http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/client/console/src/main/java/org/apache/syncope/client/console/topology/Topology.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/topology/Topology.java b/client/console/src/main/java/org/apache/syncope/client/console/topology/Topology.java index a41e099..3a5cc24 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/topology/Topology.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/topology/Topology.java @@ -40,7 +40,7 @@ import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink; import org.apache.syncope.client.console.wicket.markup.html.form.ActionLinksPanel; import org.apache.syncope.common.lib.to.ConnInstanceTO; import org.apache.syncope.common.lib.to.ResourceTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.rest.api.service.SyncopeService; import org.apache.wicket.Component; import org.apache.wicket.ajax.AbstractAjaxTimerBehavior; @@ -93,48 +93,48 @@ public class Topology extends BasePage { private final LoadableDetachableModel<Map<String, List<ConnInstanceTO>>> connModel = new LoadableDetachableModel<Map<String, List<ConnInstanceTO>>>() { - private static final long serialVersionUID = 5275935387613157432L; + private static final long serialVersionUID = 5275935387613157432L; - @Override - protected Map<String, List<ConnInstanceTO>> load() { - final Map<String, List<ConnInstanceTO>> res = new HashMap<>(); - - for (ConnInstanceTO conn : connectorRestClient.getAllConnectors()) { - final List<ConnInstanceTO> conns; - if (res.containsKey(conn.getLocation())) { - conns = res.get(conn.getLocation()); - } else { - conns = new ArrayList<>(); - res.put(conn.getLocation(), conns); - } - conns.add(conn); - } - - return res; + @Override + protected Map<String, List<ConnInstanceTO>> load() { + final Map<String, List<ConnInstanceTO>> res = new HashMap<>(); + + for (ConnInstanceTO conn : connectorRestClient.getAllConnectors()) { + final List<ConnInstanceTO> conns; + if (res.containsKey(conn.getLocation())) { + conns = res.get(conn.getLocation()); + } else { + conns = new ArrayList<>(); + res.put(conn.getLocation(), conns); } - }; + conns.add(conn); + } + + return res; + } + }; private final LoadableDetachableModel<Pair<List<URI>, List<URI>>> csModel = new LoadableDetachableModel<Pair<List<URI>, List<URI>>>() { - private static final long serialVersionUID = 5275935387613157433L; - - @Override - protected Pair<List<URI>, List<URI>> load() { - final List<URI> connectorServers = new ArrayList<>(); - final List<URI> filePaths = new ArrayList<>(); - - for (String location : SyncopeConsoleSession.get().getSyncopeTO().getConnIdLocations()) { - if (location.startsWith(CONNECTOR_SERVER_LOCATION_PREFIX)) { - connectorServers.add(URI.create(location)); - } else { - filePaths.add(URI.create(location)); - } - } + private static final long serialVersionUID = 5275935387613157433L; - return Pair.of(connectorServers, filePaths); + @Override + protected Pair<List<URI>, List<URI>> load() { + final List<URI> connectorServers = new ArrayList<>(); + final List<URI> filePaths = new ArrayList<>(); + + for (String location : SyncopeConsoleSession.get().getSyncopeTO().getConnIdLocations()) { + if (location.startsWith(CONNECTOR_SERVER_LOCATION_PREFIX)) { + connectorServers.add(URI.create(location)); + } else { + filePaths.add(URI.create(location)); } - }; + } + + return Pair.of(connectorServers, filePaths); + } + }; protected enum SupportedOperation { @@ -180,7 +180,7 @@ public class Topology extends BasePage { public void onClick(final AjaxRequestTarget target, final Serializable ignore) { target.appendJavaScript("zoomIn($('#drawing')[0]);"); } - }, ActionLink.ActionType.ZOOM_IN, Entitlement.RESOURCE_LIST).add(new ActionLink<Serializable>() { + }, ActionLink.ActionType.ZOOM_IN, StandardEntitlement.RESOURCE_LIST).add(new ActionLink<Serializable>() { private static final long serialVersionUID = -3722207913631435501L; @@ -188,7 +188,7 @@ public class Topology extends BasePage { public void onClick(final AjaxRequestTarget target, final Serializable ignore) { target.appendJavaScript("zoomOut($('#drawing')[0]);"); } - }, ActionLink.ActionType.ZOOM_OUT, Entitlement.RESOURCE_LIST); + }, ActionLink.ActionType.ZOOM_OUT, StandardEntitlement.RESOURCE_LIST); add(zoomActionPanel.build("zoom")); // ----------------------------------------- @@ -400,37 +400,37 @@ public class Topology extends BasePage { final ListView<TopologyNode> innerListView = new ListView<TopologyNode>("resources", new ArrayList<>(connections.get(connectorId).values())) { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 1L; - private final int size = getModelObject().size() + 1; + private final int size = getModelObject().size() + 1; - @Override - protected void populateItem(final ListItem<TopologyNode> item) { - final TopologyNode topologynode = item.getModelObject(); - final TopologyNode parent = connectors.get(connectorId); + @Override + protected void populateItem(final ListItem<TopologyNode> item) { + final TopologyNode topologynode = item.getModelObject(); + final TopologyNode parent = connectors.get(connectorId); - // Set position - int kx = size >= 16 ? 800 : (48 * size); - int ky = size < 4 ? 100 : size < 6 ? 350 : 750; + // Set position + int kx = size >= 16 ? 800 : (48 * size); + int ky = size < 4 ? 100 : size < 6 ? 350 : 750; - final double hpos; - if (parent == null || parent.getY() < syncopeTopologyNode.getY()) { - hpos = Math.PI; - } else { - hpos = 0.0; - } + final double hpos; + if (parent == null || parent.getY() < syncopeTopologyNode.getY()) { + hpos = Math.PI; + } else { + hpos = 0.0; + } - int x = (int) Math.round((parent == null ? origX : parent.getX()) - + kx * Math.cos(hpos + Math.PI * (item.getIndex() + 1) / size)); - int y = (int) Math.round((parent == null ? origY : parent.getY()) - + ky * Math.sin(hpos + Math.PI * (item.getIndex() + 1) / size)); + int x = (int) Math.round((parent == null ? origX : parent.getX()) + + kx * Math.cos(hpos + Math.PI * (item.getIndex() + 1) / size)); + int y = (int) Math.round((parent == null ? origY : parent.getY()) + + ky * Math.sin(hpos + Math.PI * (item.getIndex() + 1) / size)); - topologynode.setX(x); - topologynode.setY(y); + topologynode.setX(x); + topologynode.setY(y); - item.add(topologyNodePanel("res", topologynode)); - } - }; + item.add(topologyNodePanel("res", topologynode)); + } + }; innerListView.setOutputMarkupId(true); item.add(innerListView);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyNodePanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyNodePanel.java b/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyNodePanel.java index 701c459..98e72f0 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyNodePanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyNodePanel.java @@ -33,7 +33,7 @@ import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.Bas import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.ConnInstanceTO; import org.apache.syncope.common.lib.to.ResourceTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.wicket.AttributeModifier; import org.apache.wicket.PageReference; import org.apache.wicket.ajax.AjaxRequestTarget; @@ -140,14 +140,14 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { modal.header(new Model<>(MessageFormat.format(getString("connector.new"), node.getKey()))); MetaDataRoleAuthorizationStrategy. - authorize(modal.addSumbitButton(), ENABLE, Entitlement.CONNECTOR_CREATE); + authorize(modal.addSumbitButton(), ENABLE, StandardEntitlement.CONNECTOR_CREATE); modal.show(true); } }; fragment.add(create); - MetaDataRoleAuthorizationStrategy.authorize(create, ENABLE, Entitlement.CONNECTOR_CREATE); + MetaDataRoleAuthorizationStrategy.authorize(create, ENABLE, StandardEntitlement.CONNECTOR_CREATE); return fragment; } @@ -175,7 +175,7 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { fragment.add(delete); delete.add(new ConfirmationModalBehavior()); - MetaDataRoleAuthorizationStrategy.authorize(delete, ENABLE, Entitlement.CONNECTOR_DELETE); + MetaDataRoleAuthorizationStrategy.authorize(delete, ENABLE, StandardEntitlement.CONNECTOR_DELETE); final AjaxLink<String> create = new ClearIndicatingAjaxLink<String>("create", pageRef) { @@ -195,14 +195,14 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { modal.header(new Model<>(MessageFormat.format(getString("resource.new"), node.getKey()))); MetaDataRoleAuthorizationStrategy. - authorize(modal.addSumbitButton(), ENABLE, Entitlement.RESOURCE_CREATE); + authorize(modal.addSumbitButton(), ENABLE, StandardEntitlement.RESOURCE_CREATE); modal.show(true); } }; fragment.add(create); - MetaDataRoleAuthorizationStrategy.authorize(create, ENABLE, Entitlement.RESOURCE_CREATE); + MetaDataRoleAuthorizationStrategy.authorize(create, ENABLE, StandardEntitlement.RESOURCE_CREATE); final AjaxLink<String> edit = new ClearIndicatingAjaxLink<String>("edit", pageRef) { @@ -220,14 +220,14 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { modal.header(new Model<>(MessageFormat.format(getString("connector.edit"), node.getKey()))); MetaDataRoleAuthorizationStrategy. - authorize(modal.addSumbitButton(), ENABLE, Entitlement.CONNECTOR_UPDATE); + authorize(modal.addSumbitButton(), ENABLE, StandardEntitlement.CONNECTOR_UPDATE); modal.show(true); } }; fragment.add(edit); - MetaDataRoleAuthorizationStrategy.authorize(edit, ENABLE, Entitlement.CONNECTOR_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(edit, ENABLE, StandardEntitlement.CONNECTOR_UPDATE); return fragment; } @@ -257,7 +257,7 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { delete.add(new ConfirmationModalBehavior()); - MetaDataRoleAuthorizationStrategy.authorize(delete, ENABLE, Entitlement.RESOURCE_DELETE); + MetaDataRoleAuthorizationStrategy.authorize(delete, ENABLE, StandardEntitlement.RESOURCE_DELETE); final AjaxLink<String> edit = new ClearIndicatingAjaxLink<String>("edit", pageRef) { @@ -275,14 +275,14 @@ public class TopologyNodePanel extends Panel implements IAjaxIndicatorAware { modal.header(new Model<>(MessageFormat.format(getString("resource.edit"), node.getKey()))); MetaDataRoleAuthorizationStrategy. - authorize(modal.addSumbitButton(), ENABLE, Entitlement.RESOURCE_UPDATE); + authorize(modal.addSumbitButton(), ENABLE, StandardEntitlement.RESOURCE_UPDATE); modal.show(true); } }; fragment.add(edit); - MetaDataRoleAuthorizationStrategy.authorize(edit, ENABLE, Entitlement.RESOURCE_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(edit, ENABLE, StandardEntitlement.RESOURCE_UPDATE); return fragment; } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/client/console/src/main/java/org/apache/syncope/client/console/wicket/extensions/markup/html/repeater/data/table/AttrColumn.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wicket/extensions/markup/html/repeater/data/table/AttrColumn.java b/client/console/src/main/java/org/apache/syncope/client/console/wicket/extensions/markup/html/repeater/data/table/AttrColumn.java index 029a523..fed5d29 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wicket/extensions/markup/html/repeater/data/table/AttrColumn.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wicket/extensions/markup/html/repeater/data/table/AttrColumn.java @@ -28,7 +28,7 @@ import org.apache.wicket.model.IModel; import org.apache.wicket.model.ResourceModel; import org.apache.syncope.common.lib.to.AnyTO; -public class AttrColumn extends AbstractColumn<AnyTO, String> { +public class AttrColumn<T extends AnyTO> extends AbstractColumn<T, String> { private static final long serialVersionUID = 2624734332447371372L; @@ -45,8 +45,9 @@ public class AttrColumn extends AbstractColumn<AnyTO, String> { } @Override - public void populateItem(final Item<ICellPopulator<AnyTO>> cellItem, final String componentId, - final IModel<AnyTO> rowModel) { + public void populateItem( + final Item<ICellPopulator<T>> cellItem, final String componentId, final IModel<T> rowModel) { + List<String> values = null; switch (schemaType) { @@ -73,12 +74,10 @@ public class AttrColumn extends AbstractColumn<AnyTO, String> { if (values == null || values.isEmpty()) { cellItem.add(new Label(componentId, "")); + } else if (values.size() == 1) { + cellItem.add(new Label(componentId, values.get(0))); } else { - if (values.size() == 1) { - cellItem.add(new Label(componentId, values.get(0))); - } else { - cellItem.add(new Label(componentId, values.toString())); - } + cellItem.add(new Label(componentId, values.toString())); } } } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionLinksPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionLinksPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionLinksPanel.java index fda21bf..3afb43b 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionLinksPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionLinksPanel.java @@ -54,7 +54,7 @@ public final class ActionLinksPanel<T extends Serializable> extends Panel { this.pageRef = pageRef; setOutputMarkupId(true); - + super.add(new Fragment("panelClaim", "emptyFragment", this)); super.add(new Fragment("panelManageResources", "emptyFragment", this)); super.add(new Fragment("panelManageUsers", "emptyFragment", this)); @@ -601,18 +601,18 @@ public final class ActionLinksPanel<T extends Serializable> extends Panel { fragment.addOrReplace( new IndicatingOnConfirmAjaxLink<Void>("unassignLink", pageRef, "confirmUnassign") { - private static final long serialVersionUID = -6957616042924610294L; + private static final long serialVersionUID = -6957616042924610294L; - @Override - protected void onClickInternal(final AjaxRequestTarget target) { - link.onClick(target, model.getObject()); - } + @Override + protected void onClickInternal(final AjaxRequestTarget target) { + link.onClick(target, model.getObject()); + } - @Override - public String getAjaxIndicatorMarkupId() { - return disableIndicator ? StringUtils.EMPTY : super.getAjaxIndicatorMarkupId(); - } - }.feedbackPanelAutomaticReload(link.feedbackPanelAutomaticReload())); + @Override + public String getAjaxIndicatorMarkupId() { + return disableIndicator ? StringUtils.EMPTY : super.getAjaxIndicatorMarkupId(); + } + }.feedbackPanelAutomaticReload(link.feedbackPanelAutomaticReload())); break; case ASSIGN: @@ -640,18 +640,18 @@ public final class ActionLinksPanel<T extends Serializable> extends Panel { fragment.addOrReplace( new IndicatingOnConfirmAjaxLink<Void>("deprovisionLink", pageRef, "confirmDeprovision") { - private static final long serialVersionUID = -6957616042924610295L; + private static final long serialVersionUID = -6957616042924610295L; - @Override - protected void onClickInternal(final AjaxRequestTarget target) { - link.onClick(target, model.getObject()); - } + @Override + protected void onClickInternal(final AjaxRequestTarget target) { + link.onClick(target, model.getObject()); + } - @Override - public String getAjaxIndicatorMarkupId() { - return disableIndicator ? StringUtils.EMPTY : super.getAjaxIndicatorMarkupId(); - } - }.feedbackPanelAutomaticReload(link.feedbackPanelAutomaticReload())); + @Override + public String getAjaxIndicatorMarkupId() { + return disableIndicator ? StringUtils.EMPTY : super.getAjaxIndicatorMarkupId(); + } + }.feedbackPanelAutomaticReload(link.feedbackPanelAutomaticReload())); break; case PROVISION: @@ -927,8 +927,8 @@ public final class ActionLinksPanel<T extends Serializable> extends Panel { */ public ActionLinksPanel<T> build(final String id, final T modelObject) { final ActionLinksPanel<T> panel = modelObject == null - ? new ActionLinksPanel<T>(id, new Model<T>(), this.pageRef) - : new ActionLinksPanel<T>(id, new Model<T>(modelObject), this.pageRef); + ? new ActionLinksPanel<>(id, new Model<T>(), this.pageRef) + : new ActionLinksPanel<>(id, new Model<>(modelObject), this.pageRef); panel.setDisableIndicator(disableIndicator); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxDateFieldPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxDateFieldPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxDateFieldPanel.java index b60b7f6..b81a1ba 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxDateFieldPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxDateFieldPanel.java @@ -68,6 +68,7 @@ public class AjaxDateFieldPanel extends FieldPanel<Date> { // T0DO: trying to resolve issue 730. @Override + @SuppressWarnings("unchecked") public <C> IConverter<C> getConverter(final Class<C> type) { return (IConverter<C>) new DateConverter() { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/common/lib/src/main/java/org/apache/syncope/common/lib/to/SyncopeTO.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/SyncopeTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/SyncopeTO.java index f65badc..c99532c 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/SyncopeTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/SyncopeTO.java @@ -59,6 +59,8 @@ public class SyncopeTO extends AbstractBaseBean { private String passwordGenerator; + private final List<String> entitlements = new ArrayList<>(); + private final List<String> reportlets = new ArrayList<>(); private final List<String> accountRules = new ArrayList<>(); @@ -144,6 +146,13 @@ public class SyncopeTO extends AbstractBaseBean { this.passwordGenerator = passwordGenerator; } + @XmlElementWrapper(name = "entitlements") + @XmlElement(name = "entitlement") + @JsonProperty("entitlements") + public List<String> getEntitlements() { + return entitlements; + } + @XmlElementWrapper(name = "reportlets") @XmlElement(name = "reportlet") @JsonProperty("reportlets") http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/common/lib/src/main/java/org/apache/syncope/common/lib/types/ClientExceptionType.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/ClientExceptionType.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/ClientExceptionType.java index 9d6770f..68ad199 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/ClientExceptionType.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/ClientExceptionType.java @@ -53,6 +53,7 @@ public enum ClientExceptionType { InvalidVirSchema(Response.Status.BAD_REQUEST), InvalidMapping(Response.Status.BAD_REQUEST), InvalidRealm(Response.Status.BAD_REQUEST), + InvalidRole(Response.Status.BAD_REQUEST), InvalidUser(Response.Status.BAD_REQUEST), InvalidExternalResource(Response.Status.BAD_REQUEST), InvalidNotification(Response.Status.BAD_REQUEST), http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java deleted file mode 100644 index f0c2d15..0000000 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.common.lib.types; - -import java.lang.reflect.Field; -import java.lang.reflect.Modifier; -import java.util.Collections; -import java.util.Set; -import java.util.TreeSet; - -public final class Entitlement { - - public static final String ANONYMOUS = "ANONYMOUS"; - - public static final String MUST_CHANGE_PASSWORD = "MUST_CHANGE_PASSWORD"; - - public static final String DOMAIN_CREATE = "DOMAIN_CREATE"; - - public static final String DOMAIN_READ = "DOMAIN_READ"; - - public static final String DOMAIN_UPDATE = "DOMAIN_UPDATE"; - - public static final String DOMAIN_DELETE = "DOMAIN_DELETE"; - - public static final String REALM_LIST = "REALM_LIST"; - - public static final String REALM_CREATE = "REALM_CREATE"; - - public static final String REALM_UPDATE = "REALM_UPDATE"; - - public static final String REALM_DELETE = "REALM_DELETE"; - - public static final String ANYTYPECLASS_CREATE = "ANYTYPECLASS_CREATE"; - - public static final String ANYTYPECLASS_UPDATE = "ANYTYPECLASS_UPDATE"; - - public static final String ANYTYPECLASS_DELETE = "ANYTYPECLASS_DELETE"; - - public static final String ANYTYPE_CREATE = "ANYTYPE_CREATE"; - - public static final String ANYTYPE_UPDATE = "ANYTYPE_UPDATE"; - - public static final String ANYTYPE_DELETE = "ANYTYPE_DELETE"; - - public static final String RELATIONSHIPTYPE_LIST = "RELATIONSHIPTYPE_LIST"; - - public static final String RELATIONSHIPTYPE_CREATE = "RELATIONSHIPTYPE_CREATE"; - - public static final String RELATIONSHIPTYPE_READ = "RELATIONSHIPTYPE_READ"; - - public static final String RELATIONSHIPTYPE_UPDATE = "RELATIONSHIPTYPE_UPDATE"; - - public static final String RELATIONSHIPTYPE_DELETE = "RELATIONSHIPTYPE_DELETE"; - - public static final String ROLE_LIST = "ROLE_LIST"; - - public static final String ROLE_CREATE = "ROLE_CREATE"; - - public static final String ROLE_READ = "ROLE_READ"; - - public static final String ROLE_UPDATE = "ROLE_UPDATE"; - - public static final String ROLE_DELETE = "ROLE_DELETE"; - - public static final String SCHEMA_LIST = "SCHEMA_LIST"; - - public static final String SCHEMA_CREATE = "SCHEMA_CREATE"; - - public static final String SCHEMA_UPDATE = "SCHEMA_UPDATE"; - - public static final String SCHEMA_DELETE = "SCHEMA_DELETE"; - - public static final String USER_SEARCH = "USER_SEARCH"; - - public static final String USER_LIST = "USER_LIST"; - - public static final String USER_CREATE = "USER_CREATE"; - - public static final String USER_READ = "USER_READ"; - - public static final String USER_UPDATE = "USER_UPDATE"; - - public static final String USER_DELETE = "USER_DELETE"; - - public static final String GROUP_SEARCH = "GROUP_SEARCH"; - - public static final String GROUP_CREATE = "GROUP_CREATE"; - - public static final String GROUP_READ = "GROUP_READ"; - - public static final String GROUP_UPDATE = "GROUP_UPDATE"; - - public static final String GROUP_DELETE = "GROUP_DELETE"; - - public static final String ANY_OBJECT_SEARCH = "ANY_OBJECT_SEARCH"; - - public static final String ANY_OBJECT_LIST = "ANY_OBJECT_LIST"; - - public static final String ANY_OBJECT_CREATE = "ANY_OBJECT_CREATE"; - - public static final String ANY_OBJECT_READ = "ANY_OBJECT_READ"; - - public static final String ANY_OBJECT_UPDATE = "ANY_OBJECT_UPDATE"; - - public static final String ANY_OBJECT_DELETE = "ANY_OBJECT_DELETE"; - - public static final String RESOURCE_LIST = "RESOURCE_LIST"; - - public static final String RESOURCE_CREATE = "RESOURCE_CREATE"; - - public static final String RESOURCE_READ = "RESOURCE_READ"; - - public static final String RESOURCE_UPDATE = "RESOURCE_UPDATE"; - - public static final String RESOURCE_DELETE = "RESOURCE_DELETE"; - - public static final String RESOURCE_GET_CONNOBJECT = "RESOURCE_GET_CONNOBJECT"; - - public static final String RESOURCE_LIST_CONNOBJECT = "RESOURCE_LIST_CONNOBJECT"; - - public static final String CONNECTOR_LIST = "CONNECTOR_LIST"; - - public static final String CONNECTOR_CREATE = "CONNECTOR_CREATE"; - - public static final String CONNECTOR_READ = "CONNECTOR_READ"; - - public static final String CONNECTOR_UPDATE = "CONNECTOR_UPDATE"; - - public static final String CONNECTOR_DELETE = "CONNECTOR_DELETE"; - - public static final String CONNECTOR_RELOAD = "CONNECTOR_RELOAD"; - - public static final String CONFIGURATION_EXPORT = "CONFIGURATION_EXPORT"; - - public static final String CONFIGURATION_LIST = "CONFIGURATION_LIST"; - - public static final String CONFIGURATION_SET = "CONFIGURATION_SET"; - - public static final String CONFIGURATION_DELETE = "CONFIGURATION_DELETE"; - - public static final String TASK_LIST = "TASK_LIST"; - - public static final String TASK_CREATE = "TASK_CREATE"; - - public static final String TASK_READ = "TASK_READ"; - - public static final String TASK_UPDATE = "TASK_UPDATE"; - - public static final String TASK_DELETE = "TASK_DELETE"; - - public static final String TASK_EXECUTE = "TASK_EXECUTE"; - - public static final String POLICY_LIST = "POLICY_LIST"; - - public static final String POLICY_CREATE = "POLICY_CREATE"; - - public static final String POLICY_READ = "POLICY_READ"; - - public static final String POLICY_UPDATE = "POLICY_UPDATE"; - - public static final String POLICY_DELETE = "POLICY_DELETE"; - - public static final String WORKFLOW_DEF_READ = "WORKFLOW_DEF_READ"; - - public static final String WORKFLOW_DEF_UPDATE = "WORKFLOW_DEF_UPDATE"; - - public static final String WORKFLOW_TASK_LIST = "WORKFLOW_TASK_LIST"; - - public static final String WORKFLOW_FORM_LIST = "WORKFLOW_FORM_LIST"; - - public static final String WORKFLOW_FORM_READ = "WORKFLOW_FORM_READ"; - - public static final String WORKFLOW_FORM_CLAIM = "WORKFLOW_FORM_CLAIM"; - - public static final String WORKFLOW_FORM_SUBMIT = "WORKFLOW_FORM_SUBMIT"; - - public static final String NOTIFICATION_LIST = "NOTIFICATION_LIST"; - - public static final String NOTIFICATION_CREATE = "NOTIFICATION_CREATE"; - - public static final String NOTIFICATION_READ = "NOTIFICATION_READ"; - - public static final String NOTIFICATION_UPDATE = "NOTIFICATION_UPDATE"; - - public static final String NOTIFICATION_DELETE = "NOTIFICATION_DELETE"; - - public static final String REPORT_LIST = "REPORT_LIST"; - - public static final String REPORT_READ = "REPORT_READ"; - - public static final String REPORT_CREATE = "REPORT_CREATE"; - - public static final String REPORT_UPDATE = "REPORT_UPDATE"; - - public static final String REPORT_DELETE = "REPORT_DELETE"; - - public static final String REPORT_EXECUTE = "REPORT_EXECUTE"; - - public static final String LOG_READ = "LOG_READ"; - - public static final String LOG_LIST = "LOG_LIST"; - - public static final String LOG_SET_LEVEL = "LOG_SET_LEVEL"; - - public static final String LOG_DELETE = "LOG_DELETE"; - - public static final String AUDIT_LIST = "AUDIT_LIST"; - - public static final String AUDIT_READ = "AUDIT_READ"; - - public static final String AUDIT_ENABLE = "AUDIT_ENABLE"; - - public static final String AUDIT_DISABLE = "AUDIT_DISABLE"; - - public static final String SECURITY_QUESTION_CREATE = "SECURITY_QUESTION_CREATE"; - - public static final String SECURITY_QUESTION_UPDATE = "SECURITY_QUESTION_UPDATE"; - - public static final String SECURITY_QUESTION_DELETE = "SECURITY_QUESTION_DELETE"; - - public static final String ROUTE_READ = "ROUTE_READ"; - - public static final String ROUTE_LIST = "ROUTE_LIST"; - - public static final String ROUTE_UPDATE = "ROUTE_UPDATE"; - - private static final Set<String> ENTITLEMENTS; - - static { - Set<String> values = new TreeSet<>(); - for (Field field : Entitlement.class.getDeclaredFields()) { - if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) { - values.add(field.getName()); - } - } - values.remove(ANONYMOUS); - values.remove(MUST_CHANGE_PASSWORD); - ENTITLEMENTS = Collections.unmodifiableSet(values); - } - - public static Set<String> values() { - return ENTITLEMENTS; - } - - private Entitlement() { - // private constructor for static utility class - } -} http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java new file mode 100644 index 0000000..01ca830 --- /dev/null +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java @@ -0,0 +1,246 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.common.lib.types; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.Collections; +import java.util.Set; +import java.util.TreeSet; + +public final class StandardEntitlement { + + public static final String ANONYMOUS = "ANONYMOUS"; + + public static final String MUST_CHANGE_PASSWORD = "MUST_CHANGE_PASSWORD"; + + public static final String DOMAIN_CREATE = "DOMAIN_CREATE"; + + public static final String DOMAIN_READ = "DOMAIN_READ"; + + public static final String DOMAIN_UPDATE = "DOMAIN_UPDATE"; + + public static final String DOMAIN_DELETE = "DOMAIN_DELETE"; + + public static final String REALM_LIST = "REALM_LIST"; + + public static final String REALM_CREATE = "REALM_CREATE"; + + public static final String REALM_UPDATE = "REALM_UPDATE"; + + public static final String REALM_DELETE = "REALM_DELETE"; + + public static final String ANYTYPECLASS_CREATE = "ANYTYPECLASS_CREATE"; + + public static final String ANYTYPECLASS_UPDATE = "ANYTYPECLASS_UPDATE"; + + public static final String ANYTYPECLASS_DELETE = "ANYTYPECLASS_DELETE"; + + public static final String ANYTYPE_CREATE = "ANYTYPE_CREATE"; + + public static final String ANYTYPE_UPDATE = "ANYTYPE_UPDATE"; + + public static final String ANYTYPE_DELETE = "ANYTYPE_DELETE"; + + public static final String RELATIONSHIPTYPE_LIST = "RELATIONSHIPTYPE_LIST"; + + public static final String RELATIONSHIPTYPE_CREATE = "RELATIONSHIPTYPE_CREATE"; + + public static final String RELATIONSHIPTYPE_READ = "RELATIONSHIPTYPE_READ"; + + public static final String RELATIONSHIPTYPE_UPDATE = "RELATIONSHIPTYPE_UPDATE"; + + public static final String RELATIONSHIPTYPE_DELETE = "RELATIONSHIPTYPE_DELETE"; + + public static final String ROLE_LIST = "ROLE_LIST"; + + public static final String ROLE_CREATE = "ROLE_CREATE"; + + public static final String ROLE_READ = "ROLE_READ"; + + public static final String ROLE_UPDATE = "ROLE_UPDATE"; + + public static final String ROLE_DELETE = "ROLE_DELETE"; + + public static final String SCHEMA_LIST = "SCHEMA_LIST"; + + public static final String SCHEMA_CREATE = "SCHEMA_CREATE"; + + public static final String SCHEMA_UPDATE = "SCHEMA_UPDATE"; + + public static final String SCHEMA_DELETE = "SCHEMA_DELETE"; + + public static final String USER_SEARCH = "USER_SEARCH"; + + public static final String USER_LIST = "USER_LIST"; + + public static final String USER_CREATE = "USER_CREATE"; + + public static final String USER_READ = "USER_READ"; + + public static final String USER_UPDATE = "USER_UPDATE"; + + public static final String USER_DELETE = "USER_DELETE"; + + public static final String GROUP_SEARCH = "GROUP_SEARCH"; + + public static final String GROUP_CREATE = "GROUP_CREATE"; + + public static final String GROUP_READ = "GROUP_READ"; + + public static final String GROUP_UPDATE = "GROUP_UPDATE"; + + public static final String GROUP_DELETE = "GROUP_DELETE"; + + public static final String RESOURCE_LIST = "RESOURCE_LIST"; + + public static final String RESOURCE_CREATE = "RESOURCE_CREATE"; + + public static final String RESOURCE_READ = "RESOURCE_READ"; + + public static final String RESOURCE_UPDATE = "RESOURCE_UPDATE"; + + public static final String RESOURCE_DELETE = "RESOURCE_DELETE"; + + public static final String RESOURCE_GET_CONNOBJECT = "RESOURCE_GET_CONNOBJECT"; + + public static final String RESOURCE_LIST_CONNOBJECT = "RESOURCE_LIST_CONNOBJECT"; + + public static final String CONNECTOR_LIST = "CONNECTOR_LIST"; + + public static final String CONNECTOR_CREATE = "CONNECTOR_CREATE"; + + public static final String CONNECTOR_READ = "CONNECTOR_READ"; + + public static final String CONNECTOR_UPDATE = "CONNECTOR_UPDATE"; + + public static final String CONNECTOR_DELETE = "CONNECTOR_DELETE"; + + public static final String CONNECTOR_RELOAD = "CONNECTOR_RELOAD"; + + public static final String CONFIGURATION_EXPORT = "CONFIGURATION_EXPORT"; + + public static final String CONFIGURATION_LIST = "CONFIGURATION_LIST"; + + public static final String CONFIGURATION_SET = "CONFIGURATION_SET"; + + public static final String CONFIGURATION_DELETE = "CONFIGURATION_DELETE"; + + public static final String TASK_LIST = "TASK_LIST"; + + public static final String TASK_CREATE = "TASK_CREATE"; + + public static final String TASK_READ = "TASK_READ"; + + public static final String TASK_UPDATE = "TASK_UPDATE"; + + public static final String TASK_DELETE = "TASK_DELETE"; + + public static final String TASK_EXECUTE = "TASK_EXECUTE"; + + public static final String POLICY_LIST = "POLICY_LIST"; + + public static final String POLICY_CREATE = "POLICY_CREATE"; + + public static final String POLICY_READ = "POLICY_READ"; + + public static final String POLICY_UPDATE = "POLICY_UPDATE"; + + public static final String POLICY_DELETE = "POLICY_DELETE"; + + public static final String WORKFLOW_DEF_READ = "WORKFLOW_DEF_READ"; + + public static final String WORKFLOW_DEF_UPDATE = "WORKFLOW_DEF_UPDATE"; + + public static final String WORKFLOW_TASK_LIST = "WORKFLOW_TASK_LIST"; + + public static final String WORKFLOW_FORM_LIST = "WORKFLOW_FORM_LIST"; + + public static final String WORKFLOW_FORM_READ = "WORKFLOW_FORM_READ"; + + public static final String WORKFLOW_FORM_CLAIM = "WORKFLOW_FORM_CLAIM"; + + public static final String WORKFLOW_FORM_SUBMIT = "WORKFLOW_FORM_SUBMIT"; + + public static final String NOTIFICATION_LIST = "NOTIFICATION_LIST"; + + public static final String NOTIFICATION_CREATE = "NOTIFICATION_CREATE"; + + public static final String NOTIFICATION_READ = "NOTIFICATION_READ"; + + public static final String NOTIFICATION_UPDATE = "NOTIFICATION_UPDATE"; + + public static final String NOTIFICATION_DELETE = "NOTIFICATION_DELETE"; + + public static final String REPORT_LIST = "REPORT_LIST"; + + public static final String REPORT_READ = "REPORT_READ"; + + public static final String REPORT_CREATE = "REPORT_CREATE"; + + public static final String REPORT_UPDATE = "REPORT_UPDATE"; + + public static final String REPORT_DELETE = "REPORT_DELETE"; + + public static final String REPORT_EXECUTE = "REPORT_EXECUTE"; + + public static final String LOG_READ = "LOG_READ"; + + public static final String LOG_LIST = "LOG_LIST"; + + public static final String LOG_SET_LEVEL = "LOG_SET_LEVEL"; + + public static final String LOG_DELETE = "LOG_DELETE"; + + public static final String AUDIT_LIST = "AUDIT_LIST"; + + public static final String AUDIT_READ = "AUDIT_READ"; + + public static final String AUDIT_ENABLE = "AUDIT_ENABLE"; + + public static final String AUDIT_DISABLE = "AUDIT_DISABLE"; + + public static final String SECURITY_QUESTION_CREATE = "SECURITY_QUESTION_CREATE"; + + public static final String SECURITY_QUESTION_UPDATE = "SECURITY_QUESTION_UPDATE"; + + public static final String SECURITY_QUESTION_DELETE = "SECURITY_QUESTION_DELETE"; + + private static final Set<String> VALUES; + + static { + Set<String> values = new TreeSet<>(); + for (Field field : StandardEntitlement.class.getDeclaredFields()) { + if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) { + values.add(field.getName()); + } + } + values.remove(ANONYMOUS); + values.remove(MUST_CHANGE_PASSWORD); + VALUES = Collections.unmodifiableSet(values); + } + + public static Set<String> values() { + return VALUES; + } + + private StandardEntitlement() { + // private constructor for static utility class + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AnyObjectService.java ---------------------------------------------------------------------- diff --git a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AnyObjectService.java b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AnyObjectService.java index 904f854..9e72fc4 100644 --- a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AnyObjectService.java +++ b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AnyObjectService.java @@ -18,6 +18,7 @@ */ package org.apache.syncope.common.rest.api.service; +import javax.validation.constraints.NotNull; import javax.ws.rs.BeanParam; import javax.ws.rs.GET; import javax.ws.rs.MatrixParam; @@ -44,6 +45,6 @@ public interface AnyObjectService extends AnyService<AnyObjectTO, AnyObjectPatch */ @GET @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - PagedResult<AnyObjectTO> list(@MatrixParam("type") String type, @BeanParam AnyListQuery listQuery); + PagedResult<AnyObjectTO> list(@NotNull @MatrixParam("type") String type, @BeanParam AnyListQuery listQuery); } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/AnyObjectLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyObjectLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyObjectLogic.java index b3f7a4a..99dc2f5 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyObjectLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyObjectLogic.java @@ -22,7 +22,6 @@ import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashSet; import java.util.List; import java.util.Set; import org.apache.commons.collections4.CollectionUtils; @@ -31,7 +30,6 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.common.lib.SyncopeClientException; -import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.patch.AnyObjectPatch; import org.apache.syncope.common.lib.patch.StringPatchItem; import org.apache.syncope.common.lib.to.PropagationStatus; @@ -39,8 +37,8 @@ import org.apache.syncope.common.lib.to.AnyObjectTO; import org.apache.syncope.common.lib.to.ProvisioningResult; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PatchOperation; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.persistence.api.dao.AnyObjectDAO; import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; import org.apache.syncope.core.persistence.api.dao.search.SearchCond; @@ -48,10 +46,10 @@ import org.apache.syncope.core.provisioning.api.AnyObjectProvisioningManager; import org.apache.syncope.core.provisioning.api.data.AnyObjectDataBinder; import org.apache.syncope.core.misc.security.AuthContextUtils; import org.apache.syncope.core.persistence.api.dao.AnySearchDAO; +import org.apache.syncope.core.persistence.api.entity.AnyType; import org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject; import org.apache.syncope.core.provisioning.api.LogicActions; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -74,68 +72,58 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch @Autowired protected AnyObjectProvisioningManager provisioningManager; - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_READ + "')") @Transactional(readOnly = true) @Override public AnyObjectTO read(final Long key) { return binder.getAnyObjectTO(key); } - @PreAuthorize("isAuthenticated()") @Transactional(readOnly = true) @Override public int count(final List<String> realms) { - return anyObjectDAO.count(getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realms)); + throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_LIST + "')") @Transactional(readOnly = true) @Override public List<AnyObjectTO> list( final int page, final int size, final List<OrderByClause> orderBy, final List<String> realms, final boolean details) { - return list(null, page, size, orderBy, realms, details); + throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_LIST + "')") @Transactional(readOnly = true) - public List<AnyObjectTO> list(final String type, - final int page, final int size, final List<OrderByClause> orderBy, - final List<String> realms, final boolean details) { - - Set<String> effectiveRealms = getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realms); - - return CollectionUtils.collect(StringUtils.isBlank(type) - ? anyObjectDAO.findAll(effectiveRealms, page, size, orderBy) - : anyObjectDAO.findAll(type, effectiveRealms, page, size, orderBy), - new Transformer<AnyObject, AnyObjectTO>() { + @Override + public int searchCount(final SearchCond searchCond, final List<String> realms) { + if (searchCond.hasAnyTypeCond() == null) { + throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); + } - @Override - public AnyObjectTO transform(final AnyObject input) { - return binder.getAnyObjectTO(input, details); - } - }, new ArrayList<AnyObjectTO>()); - } + Set<String> effectiveRealms = getEffectiveRealms( + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(searchCond.hasAnyTypeCond(), EntitlementsHolder.AnyEntitlement.SEARCH)), + realms); - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_SEARCH + "')") - @Transactional(readOnly = true) - @Override - public int searchCount(final SearchCond searchCondition, final List<String> realms) { - return searchDAO.count( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_SEARCH), realms), - searchCondition, AnyTypeKind.ANY_OBJECT); + return searchDAO.count(effectiveRealms, searchCond, AnyTypeKind.ANY_OBJECT); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_SEARCH + "')") @Transactional(readOnly = true) @Override - public List<AnyObjectTO> search(final SearchCond searchCondition, final int page, final int size, + public List<AnyObjectTO> search(final SearchCond searchCond, final int page, final int size, final List<OrderByClause> orderBy, final List<String> realms, final boolean details) { + if (searchCond.hasAnyTypeCond() == null) { + throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); + } + + Set<String> effectiveRealms = getEffectiveRealms( + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(searchCond.hasAnyTypeCond(), EntitlementsHolder.AnyEntitlement.SEARCH)), + realms); + List<AnyObject> matchingAnyObjects = searchDAO.search( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_SEARCH), realms), - searchCondition, page, size, orderBy, AnyTypeKind.ANY_OBJECT); + effectiveRealms, searchCond, page, size, orderBy, AnyTypeKind.ANY_OBJECT); return CollectionUtils.collect(matchingAnyObjects, new Transformer<AnyObject, AnyObjectTO>() { @Override @@ -145,7 +133,6 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch }, new ArrayList<AnyObjectTO>()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_CREATE + "')") @Override public ProvisioningResult<AnyObjectTO> create(final AnyObjectTO anyObjectTO, final boolean nullPriorityAsync) { Pair<AnyObjectTO, List<LogicActions>> before = beforeCreate(anyObjectTO); @@ -153,23 +140,21 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } + if (before.getLeft().getType() == null) { + throw SyncopeClientException.build(ClientExceptionType.InvalidAnyType); + } Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_CREATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(before.getLeft().getType(), EntitlementsHolder.AnyEntitlement.CREATE)), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); - if (before.getLeft().getType() == null) { - throw SyncopeClientException.build(ClientExceptionType.InvalidAnyType); - } - - Pair<Long, List<PropagationStatus>> created = - provisioningManager.create(before.getLeft(), nullPriorityAsync); + Pair<Long, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), nullPriorityAsync); return after(binder.getAnyObjectTO(created.getKey()), created.getRight(), before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public ProvisioningResult<AnyObjectTO> update( final AnyObjectPatch anyObjectPatch, final boolean nullPriorityAsync) { @@ -177,29 +162,29 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch AnyObjectTO anyObjectTO = binder.getAnyObjectTO(anyObjectPatch.getKey()); Pair<AnyObjectPatch, List<LogicActions>> before = beforeUpdate(anyObjectPatch, anyObjectTO.getRealm()); - if (before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue())) { - Set<String> requestedRealms = new HashSet<>(); - requestedRealms.add(before.getLeft().getRealm().getValue()); - Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), - requestedRealms); - securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); - } + String realm = + before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue()) + ? before.getLeft().getRealm().getValue() + : anyObjectTO.getRealm(); + Set<String> effectiveRealms = getEffectiveRealms( + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObjectTO.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), + Collections.singleton(realm)); + securityChecks(effectiveRealms, realm, before.getLeft().getKey()); - Pair<Long, List<PropagationStatus>> updated = - provisioningManager.update(anyObjectPatch, nullPriorityAsync); + Pair<Long, List<PropagationStatus>> updated = provisioningManager.update(anyObjectPatch, nullPriorityAsync); return after(binder.getAnyObjectTO(updated.getKey()), updated.getRight(), before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_DELETE + "')") @Override public ProvisioningResult<AnyObjectTO> delete(final Long key, final boolean nullPriorityAsync) { AnyObjectTO anyObject = binder.getAnyObjectTO(key); Pair<AnyObjectTO, List<LogicActions>> before = beforeDelete(anyObject); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_DELETE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(before.getLeft().getType(), EntitlementsHolder.AnyEntitlement.DELETE)), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); @@ -211,13 +196,13 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return after(anyObjectTO, statuses, before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public AnyObjectTO unlink(final Long key, final Collection<String> resources) { // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); @@ -234,13 +219,13 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return binder.getAnyObjectTO(provisioningManager.unlink(patch)); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public AnyObjectTO link(final Long key, final Collection<String> resources) { // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); @@ -257,7 +242,6 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return binder.getAnyObjectTO(provisioningManager.link(patch)); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public ProvisioningResult<AnyObjectTO> unassign( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -265,7 +249,8 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); @@ -282,7 +267,6 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public ProvisioningResult<AnyObjectTO> assign( final Long key, @@ -294,7 +278,8 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); @@ -311,7 +296,6 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public ProvisioningResult<AnyObjectTO> deprovision( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -319,7 +303,8 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); @@ -331,7 +316,6 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch return result; } - @PreAuthorize("hasRole('" + Entitlement.ANY_OBJECT_UPDATE + "')") @Override public ProvisioningResult<AnyObjectTO> provision( final Long key, @@ -343,7 +327,8 @@ public class AnyObjectLogic extends AbstractAnyLogic<AnyObjectTO, AnyObjectPatch // security checks AnyObjectTO anyObject = binder.getAnyObjectTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_UPDATE), + AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType(), EntitlementsHolder.AnyEntitlement.UPDATE)), Collections.singleton(anyObject.getRealm())); securityChecks(effectiveRealms, anyObject.getRealm(), anyObject.getKey()); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java index 7ccd2bf..6d090dd 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java @@ -26,7 +26,7 @@ import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.to.AnyTypeClassTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO; import org.apache.syncope.core.persistence.api.entity.AnyTypeClass; @@ -67,12 +67,12 @@ public class AnyTypeClassLogic extends AbstractTransactionalLogic<AnyTypeClassTO }, new ArrayList<AnyTypeClassTO>()); } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPECLASS_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPECLASS_CREATE + "')") public AnyTypeClassTO create(final AnyTypeClassTO anyTypeClassTO) { return binder.getAnyTypeClassTO(anyTypeClassDAO.save(binder.create(anyTypeClassTO))); } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPECLASS_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPECLASS_UPDATE + "')") public AnyTypeClassTO update(final AnyTypeClassTO anyTypeClassTO) { AnyTypeClass anyType = anyTypeClassDAO.find(anyTypeClassTO.getKey()); if (anyType == null) { @@ -86,7 +86,7 @@ public class AnyTypeClassLogic extends AbstractTransactionalLogic<AnyTypeClassTO return binder.getAnyTypeClassTO(anyType); } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPECLASS_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPECLASS_DELETE + "')") public AnyTypeClassTO delete(final String key) { AnyTypeClass anyTypeClass = anyTypeClassDAO.find(key); if (anyTypeClass == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java index 6bd0fd5..6e76e60 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java @@ -28,7 +28,8 @@ import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.AnyTypeTO; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.entity.AnyType; @@ -69,12 +70,14 @@ public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { }, new ArrayList<AnyTypeTO>()); } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPE_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPE_CREATE + "')") public AnyTypeTO create(final AnyTypeTO anyTypeTO) { - return binder.getAnyTypeTO(anyTypeDAO.save(binder.create(anyTypeTO))); + AnyTypeTO result = binder.getAnyTypeTO(anyTypeDAO.save(binder.create(anyTypeTO))); + EntitlementsHolder.getInstance().addFor(result.getKey()); + return result; } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPE_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPE_UPDATE + "')") public AnyTypeTO update(final AnyTypeTO anyTypeTO) { AnyType anyType = anyTypeDAO.find(anyTypeTO.getKey()); if (anyType == null) { @@ -82,13 +85,17 @@ public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { throw new NotFoundException(String.valueOf(anyTypeTO.getKey())); } + EntitlementsHolder.getInstance().removeFor(anyTypeTO.getKey()); + binder.update(anyType, anyTypeTO); anyType = anyTypeDAO.save(anyType); - return binder.getAnyTypeTO(anyType); + AnyTypeTO result = binder.getAnyTypeTO(anyType); + EntitlementsHolder.getInstance().addFor(result.getKey()); + return result; } - @PreAuthorize("hasRole('" + Entitlement.ANYTYPE_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPE_DELETE + "')") public AnyTypeTO delete(final String key) { AnyType anyType = anyTypeDAO.find(key); if (anyType == null) { @@ -105,6 +112,7 @@ public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { sce.getElements().add(e.getMessage()); throw sce; } + EntitlementsHolder.getInstance().removeFor(deleted.getKey()); return deleted; } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java index 3f0115d..4a7d4ca 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java @@ -22,7 +22,7 @@ import java.io.OutputStream; import java.lang.reflect.Method; import java.util.List; import org.apache.syncope.common.lib.to.AttrTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.security.AuthContextUtils; import org.apache.syncope.core.persistence.api.content.ContentExporter; import org.apache.syncope.core.persistence.api.dao.ConfDAO; @@ -59,7 +59,7 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<AttrTO> { @Autowired private GroupWorkflowAdapter gwfAdapter; - @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONFIGURATION_DELETE + "')") public void delete(final String schema) { CPlainAttr conf = confDAO.find(schema); if (conf == null) { @@ -72,7 +72,7 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<AttrTO> { confDAO.delete(schema); } - @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONFIGURATION_LIST + "')") public List<AttrTO> list() { return binder.getConfTO(confDAO.get()); } @@ -97,12 +97,12 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<AttrTO> { return result; } - @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_SET + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONFIGURATION_SET + "')") public void set(final AttrTO value) { confDAO.save(binder.getAttribute(value)); } - @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_EXPORT + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONFIGURATION_EXPORT + "')") @Transactional(readOnly = true) public void export(final OutputStream os) { try { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java index 77ef94c..1d8f705 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java @@ -35,7 +35,7 @@ import org.apache.syncope.common.lib.to.ConnBundleTO; import org.apache.syncope.common.lib.to.ConnIdObjectClassTO; import org.apache.syncope.common.lib.to.ConnInstanceTO; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.ConnInstanceDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -75,7 +75,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { @Autowired private ConnectorFactory connFactory; - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_CREATE + "')") public ConnInstanceTO create(final ConnInstanceTO connInstanceTO) { ConnInstance connInstance = binder.getConnInstance(connInstanceTO); try { @@ -91,7 +91,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_UPDATE + "')") public ConnInstanceTO update(final ConnInstanceTO connInstanceTO) { ConnInstance connInstance = binder.update(connInstanceTO.getKey(), connInstanceTO); try { @@ -107,7 +107,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_DELETE + "')") public ConnInstanceTO delete(final Long connInstanceKey) { ConnInstance connInstance = connInstanceDAO.find(connInstanceKey); if (connInstance == null) { @@ -130,7 +130,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return connToDelete; } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_LIST + "')") @Transactional(readOnly = true) public List<ConnInstanceTO> list(final String lang) { CurrentLocale.set(StringUtils.isBlank(lang) ? Locale.ENGLISH : new Locale(lang)); @@ -138,24 +138,24 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { List<ConnInstanceTO> result = CollectionUtils.collect(connInstanceDAO.findAll().iterator(), new Transformer<ConnInstance, ConnInstanceTO>() { - @Override - public ConnInstanceTO transform(final ConnInstance connInstance) { - ConnInstanceTO result = null; - try { - result = binder.getConnInstanceTO(connInstance); - } catch (NotFoundException e) { - LOG.error("Connector '{}#{}' not found", - connInstance.getBundleName(), connInstance.getVersion()); - } - - return result; - } - }, new ArrayList<ConnInstanceTO>()); + @Override + public ConnInstanceTO transform(final ConnInstance connInstance) { + ConnInstanceTO result = null; + try { + result = binder.getConnInstanceTO(connInstance); + } catch (NotFoundException e) { + LOG.error("Connector '{}#{}' not found", + connInstance.getBundleName(), connInstance.getVersion()); + } + + return result; + } + }, new ArrayList<ConnInstanceTO>()); CollectionUtils.filter(result, PredicateUtils.notNullPredicate()); return result; } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public ConnInstanceTO read(final Long connInstanceKey, final String lang) { CurrentLocale.set(StringUtils.isBlank(lang) ? Locale.ENGLISH : new Locale(lang)); @@ -168,7 +168,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public List<ConnBundleTO> getBundles(final String lang) { if (StringUtils.isBlank(lang)) { @@ -203,7 +203,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return connectorBundleTOs; } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") public List<ConnIdObjectClassTO> buildObjectClassInfo( final ConnInstanceTO connInstanceTO, final boolean includeSpecial) { @@ -235,13 +235,13 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return result; } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public void check(final ConnInstanceTO connInstanceTO) { connFactory.createConnector(binder.getConnInstance(connInstanceTO)).test(); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public ConnInstanceTO readByResource(final String resourceName, final String lang) { CurrentLocale.set(StringUtils.isBlank(lang) ? Locale.ENGLISH : new Locale(lang)); @@ -253,7 +253,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connFactory.getConnector(resource).getConnInstance()); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_RELOAD + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_RELOAD + "')") @Transactional(readOnly = true) public void reload() { connFactory.unload(); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/DomainLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/DomainLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/DomainLogic.java index e95f70b..a1dbfab 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/DomainLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/DomainLogic.java @@ -26,7 +26,7 @@ import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.to.DomainTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.DomainsHolder; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.DomainDAO; @@ -48,7 +48,7 @@ public class DomainLogic extends AbstractTransactionalLogic<DomainTO> { @Autowired private DomainDAO domainDAO; - @PreAuthorize("hasRole('" + Entitlement.DOMAIN_READ + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.DOMAIN_READ + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public DomainTO read(final String key) { Domain domain = domainDAO.find(key); @@ -72,7 +72,7 @@ public class DomainLogic extends AbstractTransactionalLogic<DomainTO> { }, new ArrayList<DomainTO>()); } - @PreAuthorize("hasRole('" + Entitlement.DOMAIN_CREATE + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.DOMAIN_CREATE + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public DomainTO create(final DomainTO domainTO) { if (!domainsHolder.getDomains().keySet().contains(domainTO.getKey())) { @@ -82,7 +82,7 @@ public class DomainLogic extends AbstractTransactionalLogic<DomainTO> { return binder.getDomainTO(domainDAO.save(binder.create(domainTO))); } - @PreAuthorize("hasRole('" + Entitlement.DOMAIN_UPDATE + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.DOMAIN_UPDATE + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public DomainTO update(final DomainTO domainTO) { Domain domain = domainDAO.find(domainTO.getKey()); @@ -97,7 +97,7 @@ public class DomainLogic extends AbstractTransactionalLogic<DomainTO> { return binder.getDomainTO(domain); } - @PreAuthorize("hasRole('" + Entitlement.DOMAIN_DELETE + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.DOMAIN_DELETE + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public DomainTO delete(final String key) { Domain domain = domainDAO.find(key);
