Repository: syncope Updated Branches: refs/heads/2_0_X 37d967032 -> c757e3dea refs/heads/master 55b9e83d7 -> a02401fea
[SYNCOPE-940] Fix provided - besides listing, now also searching for Groups does not require special entitlements any more, removing StandardEntitlements.GROUP_SEARCH Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c757e3de Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c757e3de Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c757e3de Branch: refs/heads/2_0_X Commit: c757e3dea4032ac5ae341992059cbfd7c846dc92 Parents: 37d9670 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Thu Sep 29 17:25:10 2016 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Thu Sep 29 17:25:10 2016 +0200 ---------------------------------------------------------------------- .../client/console/commons/ITabComponent.java | 9 +++++++-- .../console/panels/GroupDirectoryPanel.java | 2 +- .../syncope/client/console/panels/Realm.java | 18 ++++++++++-------- .../client/console/wizards/any/Groups.java | 8 +++----- .../client/console/wizards/any/Ownership.java | 4 +--- .../client/enduser/resources/GroupResource.java | 5 ++++- .../app/js/controllers/UserController.js | 6 ++++++ .../common/lib/types/StandardEntitlement.java | 2 -- .../org/apache/syncope/core/logic/GroupLogic.java | 8 ++++---- 9 files changed, 36 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java index 91043b5..af09113 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java @@ -16,6 +16,7 @@ package org.apache.syncope.client.console.commons; import java.util.UUID; +import org.apache.commons.lang3.StringUtils; import org.apache.wicket.Component; import org.apache.wicket.authroles.authorization.strategies.role.Roles; import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions; @@ -34,7 +35,7 @@ public abstract class ITabComponent extends Component implements ITab { private final IModel<String> title; /** - * Constructor + * Constructor. * * @param title IModel used to represent the title of the tab. Must contain a string * @param roles authorized roles @@ -45,7 +46,11 @@ public abstract class ITabComponent extends Component implements ITab { final ActionPermissions permissions = new ActionPermissions(); setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions); - permissions.authorize(RENDER, new Roles(roles)); + if (StringUtils.isBlank(roles)) { + permissions.authorizeAll(RENDER); + } else { + permissions.authorize(RENDER, new Roles(roles)); + } } /** http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java index 67e806d..118c415 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java @@ -395,7 +395,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli target.add(container); } } - }, ActionType.RELOAD, StandardEntitlement.GROUP_SEARCH).build(componentId); + }, ActionType.RELOAD).build(componentId); } }); http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java index d2a869c..857bff0 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java @@ -50,6 +50,7 @@ import org.apache.syncope.common.lib.to.ConnObjectTO; import org.apache.syncope.common.lib.to.PropagationStatus; import org.apache.syncope.common.lib.to.ProvisioningResult; import org.apache.syncope.common.lib.to.RealmTO; +import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.PropagationTaskExecStatus; import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.wicket.Component; @@ -85,8 +86,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { setPageRef(pageRef); - AjaxBootstrapTabbedPanel<ITab> tabbedPanel - = new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef)); + AjaxBootstrapTabbedPanel<ITab> tabbedPanel = + new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef)); tabbedPanel.setSelectedTab(selectedIndex); addInnerObject(tabbedPanel); this.wizardBuilder = new RealmWizardBuilder(pageRef); @@ -157,14 +158,15 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { } }); - final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo - = FormLayoutInfoUtils.fetch(anyTypeTOs); + final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo = + FormLayoutInfoUtils.fetch(anyTypeTOs); Collections.sort(anyTypeTOs, new AnyTypeComparator()); for (final AnyTypeTO anyTypeTO : anyTypeTOs) { tabs.add(new ITabComponent( new Model<>(anyTypeTO.getKey()), - String.format("%s_SEARCH", anyTypeTO.getKey())) { + AnyTypeKind.GROUP.name().equals(anyTypeTO.getKey()) + ? null : String.format("%s_SEARCH", anyTypeTO.getKey())) { private static final long serialVersionUID = 1169585538404171118L; @@ -202,8 +204,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { propagations.add(syncope); propagations.addAll(((ProvisioningResult) result).getPropagationStatuses()); - ListViewPanel.Builder<PropagationStatus> builder - = new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) { + ListViewPanel.Builder<PropagationStatus> builder = + new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) { private static final long serialVersionUID = -6809736686861678498L; @@ -218,7 +220,7 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues()) ? StringUtils.EMPTY : afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues(). - iterator().next(); + iterator().next(); return new Label("field", remoteId); } else if ("status".equalsIgnoreCase(key)) { http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java index 8181baf..e8aba25 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java @@ -42,10 +42,8 @@ import org.apache.wicket.model.IModel; import org.apache.wicket.model.util.ListModel; import org.apache.wicket.util.lang.Args; import org.apache.syncope.common.lib.to.GroupableRelatableTO; -import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions; import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy; -import org.apache.wicket.authroles.authorization.strategies.role.Roles; import org.apache.wicket.extensions.wizard.WizardModel.ICondition; public class Groups extends WizardStep implements ICondition { @@ -66,7 +64,7 @@ public class Groups extends WizardStep implements ICondition { // ----------------------------------------------------------------- final ActionPermissions permissions = new ActionPermissions(); setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions); - permissions.authorize(RENDER, new Roles(StandardEntitlement.GROUP_SEARCH)); + permissions.authorizeAll(RENDER); // ----------------------------------------------------------------- setOutputMarkupId(true); @@ -114,7 +112,7 @@ public class Groups extends WizardStep implements ICondition { groupRestClient.search( realm, SyncopeClient.getGroupSearchConditionBuilder(). - isAssignable().and().is("name").equalTo(filter).query(), + isAssignable().and().is("name").equalTo(filter).query(), -1, -1, new SortParam<>("name", true), null), @@ -160,6 +158,6 @@ public class Groups extends WizardStep implements ICondition { public boolean evaluate() { return CollectionUtils.isNotEmpty(allGroups) && SyncopeConsoleApplication.get().getSecuritySettings().getAuthorizationStrategy(). - isActionAuthorized(this, RENDER); + isActionAuthorized(this, RENDER); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java index eb5b318..9fe6a0f 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java @@ -106,9 +106,7 @@ public class Ownership extends WizardStep implements WizardModel.ICondition { // ----------------------------------------------------------------- final ActionPermissions permissions = new ActionPermissions(); setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions); - permissions.authorize(RENDER, new Roles(new StringBuilder(). - append(StandardEntitlement.USER_SEARCH).append(","). - append(StandardEntitlement.GROUP_SEARCH).toString())); + permissions.authorize(RENDER, new Roles(StandardEntitlement.USER_SEARCH)); // ----------------------------------------------------------------- setTitleModel(new ResourceModel("group.ownership")); http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java index 365d7df..0099859 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java @@ -23,6 +23,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.Response; import org.apache.syncope.client.enduser.SyncopeEnduserSession; +import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.to.GroupTO; import org.apache.syncope.common.rest.api.beans.AnyQuery; @@ -55,7 +56,9 @@ public class GroupResource extends AbstractBaseResource { String realm = java.net.URLDecoder.decode(attributes.getParameters().get("realm"). toString(SyncopeConstants.ROOT_REALM), "UTF-8"); - final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm).build()).getResult(); + final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm). + fiql(SyncopeClient.getGroupSearchConditionBuilder().isAssignable().query()). + build()).getResult(); response.setWriteCallback(new AbstractResource.WriteCallback() { http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js index 1d33e3d..c6b0b4e 100644 --- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js +++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js @@ -181,6 +181,7 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l for (var i in response) { $scope.dynamicForm.resources.push(response[i].key); } + $scope.dynamicForm.resources.sort(); }); }; @@ -191,6 +192,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l for (var i in response) { $scope.dynamicForm.groups.push({"rightKey": response[i].key, "groupName": response[i].name}); } + $scope.dynamicForm.groups.sort(function (a, b) { + var x = a.groupName; + var y = b.groupName; + return x < y ? -1 : x > y ? 1 : 0; + }); }, function (e) { $scope.showError("An error occur during retrieving groups " + e, $scope.notification) }); http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java index ecaa25f..74c59b7 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java @@ -96,8 +96,6 @@ public final class StandardEntitlement { public static final String USER_DELETE = "USER_DELETE"; - public static final String GROUP_SEARCH = "GROUP_SEARCH"; - public static final String GROUP_CREATE = "GROUP_CREATE"; public static final String GROUP_READ = "GROUP_READ"; http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java index bd07a22..157a7d6 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java @@ -189,23 +189,23 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { }, new ArrayList<GroupTO>()); } - @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')") + @PreAuthorize("isAuthenticated()") @Transactional(readOnly = true) @Override public int searchCount(final SearchCond searchCondition, final String realm) { return searchDAO.count( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm), + getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm), searchCondition, AnyTypeKind.GROUP); } - @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')") + @PreAuthorize("isAuthenticated()") @Transactional(readOnly = true) @Override public List<GroupTO> search(final SearchCond searchCondition, final int page, final int size, final List<OrderByClause> orderBy, final String realm, final boolean details) { List<Group> matchingGroups = searchDAO.search( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm), + getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm), searchCondition, page, size, orderBy, AnyTypeKind.GROUP); return CollectionUtils.collect(matchingGroups, new Transformer<Group, GroupTO>() {
