diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java index 2da6aa9c1..b13a9719e 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java @@ -120,7 +120,7 @@ public class GlobalNavigation extends SimpleComponent { /* If the current user has admin permissions, insert a link to the admin center */ if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class) - .isPermitted(CoreConstants.ADMIN_PRIVILEGE)) { + .isPermitted(CoreConstants.PRIVILEGE_ADMIN)) { link(sreq, nav, "cms:adminCenter", m_adminPath, adminTitle); } diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java index 3095a0478..de62b0d2c 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java @@ -86,7 +86,7 @@ public class ContentSectionManager { * @return The new content section. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public ContentSection createContentSection(final String name) { if (name == null || name.isEmpty()) { @@ -191,7 +191,7 @@ public class ContentSectionManager { * @@param name The new name of the content section. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void renameContentSection(final ContentSection section, final String name) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java index 73196c117..94d557e86 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java @@ -62,7 +62,7 @@ public class ContentSectionRepository } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final ContentSection section) { @@ -75,7 +75,7 @@ public class ContentSectionRepository } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final ContentSection section) { diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java index 269d437a1..9828e1453 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java @@ -25,10 +25,10 @@ package org.libreccm.categorization; public final class CategorizationConstants { public static final String CAT_XML_NS = "http://categorization.libreccm.org"; - public static final String MANAGE_CATEGORY_PRIVILEGE = "manage_category"; - public static final String MANAGE_CATEGORY_OBJECTS_PRIVILEGE + public static final String PRIVILEGE_MANAGE_CATEGORY = "manage_category"; + public static final String PRIVILEGE_MANAGE_CATEGORY_OBJECTS = "manage_category_objects"; - public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains"; + public static final String PRIVILEGE_MANAGE_DOMAINS = "manage_domains"; private CategorizationConstants() { //Nothing diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java b/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java index 11bd3d1e3..31bc3d90c 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java @@ -93,7 +93,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void addObjectToCategory( final CcmObject object, - @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS) final Category category) { addObjectToCategory(object, category, null); @@ -121,7 +121,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void addObjectToCategory( final CcmObject object, - @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS) final Category category, final String type) { @@ -181,7 +181,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void removeObjectFromCategory( final CcmObject object, - @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS) final Category category) throws ObjectNotAssignedToCategoryException { @@ -252,7 +252,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void increaseObjectOrder( final CcmObject object, - @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS) final Category category) throws ObjectNotAssignedToCategoryException { @@ -326,7 +326,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void decreaseObjectOrder( final CcmObject object, - @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS) final Category category) throws ObjectNotAssignedToCategoryException { @@ -417,7 +417,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void addSubCategoryToCategory( final Category subCategory, - @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY) final Category parentCategory) { final Category sub = categoryRepo.findById(subCategory.getObjectId()); @@ -457,7 +457,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void removeSubCategoryFromCategory( final Category subCategory, - @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY) final Category parentCategory) { if (subCategory.getParentCategory() == null @@ -502,7 +502,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void increaseCategoryOrder( final Category subCategory, - @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY) final Category parentCategory) { if (parentCategory == null) { @@ -577,7 +577,7 @@ public class CategoryManager { @Transactional(Transactional.TxType.REQUIRED) public void decreaseCategoryOrder( final Category subCategory, - @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY) final Category parentCategory) { if (parentCategory == null) { diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java index d57cb76c2..39872b506 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java @@ -170,7 +170,7 @@ public class CategoryRepository extends AbstractEntityRepository @Transactional(Transactional.TxType.REQUIRED) @Override public void save( - @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY) final Category category) { super.save(category); @@ -181,7 +181,7 @@ public class CategoryRepository extends AbstractEntityRepository @Transactional(Transactional.TxType.REQUIRED) @Override public void delete( - @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY) final Category category) { super.save(category); diff --git a/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java b/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java index 7868cb94d..4b968b8ca 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java @@ -63,7 +63,7 @@ public class DomainManager { * @return The new domain. */ @AuthorizationRequired - @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS) @Transactional(Transactional.TxType.REQUIRED) public Domain createDomain(final String domainKey, final String rootCategoryName) { @@ -95,7 +95,7 @@ public class DomainManager { * {@code CcmApplication is added}. */ @AuthorizationRequired - @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS) @Transactional(Transactional.TxType.REQUIRED) public void addDomainOwner(final CcmApplication application, final Domain domain) { @@ -124,7 +124,7 @@ public class DomainManager { * {@code CcmApplication} should be removed. */ @AuthorizationRequired - @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS) @Transactional(Transactional.TxType.REQUIRED) public void removeDomainOwner(final CcmApplication application, final Domain domain) { diff --git a/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java b/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java index 3ce11f0d1..6f1404596 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java @@ -144,7 +144,7 @@ public class DomainRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final Domain domain) { @@ -152,7 +152,7 @@ public class DomainRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final Domain domain) { diff --git a/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java b/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java index 2edbeba64..6ccd312ac 100644 --- a/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java +++ b/ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java @@ -132,7 +132,7 @@ public class ConfigurationManager { * {@link Configuration}. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void saveConfiguration(final Object configuration) { if (configuration == null) { @@ -278,7 +278,7 @@ public class ConfigurationManager { * @param value The value to set. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) private void setSettingValue(final Object configuration, final String settingName, diff --git a/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java b/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java index bf2f74566..5aea9f4b2 100644 --- a/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java +++ b/ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java @@ -224,7 +224,7 @@ public class SettingManager { * @param setting The setting to save. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void saveSetting(final AbstractSetting setting) { if (setting.getSettingId() == 0) { diff --git a/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java b/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java index 8b16f2328..8e50ebfc4 100644 --- a/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java +++ b/ccm-core/src/main/java/org/libreccm/core/CoreConstants.java @@ -52,12 +52,12 @@ public final class CoreConstants { /** * Constant for the {@code admin} privilege. */ - public static final String ADMIN_PRIVILEGE = "admin"; + public static final String PRIVILEGE_ADMIN = "admin"; /** * Constant for the {@code system} privilege. */ - public static final String SYSTEM_PRIVILEGE = "system"; + public static final String PRIVILEGE_SYSTEM = "system"; private CoreConstants() { //Nothing diff --git a/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java b/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java index 81f82e6c2..66267dfdd 100644 --- a/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java @@ -110,7 +110,7 @@ public class ChallengeManager { * @return The text of the challenge mail. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public String createEmailVerification(final User user) { if (user == null) { throw new IllegalArgumentException( @@ -129,7 +129,7 @@ public class ChallengeManager { * user. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void sendEmailVerification(final User user) throws MessagingException { final String text = createEmailVerification(user); @@ -151,7 +151,7 @@ public class ChallengeManager { * stored token. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void finishEmailVerification(final User user, final String submittedToken) throws ChallengeFailedException { @@ -180,7 +180,7 @@ public class ChallengeManager { * @return The challenge message. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public String createAccountActivation(final User user) { if (user == null) { throw new IllegalArgumentException( @@ -198,7 +198,7 @@ public class ChallengeManager { * message. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void sendAccountActivation(final User user) throws MessagingException { final String text = createAccountActivation(user); @@ -220,7 +220,7 @@ public class ChallengeManager { * the stored token. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void finishAccountActivation(final User user, final String submittedToken) throws ChallengeFailedException { @@ -247,7 +247,7 @@ public class ChallengeManager { * @return The challenge message. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public String createPasswordRecover(final User user) { if (user == null) { throw new IllegalArgumentException( @@ -266,7 +266,7 @@ public class ChallengeManager { * message. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void sendPasswordRecover(final User user) throws MessagingException { final String text = createPasswordRecover(user); @@ -289,7 +289,7 @@ public class ChallengeManager { * the stored token. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void finishPasswordRecover(final User user, final String submittedToken, final String newPassword) diff --git a/ccm-core/src/main/java/org/libreccm/security/GroupManager.java b/ccm-core/src/main/java/org/libreccm/security/GroupManager.java index 5fde31aeb..16717ab25 100644 --- a/ccm-core/src/main/java/org/libreccm/security/GroupManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/GroupManager.java @@ -56,7 +56,7 @@ public class GroupManager { * @param group The group to which the user is added. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void addMemberToGroup(final User user, final Group group) { if (user == null) { @@ -95,7 +95,7 @@ public class GroupManager { * @param group The group from which the user is removed. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void removeMemberFromGroup(final User member, final Group group) { if (member == null) { diff --git a/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java b/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java index 2c2560fb0..469f28c35 100644 --- a/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/GroupRepository.java @@ -93,7 +93,7 @@ public class GroupRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final Group group) { @@ -101,7 +101,7 @@ public class GroupRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final Group entity) { diff --git a/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java b/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java index 6d6fb05f5..6c05854ae 100644 --- a/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java @@ -79,7 +79,7 @@ public class OneTimeAuthManager { * @return The one time authentication token with the not hashed token. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) @Transactional(Transactional.TxType.REQUIRED) public OneTimeAuthToken createForUser( final User user, final OneTimeAuthTokenPurpose purpose) { @@ -148,7 +148,7 @@ public class OneTimeAuthManager { * {@code null} if there is no such token. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public List retrieveForUser( final User user, final OneTimeAuthTokenPurpose purpose) { if (user == null || purpose == null) { @@ -177,7 +177,7 @@ public class OneTimeAuthManager { * purpose, {@code false} if not. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public boolean validTokenExistsForUser( final User user, final OneTimeAuthTokenPurpose purpose) { if (user == null || purpose == null) { @@ -209,7 +209,7 @@ public class OneTimeAuthManager { * @return {@code true} if the token is valid, {@code false} if not. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public boolean isValid(final OneTimeAuthToken token) { if (token == null) { throw new IllegalArgumentException("Can't validate a token null"); @@ -234,7 +234,7 @@ public class OneTimeAuthManager { * {@code false} if not. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public boolean verify(final OneTimeAuthToken token, final String submittedToken) { if (token == null || submittedToken == null) { @@ -265,7 +265,7 @@ public class OneTimeAuthManager { * @param token The token to invalidate. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) @Transactional(Transactional.TxType.REQUIRED) public void invalidate(final OneTimeAuthToken token) { if (token == null) { diff --git a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java index 0bd397384..2aae5bfcc 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java @@ -77,7 +77,7 @@ public class PartyRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final Party party) { @@ -85,7 +85,7 @@ public class PartyRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final Party party) { diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java index 7bc8fdeed..abfc547e8 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java @@ -28,6 +28,13 @@ import javax.persistence.TypedQuery; import org.libreccm.core.CcmObject; import org.libreccm.core.CoreConstants; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.Arrays; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.stream.Collectors; + import javax.enterprise.context.RequestScoped; import javax.transaction.Transactional; @@ -69,7 +76,7 @@ public class PermissionManager { * @param object The object on which the privilege is granted. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void grantPrivilege(final String privilege, final Role grantee, @@ -107,7 +114,7 @@ public class PermissionManager { * @param grantee The role to which the privilege is granted. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void grantPrivilege(final String privilege, final Role grantee) { @@ -140,7 +147,7 @@ public class PermissionManager { * @param object The object on which the privilege was granted. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void revokePrivilege(final String privilege, final Role grantee, @@ -181,7 +188,7 @@ public class PermissionManager { * @param grantee The role to which the privilege was granted. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void revokePrivilege(final String privilege, final Role grantee) { @@ -218,7 +225,7 @@ public class PermissionManager { * @param target */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void copyPermissions(final CcmObject source, final CcmObject target) { @@ -244,6 +251,25 @@ public class PermissionManager { } } + public List listDefiniedPrivileges(final Class clazz) { + return Arrays.stream(clazz.getDeclaredFields()) + .filter(field -> Modifier.isStatic(field.getModifiers()) + && Modifier.isFinal(field.getModifiers())) + .filter(field -> field.getName().startsWith("PRIVILEGE_") + || clazz.getSimpleName().endsWith("Privileges")) + .map(field -> getPrivilegeString(field)) + .sorted() + .collect(Collectors.toList()); + } + + private String getPrivilegeString(final Field field) { + try { + return (String) field.get(null); + } catch (IllegalArgumentException | IllegalAccessException ex) { + throw new RuntimeException(ex); + } + } + /** * Checks if a permission granting the provided {@code privilege} on the * provided {@code object} to the provided {@code role} exists. diff --git a/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java b/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java index 42549fcfc..ac74c6c3b 100644 --- a/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java @@ -82,7 +82,7 @@ public class RegistrationManager { * @throws IllegalArgumentException If the provided {@code user} is */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM) public void registerUser(final String userName, final String familyName, final String givenName, diff --git a/ccm-core/src/main/java/org/libreccm/security/RoleManager.java b/ccm-core/src/main/java/org/libreccm/security/RoleManager.java index 4af28fa33..c9c4b06b7 100644 --- a/ccm-core/src/main/java/org/libreccm/security/RoleManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/RoleManager.java @@ -56,7 +56,7 @@ public class RoleManager { * @param party The party which to which to role is assigned. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void assignRoleToParty(final Role role, final Party party) { if (role == null) { @@ -92,7 +92,7 @@ public class RoleManager { * @param party */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void removeRoleFromParty(final Role role, final Party party) { if (role == null) { diff --git a/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java b/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java index 2210afb91..05753ac17 100644 --- a/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/RoleRepository.java @@ -142,7 +142,7 @@ public class RoleRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final Role role) { @@ -150,7 +150,7 @@ public class RoleRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Override @Transactional(Transactional.TxType.REQUIRED) public void delete(final Role role) { diff --git a/ccm-core/src/main/java/org/libreccm/security/UserManager.java b/ccm-core/src/main/java/org/libreccm/security/UserManager.java index e16babba2..f23e57c71 100644 --- a/ccm-core/src/main/java/org/libreccm/security/UserManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/UserManager.java @@ -82,7 +82,7 @@ public class UserManager { * @return The new user. */ @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @ValidateOnExecution @Transactional(Transactional.TxType.REQUIRED) public User createUser(final String givenName, @@ -142,7 +142,7 @@ public class UserManager { user.setPassword(hashPassword(newPassword)); shiro.getSystemUser().execute(() -> userRepository.save(user)); } else { - permissionChecker.checkPermission(CoreConstants.ADMIN_PRIVILEGE); + permissionChecker.checkPermission(CoreConstants.PRIVILEGE_ADMIN); user.setPassword(hashPassword(newPassword)); shiro.getSystemUser().execute(() -> userRepository.save(user)); } diff --git a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java index caedffaab..8c8fea5d6 100644 --- a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java @@ -162,7 +162,7 @@ public class UserRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final User entity) { @@ -170,7 +170,7 @@ public class UserRepository extends AbstractEntityRepository { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final User entity) { diff --git a/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java b/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java index 9989a85f2..0d05f9652 100644 --- a/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java +++ b/ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java @@ -86,7 +86,7 @@ public class ApplicationManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public T createInstance( final ApplicationType type, @@ -103,7 +103,7 @@ public class ApplicationManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void deleteInstance(final CcmApplication application) { entityManager.remove(application); diff --git a/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java b/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java index 82a3f61b6..068efe3f4 100644 --- a/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java +++ b/ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java @@ -88,7 +88,7 @@ public class ApplicationRepository } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void save(final CcmApplication application) { @@ -96,7 +96,7 @@ public class ApplicationRepository } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) @Override public void delete(final CcmApplication application) { diff --git a/ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java b/ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java index de8e7538f..c0b460267 100644 --- a/ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java +++ b/ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java @@ -67,7 +67,7 @@ public class WorkflowManager { private Shiro shiro; @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Workflow createWorkflow(final WorkflowTemplate template) { final Workflow workflow = new Workflow(); @@ -169,7 +169,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void addTask(final Workflow workflow, final Task task) { workflow.addTask(task); @@ -180,7 +180,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void removeTask(final Workflow workflow, final Task task) { workflow.removeTask(task); @@ -191,7 +191,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void assignTask(final UserTask task, final Role role) { final TaskAssignment assignment = new TaskAssignment(); @@ -207,7 +207,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void retractTask(final UserTask task, final Role role) { final List result = task.getAssignments().stream() @@ -223,7 +223,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void addDependentTask(final Task parent, final Task task) { parent.addDependentTask(task); @@ -234,7 +234,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void removeDependentTask(final Task parent, final Task task) { parent.removeDependentTask(task); @@ -245,7 +245,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void lockTask(final UserTask task) { task.setLocked(true); @@ -255,7 +255,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public void unlockTask(final UserTask task) { task.setLocked(false); @@ -265,7 +265,7 @@ public class WorkflowManager { } @AuthorizationRequired - @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE) + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public List lockedBy(final User user) { final TypedQuery query = entityManager.createNamedQuery( diff --git a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java index 3ea297aee..220ed52b9 100644 --- a/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java @@ -42,14 +42,19 @@ import org.libreccm.core.CcmObject; import org.libreccm.core.CcmObjectRepository; import org.libreccm.tests.categories.IntegrationTest; - import javax.inject.Inject; import javax.persistence.EntityManager; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; + import static org.libreccm.testutils.DependenciesHelpers.*; +import org.libreccm.categorization.CategorizationConstants; +import org.libreccm.core.CoreConstants; + +import java.util.List; + /** * * @author Jens Pelzetter @@ -501,8 +506,7 @@ public class PermissionManagerTest { } } - @Test(expected - = IllegalArgumentException.class) + @Test(expected = IllegalArgumentException.class) @UsingDataSet( "datasets/org/libreccm/security/PermissionManagerTest/data.yml") @ShouldThrowException(IllegalArgumentException.class) @@ -518,4 +522,34 @@ public class PermissionManagerTest { } } + /** + * Verifies if + * {@link PermissionManager#listDefiniedPrivileges(java.lang.Class)} returns + * the expected value. + */ + @Test + @InSequence(500) + public void verifyListPrivileges() { + + final List corePrivileges = permissionManager + .listDefiniedPrivileges(CoreConstants.class); + final List catPrivileges = permissionManager + .listDefiniedPrivileges(CategorizationConstants.class); + + assertThat(corePrivileges, is(not(nullValue()))); + assertThat(corePrivileges.isEmpty(), is(false)); + assertThat(corePrivileges.size(), is(2)); + assertThat(corePrivileges, contains(CoreConstants.PRIVILEGE_ADMIN, + CoreConstants.PRIVILEGE_SYSTEM)); + + assertThat(catPrivileges, is(not(nullValue()))); + assertThat(catPrivileges.isEmpty(), is(false)); + assertThat(catPrivileges.size(), is(3)); + assertThat(catPrivileges, + contains(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY, + CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY_OBJECTS, + CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)); + + } + }