Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
Genesys Backend
Commits
62d18c6f
Commit
62d18c6f
authored
Jan 07, 2014
by
Matija Obreza
Browse files
Moved ACL editing to AclEditController
parent
736264c1
Changes
10
Hide whitespace changes
Inline
Side-by-side
src/main/java/org/genesys2/server/model/impl/FaoInstitute.java
View file @
62d18c6f
...
...
@@ -29,6 +29,7 @@ import javax.persistence.Table;
import
javax.persistence.UniqueConstraint
;
import
org.genesys2.server.lucene.genesys.FaoInstituteBridge
;
import
org.genesys2.server.model.AclAwareModel
;
import
org.genesys2.server.model.EntityId
;
import
org.hibernate.annotations.Index
;
import
org.hibernate.search.annotations.ClassBridge
;
...
...
@@ -42,7 +43,7 @@ import org.hibernate.search.annotations.Store;
@org
.
hibernate
.
annotations
.
Table
(
appliesTo
=
"faoinstitute"
,
indexes
=
{
@Index
(
columnNames
=
{
"code"
},
name
=
"code_FAOINSTITUTE"
)
})
@Indexed
@ClassBridge
(
name
=
"body"
,
impl
=
FaoInstituteBridge
.
class
)
public
class
FaoInstitute
extends
GeoEntity
implements
EntityId
,
java
.
io
.
Serializable
{
public
class
FaoInstitute
extends
GeoEntity
implements
AclAwareModel
,
EntityId
{
/**
*
...
...
src/main/java/org/genesys2/server/servlet/controller/AclEditController.java
0 → 100644
View file @
62d18c6f
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package
org.genesys2.server.servlet.controller
;
import
org.genesys2.server.model.acl.AclObjectIdentity
;
import
org.genesys2.server.service.AclService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Scope
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.ui.ModelMap
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RequestParam
;
@Controller
@Scope
(
"request"
)
@RequestMapping
(
"/acl"
)
@PreAuthorize
(
"isAuthenticated()"
)
public
class
AclEditController
extends
BaseController
{
@Autowired
private
AclService
aclService
;
@RequestMapping
(
"/{clazz}/{id}/permissions"
)
public
String
permissions
(
ModelMap
model
,
@PathVariable
(
value
=
"clazz"
)
String
className
,
@PathVariable
(
"id"
)
long
id
,
@RequestParam
(
value
=
"back"
,
required
=
false
)
String
backUrl
)
{
AclObjectIdentity
objectIdentity
=
aclService
.
ensureObjectIdentity
(
className
,
id
);
model
.
addAttribute
(
"aclObjectIdentity"
,
objectIdentity
);
if
(
objectIdentity
!=
null
)
{
model
.
addAttribute
(
"aclPermissions"
,
aclService
.
getAvailablePermissions
(
className
));
}
model
.
addAttribute
(
"aclSids"
,
aclService
.
getSids
(
id
,
className
));
// Map<AclSid, Map<Permission, Boolean>>
model
.
addAttribute
(
"aclEntries"
,
aclService
.
getPermissions
(
id
,
className
));
model
.
addAttribute
(
"backUrl"
,
backUrl
);
// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
return
"/acl/editor"
;
}
@RequestMapping
(
value
=
"/{clazz}/{id}/permissions"
,
method
=
RequestMethod
.
POST
)
public
String
update
(
ModelMap
model
,
@PathVariable
(
"clazz"
)
String
className
,
@PathVariable
(
"id"
)
long
id
)
{
return
"/acl/editor"
;
}
}
src/main/java/org/genesys2/server/servlet/controller/TeamController.java
View file @
62d18c6f
...
...
@@ -17,7 +17,6 @@
package
org.genesys2.server.servlet.controller
;
import
org.genesys2.server.model.impl.Team
;
import
org.genesys2.server.service.AclService
;
import
org.genesys2.server.service.ContentService
;
import
org.genesys2.server.service.InstituteService
;
import
org.genesys2.server.service.TeamService
;
...
...
@@ -47,9 +46,6 @@ public class TeamController extends BaseController {
@Autowired
private
TeamService
teamService
;
@Autowired
private
AclService
aclService
;
@RequestMapping
(
""
)
@PreAuthorize
(
"hasRole('ADMINISTRATOR')"
)
public
String
viewAll
(
ModelMap
model
,
@RequestParam
(
value
=
"page"
,
required
=
false
,
defaultValue
=
"1"
)
int
page
)
{
...
...
@@ -69,22 +65,4 @@ public class TeamController extends BaseController {
return
"/team/details"
;
}
@RequestMapping
(
"/{teamUuid}/permissions"
)
public
String
permissions
(
ModelMap
model
,
@PathVariable
(
value
=
"teamUuid"
)
String
uuid
)
{
Team
team
=
teamService
.
getTeam
(
uuid
);
if
(
team
==
null
)
{
throw
new
ResourceNotFoundException
();
}
model
.
addAttribute
(
"aclAware"
,
team
);
model
.
addAttribute
(
"aclPermissions"
,
aclService
.
getAvailablePermissions
(
team
));
model
.
addAttribute
(
"aclObjectIdentity"
,
aclService
.
getObjectIdentity
(
team
));
model
.
addAttribute
(
"aclSids"
,
aclService
.
getSids
(
team
));
// Map<AclSid, Map<Permission, Boolean>>
model
.
addAttribute
(
"aclEntries"
,
aclService
.
getPermissions
(
team
));
model
.
addAttribute
(
"backUrl"
,
"/team/"
+
team
.
getUuid
());
// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
return
"/acl/editor"
;
}
}
src/main/java/org/genesys2/server/servlet/controller/WiewsController.java
View file @
62d18c6f
...
...
@@ -180,5 +180,4 @@ public class WiewsController extends BaseController {
return
"/accession/data"
;
}
}
src/main/java/org/genesys2/server/servlet/controller/rest/PermissionController.java
0 → 100644
View file @
62d18c6f
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package
org.genesys2.server.servlet.controller.rest
;
import
org.apache.commons.logging.Log
;
import
org.apache.commons.logging.LogFactory
;
import
org.genesys2.server.service.AclService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.http.MediaType
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.acls.domain.BasePermission
;
import
org.springframework.security.acls.model.Permission
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.ResponseBody
;
@Controller
@PreAuthorize
(
"isAuthenticated()"
)
@RequestMapping
(
value
=
{
"/api/v0/permission"
,
"/json/v0/permission"
})
public
class
PermissionController
extends
RestController
{
private
static
final
Log
LOG
=
LogFactory
.
getLog
(
PermissionController
.
class
);
@Autowired
protected
AclService
aclService
;
@RequestMapping
(
value
=
"/add"
,
method
=
RequestMethod
.
POST
,
produces
=
MediaType
.
APPLICATION_JSON_VALUE
)
public
@ResponseBody
Object
addPermission
(
@RequestBody
PermissionJson
permissionJson
)
{
LOG
.
info
(
"Adding permission "
+
permissionJson
);
// TODO FIXME Add only selected permissions
Permission
[]
permissions
=
new
Permission
[]
{
BasePermission
.
CREATE
,
BasePermission
.
DELETE
,
BasePermission
.
READ
,
BasePermission
.
WRITE
,
BasePermission
.
ADMINISTRATION
};
return
aclService
.
addPermissions
(
permissionJson
.
oid
,
permissionJson
.
clazz
,
permissionJson
.
uuid
,
permissionJson
.
principal
,
permissions
);
}
public
static
class
PermissionJson
{
public
long
oid
;
public
String
clazz
;
public
String
uuid
;
public
boolean
principal
;
@Override
public
String
toString
()
{
return
"PJ oid="
+
oid
+
" class="
+
clazz
+
" uuid="
+
uuid
+
" principal="
+
principal
;
}
}
}
\ No newline at end of file
src/main/java/org/genesys2/server/servlet/controller/rest/RestController.java
View file @
62d18c6f
...
...
@@ -7,6 +7,10 @@ import javax.servlet.http.HttpServletResponse;
import
org.apache.commons.logging.Log
;
import
org.apache.commons.logging.LogFactory
;
import
org.genesys2.server.security.AuthUserDetails
;
import
org.springframework.security.access.AccessDeniedException
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.web.bind.annotation.ExceptionHandler
;
import
org.springframework.web.bind.annotation.ResponseBody
;
...
...
@@ -16,7 +20,7 @@ public abstract class RestController {
public
RestController
()
{
super
();
}
@ExceptionHandler
(
Exception
.
class
)
@ResponseBody
public
ExceptionJson
handleIOException
(
Exception
ex
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
{
...
...
@@ -24,4 +28,13 @@ public abstract class RestController {
return
new
ExceptionJson
(
ex
);
}
@ExceptionHandler
(
AccessDeniedException
.
class
)
@ResponseBody
public
ExceptionJson
handleAccessDeniedException
(
Exception
ex
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
{
Authentication
authentication
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
LOG
.
warn
(
request
.
getRequestURI
()
+
" "
+
ex
.
getMessage
()
+
" for "
+
(
authentication
!=
null
?
((
AuthUserDetails
)
authentication
.
getPrincipal
()).
getUsername
()
:
"null"
));
return
new
ExceptionJson
(
ex
);
}
}
\ No newline at end of file
src/main/resources/log4j.properties
View file @
62d18c6f
...
...
@@ -27,6 +27,7 @@ log4j.rootLogger=info, stdout
#log4j.category.org.genesys2=debug
#log4j.category.org.hibernate.search=debug
log4j.category.org.apache.tomcat.jdbc.pool
=
debug
#log4j.category.org.springframework.jdbc.core.JdbcTemplate=debug
#log4j.category.org.springframework.security.oauth2=trace
#log4j.category.org.springframework.security.access=trace
#log4j.category.org.springframework.security.acl=trace
...
...
src/main/webapp/WEB-INF/jsp/acl/editor.jsp
View file @
62d18c6f
...
...
@@ -8,8 +8,8 @@
</head>
<body>
<h1>
<c:out
value=
"
${
acl
Aware
.
class
.
name
}
"
/>
<small><c:out
value=
"
${
acl
Aware
.
id
}
"
/></small>
<c:out
value=
"
${
acl
ObjectIdentity
.
aclClass
.
aclClass
}
"
/>
<small><c:out
value=
"
${
acl
ObjectIdentity
.
objectIdIdentity
}
"
/></small>
</h1>
...
...
@@ -36,11 +36,9 @@
</c:forEach>
</tr>
</c:forEach>
<tr
class=
"${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}"
>
<td>
AUTOCOMPLETE
</td>
<c:forEach
items=
"
${
aclPermissions
}
"
var=
"aclPermission"
>
<td><input
type=
"checkbox"
value=
"1"
/></td>
</c:forEach>
<tr
id=
"permissionAdder"
class=
"${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}"
>
<td><input
type=
"text"
name=
"uuid"
/></td>
<td><input
type=
"button"
value=
"
<spring:message
code=
"add"
/>
"
/></td>
</tr>
</tbody>
</table>
...
...
@@ -48,5 +46,29 @@
<button
class=
"btn btn-primary"
><spring:message
code=
"save"
/></button>
<a
href=
"
<c:url
value=
"
${
backUrl
}
"
/>
"
class=
"btn btn-default"
><spring:message
code=
"cancel"
/></a>
<script
type=
"text/javascript"
>
jQuery
(
document
).
ready
(
function
()
{
$
(
"
#permissionAdder input[type=button]
"
).
on
(
"
click
"
,
function
(
a
,
b
,
c
)
{
var
object
=
{
"
oid
"
:
$
{
aclObjectIdentity
.
objectIdIdentity
},
"
clazz
"
:
"
${aclObjectIdentity.aclClass.aclClass}
"
,
"
uuid
"
:
$
(
"
#permissionAdder input[type=text]
"
)[
0
].
value
,
"
principal
"
:
true
};
debugger
;
$
.
ajax
(
"
/json/v0/permission/add
"
,
{
type
:
'
POST
'
,
dataType
:
'
json
'
,
contentType
:
'
application/json; charset=utf-8
'
,
data
:
(
object
==
null
?
null
:
JSON
.
stringify
(
object
)),
beforeSend
:
function
(
xhr
)
{
},
success
:
function
(
respObject
)
{
console
.
log
(
respObject
);
},
error
:
function
(
jqXHR
,
textStatus
,
errorThrown
)
{
console
.
log
(
textStatus
);
console
.
log
(
errorThrown
);
}
});
});
});
</script>
</body>
</html>
src/main/webapp/WEB-INF/jsp/team/details.jsp
View file @
62d18c6f
...
...
@@ -12,7 +12,7 @@
</h1>
<security:authorize
access=
"hasRole('ADMINISTRATOR') or hasPermission(#team, 'WRITE')"
>
<a
href=
"
<c:url
value=
"/
team
/${team.
uu
id}/permissions"
/
>
"
class=
"btn btn-default"
>
<spring:message
code=
"edit-acl"
/></a>
<a
href=
"
<c:url
value=
"/
acl/${team.class.name}
/${team.id}/permissions"
><c:param
name=
"back"
>
/team/${team.uuid}
</c:param></c:url
>
"
class=
"btn btn-default"
>
<spring:message
code=
"edit-acl"
/></a>
</security:authorize>
<h4>
...
...
src/main/webapp/WEB-INF/jsp/wiews/details.jsp
View file @
62d18c6f
...
...
@@ -13,6 +13,10 @@
<small><c:out
value=
"
${
faoInstitute
.
code
}
"
/></small>
</h1>
<security:authorize
access=
"hasRole('ADMINISTRATOR') or hasPermission(#faoInstitute, 'ADMINISTRATION')"
>
<a
href=
"
<c:url
value=
"/acl/${faoInstitute.class.name}/${faoInstitute.id}/permissions"
><c:param
name=
"back"
>
/wiews/${faoInstitute.code.toLowerCase()}
</c:param></c:url>
"
class=
"btn btn-default"
>
<spring:message
code=
"edit-acl"
/></a>
</security:authorize>
<c:if
test=
"
${
countByInstitute
eq
0
}
"
>
<div
class=
"alert alert-info"
>
<spring:message
code=
"faoInstitute.no-accessions-registered"
/>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment