[SYNCOPE-1152] Adaptations for reasonable working with delegated admin
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f9c61fbc Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f9c61fbc Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f9c61fbc Branch: refs/heads/master Commit: f9c61fbc6d9a1760bdcc777f3427e49b9349c5b6 Parents: 20596e2 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Wed Jul 12 10:19:58 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Wed Jul 12 10:20:13 2017 +0200 ---------------------------------------------------------------------- .../console/commons/ResourceStatusDataProvider.java | 10 +++++----- .../client/console/layout/FormLayoutInfoUtils.java | 3 ++- .../apache/syncope/client/console/panels/AnyPanel.java | 5 ++--- .../client/console/panels/GroupDirectoryPanel.java | 2 +- .../apache/syncope/client/console/panels/Realm.java | 13 ++++++++----- .../client/console/panels/RoleDirectoryPanel.java | 2 +- .../syncope/client/console/widgets/NumberWidget.java | 1 + .../syncope/common/lib/types/StandardEntitlement.java | 2 -- .../org/apache/syncope/core/logic/DynRealmLogic.java | 1 - .../src/test/resources/domains/MasterContent.xml | 8 ++++++++ 10 files changed, 28 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/commons/ResourceStatusDataProvider.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/commons/ResourceStatusDataProvider.java b/client/console/src/main/java/org/apache/syncope/client/console/commons/ResourceStatusDataProvider.java index d743971..0d936a5 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/commons/ResourceStatusDataProvider.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/commons/ResourceStatusDataProvider.java @@ -93,7 +93,7 @@ public class ResourceStatusDataProvider extends DirectoryDataProvider<StatusBean setSort("connObjectLink", SortOrder.ASCENDING); - this.comparator = new SortableDataProviderComparator<StatusBean>(this); + this.comparator = new SortableDataProviderComparator<>(this); this.realm = realm; this.type = type; @@ -106,15 +106,15 @@ public class ResourceStatusDataProvider extends DirectoryDataProvider<StatusBean } final int page = ((int) first / paginatorRows); - List<? extends AnyTO> result - = restClient.search(realm, fiql, (page < 0 ? 0 : page) + 1, paginatorRows, getSort(), type); + List<? extends AnyTO> result = + restClient.search(realm, fiql, (page < 0 ? 0 : page) + 1, paginatorRows, getSort(), type); List<StatusBean> res = CollectionUtils.collect(result, new Transformer<AnyTO, StatusBean>() { @Override public StatusBean transform(final AnyTO input) { - final List<ConnObjectWrapper> connObjects - = statusUtils.getConnectorObjects(input, Collections.singletonList(resource)); + final List<ConnObjectWrapper> connObjects = + statusUtils.getConnectorObjects(input, Collections.singletonList(resource)); return statusUtils.getStatusBean( input, http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/layout/FormLayoutInfoUtils.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/layout/FormLayoutInfoUtils.java b/client/console/src/main/java/org/apache/syncope/client/console/layout/FormLayoutInfoUtils.java index 2ac6f41..2a6a191 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/layout/FormLayoutInfoUtils.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/layout/FormLayoutInfoUtils.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; import java.io.IOException; import java.lang.reflect.InvocationTargetException; +import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -45,7 +46,7 @@ public final class FormLayoutInfoUtils { private static final ObjectMapper MAPPER = new ObjectMapper(); public static Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> fetch( - final List<String> anyTypes) { + final Collection<String> anyTypes) { List<String> ownedRoles = SyncopeConsoleSession.get().getSelfTO().getRoles(); try { http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyPanel.java index 8cffcc1..de9aa11 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyPanel.java @@ -36,7 +36,6 @@ import org.apache.syncope.client.console.panels.search.SearchClausePanel; import org.apache.syncope.client.console.panels.search.SearchUtils; import org.apache.syncope.client.console.panels.search.UserSearchPanel; import org.apache.syncope.client.console.rest.AnyTypeClassRestClient; -import org.apache.syncope.client.console.rest.AnyTypeRestClient; import org.apache.syncope.client.console.wicket.markup.html.bootstrap.tabs.Accordion; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeConstants; @@ -87,14 +86,14 @@ public class AnyPanel extends Panel implements ModalPanel { public AnyPanel( final String id, - final String anyType, + final AnyTypeTO anyTypeTO, final RealmTO realmTO, final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo, final boolean enableSearch, final PageReference pageRef) { super(id); - this.anyTypeTO = new AnyTypeRestClient().read(anyType); + this.anyTypeTO = anyTypeTO; this.realmTO = realmTO; this.formLayoutInfo = formLayoutInfo; this.pageRef = pageRef; http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java index 6ea455a..d4e182e 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java @@ -100,7 +100,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli final AnyTypeTO anyTypeTO = typeRestClient.read(type); - ModalPanel panel = new AnyPanel(BaseModal.CONTENT_ID, type, null, null, false, pageRef) { + ModalPanel panel = new AnyPanel(BaseModal.CONTENT_ID, anyTypeTO, null, null, false, pageRef) { private static final long serialVersionUID = 7980820232811890502L; http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java index 2a62ae1..fe708f8 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java @@ -24,6 +24,7 @@ import java.io.Serializable; import java.util.ArrayList; import java.util.List; import java.util.Map; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Triple; @@ -41,7 +42,9 @@ import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink; import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel; import org.apache.syncope.client.console.wizards.WizardMgtPanel; import org.apache.syncope.client.console.wizards.any.ConnObjectPanel; +import org.apache.syncope.common.lib.EntityTOUtils; import org.apache.syncope.common.lib.SyncopeConstants; +import org.apache.syncope.common.lib.to.AnyTypeTO; import org.apache.syncope.common.lib.to.ConnObjectTO; import org.apache.syncope.common.lib.to.PropagationStatus; import org.apache.syncope.common.lib.to.ProvisioningResult; @@ -67,14 +70,14 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { private final RealmTO realmTO; - private final List<String> anyTypes; + private final List<AnyTypeTO> anyTypes; protected final RealmWizardBuilder wizardBuilder; public Realm(final String id, final RealmTO realmTO, final PageReference pageRef, final int selectedIndex) { super(id, true); this.realmTO = realmTO; - this.anyTypes = new AnyTypeRestClient().list(); + this.anyTypes = new AnyTypeRestClient().listAnyTypes(); setPageRef(pageRef); @@ -164,11 +167,11 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> { }); final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo = - FormLayoutInfoUtils.fetch(anyTypes); + FormLayoutInfoUtils.fetch(CollectionUtils.collect(anyTypes, EntityTOUtils.keyTransformer())); - for (final String anyType : anyTypes) { + for (final AnyTypeTO anyType : anyTypes) { tabs.add(new ITabComponent( - new Model<>(anyType), + new Model<>(anyType.getKey()), StandardEntitlement.ANYTYPE_READ, String.format("%s_SEARCH", anyType)) { private static final long serialVersionUID = 1169585538404171118L; http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/panels/RoleDirectoryPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/RoleDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/RoleDirectoryPanel.java index d7d8a9d..bb7d9d9 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/RoleDirectoryPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/RoleDirectoryPanel.java @@ -166,7 +166,7 @@ public class RoleDirectoryPanel extends DirectoryPanel<RoleTO, RoleWrapper, Role final AnyTypeTO anyTypeTO = typeRestClient.read(AnyTypeKind.USER.name()); - ModalPanel panel = new AnyPanel(BaseModal.CONTENT_ID, anyTypeTO.getKey(), null, null, false, pageRef) { + ModalPanel panel = new AnyPanel(BaseModal.CONTENT_ID, anyTypeTO, null, null, false, pageRef) { private static final long serialVersionUID = -7514498203393023415L; http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/client/console/src/main/java/org/apache/syncope/client/console/widgets/NumberWidget.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/widgets/NumberWidget.java b/client/console/src/main/java/org/apache/syncope/client/console/widgets/NumberWidget.java index 0aa5d60..c7e71a7 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/widgets/NumberWidget.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/widgets/NumberWidget.java @@ -63,6 +63,7 @@ public class NumberWidget extends BaseWidget { case "totalGroups": pageParameters.add("selectedIndex", 2); responsePage = Realms.class; + isAuthorized = SyncopeConsoleSession.get().owns(StandardEntitlement.GROUP_SEARCH); break; case "totalAny1OrRoles": http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java index 9657bc3..8a7fe36 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java @@ -86,8 +86,6 @@ public final class StandardEntitlement { public static final String ROLE_DELETE = "ROLE_DELETE"; - public static final String DYNREALM_LIST = "DYNREALM_LIST"; - public static final String DYNREALM_CREATE = "DYNREALM_CREATE"; public static final String DYNREALM_READ = "DYNREALM_READ"; http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/core/logic/src/main/java/org/apache/syncope/core/logic/DynRealmLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/DynRealmLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/DynRealmLogic.java index c0ab811..0b17724 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/DynRealmLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/DynRealmLogic.java @@ -55,7 +55,6 @@ public class DynRealmLogic extends AbstractTransactionalLogic<DynRealmTO> { return binder.getDynRealmTO(dynRealm); } - @PreAuthorize("hasRole('" + StandardEntitlement.DYNREALM_LIST + "')") public List<DynRealmTO> list() { return CollectionUtils.collect(dynRealmDAO.findAll(), new Transformer<DynRealm, DynRealmTO>() { http://git-wip-us.apache.org/repos/asf/syncope/blob/f9c61fbc/core/persistence-jpa/src/test/resources/domains/MasterContent.xml ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml index 717535f..1010dff 100644 --- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml @@ -252,6 +252,10 @@ under the License. <SyncopeRole_entitlements entitlement="USER_READ" role_id="User reviewer"/> <SyncopeRole_entitlements entitlement="USER_LIST" role_id="User reviewer"/> <SyncopeRole_entitlements entitlement="USER_SEARCH" role_id="User reviewer"/> + <SyncopeRole_entitlements entitlement="ANYTYPE_LIST" role_id="User reviewer"/> + <SyncopeRole_entitlements entitlement="ANYTYPE_READ" role_id="User reviewer"/> + <SyncopeRole_entitlements entitlement="ANYTYPECLASS_LIST" role_id="User reviewer"/> + <SyncopeRole_entitlements entitlement="ANYTYPECLASS_READ" role_id="User reviewer"/> <SyncopeRole_Realm role_id="User reviewer" realm_id="722f3d84-9c2b-4525-8f6e-e4b82c55a36c"/> <SyncopeRole_Realm role_id="User reviewer" realm_id="c5b75db1-fce7-470f-b780-3b9934d82a9d"/> @@ -259,6 +263,10 @@ under the License. <SyncopeRole_entitlements entitlement="USER_READ" role_id="User manager"/> <SyncopeRole_entitlements entitlement="USER_LIST" role_id="User manager"/> <SyncopeRole_entitlements entitlement="USER_SEARCH" role_id="User manager"/> + <SyncopeRole_entitlements entitlement="ANYTYPE_LIST" role_id="User manager"/> + <SyncopeRole_entitlements entitlement="ANYTYPE_READ" role_id="User manager"/> + <SyncopeRole_entitlements entitlement="ANYTYPECLASS_LIST" role_id="User manager"/> + <SyncopeRole_entitlements entitlement="ANYTYPECLASS_READ" role_id="User manager"/> <SyncopeRole_entitlements entitlement="WORKFLOW_FORM_CLAIM" role_id="User manager"/> <SyncopeRole_entitlements entitlement="WORKFLOW_FORM_SUBMIT" role_id="User manager"/> <SyncopeRole_Realm role_id="User manager" realm_id="e4c28e7a-9dbf-4ee7-9441-93812a0d4a28"/>
