Commit 62d18c6f authored by Matija Obreza's avatar Matija Obreza

Moved ACL editing to AclEditController

parent 736264c1
......@@ -29,6 +29,7 @@ import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import org.genesys2.server.lucene.genesys.FaoInstituteBridge;
import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.model.EntityId;
import org.hibernate.annotations.Index;
import org.hibernate.search.annotations.ClassBridge;
......@@ -42,7 +43,7 @@ import org.hibernate.search.annotations.Store;
@org.hibernate.annotations.Table(appliesTo = "faoinstitute", indexes = { @Index(columnNames = { "code" }, name = "code_FAOINSTITUTE") })
@Indexed
@ClassBridge(name = "body", impl = FaoInstituteBridge.class)
public class FaoInstitute extends GeoEntity implements EntityId, java.io.Serializable {
public class FaoInstitute extends GeoEntity implements AclAwareModel, EntityId {
/**
*
......
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.servlet.controller;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.service.AclService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
@Scope("request")
@RequestMapping("/acl")
@PreAuthorize("isAuthenticated()")
public class AclEditController extends BaseController {
@Autowired
private AclService aclService;
@RequestMapping("/{clazz}/{id}/permissions")
public String permissions(ModelMap model, @PathVariable(value = "clazz") String className, @PathVariable("id") long id,
@RequestParam(value = "back", required = false) String backUrl) {
AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(className, id);
model.addAttribute("aclObjectIdentity", objectIdentity);
if (objectIdentity != null) {
model.addAttribute("aclPermissions", aclService.getAvailablePermissions(className));
}
model.addAttribute("aclSids", aclService.getSids(id, className));
// Map<AclSid, Map<Permission, Boolean>>
model.addAttribute("aclEntries", aclService.getPermissions(id, className));
model.addAttribute("backUrl", backUrl);
// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
return "/acl/editor";
}
@RequestMapping(value = "/{clazz}/{id}/permissions", method = RequestMethod.POST)
public String update(ModelMap model, @PathVariable("clazz") String className, @PathVariable("id") long id) {
return "/acl/editor";
}
}
......@@ -17,7 +17,6 @@
package org.genesys2.server.servlet.controller;
import org.genesys2.server.model.impl.Team;
import org.genesys2.server.service.AclService;
import org.genesys2.server.service.ContentService;
import org.genesys2.server.service.InstituteService;
import org.genesys2.server.service.TeamService;
......@@ -47,9 +46,6 @@ public class TeamController extends BaseController {
@Autowired
private TeamService teamService;
@Autowired
private AclService aclService;
@RequestMapping("")
@PreAuthorize("hasRole('ADMINISTRATOR')")
public String viewAll(ModelMap model, @RequestParam(value = "page", required = false, defaultValue = "1") int page) {
......@@ -69,22 +65,4 @@ public class TeamController extends BaseController {
return "/team/details";
}
@RequestMapping("/{teamUuid}/permissions")
public String permissions(ModelMap model, @PathVariable(value = "teamUuid") String uuid) {
Team team = teamService.getTeam(uuid);
if (team == null) {
throw new ResourceNotFoundException();
}
model.addAttribute("aclAware", team);
model.addAttribute("aclPermissions", aclService.getAvailablePermissions(team));
model.addAttribute("aclObjectIdentity", aclService.getObjectIdentity(team));
model.addAttribute("aclSids", aclService.getSids(team));
// Map<AclSid, Map<Permission, Boolean>>
model.addAttribute("aclEntries", aclService.getPermissions(team));
model.addAttribute("backUrl", "/team/"+team.getUuid());
// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
return "/acl/editor";
}
}
......@@ -180,5 +180,4 @@ public class WiewsController extends BaseController {
return "/accession/data";
}
}
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.servlet.controller.rest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys2.server.service.AclService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = { "/api/v0/permission", "/json/v0/permission" })
public class PermissionController extends RestController {
private static final Log LOG = LogFactory.getLog(PermissionController.class);
@Autowired
protected AclService aclService;
@RequestMapping(value = "/add", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody
Object addPermission(@RequestBody PermissionJson permissionJson) {
LOG.info("Adding permission " + permissionJson);
// TODO FIXME Add only selected permissions
Permission[] permissions = new Permission[] { BasePermission.CREATE, BasePermission.DELETE, BasePermission.READ, BasePermission.WRITE,
BasePermission.ADMINISTRATION };
return aclService.addPermissions(permissionJson.oid, permissionJson.clazz, permissionJson.uuid, permissionJson.principal, permissions);
}
public static class PermissionJson {
public long oid;
public String clazz;
public String uuid;
public boolean principal;
@Override
public String toString() {
return "PJ oid=" + oid + " class=" + clazz + " uuid=" + uuid + " principal=" + principal;
}
}
}
\ No newline at end of file
......@@ -7,6 +7,10 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys2.server.security.AuthUserDetails;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
......@@ -16,7 +20,7 @@ public abstract class RestController {
public RestController() {
super();
}
@ExceptionHandler(Exception.class)
@ResponseBody
public ExceptionJson handleIOException(Exception ex, HttpServletRequest request, HttpServletResponse response) throws IOException {
......@@ -24,4 +28,13 @@ public abstract class RestController {
return new ExceptionJson(ex);
}
@ExceptionHandler(AccessDeniedException.class)
@ResponseBody
public ExceptionJson handleAccessDeniedException(Exception ex, HttpServletRequest request, HttpServletResponse response) throws IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
LOG.warn(request.getRequestURI() + " " + ex.getMessage() + " for "
+ (authentication != null ? ((AuthUserDetails) authentication.getPrincipal()).getUsername() : "null"));
return new ExceptionJson(ex);
}
}
\ No newline at end of file
......@@ -27,6 +27,7 @@ log4j.rootLogger=info, stdout
#log4j.category.org.genesys2=debug
#log4j.category.org.hibernate.search=debug
log4j.category.org.apache.tomcat.jdbc.pool=debug
#log4j.category.org.springframework.jdbc.core.JdbcTemplate=debug
#log4j.category.org.springframework.security.oauth2=trace
#log4j.category.org.springframework.security.access=trace
#log4j.category.org.springframework.security.acl=trace
......
......@@ -8,8 +8,8 @@
</head>
<body>
<h1>
<c:out value="${aclAware.class.name}" />
<small><c:out value="${aclAware.id}" /></small>
<c:out value="${aclObjectIdentity.aclClass.aclClass}" />
<small><c:out value="${aclObjectIdentity.objectIdIdentity}" /></small>
</h1>
......@@ -36,11 +36,9 @@
</c:forEach>
</tr>
</c:forEach>
<tr class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td>AUTOCOMPLETE</td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" value="1" /></td>
</c:forEach>
<tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" name="uuid" /></td>
<td><input type="button" value="<spring:message code="add" />" /></td>
</tr>
</tbody>
</table>
......@@ -48,5 +46,29 @@
<button class="btn btn-primary"><spring:message code="save" /></button>
<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a>
<script type="text/javascript">
jQuery(document).ready(function() {
$("#permissionAdder input[type=button]").on("click", function(a,b,c) {
var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":$("#permissionAdder input[type=text]")[0].value,"principal":true };
debugger;
$.ajax("/json/v0/permission/add", {
type : 'POST',
dataType : 'json',
contentType: 'application/json; charset=utf-8',
data: (object==null ? null : JSON.stringify(object)),
beforeSend : function(xhr) {
},
success : function(respObject) {
console.log(respObject);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
});
</script>
</body>
</html>
......@@ -12,7 +12,7 @@
</h1>
<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#team, 'WRITE')">
<a href="<c:url value="/team/${team.uuid}/permissions" />" class="btn btn-default"> <spring:message code="edit-acl" /></a>
<a href="<c:url value="/acl/${team.class.name}/${team.id}/permissions"><c:param name="back">/team/${team.uuid}</c:param></c:url>" class="btn btn-default"> <spring:message code="edit-acl" /></a>
</security:authorize>
<h4>
......
......@@ -13,6 +13,10 @@
<small><c:out value="${faoInstitute.code}" /></small>
</h1>
<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#faoInstitute, 'ADMINISTRATION')">
<a href="<c:url value="/acl/${faoInstitute.class.name}/${faoInstitute.id}/permissions"><c:param name="back">/wiews/${faoInstitute.code.toLowerCase()}</c:param></c:url>" class="btn btn-default"> <spring:message code="edit-acl" /></a>
</security:authorize>
<c:if test="${countByInstitute eq 0}">
<div class="alert alert-info">
<spring:message code="faoInstitute.no-accessions-registered" />
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment