i have such a senario. admins can become a user to the can help with settings.
what i do is a relog the admin in with the new roles attached to his or her account. tibi Matt Raible wrote: > Do you have a use case that requires allowing users to assign > themselves roles? > > The reason I ask is this typically seems like something an > administrator would do. > > Thanks, > > Matt > > On Fri, Sep 18, 2009 at 1:11 PM, measwel > <marek_karczew...@yahoo.com.au <mailto:marek_karczew...@yahoo.com.au>> > wrote: > > > I have implemented dynamic menu rendering, based on user roles, > that the user > can assign himself. Here are the necessary changes: > > DB: add column 'role' of type varchar (3) to table 'role' > set sort column for roles USER_ROLE and ADMIN_ROLE to "sys" to > indicate > these roles are system roles and may not be added / removed by the > user > add role ROLE_SOMETHING, "User definable role", "usr" <-- To > indicate this > role may be added / removed by the user > > Role.java: > > Change constructor to: > > public Role(final String name, String sort) { > this.name <http://this.name> = name; > this.sort = sort; > } > > ADD: > > // @Column(length = 3) > public String getSort() { > return this.sort; > } > > public void setSort(String string) { > sort = string; > > UserSecurityAdvice: > > Change to: > > // get the list of roles the user has > Set<Role> currentRoles = new HashSet<Role>(); > for (GrantedAuthority role : roles) { > currentRoles.add((Role) role); > } > > Boolean modifySystemRole = false; > > // determine the list of roles the wants to have > if (user.getRoles() != null) { > > // check the list of roles the user wants to remove > for (Object o : user.getRoles()) { > Role role = (Role) o; > // check if the user tries to remove a system role - > this is > forbidden > if (role.getSort().equalsIgnoreCase("sys") && > !currentRoles.contains(role)) { > modifySystemRole = true; > } > } > > // check the list of roles the user wants to add > for (Object o : currentRoles) { > Role role = (Role) o; > // check if the user tries to add a system role - this is > forbidden > if (role.getSort().equalsIgnoreCase("sys") && > !user.getRoles().contains(role)) { > modifySystemRole = true; > } > } > } > > // regular users aren't allowed to change system roles > if (modifySystemRole) { > log.warn("Access Denied: '" + currentUser.getUsername() > + "' > tried to change system role(s)!"); > throw new AccessDeniedException(ACCESS_DENIED); > } > > UserSecurityAdviceTest.java: > > Change all > user.addRole(new Role(Constants.ADMIN_ROLE)); TO user.addRole(new > Role(Constants.ADMIN_ROLE,"sys")); > user.addRole(new Role(Constants.USER_ROLE)); TO user.addRole(new > Role(Constants.USER_ROLE,"usr")); > > Other test and java classes: same change as the one directly above. > > Implementation: implement for instance a checkbox and add / remove > ROLE_SOMETHING according to chekbox setting. > > Note: as for now the dynamic rendering works only on main menu > entries, but > it does not work well for menu sub items. > -- > View this message in context: > > http://www.nabble.com/dynamic-menu-rendering-based-on-user-roles-tp25513990s2369p25513990.html > Sent from the AppFuse - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net For additional commands, e-mail: users-h...@appfuse.dev.java.net
