Skip to content

Commit

Permalink
Merge pull request #4469 from enonic/#4423
Browse files Browse the repository at this point in the history
User with "Users Administrator" rights cannot change a password (#4423)
  • Loading branch information
GlennRicaud committed Feb 27, 2017
2 parents 0684541 + 0ab71d6 commit a96eab2
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import PasswordGenerator = api.ui.text.PasswordGenerator;
import DialogButton = api.ui.dialog.DialogButton;
import FormItemBuilder = api.ui.form.FormItemBuilder;
import Validators = api.ui.form.Validators;
import DefaultErrorHandler = api.DefaultErrorHandler;

export class ChangeUserPasswordDialog extends api.ui.dialog.ModalDialog {

Expand Down Expand Up @@ -60,7 +61,7 @@ export class ChangeUserPasswordDialog extends api.ui.dialog.ModalDialog {
this.password.getValue()).sendAndParse().then((result) => {
api.notify.showFeedback('Password was changed!');
this.close();
});
}).catch(DefaultErrorHandler.handle);
}));
this.changePasswordButton.setEnabled(false);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.enonic.xp.security.acl;

import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
Expand All @@ -26,6 +27,26 @@ private AccessControlList( final Builder builder )
this.entries = ImmutableMap.copyOf( builder.entries );
}

public static AccessControlList empty()
{
return EMPTY;
}

public static AccessControlList of( final AccessControlEntry... entries )
{
return AccessControlList.create().addAll( entries ).build();
}

public static Builder create()
{
return new Builder();
}

public static Builder create( final AccessControlList acl )
{
return new Builder( acl );
}

public boolean isAllowedFor( final PrincipalKey principal, final Permission... permissions )
{
return doIsAllowedFor( principal, permissions );
Expand All @@ -50,7 +71,6 @@ private boolean doIsAllowedFor( final PrincipalKey principal, final Permission[]
return entry != null && entry.isAllowed( permissions );
}


public PrincipalKeys getAllPrincipals()
{
final Set<PrincipalKey> principals = this.entries.values().stream().
Expand All @@ -73,6 +93,11 @@ public AccessControlEntry getEntry( final PrincipalKey principalKey )
return this.entries.get( principalKey );
}

public Collection<AccessControlEntry> getEntries()
{
return this.entries.values();
}

public boolean contains( final PrincipalKey principalKey )
{
return this.entries.containsKey( principalKey );
Expand Down Expand Up @@ -117,26 +142,6 @@ public int hashCode()
return this.entries.hashCode();
}

public static AccessControlList empty()
{
return EMPTY;
}

public static AccessControlList of( final AccessControlEntry... entries )
{
return AccessControlList.create().addAll( entries ).build();
}

public static Builder create()
{
return new Builder();
}

public static Builder create( final AccessControlList acl )
{
return new Builder( acl );
}

public static class Builder
{
private final Map<PrincipalKey, AccessControlEntry> entries;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@
import com.enonic.xp.security.RoleKeys;
import com.enonic.xp.security.SecurityConstants;
import com.enonic.xp.security.SecurityService;
import com.enonic.xp.security.SystemConstants;
import com.enonic.xp.security.User;
import com.enonic.xp.security.UserStoreKey;
import com.enonic.xp.security.acl.AccessControlEntry;
import com.enonic.xp.security.acl.AccessControlList;
import com.enonic.xp.security.acl.UserStoreAccessControlEntry;
import com.enonic.xp.security.acl.UserStoreAccessControlList;
import com.enonic.xp.security.auth.AuthenticationInfo;
Expand All @@ -28,12 +31,12 @@

final class SecurityInitializer
{
public static final PrincipalKey SUPER_USER = PrincipalKey.ofUser( UserStoreKey.system(), "su" );

static final String SYSTEM_USER_STORE_DISPLAY_NAME = "System User Store";

private static final Logger LOG = LoggerFactory.getLogger( SecurityInitializer.class );

public static final PrincipalKey SUPER_USER = PrincipalKey.ofUser( UserStoreKey.system(), "su" );

private static final ApplicationKey SYSTEM_ID_PROVIDER_KEY = ApplicationKey.from( "com.enonic.xp.app.standardidprovider" );

private final SecurityService securityService;
Expand Down Expand Up @@ -87,10 +90,19 @@ private void initializeUserStoreParentFolder()
final NodePath userStoreParentNodePath = UserStoreNodeTranslator.getUserStoresParentPath();
LOG.info( "Initializing [" + userStoreParentNodePath.toString() + "] folder" );

final AccessControlEntry userManagerFullAccess = AccessControlEntry.create().
allowAll().
principal( RoleKeys.USER_MANAGER_ADMIN ).
build();

nodeService.create( CreateNodeParams.create().
parent( userStoreParentNodePath.getParentPath() ).
name( userStoreParentNodePath.getLastElement().toString() ).
inheritPermissions( true ).
permissions( AccessControlList.create().
addAll( SystemConstants.SYSTEM_REPO_DEFAULT_ACL.getEntries() ).
add( userManagerFullAccess ).
build() ).
inheritPermissions( false ).
build() );
}

Expand All @@ -117,8 +129,9 @@ private void initializeSystemUserStore()

final UserStoreAccessControlList permissions =
UserStoreAccessControlList.of( UserStoreAccessControlEntry.create().principal( RoleKeys.ADMIN ).access( ADMINISTRATOR ).build(),
UserStoreAccessControlEntry.create().principal( RoleKeys.AUTHENTICATED ).access(
READ ).build() );
UserStoreAccessControlEntry.create().principal( RoleKeys.AUTHENTICATED ).access( READ ).build(),
UserStoreAccessControlEntry.create().principal( RoleKeys.USER_MANAGER_ADMIN ).access(
ADMINISTRATOR ).build() );

final CreateUserStoreParams createParams = CreateUserStoreParams.create().
key( UserStoreKey.system() ).
Expand Down

0 comments on commit a96eab2

Please sign in to comment.