Skip to content

Commit

Permalink
MID-3977 refactored model authentifications check
Browse files Browse the repository at this point in the history
  • Loading branch information
@KaterynaHonchar
KaterynaHonchar committed Oct 16, 2018
1 parent 573fab9 commit 8db3f20
Showing 1 changed file with 164 additions and 100 deletions.
264 changes: 164 additions & 100 deletions ...ui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java
View file
Expand Up @@ -148,125 +148,189 @@ private List<InlineMenuItem> createTreeMenu() {

private List<InlineMenuItem> createTreeChildrenMenu(OrgType org) {
List<InlineMenuItem> items = new ArrayList<>();
InlineMenuItem item;
if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADMIN_ORG_MOVE_ACTION_URI)) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.move"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
moveRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}
if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_URI)) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.makeRoot"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
makeRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}

item = new InlineMenuItem(createStringResource("TreeTablePanel.delete"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
deleteNodePerformed(getRowModel().getObject(), target);
}
}) {

private static final long serialVersionUID = 1L;

@Override
public IModel<Boolean> getVisible() {
return Model.of(isAllowDelete(org));
}
};
items.add(item);

item = new InlineMenuItem(createStringResource("TreeTablePanel.recompute"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
recomputeRootPerformed(getRowModel().getObject(), target);
}
}) {

private static final long serialVersionUID = 1L;

@Override
public IModel<Boolean> getVisible() {
return Model.of(isAllowModify(org));
}
};
items.add(item);

InlineMenuItem editMenuItem = new InlineMenuItem(createStringResource("TreeTablePanel.edit"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
editRootPerformed(getRowModel().getObject(), target);
}
}) {

private static final long serialVersionUID = 1L;

@Override
public IModel<Boolean> getVisible() {
return Model.of(isAllowModify(org));
}
};
items.add(editMenuItem);

item = new InlineMenuItem(createStringResource("TreeTablePanel.viewDetails"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
editRootPerformed(getRowModel().getObject(), target);
}
}) {

private static final long serialVersionUID = 1L;

@Override
public IModel<Boolean> getVisible() {
return Model.of(!editMenuItem.getVisible().getObject() && isAllowRead(org));
}
};
items.add(item);

item = new InlineMenuItem(createStringResource("TreeTablePanel.createChild"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
try {
initObjectForAdd(
ObjectTypeUtil.createObjectRef(getRowModel().getObject().getValue()),
OrgType.COMPLEX_TYPE, null, target);
} catch (SchemaException e) {
throw new SystemException(e.getMessage(), e);
}
}
}) {
private static final long serialVersionUID = 1L;

@Override
public IModel<Boolean> getVisible() {
return Model.of(isAllowModify(org) && isAllowAddNew());
}
};
items.add(item);
return items;
}

private boolean isAllowRead(OrgType org) {
boolean allowRead = false;
try {
boolean allowRead = org == null ||
allowRead = org == null ||
// TODO: the authorization URI here is probably wrong.
// It is a model autz. UI autz should be here instead?
parentPage.isAuthorized(ModelAuthorizationAction.READ.getUrl(),
AuthorizationPhaseType.REQUEST, org.asPrismObject(),
null, null, null);
InlineMenuItem item;
if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADMIN_ORG_MOVE_ACTION_URI)) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.move"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
moveRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}
if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_URI)) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.makeRoot"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
makeRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Failed to check menu items authorizations", ex);
}
return allowRead;
}

boolean allowDelete = org == null ||
// TODO: the authorization URI here is probably wrong.
private boolean isAllowModify(OrgType org) {
boolean allowModify = false;
try {
allowModify = org == null ||
// TODO: the modify authorization here is probably wrong.
// It is a model autz. UI autz should be here instead?
parentPage.isAuthorized(ModelAuthorizationAction.DELETE.getUrl(),
parentPage.isAuthorized(ModelAuthorizationAction.MODIFY.getUrl(),
AuthorizationPhaseType.REQUEST, org.asPrismObject(),
null, null, null);
if (allowDelete) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.delete"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
deleteNodePerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}
boolean allowModify = org == null ||
// TODO: the modify authorization here is probably wrong.
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Failed to check menu items authorizations", ex);
}
return allowModify;
}

private boolean isAllowDelete(OrgType org) {
boolean allowDelete = false;
try {
allowDelete = org == null ||
// TODO: the authorization URI here is probably wrong.
// It is a model autz. UI autz should be here instead?
parentPage.isAuthorized(ModelAuthorizationAction.MODIFY.getUrl(),
parentPage.isAuthorized(ModelAuthorizationAction.DELETE.getUrl(),
AuthorizationPhaseType.REQUEST, org.asPrismObject(),
null, null, null);
if (allowModify) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.recompute"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
recomputeRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);

item = new InlineMenuItem(createStringResource("TreeTablePanel.edit"), Model.of(allowModify), Model.of(allowModify),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
editRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
} else if (allowRead){
item = new InlineMenuItem(createStringResource("TreeTablePanel.viewDetails"), Model.of(allowRead), Model.of(allowRead),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
editRootPerformed(getRowModel().getObject(), target);
}
});
items.add(item);
}
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Failed to check menu items authorizations", ex);
}
return allowDelete;
}

// TODO: the modify authorization here is probably wrong.
// It is a model autz. UI autz should be here instead?
boolean allowAddNew = parentPage.isAuthorized(ModelAuthorizationAction.ADD.getUrl(),
private boolean isAllowAddNew() {
boolean allowAddNew = false;
try {
allowAddNew = parentPage.isAuthorized(ModelAuthorizationAction.ADD.getUrl(),
AuthorizationPhaseType.REQUEST, (new OrgType(parentPage.getPrismContext())).asPrismObject(),
null, null, null);
if (allowModify && allowAddNew) {
item = new InlineMenuItem(createStringResource("TreeTablePanel.createChild"),
new ColumnMenuAction<SelectableBean<OrgType>>() {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
try {
initObjectForAdd(
ObjectTypeUtil.createObjectRef(getRowModel().getObject().getValue()),
OrgType.COMPLEX_TYPE, null, target);
} catch (SchemaException e) {
throw new SystemException(e.getMessage(), e);
}
}
});
items.add(item);
}
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Failed to check menu items authorizations", ex);
}
return items;
return allowAddNew;
}

// TODO: merge this with AbstractRoleMemeberPanel.initObjectForAdd, also see MID-3233
Expand Down

0 comments on commit 8db3f20

Please sign in to comment.