Do you have a use case that requires allowing users to assign themselves
roles?
The reason I ask is this typically seems like something an administrator
would do.
Thanks,
Matt
On Fri, Sep 18, 2009 at 1:11 PM, measwel <marek_karczew...@yahoo.com.au>wrote:
>
> I have implemented dynamic menu rendering, based on user roles, that the
> user
> can assign himself. Here are the necessary changes:
>
> DB: add column 'role' of type varchar (3) to table 'role'
> set sort column for roles USER_ROLE and ADMIN_ROLE to "sys" to indicate
> these roles are system roles and may not be added / removed by the user
> add role ROLE_SOMETHING, "User definable role", "usr" <-- To indicate this
> role may be added / removed by the user
>
> Role.java:
>
> Change constructor to:
>
> public Role(final String name, String sort) {
> this.name = name;
> this.sort = sort;
> }
>
> ADD:
>
> // @Column(length = 3)
> public String getSort() {
> return this.sort;
> }
>
> public void setSort(String string) {
> sort = string;
>
> UserSecurityAdvice:
>
> Change to:
>
> // get the list of roles the user has
> Set<Role> currentRoles = new HashSet<Role>();
> for (GrantedAuthority role : roles) {
> currentRoles.add((Role) role);
> }
>
> Boolean modifySystemRole = false;
>
> // determine the list of roles the wants to have
> if (user.getRoles() != null) {
>
> // check the list of roles the user wants to remove
> for (Object o : user.getRoles()) {
> Role role = (Role) o;
> // check if the user tries to remove a system role - this is
> forbidden
> if (role.getSort().equalsIgnoreCase("sys") &&
> !currentRoles.contains(role)) {
> modifySystemRole = true;
> }
> }
>
> // check the list of roles the user wants to add
> for (Object o : currentRoles) {
> Role role = (Role) o;
> // check if the user tries to add a system role - this is
> forbidden
> if (role.getSort().equalsIgnoreCase("sys") &&
> !user.getRoles().contains(role)) {
> modifySystemRole = true;
> }
> }
> }
>
> // regular users aren't allowed to change system roles
> if (modifySystemRole) {
> log.warn("Access Denied: '" + currentUser.getUsername() + "'
> tried to change system role(s)!");
> throw new AccessDeniedException(ACCESS_DENIED);
> }
>
> UserSecurityAdviceTest.java:
>
> Change all
> user.addRole(new Role(Constants.ADMIN_ROLE)); TO user.addRole(new
> Role(Constants.ADMIN_ROLE,"sys"));
> user.addRole(new Role(Constants.USER_ROLE)); TO user.addRole(new
> Role(Constants.USER_ROLE,"usr"));
>
> Other test and java classes: same change as the one directly above.
>
> Implementation: implement for instance a checkbox and add / remove
> ROLE_SOMETHING according to chekbox setting.
>
> Note: as for now the dynamic rendering works only on main menu entries, but
> it does not work well for menu sub items.
> --
> View this message in context:
> http://www.nabble.com/dynamic-menu-rendering-based-on-user-roles-tp25513990s2369p25513990.html
> Sent from the AppFuse - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
> For additional commands, e-mail: users-h...@appfuse.dev.java.net
>
>
