From d0edf1fd2de66fe083bda6b4755d74e4747f9c5a Mon Sep 17 00:00:00 2001 From: "Katarina Valalikova (katkav)" Date: Thu, 17 Jul 2014 10:51:05 +0200 Subject: [PATCH] fixing authorization in GUI --- .../web/component/util/ObjectWrapperUtil.java | 21 ++++++++++++++++++- .../model/api/ModelInteractionService.java | 3 ++- .../impl/controller/ModelController.java | 9 ++++---- .../midpoint/model/intest/TestSecurity.java | 2 +- 4 files changed, 28 insertions(+), 7 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/ObjectWrapperUtil.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/ObjectWrapperUtil.java index 55a72bd91f2..3429f73e87c 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/ObjectWrapperUtil.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/ObjectWrapperUtil.java @@ -11,6 +11,7 @@ import com.evolveum.midpoint.web.component.prism.ContainerStatus; import com.evolveum.midpoint.web.component.prism.ObjectWrapper; import com.evolveum.midpoint.web.page.PageBase; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType; @@ -24,7 +25,10 @@ public static ObjectWrapper createObjectWrapper(String di public static ObjectWrapper createObjectWrapper(String displayName, String description, PrismObject object, ContainerStatus status, boolean delayContainerCreation, PageBase pageBase) { try { - PrismContainerDefinition objectDefinitionForEditing = pageBase.getModelInteractionService().getEditObjectDefinition(object); + + AuthorizationPhaseType phase = getAuthorizationPhase(status); + + PrismContainerDefinition objectDefinitionForEditing = pageBase.getModelInteractionService().getEditObjectDefinition(object, phase); RefinedObjectClassDefinition objectClassDefinitionForEditing = null; if (isShadow(object)) { PrismReference resourceRef = object.findReference(ShadowType.F_RESOURCE_REF); @@ -39,6 +43,21 @@ public static ObjectWrapper createObjectWrapper(String di } } + private static AuthorizationPhaseType getAuthorizationPhase(ContainerStatus status) { + if (status == null){ + return null; + } + switch (status) { + case ADDING: + return AuthorizationPhaseType.REQUEST; + case MODIFYING: + return AuthorizationPhaseType.EXECUTION; + + default: + return null; + } + } + private static boolean isShadow(PrismObject object){ return (object.getCompileTimeClass() != null && ShadowType.class.isAssignableFrom(object .getCompileTimeClass())) diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java index a8aea94a7d0..892cb146687 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java @@ -32,6 +32,7 @@ import com.evolveum.midpoint.util.exception.ObjectNotFoundException; import com.evolveum.midpoint.util.exception.SchemaException; import com.evolveum.midpoint.util.exception.SecurityViolationException; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType; import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; @@ -99,7 +100,7 @@ ModelContext previewChanges( * @return schema with correctly set constraint parts or null * @throws SchemaException */ - PrismObjectDefinition getEditObjectDefinition(PrismObject object) throws SchemaException; + PrismObjectDefinition getEditObjectDefinition(PrismObject object, AuthorizationPhaseType phase) throws SchemaException; RefinedObjectClassDefinition getEditObjectClassDefinition(PrismObject shadow, PrismObject resource) throws SchemaException; diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java index e51cf91d151..0ffac61dfaf 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java @@ -133,6 +133,7 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType; import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorHostType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType; import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; @@ -705,7 +706,7 @@ public ModelContext previewChanges( } @Override - public PrismObjectDefinition getEditObjectDefinition(PrismObject object) throws SchemaException { + public PrismObjectDefinition getEditObjectDefinition(PrismObject object, AuthorizationPhaseType phase) throws SchemaException { PrismObjectDefinition origDefinition = object.getDefinition(); // TODO: maybe we need to expose owner resolver in the interface? ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(object, null); @@ -716,9 +717,9 @@ public PrismObjectDefinition getEditObjectDefinition(P return null; } PrismObjectDefinition finalDefinition = applySecurityContraints(origDefinition, new ItemPath(), securityConstraints, - securityConstraints.getActionDecision(ModelAuthorizationAction.READ.getUrl(), null), - securityConstraints.getActionDecision(ModelAuthorizationAction.ADD.getUrl(), null), - securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), null)); + securityConstraints.getActionDecision(ModelAuthorizationAction.READ.getUrl(), phase), + securityConstraints.getActionDecision(ModelAuthorizationAction.ADD.getUrl(), phase), + securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), phase)); return finalDefinition; } diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java index 488dcd4a629..b32d12b0944 100644 --- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java +++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java @@ -721,7 +721,7 @@ public void testAutzJackPropReadSomeModifySome(final String TEST_NAME, String ro PrismAsserts.assertNoItem(userJack, new ItemPath(UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS)); assertAssignmentsWithTargets(userJack, 1); - PrismObjectDefinition userJackEditSchema = modelInteractionService.getEditObjectDefinition(userJack); + PrismObjectDefinition userJackEditSchema = modelInteractionService.getEditObjectDefinition(userJack, null); display("Jack's edit schema", userJackEditSchema); assertItemFlags(userJackEditSchema, UserType.F_NAME, true, false, false); assertItemFlags(userJackEditSchema, UserType.F_FULL_NAME, true, false, true);