From 12e5612e264152e239881f2d6846333459169c59 Mon Sep 17 00:00:00 2001 From: Viliam Repan Date: Thu, 29 Sep 2016 14:19:40 +0200 Subject: [PATCH] focus tabs editor visibility support based on adminGuiConfiguration --- .../midpoint/gui/api/page/PageBase.java | 21 +--- .../gui/api/util/FocusTabVisibleBehavior.java | 119 ++++++++++++------ .../gui/api/util/WebModelServiceUtils.java | 25 +++- .../objectdetails/FocusMainPanel.java | 30 +++-- .../MidPointGuiAuthorizationEvaluator.java | 13 +- .../xml/ns/public/common/common-core-3.xsd | 7 ++ .../security/api/AuthorizationConstants.java | 9 +- 7 files changed, 132 insertions(+), 92 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java index 2b3d8d31692..b4c6f5d67e6 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java @@ -447,25 +447,6 @@ public static String createEnumResourceKey(Enum e) { return e.getDeclaringClass().getSimpleName() + "." + e.name(); } - public Task createSimpleTask(String operation, PrismObject owner) { - TaskManager manager = getTaskManager(); - Task task = manager.createTaskInstance(operation); - - if (owner == null) { - MidPointPrincipal user = SecurityUtils.getPrincipalUser(); - if (user == null) { - throw new RestartResponseException(PageLogin.class); - } else { - owner = user.getUser().asPrismObject(); - } - } - - task.setOwner(owner); - task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); - - return task; - } - public Task createAnonymousTask(String operation) { TaskManager manager = getTaskManager(); Task task = manager.createTaskInstance(operation); @@ -480,7 +461,7 @@ public Task createSimpleTask(String operation) { if (user == null) { throw new RestartResponseException(PageLogin.class); } - return createSimpleTask(operation, user.getUser().asPrismObject()); + return WebModelServiceUtils.createSimpleTask(operation, user.getUser().asPrismObject(), getTaskManager()); } public MidpointConfiguration getMidpointConfiguration() { diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/FocusTabVisibleBehavior.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/FocusTabVisibleBehavior.java index c66f01d725c..7c0dfe0a4e2 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/FocusTabVisibleBehavior.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/FocusTabVisibleBehavior.java @@ -16,22 +16,34 @@ package com.evolveum.midpoint.gui.api.util; +import com.evolveum.midpoint.model.api.ModelInteractionService; import com.evolveum.midpoint.prism.PrismObject; -import com.evolveum.midpoint.security.api.AuthorizationConstants; -import com.evolveum.midpoint.security.api.SecurityEnforcer; +import com.evolveum.midpoint.schema.result.OperationResult; +import com.evolveum.midpoint.task.api.Task; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.util.exception.ObjectNotFoundException; import com.evolveum.midpoint.util.exception.SchemaException; import com.evolveum.midpoint.util.exception.SystemException; import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour; import com.evolveum.midpoint.web.security.MidPointApplication; -import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType; -import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType; +import com.evolveum.midpoint.web.security.SecurityUtils; +import com.evolveum.midpoint.xml.ns._public.common.common_3.*; +import org.apache.commons.lang.BooleanUtils; +import org.apache.commons.lang.ObjectUtils; +import org.apache.commons.lang.StringUtils; import org.apache.wicket.model.IModel; +import javax.xml.namespace.QName; +import java.util.ArrayList; +import java.util.List; + /** * Created by Viliam Repan (lazyman). */ public class FocusTabVisibleBehavior extends VisibleEnableBehaviour { + private static final String OPERATION_LOAD_GUI_CONFIGURATION = FocusTabVisibleBehavior.class.getName() + ".loadGuiConfiguration"; + private IModel> objectModel; private String uiAuthorizationUrl; @@ -40,51 +52,80 @@ public FocusTabVisibleBehavior(IModel> objectModel, String uiAuth this.uiAuthorizationUrl = uiAuthorizationUrl; } - private SecurityEnforcer getEnforcer() { - return ((MidPointApplication) MidPointApplication.get()).getSecurityEnforcer(); + private ModelInteractionService getModelInteractionService() { + return ((MidPointApplication) MidPointApplication.get()).getModelInteractionService(); + } + + private TaskManager getTaskManager() { + return ((MidPointApplication) MidPointApplication.get()).getTaskManager(); } @Override public boolean isVisible() { - if (1 == 1) { + PrismObject obj = objectModel.getObject(); + if (obj == null) { return true; } - //todo implement proper authorization + QName type = obj.getDefinition().getTypeName(); - PrismObject obj = objectModel.getObject(); + Task task = WebModelServiceUtils.createSimpleTask(OPERATION_LOAD_GUI_CONFIGURATION, + SecurityUtils.getPrincipalUser().getUser().asPrismObject(), getTaskManager()); + OperationResult result = task.getResult(); + AdminGuiConfigurationType config; try { -// ObjectTypes type = ObjectTypes.getObjectType(obj.getCompileTimeClass()); -// boolean allowAll = false; -// switch (type) { -// case USER: -// allowAll = securityEnforcer.isAuthorized(authorization, AuthorizationPhaseType.REQUEST, obj, null, -// null, null); -// break; -// case ROLE: -// -// break; -// case ORG: -// -// break; -// case SERVICE: -// -// break; -// default: -// } - - boolean objectCreateBare = getEnforcer().isAuthorized(AuthorizationConstants.AUTZ_UI_OBJECT_CREATE_BARE_URL, - AuthorizationPhaseType.REQUEST, obj, null, null, null); - boolean objectDetailsBare = getEnforcer().isAuthorized(AuthorizationConstants.AUTZ_UI_OBJECT_DETAILS_BARE_URL, - AuthorizationPhaseType.REQUEST, obj, null, null, null); - - boolean tabEnabled = getEnforcer().isAuthorized(uiAuthorizationUrl, - AuthorizationPhaseType.REQUEST, obj, null, null, null); - - return tabEnabled; - } catch (SchemaException ex) { - throw new SystemException(ex); + config = getModelInteractionService().getAdminGuiConfiguration(task, result); + } catch (ObjectNotFoundException | SchemaException e) { + throw new SystemException("Cannot load GUI configuration: " + e.getMessage(), e); + } + + // find all object form definitions for specified type, if there is none we'll show all default tabs + List forms = findObjectForm(config, type); + if (forms.isEmpty()) { + return true; + } + + // we'll try to find includeDefault, if there is includeDefault=true, we can return true (all tabs visible) + for (ObjectFormType form : forms) { + if (BooleanUtils.isTrue(form.isIncludeDefaultForms())) { + return true; + } + } + + for (ObjectFormType form : forms) { + FormSpecificationType spec = form.getFormSpecification(); + if (spec == null || StringUtils.isEmpty(spec.getPanelUri())) { + continue; + } + + if (ObjectUtils.equals(uiAuthorizationUrl, spec.getPanelUri())) { + return true; + } + } + + return false; + } + + private List findObjectForm(AdminGuiConfigurationType config, QName type) { + List result = new ArrayList<>(); + + if (config == null || config.getObjectForms() == null) { + return result; + } + + ObjectFormsType forms = config.getObjectForms(); + List list = forms.getObjectForm(); + if (list.isEmpty()) { + return result; } + + for (ObjectFormType form : list) { + if (type.equals(form.getType())) { + result.add(form); + } + } + + return result; } } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java index f08ff5299d7..75160abfe35 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java @@ -18,6 +18,9 @@ import java.util.*; +import com.evolveum.midpoint.schema.constants.SchemaConstants; +import com.evolveum.midpoint.task.api.TaskManager; +import com.evolveum.midpoint.web.page.login.PageLogin; import com.evolveum.midpoint.web.security.MidPointApplication; import org.apache.commons.lang.LocaleUtils; import org.apache.commons.lang.StringUtils; @@ -62,6 +65,7 @@ import ch.qos.logback.classic.Logger; +import org.apache.wicket.RestartResponseException; import org.apache.wicket.Session; import org.apache.wicket.protocol.http.WebSession; import org.jetbrains.annotations.Nullable; @@ -301,7 +305,7 @@ public static List> searchObjects(Class } List> objects = new ArrayList>(); try { - Task task = page.createSimpleTask(subResult.getOperation(), principal); + Task task = createSimpleTask(subResult.getOperation(), principal, page.getTaskManager()); List> list = page.getModelService().searchObjects(type, query, options, task, subResult); if (list != null) { objects.addAll(list); @@ -361,7 +365,7 @@ public static void deleteObject(Class type, String oid subResult = new OperationResult(OPERATION_DELETE_OBJECT); } try { - Task task = page.createSimpleTask(result.getOperation(), principal); + Task task = createSimpleTask(result.getOperation(), principal, page.getTaskManager()); ObjectDelta delta = new ObjectDelta(type, ChangeType.DELETE, page.getPrismContext()); delta.setOid(oid); @@ -521,4 +525,21 @@ public static TimeZone getTimezone(UserType user) { return null; } + public static Task createSimpleTask(String operation, PrismObject owner, TaskManager manager) { + Task task = manager.createTaskInstance(operation); + + if (owner == null) { + MidPointPrincipal user = SecurityUtils.getPrincipalUser(); + if (user == null) { + throw new RestartResponseException(PageLogin.class); + } else { + owner = user.getUser().asPrismObject(); + } + } + + task.setOwner(owner); + task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI); + + return task; + } } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/FocusMainPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/FocusMainPanel.java index 90f2db875c6..1781905c472 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/FocusMainPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/FocusMainPanel.java @@ -38,7 +38,7 @@ import com.evolveum.midpoint.web.page.self.PageSelfProfile; import com.evolveum.midpoint.web.util.OnePageParameterEncoder; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; -import org.apache.commons.lang.BooleanUtils; +import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.Validate; import org.apache.wicket.extensions.markup.html.tabs.ITab; import org.apache.wicket.markup.html.WebMarkupContainer; @@ -115,25 +115,25 @@ private ObjectQuery createTaskQuery(String oid, PageBase page) { protected List createTabs(final PageAdminObjectDetails parentPage) { List tabs = new ArrayList<>(); + List objectFormTypes = parentPage.getObjectFormTypes(); - if (objectFormTypes == null || objectFormTypes.isEmpty()) { - addDefaultTabs(parentPage, tabs); - return tabs; - } - for (ObjectFormType objectFormType: objectFormTypes) { - if (BooleanUtils.isTrue(objectFormType.isIncludeDefaultForms())) { - addDefaultTabs(parentPage, tabs); - break; - } - } - for (ObjectFormType objectFormType: objectFormTypes) { + // default tabs are always added to component structure, visibility is decided later in + // visible behavior based on adminGuiConfiguration + addDefaultTabs(parentPage, tabs); + + for (ObjectFormType objectFormType : objectFormTypes) { final FormSpecificationType formSpecificationType = objectFormType.getFormSpecification(); String title = formSpecificationType.getTitle(); if (title == null) { title = "pageAdminFocus.extended"; } + + if (StringUtils.isEmpty(formSpecificationType.getPanelClass())) { + continue; + } + tabs.add( - new PanelTab(parentPage.createStringResource(title)){ + new PanelTab(parentPage.createStringResource(title)) { private static final long serialVersionUID = 1L; @Override @@ -149,9 +149,7 @@ public WebMarkupContainer createPanel(String panelId) { protected WebMarkupContainer createTabPanel(String panelId, FormSpecificationType formSpecificationType, PageAdminObjectDetails parentPage) { String panelClassName = formSpecificationType.getPanelClass(); - if (panelClassName == null) { - throw new SystemException("No panel class specified in admin GUI configuration"); - } + Class panelClass; try { panelClass = Class.forName(panelClassName); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java index 9c4d29a276d..dc00f96369b 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java @@ -25,9 +25,7 @@ import com.evolveum.midpoint.security.api.ObjectSecurityConstraints; import com.evolveum.midpoint.security.api.OwnerResolver; import com.evolveum.midpoint.security.api.SecurityEnforcer; -import com.evolveum.midpoint.security.api.SecurityUtil; import com.evolveum.midpoint.security.api.UserProfileService; -import com.evolveum.midpoint.util.DebugUtil; import com.evolveum.midpoint.util.DisplayableValue; import com.evolveum.midpoint.util.Producer; import com.evolveum.midpoint.util.exception.SchemaException; @@ -49,10 +47,8 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collection; import java.util.Map; -import java.util.Set; public class MidPointGuiAuthorizationEvaluator implements SecurityEnforcer { @@ -180,7 +176,10 @@ private void addSecurityConfig(FilterInvocation filterInvocation, Collection T runAs(Producer producer, PrismObject user) { public T runPrivileged(Producer producer) { return securityEnforcer.runPrivileged(producer); } - - - - } diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd index 1a021e99491..026de5b24eb 100644 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd @@ -11930,6 +11930,13 @@ + + + + URI identificator of java component that will be used as the form implementation. + + + diff --git a/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java b/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java index d1414893958..3d7962b8d8a 100644 --- a/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java +++ b/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java @@ -54,8 +54,10 @@ public class AuthorizationConstants { public static final String AUTZ_GUI_ALL_URL = QNameUtil.qNameToUri(AUTZ_GUI_ALL_QNAME); public static final String AUTZ_GUI_ALL_LABEL = "Authorization.constants.guiAll.label"; public static final String AUTZ_GUI_ALL_DESCRIPTION = "Authorization.constants.guiAll.description"; - + + @Deprecated public static final QName AUTZ_GUI_ALL_DEPRECATED_QNAME = new QName(NS_AUTHORIZATION, "guiAll"); + @Deprecated public static final String AUTZ_GUI_ALL_DEPRECATED_URL = QNameUtil.qNameToUri(AUTZ_GUI_ALL_DEPRECATED_QNAME); @@ -329,9 +331,4 @@ public class AuthorizationConstants { public static final QName AUTZ_UI_ROLE_MEMBERS = new QName(NS_AUTHORIZATION_UI, "focusTabMembers"); public static final String AUTZ_UI_ROLE_MEMBERS_URL = QNameUtil.qNameToUri(AUTZ_UI_ROLE_MEMBERS); - public static final QName AUTZ_UI_OBJECT_DETAILS_BARE = new QName(NS_AUTHORIZATION_UI, "objectDetailsBare"); - public static final String AUTZ_UI_OBJECT_DETAILS_BARE_URL = NS_AUTHORIZATION_UI + "#objectDetailsBare"; - public static final QName AUTZ_UI_OBJECT_CREATE_BARE = new QName(NS_AUTHORIZATION_UI, "objectCreateBare"); - public static final String AUTZ_UI_OBJECT_CREATE_BARE_URL = NS_AUTHORIZATION_UI + "#objectCreateBare"; - }