIn=You are not authorized to view this page. Logging in may help.
+permissiondenied.alreadyLoggedIn=You are not authorized to view this page. If you think this is an error please contact the admins.
+

code/LanBortalWeb/src/resources/i18n_fi.properties

@@ -4,12 +4,8 @@
 #
 
 global.cancel=Peruuta
-global.copyright=
-global.infomail=
 global.notauthorized=Sinulla ei ole riitt\u00e4vi\u00e4 oikeuksia t\u00e4lle sivulle.
-global.productname=
 global.save=Tallenna
-global.webpage=
 login.login=Kirjaudu sis\u00e4\u00e4n
 login.logout=Kirjaudu ulos
 login.logoutmessage=Olet kirjautunut ulos j\u00e4rjestelm\u00e4st\u00e4.
@@ -17,13 +13,6 @@ login.password=Salasana
 login.submit=Kirjaudu sis\u00e4\u00e4n
 login.username=K\u00e4ytt\u00e4j\u00e4tunnus
 nasty.user=Wait, wot! Mene pois!
-page.auth.login.header=
-page.auth.login.loginerror=
-page.auth.login.logout=
-page.auth.login.pagegroup=
-page.auth.login.title=
-page.index.pagegroup=
-page.viewexpired=
 placeSelect.placesleft=Paikkoja j\u00e4ljell\u00e4
 product.barcode=Viivakoodi
 product.create=Luo tuote