Skip to content

Commit 8710463

Browse files
committed
NMS-9065: Fixed the Asset pages JSPs to handle ACL filtering for release-19.0.0
1 parent 3b8f314 commit 8710463

File tree

2 files changed

+95
-68
lines changed

2 files changed

+95
-68
lines changed

Diff for: opennms-webapp/src/main/webapp/asset/modify.jsp

+83-60
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
*******************************************************************************/
2929
--%>
3030

31-
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
31+
<%@ page contentType="text/html;charset=UTF-8" language="java" import="org.opennms.web.springframework.security.AclUtils"%>
3232

3333
<% pageContext.setAttribute("nodeId", request.getParameter("node")); %>
3434

@@ -47,72 +47,95 @@
4747
<jsp:param name="script" value='<script type="text/javascript" src="js/onms-assets/app.js"></script>' />
4848
</jsp:include>
4949

50-
<div class="container-fluid" ng-app="onms-assets" ng-controller="NodeAssetsCtrl" ng-init="init(${nodeId})">
50+
<%
51+
AclUtils.NodeAccessChecker accessChecker = AclUtils.getNodeAccessChecker(getServletContext());
5152
52-
<div growl></div>
53+
Integer nodeId = null;
5354
54-
<h4>
55-
Node: <strong><a href="element/node.jsp?node=${nodeId}">{{ nodeLabel }}</a></strong>
56-
</h4>
57-
<p>
58-
Last modified by {{ master['lastModifiedBy'] }} at {{ master['lastModifiedDate'] | date }}
59-
</p>
55+
try {
56+
nodeId = Integer.valueOf(request.getParameter("node"));
57+
} catch (NumberFormatException e) {
58+
%>
59+
<h2>Error parsing node parameter.</h2>
60+
<%
61+
}
6062
61-
<form name="assetForm" novalidate>
62-
<div class="row" ng-repeat="row in config.rows">
63-
<div ng-class="col.class" ng-repeat="col in row.columns">
64-
<div class="panel panel-default" ng-repeat="panel in col.panels">
65-
<div class="panel-heading">
66-
<h3 class="panel-title">{{ panel.title }}</h3>
67-
</div>
68-
<div class="panel-body">
69-
<div class="form-horizontal" ng-repeat="field in panel.fields">
70-
<div class="form-group" ng-class="{ 'has-error': assetForm[field.model].$invalid && !assetForm[field.model].$pristine, 'has-warning': assetForm[field.model].$dirty }">
71-
<label class="control-label col-md-3" for="{{ field.model }}" uib-tooltip="{{ field.tooltip }}">{{ field.label }}</label>
72-
<div class="col-md-9">
73-
<%-- Static/ReadOnly fields --%>
74-
<p class="form-control-static" ng-if="field.type=='static'">{{ asset[field.model] }}</p>
75-
<%-- Standard fields with typeahead suggestions --%>
76-
<input type="text" class="form-control" id="{{ field.model }}" name="{{ field.model }}" ng-model="asset[field.model]" ng-if="field.type=='text'"
77-
typeahead-editable="true" typeahead-min-length="0" ng-pattern="field.pattern"
78-
uib-typeahead="suggestion for suggestion in getSuggestions(field.model) | filter:$viewValue"></input>
79-
<%-- Password fields --%>
80-
<input type="password" class="form-control" ng-model="asset[field.model]" ng-if="field.type=='password'"></input>
81-
<%-- Textarea fields --%>
82-
<textarea class="form-control" style="height: 20em;" ng-model="asset[field.model]" ng-if="field.type=='textarea'"></textarea>
83-
<%-- Date fields with Popup Picker --%>
84-
<p class="input-group" ng-if="field.type=='date'">
85-
<input type="date" class="form-control" uib-datepicker-popup="{{ dateFormat }}" is-open="field.open" ng-model="asset[field.model]" placeholder="Specify date using this format: {{ dateFormat }}" />
86-
<span class="input-group-btn">
87-
<button type="button" class="btn btn-default" ng-click="field.open=true"><i class="glyphicon glyphicon-calendar"></i></button>
88-
</span>
89-
</p>
90-
<%-- List/Select fields --%>
91-
<select class="form-control" ng-model="asset[field.model]" ng-if="field.type=='select'">
92-
<option ng-repeat="value in field.options">{{value}}</option>
93-
</select>
63+
if (nodeId != null) {
64+
if (accessChecker.isNodeAccessible(nodeId)) {
65+
%>
66+
<div class="container-fluid" ng-app="onms-assets" ng-controller="NodeAssetsCtrl" ng-init="init(${nodeId})">
67+
68+
<div growl></div>
69+
70+
<h4>
71+
Node: <strong><a href="element/node.jsp?node=${nodeId}">{{ nodeLabel }}</a></strong>
72+
</h4>
73+
<p>
74+
Last modified by {{ master['lastModifiedBy'] }} at {{ master['lastModifiedDate'] | date }}
75+
</p>
76+
77+
<form name="assetForm" novalidate>
78+
<div class="row" ng-repeat="row in config.rows">
79+
<div ng-class="col.class" ng-repeat="col in row.columns">
80+
<div class="panel panel-default" ng-repeat="panel in col.panels">
81+
<div class="panel-heading">
82+
<h3 class="panel-title">{{ panel.title }}</h3>
83+
</div>
84+
<div class="panel-body">
85+
<div class="form-horizontal" ng-repeat="field in panel.fields">
86+
<div class="form-group" ng-class="{ 'has-error': assetForm[field.model].$invalid && !assetForm[field.model].$pristine, 'has-warning': assetForm[field.model].$dirty }">
87+
<label class="control-label col-md-3" for="{{ field.model }}" uib-tooltip="{{ field.tooltip }}">{{ field.label }}</label>
88+
<div class="col-md-9">
89+
<%-- Static/ReadOnly fields --%>
90+
<p class="form-control-static" ng-if="field.type=='static'">{{ asset[field.model] }}</p>
91+
<%-- Standard fields with typeahead suggestions --%>
92+
<input type="text" class="form-control" id="{{ field.model }}" name="{{ field.model }}" ng-model="asset[field.model]" ng-if="field.type=='text'"
93+
typeahead-editable="true" typeahead-min-length="0" ng-pattern="field.pattern"
94+
uib-typeahead="suggestion for suggestion in getSuggestions(field.model) | filter:$viewValue"></input>
95+
<%-- Password fields --%>
96+
<input type="password" class="form-control" ng-model="asset[field.model]" ng-if="field.type=='password'"></input>
97+
<%-- Textarea fields --%>
98+
<textarea class="form-control" style="height: 20em;" ng-model="asset[field.model]" ng-if="field.type=='textarea'"></textarea>
99+
<%-- Date fields with Popup Picker --%>
100+
<p class="input-group" ng-if="field.type=='date'">
101+
<input type="date" class="form-control" uib-datepicker-popup="{{ dateFormat }}" is-open="field.open" ng-model="asset[field.model]" placeholder="Specify date using this format: {{ dateFormat }}" />
102+
<span class="input-group-btn">
103+
<button type="button" class="btn btn-default" ng-click="field.open=true"><i class="glyphicon glyphicon-calendar"></i></button>
104+
</span>
105+
</p>
106+
<%-- List/Select fields --%>
107+
<select class="form-control" ng-model="asset[field.model]" ng-if="field.type=='select'">
108+
<option ng-repeat="value in field.options">{{value}}</option>
109+
</select>
110+
</div>
111+
</div>
112+
</div>
94113
</div>
95114
</div>
96-
</div>
115+
</div>
97116
</div>
98-
</div>
99-
</div>
100-
</div>
101-
<div class="row">
102-
<div class="col-md-6">
103-
<div class="btn-group">
104-
<button type="button" class="btn btn-default" ng-click="save()" id="save-asset" ng-disabled="assetForm.$invalid">Save Asset Record&nbsp;&nbsp;&nbsp;
105-
<span class="glyphicon glyphicon-save"><span>
106-
</button>
107-
<button type="button" class="btn btn-default" ng-click="reset()" id="reset-asset">Reset&nbsp;&nbsp;&nbsp;
108-
<span class="glyphicon glyphicon-refresh"><span>
109-
</button>
110-
</div>
117+
<div class="row">
118+
<div class="col-md-6">
119+
<div class="btn-group">
120+
<button type="button" class="btn btn-default" ng-click="save()" id="save-asset" ng-disabled="assetForm.$invalid">Save Asset Record&nbsp;&nbsp;&nbsp;
121+
<span class="glyphicon glyphicon-save"><span>
122+
</button>
123+
<button type="button" class="btn btn-default" ng-click="reset()" id="reset-asset">Reset&nbsp;&nbsp;&nbsp;
124+
<span class="glyphicon glyphicon-refresh"><span>
125+
</button>
126+
</div>
127+
</div>
128+
</div>
129+
</form>
111130
</div>
112-
</div>
113-
</form>
114-
115-
</div>
131+
<%
132+
} else {
133+
%>
134+
<h2>Access denied.</h2>
135+
<%
136+
}
137+
}
138+
%>
116139

117140
<jsp:include page="/includes/bootstrap-footer.jsp" flush="false"/>
118141

Diff for: opennms-webapp/src/main/webapp/asset/nodelist.jsp

+12-8
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,11 @@
3030
--%>
3131

3232
<%@page language="java"
33-
contentType="text/html"
34-
session="true"
35-
import="org.opennms.web.asset.*,
36-
org.opennms.web.servlet.MissingParameterException
37-
"
38-
%>
39-
33+
contentType="text/html"
34+
session="true"
35+
import="org.opennms.web.asset.*,
36+
org.opennms.web.servlet.MissingParameterException,
37+
org.opennms.web.springframework.security.AclUtils"%>
4038
<%
4139
final String ALL_NON_EMPTY = "_allNonEmpty";
4240
String column = request.getParameter("column");
@@ -52,6 +50,8 @@
5250
}
5351
5452
AssetModel.MatchingAsset[] assets = column.equals(ALL_NON_EMPTY) ? AssetModel.searchNodesWithAssets() : AssetModel.searchAssets(column, search);
53+
54+
AclUtils.NodeAccessChecker accessChecker = AclUtils.getNodeAccessChecker(getServletContext());
5555
%>
5656

5757
<jsp:include page="/includes/bootstrap.jsp" flush="false" >
@@ -80,7 +80,11 @@
8080
<th>Node Link</td>
8181
</tr>
8282

83-
<% for( int i=0; i < assets.length; i++ ) { %>
83+
<% for( int i=0; i < assets.length; i++ ) {
84+
if (!accessChecker.isNodeAccessible(assets[i].nodeId)) {
85+
continue;
86+
}
87+
%>
8488
<tr>
8589
<td><%=assets[i].matchingValue%></td>
8690
<td><a href="asset/modify.jsp?node=<%=assets[i].nodeId%>"><%=assets[i].nodeLabel%></a></td>

0 commit comments

Comments
 (0)