Moved ACL editing to AclEditController

62d18c6f · Matija Obreza · 736264c1 · 62d18c6f · 62d18c6f · 62d18c6f
Commit 62d18c6f authored Jan 07, 2014 by Matija Obreza
10 changed files
--- a/src/main/java/org/genesys2/server/model/impl/FaoInstitute.java
+++ b/src/main/java/org/genesys2/server/model/impl/FaoInstitute.java
@@ -29,6 +29,7 @@ import javax.persistence.Table;
 import javax.persistence.UniqueConstraint;

 import org.genesys2.server.lucene.genesys.FaoInstituteBridge;
+import org.genesys2.server.model.AclAwareModel;
 import org.genesys2.server.model.EntityId;
 import org.hibernate.annotations.Index;
 import org.hibernate.search.annotations.ClassBridge;
@@ -42,7 +43,7 @@ import org.hibernate.search.annotations.Store;
 @org.hibernate.annotations.Table(appliesTo = "faoinstitute", indexes = { @Index(columnNames = { "code" }, name = "code_FAOINSTITUTE") })
 @Indexed
 @ClassBridge(name = "body", impl = FaoInstituteBridge.class)
-public class FaoInstitute extends GeoEntity implements EntityId, java.io.Serializable {
+public class FaoInstitute extends GeoEntity implements AclAwareModel, EntityId {

 	/**
 	 *

--- a/src/main/java/org/genesys2/server/servlet/controller/AclEditController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/AclEditController.java
+/**
+ * Copyright 2013 Global Crop Diversity Trust
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+package org.genesys2.server.servlet.controller;
+
+import org.genesys2.server.model.acl.AclObjectIdentity;
+import org.genesys2.server.service.AclService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+@Scope("request")
+@RequestMapping("/acl")
+@PreAuthorize("isAuthenticated()")
+public class AclEditController extends BaseController {
+
+	@Autowired
+	private AclService aclService;
+
+	@RequestMapping("/{clazz}/{id}/permissions")
+	public String permissions(ModelMap model, @PathVariable(value = "clazz") String className, @PathVariable("id") long id,
+			@RequestParam(value = "back", required = false) String backUrl) {
+
+		AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(className, id);
+		model.addAttribute("aclObjectIdentity", objectIdentity);
+		if (objectIdentity != null) {
+			model.addAttribute("aclPermissions", aclService.getAvailablePermissions(className));
+		}
+		model.addAttribute("aclSids", aclService.getSids(id, className));
+		// Map<AclSid, Map<Permission, Boolean>>
+		model.addAttribute("aclEntries", aclService.getPermissions(id, className));
+		model.addAttribute("backUrl", backUrl);
+
+		// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
+		return "/acl/editor";
+	}
+
+	@RequestMapping(value = "/{clazz}/{id}/permissions", method = RequestMethod.POST)
+	public String update(ModelMap model, @PathVariable("clazz") String className, @PathVariable("id") long id) {
+
+		return "/acl/editor";
+	}
+}
--- a/src/main/java/org/genesys2/server/servlet/controller/TeamController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/TeamController.java
@@ -17,7 +17,6 @@
 package org.genesys2.server.servlet.controller;

 import org.genesys2.server.model.impl.Team;
-import org.genesys2.server.service.AclService;
 import org.genesys2.server.service.ContentService;
 import org.genesys2.server.service.InstituteService;
 import org.genesys2.server.service.TeamService;
@@ -47,9 +46,6 @@ public class TeamController extends BaseController {
 	@Autowired
 	private TeamService teamService;

-	@Autowired
-	private AclService aclService;
-
 	@RequestMapping("")
 	@PreAuthorize("hasRole('ADMINISTRATOR')")
 	public String viewAll(ModelMap model, @RequestParam(value = "page", required = false, defaultValue = "1") int page) {
@@ -69,22 +65,4 @@ public class TeamController extends BaseController {

 		return "/team/details";
 	}
-
-	@RequestMapping("/{teamUuid}/permissions")
-	public String permissions(ModelMap model, @PathVariable(value = "teamUuid") String uuid) {
-		Team team = teamService.getTeam(uuid);
-		if (team == null) {
-			throw new ResourceNotFoundException();
-		}
-		model.addAttribute("aclAware", team);
-		model.addAttribute("aclPermissions", aclService.getAvailablePermissions(team));
-		model.addAttribute("aclObjectIdentity", aclService.getObjectIdentity(team));
-		model.addAttribute("aclSids", aclService.getSids(team));
-		// Map<AclSid, Map<Permission, Boolean>>
-		model.addAttribute("aclEntries", aclService.getPermissions(team));
-		model.addAttribute("backUrl", "/team/"+team.getUuid());
-
-		// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
-		return "/acl/editor";
-	}
 }
--- a/src/main/java/org/genesys2/server/servlet/controller/WiewsController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/WiewsController.java
@@ -180,5 +180,4 @@ public class WiewsController extends BaseController {

 		return "/accession/data";
 	}
-
 }
--- a/src/main/java/org/genesys2/server/servlet/controller/rest/PermissionController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/rest/PermissionController.java
+/**
+ * Copyright 2013 Global Crop Diversity Trust
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+package org.genesys2.server.servlet.controller.rest;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.genesys2.server.service.AclService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+@PreAuthorize("isAuthenticated()")
+@RequestMapping(value = { "/api/v0/permission", "/json/v0/permission" })
+public class PermissionController extends RestController {
+	private static final Log LOG = LogFactory.getLog(PermissionController.class);
+
+	@Autowired
+	protected AclService aclService;
+
+	@RequestMapping(value = "/add", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
+	public @ResponseBody
+	Object addPermission(@RequestBody PermissionJson permissionJson) {
+		LOG.info("Adding permission " + permissionJson);
+
+		// TODO FIXME Add only selected permissions
+		Permission[] permissions = new Permission[] { BasePermission.CREATE, BasePermission.DELETE, BasePermission.READ, BasePermission.WRITE,
+				BasePermission.ADMINISTRATION };
+
+		return aclService.addPermissions(permissionJson.oid, permissionJson.clazz, permissionJson.uuid, permissionJson.principal, permissions);
+	}
+
+	public static class PermissionJson {
+		public long oid;
+		public String clazz;
+		public String uuid;
+		public boolean principal;
+
+		@Override
+		public String toString() {
+			return "PJ oid=" + oid + " class=" + clazz + " uuid=" + uuid + " principal=" + principal;
+		}
+	}
+}
\ No newline at end of file
--- a/src/main/java/org/genesys2/server/servlet/controller/rest/RestController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/rest/RestController.java
@@ -7,6 +7,10 @@ import javax.servlet.http.HttpServletResponse;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.genesys2.server.security.AuthUserDetails;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;

@@ -16,7 +20,7 @@ public abstract class RestController {
 	public RestController() {
 		super();
 	}
-	
+
 	@ExceptionHandler(Exception.class)
 	@ResponseBody
 	public ExceptionJson handleIOException(Exception ex, HttpServletRequest request, HttpServletResponse response) throws IOException {
@@ -24,4 +28,13 @@ public abstract class RestController {
 		return new ExceptionJson(ex);
 	}

+	@ExceptionHandler(AccessDeniedException.class)
+	@ResponseBody
+	public ExceptionJson handleAccessDeniedException(Exception ex, HttpServletRequest request, HttpServletResponse response) throws IOException {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		LOG.warn(request.getRequestURI() + " " + ex.getMessage() + " for "
+				+ (authentication != null ? ((AuthUserDetails) authentication.getPrincipal()).getUsername() : "null"));
+		return new ExceptionJson(ex);
+	}
+
 }
\ No newline at end of file
--- a/src/main/resources/log4j.properties
+++ b/src/main/resources/log4j.properties
@@ -27,6 +27,7 @@ log4j.rootLogger=info, stdout
 #log4j.category.org.genesys2=debug
 #log4j.category.org.hibernate.search=debug
 log4j.category.org.apache.tomcat.jdbc.pool=debug
+#log4j.category.org.springframework.jdbc.core.JdbcTemplate=debug
 #log4j.category.org.springframework.security.oauth2=trace
 #log4j.category.org.springframework.security.access=trace
 #log4j.category.org.springframework.security.acl=trace

--- a/src/main/webapp/WEB-INF/jsp/acl/editor.jsp
+++ b/src/main/webapp/WEB-INF/jsp/acl/editor.jsp
@@ -8,8 +8,8 @@
 </head>
 <body>
 	<h1>
-		<c:out value="${aclAware.class.name}" />
-		<small><c:out value="${aclAware.id}" /></small>
+		<c:out value="${aclObjectIdentity.aclClass.aclClass}" />
+		<small><c:out value="${aclObjectIdentity.objectIdIdentity}" /></small>
 	</h1>


@@ -36,11 +36,9 @@
 					</c:forEach>
 				</tr>
 			</c:forEach>
-			<tr class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
-				<td>AUTOCOMPLETE</td>
-				<c:forEach items="${aclPermissions}" var="aclPermission">
-					<td><input type="checkbox" value="1" /></td>
-				</c:forEach>
+			<tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
+				<td><input type="text" name="uuid" /></td>
+				<td><input type="button" value="<spring:message code="add" />" /></td>
 			</tr>
 		</tbody>
 	</table>
@@ -48,5 +46,29 @@
 	<button class="btn btn-primary"><spring:message code="save" /></button>
 	<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a>

+	<script type="text/javascript">
+	jQuery(document).ready(function() {
+		$("#permissionAdder input[type=button]").on("click", function(a,b,c) {
+			var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":$("#permissionAdder input[type=text]")[0].value,"principal":true };
+			debugger;
+			$.ajax("/json/v0/permission/add", {
+				type : 'POST',
+				dataType : 'json',
+				contentType: 'application/json; charset=utf-8',
+				data: (object==null ? null : JSON.stringify(object)),
+				beforeSend : function(xhr) {
+					
+				},
+				success : function(respObject) {
+					console.log(respObject);
+				},
+				error: function(jqXHR, textStatus, errorThrown) {
+					console.log(textStatus);
+					console.log(errorThrown);
+				}
+			});
+		});
+	});
+	</script>
 </body>
 </html>
--- a/src/main/webapp/WEB-INF/jsp/team/details.jsp
+++ b/src/main/webapp/WEB-INF/jsp/team/details.jsp
@@ -12,7 +12,7 @@
 	</h1>

 	<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#team, 'WRITE')">
-		<a href="<c:url value="/team/${team.uuid}/permissions" />" class="btn btn-default"> <spring:message code="edit-acl" /></a>
+		<a href="<c:url value="/acl/${team.class.name}/${team.id}/permissions"><c:param name="back">/team/${team.uuid}</c:param></c:url>" class="btn btn-default"> <spring:message code="edit-acl" /></a>
 	</security:authorize>

 	<h4>

--- a/src/main/webapp/WEB-INF/jsp/wiews/details.jsp
+++ b/src/main/webapp/WEB-INF/jsp/wiews/details.jsp
@@ -13,6 +13,10 @@
 		<small><c:out value="${faoInstitute.code}" /></small>
 	</h1>

+	<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#faoInstitute, 'ADMINISTRATION')">
+		<a href="<c:url value="/acl/${faoInstitute.class.name}/${faoInstitute.id}/permissions"><c:param name="back">/wiews/${faoInstitute.code.toLowerCase()}</c:param></c:url>" class="btn btn-default"> <spring:message code="edit-acl" /></a>
+	</security:authorize>
+
 	<c:if test="${countByInstitute eq 0}">
 		<div class="alert alert-info">
 			<spring:message code="faoInstitute.no-accessions-registered" />