LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

CCM NG: 

- Renamed privilege constants in ccm-core to match naming convention (constants for privilege should start with "PRIVILEGE_")
- Added method PermissionsManager#listDefiniedPrivileges(Class) which lists all privileges constants definied in a class.


git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4352 8810af33-2d31-482b-a856-94f89814c4df
pull/2/head
jensp 2016-10-05 15:47:36 +00:00
parent b674042e34
commit 10d5c57271
26 changed files with 141 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java
View File

@ -120,7 +120,7 @@ public class GlobalNavigation extends SimpleComponent {
/* If the current user has admin permissions, insert a link to the admin center */
if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
.isPermitted(CoreConstants.ADMIN_PRIVILEGE)) {
.isPermitted(CoreConstants.PRIVILEGE_ADMIN)) {
link(sreq, nav, "cms:adminCenter", m_adminPath, adminTitle);
}

4
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
View File

@ -86,7 +86,7 @@ public class ContentSectionManager {
* @return The new content section.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public ContentSection createContentSection(final String name) {
if (name == null || name.isEmpty()) {
@ -191,7 +191,7 @@ public class ContentSectionManager {
* @@param name The new name of the content section.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void renameContentSection(final ContentSection section,
final String name) {

4
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java
View File

@ -62,7 +62,7 @@ public class ContentSectionRepository
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final ContentSection section) {
@ -75,7 +75,7 @@ public class ContentSectionRepository
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final ContentSection section) {

6
ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
View File

@ -25,10 +25,10 @@ package org.libreccm.categorization;
public final class CategorizationConstants {
public static final String CAT_XML_NS = "http://categorization.libreccm.org";
public static final String MANAGE_CATEGORY_PRIVILEGE = "manage_category";
public static final String MANAGE_CATEGORY_OBJECTS_PRIVILEGE
public static final String PRIVILEGE_MANAGE_CATEGORY = "manage_category";
public static final String PRIVILEGE_MANAGE_CATEGORY_OBJECTS
= "manage_category_objects";
public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
public static final String PRIVILEGE_MANAGE_DOMAINS = "manage_domains";
private CategorizationConstants() {
//Nothing

18
ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java
View File

@ -93,7 +93,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addObjectToCategory(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
final Category category) {
addObjectToCategory(object, category, null);
@ -121,7 +121,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addObjectToCategory(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
final Category category,
final String type) {
@ -181,7 +181,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeObjectFromCategory(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
final Category category)
throws ObjectNotAssignedToCategoryException {
@ -252,7 +252,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void increaseObjectOrder(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
final Category category)
throws ObjectNotAssignedToCategoryException {
@ -326,7 +326,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void decreaseObjectOrder(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
final Category category)
throws ObjectNotAssignedToCategoryException {
@ -417,7 +417,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addSubCategoryToCategory(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
final Category parentCategory) {
final Category sub = categoryRepo.findById(subCategory.getObjectId());
@ -457,7 +457,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeSubCategoryFromCategory(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
final Category parentCategory) {
if (subCategory.getParentCategory() == null
@ -502,7 +502,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void increaseCategoryOrder(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
final Category parentCategory) {
if (parentCategory == null) {
@ -577,7 +577,7 @@ public class CategoryManager {
@Transactional(Transactional.TxType.REQUIRED)
public void decreaseCategoryOrder(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
final Category parentCategory) {
if (parentCategory == null) {

4
ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
View File

@ -170,7 +170,7 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
@RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY)
final Category category) {
super.save(category);
@ -181,7 +181,7 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(
@RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY)
final Category category) {
super.save(category);

6
ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java
View File

@ -63,7 +63,7 @@ public class DomainManager {
* @return The new domain.
*/
@AuthorizationRequired
@RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
@Transactional(Transactional.TxType.REQUIRED)
public Domain createDomain(final String domainKey,
final String rootCategoryName) {
@ -95,7 +95,7 @@ public class DomainManager {
* {@code CcmApplication is added}.
*/
@AuthorizationRequired
@RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
@Transactional(Transactional.TxType.REQUIRED)
public void addDomainOwner(final CcmApplication application,
final Domain domain) {
@ -124,7 +124,7 @@ public class DomainManager {
* {@code CcmApplication} should be removed.
*/
@AuthorizationRequired
@RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
@Transactional(Transactional.TxType.REQUIRED)
public void removeDomainOwner(final CcmApplication application,
final Domain domain) {

4
ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java
View File

@ -144,7 +144,7 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
}
@AuthorizationRequired
@RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Domain domain) {
@ -152,7 +152,7 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
}
@AuthorizationRequired
@RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
@RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Domain domain) {

4
ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java
View File

@ -132,7 +132,7 @@ public class ConfigurationManager {
* {@link Configuration}.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void saveConfiguration(final Object configuration) {
if (configuration == null) {
@ -278,7 +278,7 @@ public class ConfigurationManager {
* @param value The value to set.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
private <T> void setSettingValue(final Object configuration,
final String settingName,

2
ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java
View File

@ -224,7 +224,7 @@ public class SettingManager {
* @param setting The setting to save.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void saveSetting(final AbstractSetting<?> setting) {
if (setting.getSettingId() == 0) {

4
ccm-core/src/main/java/org/libreccm/core/CoreConstants.java
View File

@ -52,12 +52,12 @@ public final class CoreConstants {
/**
* Constant for the {@code admin} privilege.
*/
public static final String ADMIN_PRIVILEGE = "admin";
public static final String PRIVILEGE_ADMIN = "admin";
/**
* Constant for the {@code system} privilege.
*/
public static final String SYSTEM_PRIVILEGE = "system";
public static final String PRIVILEGE_SYSTEM = "system";
private CoreConstants() {
//Nothing

18
ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java
View File

@ -110,7 +110,7 @@ public class ChallengeManager {
* @return The text of the challenge mail.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public String createEmailVerification(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -129,7 +129,7 @@ public class ChallengeManager {
* user.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void sendEmailVerification(final User user)
throws MessagingException {
final String text = createEmailVerification(user);
@ -151,7 +151,7 @@ public class ChallengeManager {
* stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void finishEmailVerification(final User user,
final String submittedToken)
throws ChallengeFailedException {
@ -180,7 +180,7 @@ public class ChallengeManager {
* @return The challenge message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public String createAccountActivation(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -198,7 +198,7 @@ public class ChallengeManager {
* message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void sendAccountActivation(final User user)
throws MessagingException {
final String text = createAccountActivation(user);
@ -220,7 +220,7 @@ public class ChallengeManager {
* the stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void finishAccountActivation(final User user,
final String submittedToken)
throws ChallengeFailedException {
@ -247,7 +247,7 @@ public class ChallengeManager {
* @return The challenge message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public String createPasswordRecover(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -266,7 +266,7 @@ public class ChallengeManager {
* message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void sendPasswordRecover(final User user)
throws MessagingException {
final String text = createPasswordRecover(user);
@ -289,7 +289,7 @@ public class ChallengeManager {
* the stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void finishPasswordRecover(final User user,
final String submittedToken,
final String newPassword)

4
ccm-core/src/main/java/org/libreccm/security/GroupManager.java
View File

@ -56,7 +56,7 @@ public class GroupManager {
* @param group The group to which the user is added.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void addMemberToGroup(final User user, final Group group) {
if (user == null) {
@ -95,7 +95,7 @@ public class GroupManager {
* @param group The group from which the user is removed.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void removeMemberFromGroup(final User member, final Group group) {
if (member == null) {

4
ccm-core/src/main/java/org/libreccm/security/GroupRepository.java
View File

@ -93,7 +93,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Group group) {
@ -101,7 +101,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Group entity) {

12
ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java
View File

@ -79,7 +79,7 @@ public class OneTimeAuthManager {
* @return The one time authentication token with the not hashed token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
@Transactional(Transactional.TxType.REQUIRED)
public OneTimeAuthToken createForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
@ -148,7 +148,7 @@ public class OneTimeAuthManager {
* {@code null} if there is no such token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public List<OneTimeAuthToken> retrieveForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@ -177,7 +177,7 @@ public class OneTimeAuthManager {
* purpose, {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public boolean validTokenExistsForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@ -209,7 +209,7 @@ public class OneTimeAuthManager {
* @return {@code true} if the token is valid, {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public boolean isValid(final OneTimeAuthToken token) {
if (token == null) {
throw new IllegalArgumentException("Can't validate a token null");
@ -234,7 +234,7 @@ public class OneTimeAuthManager {
* {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public boolean verify(final OneTimeAuthToken token,
final String submittedToken) {
if (token == null || submittedToken == null) {
@ -265,7 +265,7 @@ public class OneTimeAuthManager {
* @param token The token to invalidate.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
@Transactional(Transactional.TxType.REQUIRED)
public void invalidate(final OneTimeAuthToken token) {
if (token == null) {

4
ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
View File

@ -77,7 +77,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Party party) {
@ -85,7 +85,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Party party) {

36
ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
View File

@ -28,6 +28,13 @@ import javax.persistence.TypedQuery;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CoreConstants;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.enterprise.context.RequestScoped;
import javax.transaction.Transactional;
@ -69,7 +76,7 @@ public class PermissionManager {
* @param object The object on which the privilege is granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee,
@ -107,7 +114,7 @@ public class PermissionManager {
* @param grantee The role to which the privilege is granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee) {
@ -140,7 +147,7 @@ public class PermissionManager {
* @param object The object on which the privilege was granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee,
@ -181,7 +188,7 @@ public class PermissionManager {
* @param grantee The role to which the privilege was granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee) {
@ -218,7 +225,7 @@ public class PermissionManager {
* @param target
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void copyPermissions(final CcmObject source,
final CcmObject target) {
@ -244,6 +251,25 @@ public class PermissionManager {
}
}
public List<String> listDefiniedPrivileges(final Class<?> clazz) {
return Arrays.stream(clazz.getDeclaredFields())
.filter(field -> Modifier.isStatic(field.getModifiers())
&& Modifier.isFinal(field.getModifiers()))
.filter(field -> field.getName().startsWith("PRIVILEGE_")
|| clazz.getSimpleName().endsWith("Privileges"))
.map(field -> getPrivilegeString(field))
.sorted()
.collect(Collectors.toList());
}
private String getPrivilegeString(final Field field) {
try {
return (String) field.get(null);
} catch (IllegalArgumentException | IllegalAccessException ex) {
throw new RuntimeException(ex);
}
}
/**
* Checks if a permission granting the provided {@code privilege} on the
* provided {@code object} to the provided {@code role} exists.

2
ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java
View File

@ -82,7 +82,7 @@ public class RegistrationManager {
* @throws IllegalArgumentException If the provided {@code user} is
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
public void registerUser(final String userName,
final String familyName,
final String givenName,

4
ccm-core/src/main/java/org/libreccm/security/RoleManager.java
View File

@ -56,7 +56,7 @@ public class RoleManager {
* @param party The party which to which to role is assigned.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void assignRoleToParty(final Role role, final Party party) {
if (role == null) {
@ -92,7 +92,7 @@ public class RoleManager {
* @param party
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void removeRoleFromParty(final Role role, final Party party) {
if (role == null) {

4
ccm-core/src/main/java/org/libreccm/security/RoleRepository.java
View File

@ -142,7 +142,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Role role) {
@ -150,7 +150,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Override
@Transactional(Transactional.TxType.REQUIRED)
public void delete(final Role role) {

4
ccm-core/src/main/java/org/libreccm/security/UserManager.java
View File

@ -82,7 +82,7 @@ public class UserManager {
* @return The new user.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@ValidateOnExecution
@Transactional(Transactional.TxType.REQUIRED)
public User createUser(final String givenName,
@ -142,7 +142,7 @@ public class UserManager {
user.setPassword(hashPassword(newPassword));
shiro.getSystemUser().execute(() -> userRepository.save(user));
} else {
permissionChecker.checkPermission(CoreConstants.ADMIN_PRIVILEGE);
permissionChecker.checkPermission(CoreConstants.PRIVILEGE_ADMIN);
user.setPassword(hashPassword(newPassword));
shiro.getSystemUser().execute(() -> userRepository.save(user));
}

4
ccm-core/src/main/java/org/libreccm/security/UserRepository.java
View File

@ -162,7 +162,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final User entity) {
@ -170,7 +170,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final User entity) {

4
ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java
View File

@ -86,7 +86,7 @@ public class ApplicationManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public <T extends CcmApplication> T createInstance(
final ApplicationType type,
@ -103,7 +103,7 @@ public class ApplicationManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void deleteInstance(final CcmApplication application) {
entityManager.remove(application);

4
ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java
View File

@ -88,7 +88,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final CcmApplication application) {
@ -96,7 +96,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final CcmApplication application) {

20
ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java
View File

@ -67,7 +67,7 @@ public class WorkflowManager {
private Shiro shiro;
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public Workflow createWorkflow(final WorkflowTemplate template) {
final Workflow workflow = new Workflow();
@ -169,7 +169,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void addTask(final Workflow workflow, final Task task) {
workflow.addTask(task);
@ -180,7 +180,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void removeTask(final Workflow workflow, final Task task) {
workflow.removeTask(task);
@ -191,7 +191,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void assignTask(final UserTask task, final Role role) {
final TaskAssignment assignment = new TaskAssignment();
@ -207,7 +207,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void retractTask(final UserTask task, final Role role) {
final List<TaskAssignment> result = task.getAssignments().stream()
@ -223,7 +223,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void addDependentTask(final Task parent, final Task task) {
parent.addDependentTask(task);
@ -234,7 +234,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void removeDependentTask(final Task parent, final Task task) {
parent.removeDependentTask(task);
@ -245,7 +245,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void lockTask(final UserTask task) {
task.setLocked(true);
@ -255,7 +255,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public void unlockTask(final UserTask task) {
task.setLocked(false);
@ -265,7 +265,7 @@ public class WorkflowManager {
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED)
public List<UserTask> lockedBy(final User user) {
final TypedQuery<UserTask> query = entityManager.createNamedQuery(

40
ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java
View File

@ -42,14 +42,19 @@ import org.libreccm.core.CcmObject;
import org.libreccm.core.CcmObjectRepository;
import org.libreccm.tests.categories.IntegrationTest;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
import static org.libreccm.testutils.DependenciesHelpers.*;
import org.libreccm.categorization.CategorizationConstants;
import org.libreccm.core.CoreConstants;
import java.util.List;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -501,8 +506,7 @@ public class PermissionManagerTest {
}
}
@Test(expected
= IllegalArgumentException.class)
@Test(expected = IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@ -518,4 +522,34 @@ public class PermissionManagerTest {
}
}
/**
* Verifies if
* {@link PermissionManager#listDefiniedPrivileges(java.lang.Class)} returns
* the expected value.
*/
@Test
@InSequence(500)
public void verifyListPrivileges() {
final List<String> corePrivileges = permissionManager
.listDefiniedPrivileges(CoreConstants.class);
final List<String> catPrivileges = permissionManager
.listDefiniedPrivileges(CategorizationConstants.class);
assertThat(corePrivileges, is(not(nullValue())));
assertThat(corePrivileges.isEmpty(), is(false));
assertThat(corePrivileges.size(), is(2));
assertThat(corePrivileges, contains(CoreConstants.PRIVILEGE_ADMIN,
CoreConstants.PRIVILEGE_SYSTEM));
assertThat(catPrivileges, is(not(nullValue())));
assertThat(catPrivileges.isEmpty(), is(false));
assertThat(catPrivileges.size(), is(3));
assertThat(catPrivileges,
contains(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY,
CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY_OBJECTS,
CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS));
}
}