Skip to content
Permalink
Browse files

Force required permissions in jsf pages #1456

  • Loading branch information...
Gasmyr
Gasmyr committed Jan 31, 2019
1 parent 7b57cc1 commit 242d45660022d65df85cf9596adb11c0579f4660
@@ -4,8 +4,8 @@
import org.gluu.oxtrust.model.GluuAppliance;
import org.gluu.oxtrust.security.Identity;
import org.slf4j.Logger;
import org.xdi.config.oxtrust.AppConfiguration;
import org.xdi.model.GluuUserRole;
import org.xdi.service.security.SecurityEvaluationException;
import org.xdi.util.StringHelper;

import javax.enterprise.context.ApplicationScoped;
@@ -19,89 +19,85 @@
@Named
public class PermissionService {

@Inject
private Logger log;
@Inject
private Logger log;

@Inject
private Identity identity;
@Inject
private Identity identity;

@Inject
private AppConfiguration appConfiguration;
@Inject
private ApplianceService applianceService;

@Inject
private ApplianceService applianceService;
private String[][] managerActions = new String[][] { { "attribute", "access" }, { "person", "access" },
{ "person", "import" }, { "group", "access" }, { "sectorIdentifier", "access" }, { "trust", "access" },
{ "configuration", "access" }, { "log", "access" }, { "import", "access" }, { "profile", "access" },
{ "registrationLinks", "access" }, { "scim", "access" }, { "scim_test", "access" }, { "client", "access" },
{ "scope", "access" }, { "oxauth", "access" }, { "uma", "access" }, { "super-gluu", "access" },
{ "linktrack", "access" }, };

private String[][] managerActions = new String[][]{
{"attribute", "access"},
{"person", "access"},
{"person", "import"},
{"group", "access"},
{"sectorIdentifier", "access"},
{"trust", "access"},
{"configuration", "access"},
{"log", "access"},
{"import", "access"},
{"profile", "access"},
{"registrationLinks", "access"},
{"scim", "access"},
{"scim_test", "access"},
{"client", "access"},
{"scope", "access"},
{"oxauth", "access"},
{"uma", "access"},
{"super-gluu", "access"},
{"linktrack", "access"},
};
public boolean hasPermission(Object target, String action) {
return handlePermissionRequest(target, action);
}

public boolean hasPermission(Object target, String action) {
log.trace("Checking permissions for target '{}' an 'action'. Identity: {}", target, action, identity);
if (!identity.isLoggedIn()) {
return false;
}
public boolean requestPermission(Object target, String action) {
try {
return handlePermissionRequest(target, action);
} catch (SecurityEvaluationException e) {
log.trace(" ", e);
return false;
} catch (Exception e) {
log.info("GASMYRGASMYRGASMYR", e);
return false;
}

if (identity.hasRole(GluuUserRole.MANAGER.getValue()) || identity.hasRole(GluuUserRole.USER.getValue())) {
if (StringHelper.equalsIgnoreCase("profile_management", action)) {
GluuAppliance appliance = applianceService.getAppliance();
GluuAppliance targetAppliance = (GluuAppliance) target;
if (((appliance.getProfileManagment() != null) && appliance.getProfileManagment().isBooleanValue())
&& StringHelper.equals(applianceService.getAppliance().getInum(), targetAppliance.getInum())) {
return true;
} else {
return false;
}
}
}

if (StringHelper.equalsIgnoreCase("whitePagesEnabled", action)) {
GluuAppliance appliance = applianceService.getAppliance();
GluuAppliance targetAppliance = (GluuAppliance) target;
if (((appliance.getWhitePagesEnabled() != null) && appliance.getWhitePagesEnabled().isBooleanValue())
&& StringHelper.equals(applianceService.getAppliance().getInum(), targetAppliance.getInum())) {
return true;
} else {
return false;
}
}
}
private boolean handlePermissionRequest(Object target, String action) {
log.trace("Checking permissions for target '{}' an 'action'. Identity: {}", target, action, identity);
if (!identity.isLoggedIn()) {
return false;
}
if (identity.hasRole(GluuUserRole.MANAGER.getValue()) || identity.hasRole(GluuUserRole.USER.getValue())) {
if (StringHelper.equalsIgnoreCase("profile_management", action)) {
GluuAppliance appliance = applianceService.getAppliance();
GluuAppliance targetAppliance = (GluuAppliance) target;
if (((appliance.getProfileManagment() != null) && appliance.getProfileManagment().isBooleanValue())
&& StringHelper.equals(applianceService.getAppliance().getInum(), targetAppliance.getInum())) {
return true;
} else {
return false;
}
}

if (identity.hasRole(GluuUserRole.MANAGER.getValue())) {
for (String[] managerAction : managerActions) {
String targetString = (String) target;
if (StringHelper.equals(managerAction[0], targetString) && StringHelper.equals(managerAction[1], action)) {
return true;
}
}
}

if (identity.hasRole(GluuUserRole.USER.getValue())) {
for (String[] managerAction : managerActions) {
String targetString = (String) target;
if (StringHelper.equals("profile", targetString) && StringHelper.equals(managerAction[0], targetString) && StringHelper.equals(managerAction[1], action)) {
return true;
}
}
}


return false;
}
if (StringHelper.equalsIgnoreCase("whitePagesEnabled", action)) {
GluuAppliance appliance = applianceService.getAppliance();
GluuAppliance targetAppliance = (GluuAppliance) target;
if (((appliance.getWhitePagesEnabled() != null) && appliance.getWhitePagesEnabled().isBooleanValue())
&& StringHelper.equals(applianceService.getAppliance().getInum(), targetAppliance.getInum())) {
return true;
} else {
return false;
}
}
}
if (identity.hasRole(GluuUserRole.MANAGER.getValue())) {
for (String[] managerAction : managerActions) {
String targetString = (String) target;
if (StringHelper.equals(managerAction[0], targetString)
&& StringHelper.equals(managerAction[1], action)) {
return true;
}
}
}
if (identity.hasRole(GluuUserRole.USER.getValue())) {
for (String[] managerAction : managerActions) {
String targetString = (String) target;
if (StringHelper.equals("profile", targetString) && StringHelper.equals(managerAction[0], targetString)
&& StringHelper.equals(managerAction[1], action)) {
return true;
}
}
}
return false;
}
}
@@ -165,6 +165,10 @@
</h:outputStylesheet>
</h:head>
<h:body styleClass="skin-green">
<f:metadata>
<f:viewAction
action="#{permissionService.requestPermission(target, action)}" />
</f:metadata>
<div class="wrapper">
<h:panelGroup layout="block">
<ui:include src="topmenu.xhtml">
@@ -207,10 +211,9 @@
type="text/javascript"></script>
<script
src='#{oxTrustConfigurationService.cssLocation}/../theme/dist/js/clipboard.min.js'
type="text/javascript"></script>
type="text/javascript"></script>

<rich:notifyMessages stayTime="5000" nonblocking="true" />

<div class="footer"></div>
</h:body>
</f:view>
@@ -1,77 +1,98 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html xmlns="http://www.w3.org/1999/xhtml">
<f:view xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:a="http://richfaces.org/a4j"
xmlns:gluufn="http://www.gluu.org/jsf/functions"
contentType="text/html" locale="#{language.localeCode}">
<h:head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>#{organizationService.organization.organizationTitle}</title>
<script type="text/javascript">
if (top != self)
top.location.href = self.document.location;
if (parent != self)
top.location.href = location.href;
if (top.frames.length != 0)
top.location.href = self.document.location;
if (window != window.top)
top.location.href = location.href;
</script>
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:a="http://richfaces.org/a4j"
xmlns:gluufn="http://www.gluu.org/jsf/functions"
contentType="text/html" locale="#{language.localeCode}">
<h:head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>#{organizationService.organization.organizationTitle}</title>
<script type="text/javascript">
if (top != self)
top.location.href = self.document.location;
if (parent != self)
top.location.href = location.href;
if (top.frames.length != 0)
top.location.href = self.document.location;
if (window != window.top)
top.location.href = location.href;
</script>

<link rel="shortcut icon" href="#{request.contextPath}/servlet/favicon?v=#{faviconImageServlet.faviconTimestamp}"/>
<link rel="icon" href="#{request.contextPath}/servlet/favicon?v=#{faviconImageServlet.faviconTimestamp}"/>
<link type="text/css" rel="stylesheet" href="#{oxTrustConfigurationService.cssLocation}/theme.ecss" />
<link type="text/css" rel="stylesheet" href="#{oxTrustConfigurationService.cssLocation}/theme.css" />
<link type="text/css" rel="stylesheet" href="#{oxTrustConfigurationService.cssLocation}/site.css" />
<link type="text/css" rel="stylesheet" href="#{oxTrustConfigurationService.cssLocation}/../stylesheets/styles.css" />
<link rel="shortcut icon"
href="#{request.contextPath}/servlet/favicon?v=#{faviconImageServlet.faviconTimestamp}" />
<link rel="icon"
href="#{request.contextPath}/servlet/favicon?v=#{faviconImageServlet.faviconTimestamp}" />
<link type="text/css" rel="stylesheet"
href="#{oxTrustConfigurationService.cssLocation}/theme.ecss" />
<link type="text/css" rel="stylesheet"
href="#{oxTrustConfigurationService.cssLocation}/theme.css" />
<link type="text/css" rel="stylesheet"
href="#{oxTrustConfigurationService.cssLocation}/site.css" />
<link type="text/css" rel="stylesheet"
href="#{oxTrustConfigurationService.cssLocation}/../stylesheets/styles.css" />

<script type="text/javascript" src="#{oxTrustConfigurationService.jsLocation}/gluuCommon.js"></script>
<h:outputScript name="jquery.js"/>
<h:outputScript name="bootstrap.js"/>
<ui:insert name="head"/>
<script type="text/javascript"
src="#{oxTrustConfigurationService.jsLocation}/gluuCommon.js"></script>
<h:outputScript name="jquery.js" />
<h:outputScript name="bootstrap.js" />
<ui:insert name="head" />

<ui:param name="themeColor" value="#{organizationService.organization.themeColor}" />
<ui:fragment rendered="#{not empty themeColor}">
<style type="text/css">
.rf-tb-itm, .rf-tb-emp{
height: 33px;
background-color: #{gluufn:getColor(themeColor, "00ff00")}
background-image: none;
}
</style>
</ui:fragment>
</h:head>
<h:body>
<img src="#{request.contextPath}/servlet/logo" alt="logo" id="logo"/>
<h:form>
<ui:include src="menu.xhtml">
<ui:param name="projectName" value="oxTrust"/>
</ui:include>
</h:form>
<div class="#{not isLogin?'body':'loginBody'}">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8 col-sm-offset-0 col-md-offset-2">
<h:messages id="messages" globalOnly="true" styleClass="message"
errorClass="errormsg" infoClass="infomsg" warnClass="warnmsg"
rendered="#{showGlobalMessages != 'false'}"/>
<ui:insert name="body"/>
</div>
</div>
</div>
</div>
<ui:fragment rendered="#{not isLogin}">
<div class="footer">
<p>Copyright <a href="http://www.gluu.org">Gluu</a> All rights reserved.</p>
</div>
</ui:fragment>
<ui:param name="themeColor"
value="#{organizationService.organization.themeColor}" />
<ui:fragment rendered="#{not empty themeColor}">
<style type="text/css">
.rf-tb-itm, .rf-tb-emp {
height: 33px;
background-color: #{gluufn:getColor(themeColor, "00ff00")
}
background-image
:
none
;
<div class="footer">
</div>
</h:body>
}
</style>
</ui:fragment>
</h:head>
<h:body>
<f:metadata>
<f:viewAction
action="#{permissionService.requestPermission(target, action)}" />
</f:metadata>
<img src="#{request.contextPath}/servlet/logo" alt="logo" id="logo" />
<h:form>
<ui:include src="menu.xhtml">
<ui:param name="projectName" value="oxTrust" />
</ui:include>
</h:form>
<div class="#{not isLogin?'body':'loginBody'}">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8 col-sm-offset-0 col-md-offset-2">
<h:messages id="messages" globalOnly="true" styleClass="message"
errorClass="errormsg" infoClass="infomsg" warnClass="warnmsg"
rendered="#{showGlobalMessages != 'false'}" />
<ui:insert name="body" />
</div>
</div>
</div>
</div>
<ui:fragment rendered="#{not isLogin}">
<div class="footer">
<p>
Copyright <a href="http://www.gluu.org">Gluu</a> All rights
reserved.
</p>
</div>
</ui:fragment>
<div class="footer"></div>
</h:body>
</f:view>
</html>

0 comments on commit 242d456

Please sign in to comment.
You can’t perform that action at this time.