MID-1948: Allowing authorizations to cover all containers.

MID-1946: xmlns prefixes in authorizations are no longer needed. Plus a fix in GUI - read-only/read-write properties are now displayed correctly.
Evolveum · Jun 9, 2014 · b682818 · b682818
1 parent 5b9af1b
commit b682818
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 16 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java
@@ -227,15 +227,14 @@ private List<PropertyWrapper> createProperties() {
 //                }
 
                 temp.setValue(new PrismPropertyValue<Object>(value));
-                properties.add(new PropertyWrapper(this, temp, ValueStatus.NOT_CHANGED));
+                properties.add(new PropertyWrapper(this, temp, this.isReadonly(), ValueStatus.NOT_CHANGED));        // todo this.isReadOnly() - is that OK? (originally it was the default behavior for all cases)
             }
 
         }  else if (isShadowAssociation()){
         	if (object.getAssociations() != null){
         		for (PrismProperty property : object.getAssociations()){
         			//TODO: fix this -> for now, read only is supported..
-        			PropertyWrapper propertyWrapper = new PropertyWrapper(this, property, ValueStatus.NOT_CHANGED);
-        			propertyWrapper.setReadonly(true);
+        			PropertyWrapper propertyWrapper = new PropertyWrapper(this, property, true, ValueStatus.NOT_CHANGED);
                 	properties.add(propertyWrapper);
         		}
         	}
@@ -269,9 +268,9 @@ private List<PropertyWrapper> createProperties() {
 
                     PrismProperty property = container.findProperty(def.getName());
                     if (property == null) {
-                        properties.add(new PropertyWrapper(this, def.instantiate(), ValueStatus.ADDED));
+                        properties.add(new PropertyWrapper(this, def.instantiate(), !def.canAdd(), ValueStatus.ADDED));
                     } else {
-                        properties.add(new PropertyWrapper(this, property, ValueStatus.NOT_CHANGED));
+                        properties.add(new PropertyWrapper(this, property, !def.canModify(), ValueStatus.NOT_CHANGED));
                     }
 
 
@@ -389,12 +388,13 @@ boolean isPropertyVisible(PropertyWrapper property) {
         }
 
         if (ContainerStatus.MODIFYING == getStatus() && def.canModify()){
+            property.setReadonly(false);        // this might be too late [mederly]
         	return showEmpty(property);
         }
 
         if (ContainerStatus.MODIFYING == getStatus() && !def.canModify()){
         	if (def.canRead()){
-        		property.setReadonly(true);
+        		property.setReadonly(true);     // this might be too late [mederly]
         		return true;
         	} 
         	return false;

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PropertyWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PropertyWrapper.java
@@ -48,14 +48,14 @@ public class PropertyWrapper implements ItemWrapper, Serializable {
     private boolean readonly;
     private PrismPropertyDefinition itemDefinition;
 
-    public PropertyWrapper(ContainerWrapper container, PrismProperty property, ValueStatus status) {
+    public PropertyWrapper(ContainerWrapper container, PrismProperty property, boolean readonly, ValueStatus status) {
         Validate.notNull(property, "Property must not be null.");
         Validate.notNull(status, "Property status must not be null.");
 
         this.container = container;
         this.property = property;
         this.status = status;
-        this.readonly = container.isReadonly();
+        this.readonly = readonly;
         this.itemDefinition = getItemDefinition();
 
         ItemPath passwordPath = new ItemPath(SchemaConstantsGenerated.C_CREDENTIALS,

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/path/NameItemPathSegment.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/path/NameItemPathSegment.java
@@ -69,7 +69,8 @@ public int hashCode() {
 		final int prime = 31;
 		int result = super.hashCode();
 		result = prime * result + (isVariable ? 1231 : 1237);
-		result = prime * result + ((name == null) ? 0 : name.hashCode());
+        // we need to compute hash from namespace-normalized name (in order for equals to work)
+		result = prime * result + ((name == null) ? 0 : name.getLocalPart().hashCode());
 		return result;
 	}
 

diff --git a/model/model-intest/src/test/resources/security/role-prop-read-some-modify-some.xml b/model/model-intest/src/test/resources/security/role-prop-read-some-modify-some.xml
@@ -21,14 +21,14 @@
     <authorization>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
     	<item>c:name</item>
-    	<item>c:fullName</item>
-    	<item>c:activation/c:administrativeStatus</item>
-    	<item>c:assignment</item>
+    	<item>fullName</item>
+    	<item>activation/administrativeStatus</item>
+    	<item>assignment</item>
     </authorization>
     <authorization>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
-    	<item>c:fullName</item>
-    	<item>c:additionalName</item>
-    	<item>c:description</item>
+    	<item>fullName</item>
+    	<item>additionalName</item>
+    	<item>description</item>
     </authorization>
 </role>
diff --git a/...security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java b/...security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java
@@ -307,7 +307,7 @@ private ItemPath getPath(Visitable visitable) {
 	private boolean isInList(ItemPath itemPath, Collection<ItemPath> allowedItems) {
 		boolean itemAllowed = false;
 		for (ItemPath allowedPath: allowedItems) {
-			if (allowedPath.equivalent(itemPath)) {
+			if (allowedPath.isSubPathOrEquivalent(itemPath)) {
 				itemAllowed = true;
 				break;
 			}