diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleGovernanceRelationsPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleGovernanceRelationsPanel.java index 1f9394aed5f..a52a11e010d 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleGovernanceRelationsPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleGovernanceRelationsPanel.java @@ -7,7 +7,6 @@ import com.evolveum.midpoint.prism.PrismReferenceValue; import com.evolveum.midpoint.prism.query.ObjectQuery; import com.evolveum.midpoint.prism.query.builder.QueryBuilder; -import com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit; import com.evolveum.midpoint.schema.GetOperationOptions; import com.evolveum.midpoint.schema.SelectorOptions; import com.evolveum.midpoint.schema.result.OperationResult; @@ -18,7 +17,6 @@ import com.evolveum.midpoint.web.component.util.SelectableBean; import com.evolveum.midpoint.web.page.admin.configuration.component.HeaderMenuAction; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; -import org.apache.commons.lang.StringUtils; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator; import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn; @@ -56,7 +54,7 @@ public RoleGovernanceRelationsPanel(String id, IModel model, List createNewMemberInlineMenuItems() { + protected List newMemberInlineMenuItems() { List newMemberMenuItems = new ArrayList<>(); newMemberMenuItems.add(new InlineMenuItem(createStringResource("roleMemberPanel.menu.createApprover"), false, new HeaderMenuAction(this) { @@ -120,8 +118,8 @@ public void onClick(AjaxRequestTarget target) { } @Override - protected List createRemoveMemberInlineMenuItems() { - return super.createRemoveMemberInlineMenuItems(); + protected List createUnassignMemberInlineMenuItems() { + return super.createUnassignMemberInlineMenuItems(); } @Override diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleMemberPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleMemberPanel.java index 1aed4e8038a..e58c77efafb 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleMemberPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/RoleMemberPanel.java @@ -15,12 +15,10 @@ */ package com.evolveum.midpoint.web.page.admin.roles; -import com.evolveum.midpoint.common.SystemConfigurationHolder; import com.evolveum.midpoint.gui.api.component.MainObjectListPanel; import com.evolveum.midpoint.gui.api.page.PageBase; import com.evolveum.midpoint.gui.api.util.WebComponentUtil; import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; -import com.evolveum.midpoint.prism.PrismConstants; import com.evolveum.midpoint.prism.PrismContext; import com.evolveum.midpoint.prism.PrismObject; import com.evolveum.midpoint.prism.PrismReferenceValue; @@ -30,7 +28,6 @@ import com.evolveum.midpoint.prism.query.TypeFilter; import com.evolveum.midpoint.prism.query.builder.QueryBuilder; import com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit; -import com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty; import com.evolveum.midpoint.schema.constants.ObjectTypes; import com.evolveum.midpoint.schema.result.OperationResult; import com.evolveum.midpoint.schema.util.ObjectTypeUtil; @@ -55,7 +52,6 @@ import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.ajax.form.OnChangeAjaxBehavior; -import org.apache.wicket.markup.html.WebMarkupContainer; import org.apache.wicket.markup.html.form.DropDownChoice; import org.apache.wicket.markup.html.form.Form; import org.apache.wicket.markup.html.form.IChoiceRenderer; @@ -367,13 +363,13 @@ private ObjectQuery createDirectMemberQuery() { } @Override - protected List createNewMemberInlineMenuItems() { + protected List newMemberInlineMenuItems() { return super.createNewMemberInlineMenuItems(); } @Override - protected List createRemoveMemberInlineMenuItems() { - return super.createRemoveMemberInlineMenuItems(); + protected List createUnassignMemberInlineMenuItems() { + return super.createUnassignMemberInlineMenuItems(); } @Override diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java index bbde28441e0..b5da8f216df 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java @@ -190,15 +190,22 @@ protected ObjectQuery createContentQuery() { protected List createMembersHeaderInlineMenu() { List headerMenuItems = new ArrayList<>(); - headerMenuItems.addAll(createNewMemberInlineMenuItems()); + headerMenuItems.addAll(newMemberInlineMenuItems()); headerMenuItems.add(new InlineMenuItem()); - headerMenuItems.addAll(createRemoveMemberInlineMenuItems()); + headerMenuItems.addAll(createUnassignMemberInlineMenuItems()); headerMenuItems.addAll(createMemberRecomputeInlineMenuItems()); return headerMenuItems; } + protected List newMemberInlineMenuItems() { + List newMemberMenuItems = new ArrayList<>(); + newMemberMenuItems.addAll(createNewMemberInlineMenuItems()); + newMemberMenuItems.addAll(assignNewMemberInlineMenuItems()); + return newMemberMenuItems; + } + protected List createNewMemberInlineMenuItems() { List newMemberMenuItems = new ArrayList<>(); newMemberMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.createMember"), @@ -210,7 +217,11 @@ public void onClick(AjaxRequestTarget target) { createFocusMemberPerformed(null, target); } })); + return newMemberMenuItems; + } + protected List assignNewMemberInlineMenuItems() { + List newMemberMenuItems = new ArrayList<>(); newMemberMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.addMembers"), false, new HeaderMenuAction(this) { private static final long serialVersionUID = 1L; @@ -262,7 +273,7 @@ public void onClick(AjaxRequestTarget target) { return recomputeMenuItems; } - protected List createRemoveMemberInlineMenuItems() { + protected List createUnassignMemberInlineMenuItems() { List removeMenuItems = new ArrayList<>(); removeMenuItems .add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.unassignMembersSelected"), diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java index ba44fa810a9..a10016973a5 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java @@ -26,7 +26,6 @@ import javax.xml.namespace.QName; import com.evolveum.midpoint.prism.query.builder.QueryBuilder; -import com.evolveum.midpoint.prism.query.builder.S_AtomicFilterEntry; import com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty; import com.evolveum.midpoint.security.api.AuthorizationConstants; import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour; @@ -51,14 +50,8 @@ import com.evolveum.midpoint.prism.PrismObject; import com.evolveum.midpoint.prism.PrismReferenceValue; import com.evolveum.midpoint.prism.delta.ObjectDelta; -import com.evolveum.midpoint.prism.path.ItemPath; -import com.evolveum.midpoint.prism.query.AndFilter; import com.evolveum.midpoint.prism.query.InOidFilter; -import com.evolveum.midpoint.prism.query.ObjectFilter; import com.evolveum.midpoint.prism.query.ObjectQuery; -import com.evolveum.midpoint.prism.query.OrgFilter; -import com.evolveum.midpoint.prism.query.RefFilter; -import com.evolveum.midpoint.prism.query.TypeFilter; import com.evolveum.midpoint.prism.query.OrgFilter.Scope; import com.evolveum.midpoint.schema.GetOperationOptions; import com.evolveum.midpoint.schema.RetrieveOption; @@ -382,28 +375,52 @@ public void yesPerformed(AjaxRequestTarget target) { @Override protected List createMembersHeaderInlineMenu() { - List headerMenuItems = super.createMembersHeaderInlineMenu(); - - headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteMember"), - false, new HeaderMenuAction(this) { + List headerMenuItems = new ArrayList<>(); + headerMenuItems.addAll(newMemberInlineMenuItems()); + headerMenuItems.add(new InlineMenuItem()); - @Override - public void onClick(AjaxRequestTarget target) { - deleteMemberPerformed(QueryScope.SELECTED, null, target, "TreeTablePanel.menu.deleteMember.confirm"); - } - })); - - headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteAllMembers"), - false, new HeaderMenuAction(this) { + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_UNASSIGN_MEMBER_ACTION_URI)) { + headerMenuItems.addAll(super.createUnassignMemberInlineMenuItems()); + } + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_RECOMPUTE_MEMBER_ACTION_URI)) { + headerMenuItems.addAll(super.createMemberRecomputeInlineMenuItems()); + } + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_DELETE_MEMBER_ACTION_URI)) { + headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteMember"), + false, new HeaderMenuAction(this) { - @Override - public void onClick(AjaxRequestTarget target) { - deleteMemberPerformed(QueryScope.ALL, null, target, "TreeTablePanel.menu.deleteAllMembers.confirm"); - } - })); + @Override + public void onClick(AjaxRequestTarget target) { + deleteMemberPerformed(QueryScope.SELECTED, null, target, "TreeTablePanel.menu.deleteMember.confirm"); + } + })); + + headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteAllMembers"), + false, new HeaderMenuAction(this) { + + @Override + public void onClick(AjaxRequestTarget target) { + deleteMemberPerformed(QueryScope.ALL, null, target, "TreeTablePanel.menu.deleteAllMembers.confirm"); + } + })); + } return headerMenuItems; } - + + protected List createNewMemberInlineMenuItems() { + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADD_MEMBER_ACTION_URI)) { + return super.createNewMemberInlineMenuItems(); + } + return new ArrayList<>(); + } + + protected List assignNewMemberInlineMenuItems() { + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ASSIGN_MEMBER_ACTION_URI)) { + return super.assignNewMemberInlineMenuItems(); + } + return new ArrayList<>(); + } + private void deleteMemberPerformed(final QueryScope scope, final QName relation, final AjaxRequestTarget target, String confirmMessageKey) { ConfirmationPanel confirmDelete = new ConfirmationPanel(getPageBase().getMainPopupBodyId(), createStringResource(confirmMessageKey)) { @Override @@ -429,60 +446,69 @@ private void deleteMemberConfirmPerformed(QueryScope scope, QName relation, Ajax private List createManagersHeaderInlineMenu() { List headerMenuItems = new ArrayList<>(); - headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.createManager"), - false, new HeaderMenuAction(this) { - private static final long serialVersionUID = 1L; + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADD_MEMBER_ACTION_URI)) { + headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.createManager"), + false, new HeaderMenuAction(this) { + private static final long serialVersionUID = 1L; - @Override - public void onClick(AjaxRequestTarget target) { - OrgMemberPanel.this.createFocusMemberPerformed(SchemaConstants.ORG_MANAGER, target); - } - })); - headerMenuItems.add(new InlineMenuItem()); + @Override + public void onClick(AjaxRequestTarget target) { + OrgMemberPanel.this.createFocusMemberPerformed(SchemaConstants.ORG_MANAGER, target); + } + })); + headerMenuItems.add(new InlineMenuItem()); + } - headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.addManagers"), false, - new HeaderMenuAction(this) { - private static final long serialVersionUID = 1L; + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ASSIGN_MEMBER_ACTION_URI)) { + headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.addManagers"), false, + new HeaderMenuAction(this) { + private static final long serialVersionUID = 1L; + + @Override + public void onClick(AjaxRequestTarget target) { + OrgMemberPanel.this.addMembers(SchemaConstants.ORG_MANAGER, target); + } + })); + headerMenuItems.add(new InlineMenuItem()); + } - @Override - public void onClick(AjaxRequestTarget target) { - OrgMemberPanel.this.addMembers(SchemaConstants.ORG_MANAGER, target); - } - })); - headerMenuItems.add(new InlineMenuItem()); + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_UNASSIGN_MEMBER_ACTION_URI)) { + headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.removeManagersAll"), + false, new HeaderMenuAction(this) { + private static final long serialVersionUID = 1L; - headerMenuItems.add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.removeManagersAll"), - false, new HeaderMenuAction(this) { - private static final long serialVersionUID = 1L; + @Override + public void onClick(AjaxRequestTarget target) { + removeManagersPerformed(QueryScope.ALL, target); + } + })); + } - @Override - public void onClick(AjaxRequestTarget target) { - removeManagersPerformed(QueryScope.ALL, target); - } - })); - - headerMenuItems - .add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.recomputeManagersAll"), - false, new HeaderMenuAction(this) { - private static final long serialVersionUID = 1L; - - @Override - public void onClick(AjaxRequestTarget target) { - recomputeManagersPerformed(QueryScope.ALL, target); - } - })); - - headerMenuItems - .add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteManagersAll"), - false, new HeaderMenuAction(this) { - private static final long serialVersionUID = 1L; - - @Override - public void onClick(AjaxRequestTarget target) { - OrgMemberPanel.this.deleteMemberPerformed(QueryScope.ALL, SchemaConstants.ORG_MANAGER, target, "TreeTablePanel.menu.deleteManagersAll.confirm"); - } - })); + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_RECOMPUTE_MEMBER_ACTION_URI)) { + headerMenuItems + .add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.recomputeManagersAll"), + false, new HeaderMenuAction(this) { + private static final long serialVersionUID = 1L; + + @Override + public void onClick(AjaxRequestTarget target) { + recomputeManagersPerformed(QueryScope.ALL, target); + } + })); + } + if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_DELETE_MEMBER_ACTION_URI)) { + headerMenuItems + .add(new InlineMenuItem(createStringResource("TreeTablePanel.menu.deleteManagersAll"), + false, new HeaderMenuAction(this) { + private static final long serialVersionUID = 1L; + + @Override + public void onClick(AjaxRequestTarget target) { + OrgMemberPanel.this.deleteMemberPerformed(QueryScope.ALL, SchemaConstants.ORG_MANAGER, target, "TreeTablePanel.menu.deleteManagersAll.confirm"); + } + })); + } return headerMenuItems; } diff --git a/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java b/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java index 6ef1186868c..e1bb2a034ca 100644 --- a/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java +++ b/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java @@ -358,4 +358,20 @@ public class AuthorizationConstants { public static final QName AUTZ_UI_DELEGATE_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "delegate"); public static final String AUTZ_UI_DELEGATE_ACTION_URL = QNameUtil.qNameToUri(AUTZ_UI_DELEGATE_ACTION_QNAME); + //ui authorizations for menu items on the org members/managers panel + public static final QName AUTZ_UI_ASSIGN_MEMBER_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "assignMember"); + public static final String AUTZ_UI_ASSIGN_MEMBER_ACTION_URI = QNameUtil.qNameToUri(AUTZ_UI_ASSIGN_MEMBER_ACTION_QNAME); + + public static final QName AUTZ_UI_UNASSIGN_MEMBER_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "unassignMember"); + public static final String AUTZ_UI_UNASSIGN_MEMBER_ACTION_URI = QNameUtil.qNameToUri(AUTZ_UI_UNASSIGN_MEMBER_ACTION_QNAME); + + public static final QName AUTZ_UI_ADD_MEMBER_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "addMember"); + public static final String AUTZ_UI_ADD_MEMBER_ACTION_URI = QNameUtil.qNameToUri(AUTZ_UI_ADD_MEMBER_ACTION_QNAME); + + public static final QName AUTZ_UI_DELETE_MEMBER_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "deleteMember"); + public static final String AUTZ_UI_DELETE_MEMBER_ACTION_URI = QNameUtil.qNameToUri(AUTZ_UI_DELETE_MEMBER_ACTION_QNAME); + + public static final QName AUTZ_UI_RECOMPUTE_MEMBER_ACTION_QNAME = new QName(NS_AUTHORIZATION_UI, "recomputeMember"); + public static final String AUTZ_UI_RECOMPUTE_MEMBER_ACTION_URI = QNameUtil.qNameToUri(AUTZ_UI_RECOMPUTE_MEMBER_ACTION_QNAME); + }