This is an automated email from the ASF dual-hosted git repository. danhaywood pushed a commit to branch ISIS-3189 in repository https://gitbox.apache.org/repos/asf/isis.git
commit 71f552ca3f29e94526f3c493d39f3717106189f1 Author: Dan Haywood <d...@haywood-associates.co.uk> AuthorDate: Mon Aug 29 10:08:55 2022 +0100 ISIS-3187: adds missing roles/permissions, grants to secman-admin (cherry picked from commit 01169a4a3385ae5c5b292778e4f0971c165a5fbd) --- ...va => IsisExtAuditTrailRoleAndPermissions.java} | 8 ++--- ...va => IsisExtCommandLogRoleAndPermissions.java} | 10 +++--- ... => IsisExtExecutionLogRoleAndPermissions.java} | 8 ++--- ... IsisExtExecutionOutboxRoleAndPermissions.java} | 8 ++--- .../seed/IsisExtSecmanAdminRoleAndPermissions.java | 6 ++-- ...va => IsisExtSessionLogRoleAndPermissions.java} | 8 ++--- .../scripts/SeedUsersAndRolesFixtureScript.java | 41 ++++++++++++++++------ .../applib/user/seed/IsisExtSecmanAdminUser.java | 13 +++++-- 8 files changed, 66 insertions(+), 36 deletions(-) diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtAuditTrailRoleAndPermissions.java similarity index 84% copy from extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java copy to extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtAuditTrailRoleAndPermissions.java index 8c02b4d621..13d14c7af4 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtAuditTrailRoleAndPermissions.java @@ -29,14 +29,14 @@ import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPer * * @since 2.0 {@index} */ -public class IsisExtCommandReplayPrimaryRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { +public class IsisExtAuditTrailRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { - public static final String NAMESPACE = "isis.ext.commandReplayPrimary"; + public static final String NAMESPACE = "isis.ext.auditTrail"; public static final String ROLE_NAME = NAMESPACE.replace(".","-"); - public IsisExtCommandReplayPrimaryRoleAndPermissions() { - super(ROLE_NAME, "Access to the command replay primary menu"); + public IsisExtAuditTrailRoleAndPermissions() { + super(ROLE_NAME, "Access to the audit trail actions"); } @Override diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplaySecondaryRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandLogRoleAndPermissions.java similarity index 82% rename from extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplaySecondaryRoleAndPermissions.java rename to extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandLogRoleAndPermissions.java index 47a4d3853c..4df2281466 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplaySecondaryRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandLogRoleAndPermissions.java @@ -25,18 +25,18 @@ import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermis import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPermissionsFixtureScript; /** - * Access to the command replay secondary menu. + * Access to the command replay primary menu. * * @since 2.0 {@index} */ -public class IsisExtCommandReplaySecondaryRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { +public class IsisExtCommandLogRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { - public static final String NAMESPACE = "isis.ext.commandReplaySecondary"; + public static final String NAMESPACE = "isis.ext.commandLog"; public static final String ROLE_NAME = NAMESPACE.replace(".","-"); - public IsisExtCommandReplaySecondaryRoleAndPermissions() { - super(ROLE_NAME, "Access to the command replay secondary menu"); + public IsisExtCommandLogRoleAndPermissions() { + super(ROLE_NAME, "Access to the command log actions"); } @Override diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionLogRoleAndPermissions.java similarity index 84% copy from extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java copy to extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionLogRoleAndPermissions.java index 8c02b4d621..511100187f 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionLogRoleAndPermissions.java @@ -29,14 +29,14 @@ import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPer * * @since 2.0 {@index} */ -public class IsisExtCommandReplayPrimaryRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { +public class IsisExtExecutionLogRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { - public static final String NAMESPACE = "isis.ext.commandReplayPrimary"; + public static final String NAMESPACE = "isis.ext.executionLog"; public static final String ROLE_NAME = NAMESPACE.replace(".","-"); - public IsisExtCommandReplayPrimaryRoleAndPermissions() { - super(ROLE_NAME, "Access to the command replay primary menu"); + public IsisExtExecutionLogRoleAndPermissions() { + super(ROLE_NAME, "Access to the execution log actions"); } @Override diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionOutboxRoleAndPermissions.java similarity index 84% copy from extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java copy to extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionOutboxRoleAndPermissions.java index 8c02b4d621..8fd179d4ea 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtExecutionOutboxRoleAndPermissions.java @@ -29,14 +29,14 @@ import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPer * * @since 2.0 {@index} */ -public class IsisExtCommandReplayPrimaryRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { +public class IsisExtExecutionOutboxRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { - public static final String NAMESPACE = "isis.ext.commandReplayPrimary"; + public static final String NAMESPACE = "isis.ext.executionOutbox"; public static final String ROLE_NAME = NAMESPACE.replace(".","-"); - public IsisExtCommandReplayPrimaryRoleAndPermissions() { - super(ROLE_NAME, "Access to the command replay primary menu"); + public IsisExtExecutionOutboxRoleAndPermissions() { + super(ROLE_NAME, "Access to the execution outbox actions"); } @Override diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanAdminRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanAdminRoleAndPermissions.java index 9dbcbe7e8f..f20995b9e8 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanAdminRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanAdminRoleAndPermissions.java @@ -29,6 +29,7 @@ import org.apache.isis.commons.internal.base._NullSafe; import org.apache.isis.core.config.IsisConfiguration.Extensions.Secman; import org.apache.isis.core.config.IsisConfiguration.Extensions.Secman.Seed.Admin; import org.apache.isis.core.config.IsisConfiguration.Extensions.Secman.Seed.Admin.NamespacePermissions; +import org.apache.isis.extensions.secman.applib.IsisModuleExtSecmanApplib; import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionMode; import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionRule; import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPermissionsFixtureScript; @@ -60,8 +61,9 @@ public class IsisExtSecmanAdminRoleAndPermissions extends AbstractRoleAndPermiss newPermissions( ApplicationPermissionRule.ALLOW, ApplicationPermissionMode.CHANGING, - Can.ofCollection(adminInitialPackagePermissions) - .map(ApplicationFeatureId::newNamespace)); + Can.of(IsisModuleExtSecmanApplib.NAMESPACE).addAll(Can.ofCollection(adminInitialPackagePermissions)) + .map(ApplicationFeatureId::newNamespace) + ); } // -- HELPER diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSessionLogRoleAndPermissions.java similarity index 84% rename from extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java rename to extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSessionLogRoleAndPermissions.java index 8c02b4d621..40398ee5a6 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtCommandReplayPrimaryRoleAndPermissions.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSessionLogRoleAndPermissions.java @@ -29,14 +29,14 @@ import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPer * * @since 2.0 {@index} */ -public class IsisExtCommandReplayPrimaryRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { +public class IsisExtSessionLogRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript { - public static final String NAMESPACE = "isis.ext.commandReplayPrimary"; + public static final String NAMESPACE = "isis.ext.sessionLog"; public static final String ROLE_NAME = NAMESPACE.replace(".","-"); - public IsisExtCommandReplayPrimaryRoleAndPermissions() { - super(ROLE_NAME, "Access to the command replay primary menu"); + public IsisExtSessionLogRoleAndPermissions() { + super(ROLE_NAME, "Access to the session log actions"); } @Override diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/seed/scripts/SeedUsersAndRolesFixtureScript.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/seed/scripts/SeedUsersAndRolesFixtureScript.java index 6393a20273..f3f76803cd 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/seed/scripts/SeedUsersAndRolesFixtureScript.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/seed/scripts/SeedUsersAndRolesFixtureScript.java @@ -23,11 +23,14 @@ import javax.inject.Inject; import org.apache.isis.core.config.IsisConfiguration; import org.apache.isis.extensions.secman.applib.role.seed.IsisAppFeatureRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisConfigurationRoleAndPermissions; -import org.apache.isis.extensions.secman.applib.role.seed.IsisExtCommandReplayPrimaryRoleAndPermissions; -import org.apache.isis.extensions.secman.applib.role.seed.IsisExtCommandReplaySecondaryRoleAndPermissions; +import org.apache.isis.extensions.secman.applib.role.seed.IsisExtAuditTrailRoleAndPermissions; +import org.apache.isis.extensions.secman.applib.role.seed.IsisExtCommandLogRoleAndPermissions; +import org.apache.isis.extensions.secman.applib.role.seed.IsisExtExecutionLogRoleAndPermissions; +import org.apache.isis.extensions.secman.applib.role.seed.IsisExtExecutionOutboxRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisExtH2ConsoleRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisExtSecmanAdminRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisExtSecmanRegularUserRoleAndPermissions; +import org.apache.isis.extensions.secman.applib.role.seed.IsisExtSessionLogRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisPersistenceJdoMetaModelRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisSudoImpersonateRoleAndPermissions; import org.apache.isis.extensions.secman.applib.role.seed.IsisViewerRestfulObjectsSwaggerRoleAndPermissions; @@ -62,23 +65,39 @@ public class SeedUsersAndRolesFixtureScript extends FixtureScript { // global tenancy executionContext.executeChild(this, new GlobalTenancy()); - // secman (admin and regular users) - executionContext.executeChildren(this, - new IsisExtSecmanAdminRoleAndPermissions(secmanConfig), - new IsisExtSecmanAdminUser(secmanConfig), - new IsisExtSecmanRegularUserRoleAndPermissions(secmanConfig)); - - // other modules + // modules executionContext.executeChildren(this, new IsisAppFeatureRoleAndPermissions(), new IsisPersistenceJdoMetaModelRoleAndPermissions(), - new IsisExtCommandReplayPrimaryRoleAndPermissions(), - new IsisExtCommandReplaySecondaryRoleAndPermissions(), + new IsisExtAuditTrailRoleAndPermissions(), + new IsisExtCommandLogRoleAndPermissions(), + new IsisExtExecutionLogRoleAndPermissions(), + new IsisExtExecutionOutboxRoleAndPermissions(), + new IsisExtSessionLogRoleAndPermissions(), new IsisExtH2ConsoleRoleAndPermissions(), new IsisViewerRestfulObjectsSwaggerRoleAndPermissions(), new IsisSudoImpersonateRoleAndPermissions(), new IsisConfigurationRoleAndPermissions() ); + + // secman module (admin and regular users role, and secman-admin superuser) + executionContext.executeChildren(this, + new IsisExtSecmanAdminRoleAndPermissions(secmanConfig), + new IsisExtSecmanRegularUserRoleAndPermissions(secmanConfig), + new IsisExtSecmanAdminUser(secmanConfig, + IsisAppFeatureRoleAndPermissions.ROLE_NAME, + IsisPersistenceJdoMetaModelRoleAndPermissions.ROLE_NAME, + IsisExtAuditTrailRoleAndPermissions.ROLE_NAME, + IsisExtCommandLogRoleAndPermissions.ROLE_NAME, + IsisExtExecutionLogRoleAndPermissions.ROLE_NAME, + IsisExtExecutionOutboxRoleAndPermissions.ROLE_NAME, + IsisExtSessionLogRoleAndPermissions.ROLE_NAME, + IsisExtH2ConsoleRoleAndPermissions.ROLE_NAME, + IsisViewerRestfulObjectsSwaggerRoleAndPermissions.ROLE_NAME, + IsisSudoImpersonateRoleAndPermissions.ROLE_NAME, + IsisConfigurationRoleAndPermissions.ROLE_NAME) + ); + } } diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/user/seed/IsisExtSecmanAdminUser.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/user/seed/IsisExtSecmanAdminUser.java index a3bc8e40c1..92d2c39b40 100644 --- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/user/seed/IsisExtSecmanAdminUser.java +++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/user/seed/IsisExtSecmanAdminUser.java @@ -18,6 +18,8 @@ */ package org.apache.isis.extensions.secman.applib.user.seed; +import java.util.Collection; + import org.apache.isis.commons.collections.Can; import org.apache.isis.core.config.IsisConfiguration.Extensions.Secman; import org.apache.isis.extensions.secman.applib.tenancy.seed.GlobalTenancy; @@ -30,13 +32,20 @@ import org.apache.isis.extensions.secman.applib.user.fixtures.AbstractUserAndRol */ public class IsisExtSecmanAdminUser extends AbstractUserAndRolesFixtureScript { - public IsisExtSecmanAdminUser(final Secman config) { + public IsisExtSecmanAdminUser(final Secman config, String... roleNames) { super( config.getSeed().getAdmin().getUserName(), config.getSeed().getAdmin().getPassword(), null, GlobalTenancy.TENANCY_PATH, AccountType.LOCAL, - Can.of(config.getSeed().getAdmin().getRoleName())); + Can.of( + config.getSeed().getAdmin().getRoleName(), + config.getSeed().getRegularUser().getRoleName() + ).addAll( + Can.of(roleNames) + ) + ); } + }