From 3562852d181f955e985a53fdccc17813bd25a011 Mon Sep 17 00:00:00 2001 From: Jens Pelzetter Date: Thu, 4 Feb 2021 21:18:56 +0100 Subject: [PATCH] Permissions table --- .../privileges/ItemPrivileges.java | 8 ++ .../DocumentFolderController.java | 99 +++++++++++++- .../contentsections/DocumentFolderModel.java | 56 +++++++- .../DocumentFolderRowModel.java | 14 +- .../GrantedPrivilegeModel.java | 44 ++++++ .../PrivilegesGrantedToRoleModel.java | 40 ++++++ .../documentfolder/documentfolder.xhtml | 126 ++++++++++++++++++ .../org/librecms/CmsAdminMessages.properties | 19 +++ .../librecms/CmsAdminMessages_de.properties | 19 +++ .../main/scss/content-sections/_custom.scss | 3 +- 10 files changed, 412 insertions(+), 16 deletions(-) create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/GrantedPrivilegeModel.java create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/PrivilegesGrantedToRoleModel.java diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java index abc299ee0..0ccb4b645 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java @@ -18,7 +18,15 @@ */ package org.librecms.contentsection.privileges; +import org.libreccm.workflow.Workflow; import org.librecms.contentsection.ContentItem; +import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.Folder; +import org.librecms.contentsection.rs.ContentItems; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; /** * Constants for privileges allowing actions on the items of a content section. diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java index c1ac71974..72a09edf6 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java @@ -11,7 +11,10 @@ import org.libreccm.api.Identifier; import org.libreccm.api.IdentifierParser; import org.libreccm.l10n.GlobalizationHelper; import org.libreccm.security.AuthorizationRequired; +import org.libreccm.security.Permission; import org.libreccm.security.PermissionChecker; +import org.libreccm.security.PermissionManager; +import org.libreccm.security.Role; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItemL10NManager; import org.librecms.contentsection.ContentItemManager; @@ -117,6 +120,9 @@ public class DocumentFolderController { @Inject private PermissionChecker permissionChecker; + @Inject + private PermissionManager permissionManager; + @GET @Path("/") @AuthorizationRequired @@ -228,6 +234,20 @@ public class DocumentFolderController { ItemPrivileges.CREATE_NEW, folder ) ); + documentFolderModel.setCanAdminister( + permissionChecker.isPermitted( + ItemPrivileges.ADMINISTER, folder + ) + ); + documentFolderModel.setGrantedPermissions( + buildPermissionsMatrix(section, folder) + ); + documentFolderModel.setPrivileges( + permissionManager.listDefiniedPrivileges(ItemPrivileges.class) + ); + documentFolderModel.setCurrentUserPermissions( + buildCurrentUserPermissions(folder) + ); return "org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml"; } @@ -627,7 +647,6 @@ public class DocumentFolderController { ).orElse("?") ); row.setPermissions(buildItemPermissionsModel(contentItem)); - } return row; @@ -693,7 +712,7 @@ public class DocumentFolderController { private ItemPermissionsModel buildItemPermissionsModel( final ContentItem item ) { -final ItemPermissionsModel model = new ItemPermissionsModel(); + final ItemPermissionsModel model = new ItemPermissionsModel(); model.setGrantedAdminister( permissionChecker.isPermitted( ItemPrivileges.ADMINISTER, item @@ -747,4 +766,80 @@ final ItemPermissionsModel model = new ItemPermissionsModel(); return model; } + private List buildPermissionsMatrix( + final ContentSection section, final Folder folder + ) { + return section + .getRoles() + .stream() + .map(role -> buildPrivilegesGrantedToRoleModel(role, folder)) + .collect(Collectors.toList()); + } + + private PrivilegesGrantedToRoleModel buildPrivilegesGrantedToRoleModel( + final Role role, final Folder folder + ) { + final List grantedPrivilges = permissionManager + .listDefiniedPrivileges(ItemPrivileges.class) + .stream() + .map( + privilege -> buildGrantedPrivilegeModel( + role, + folder, + privilege, + permissionManager.findPermissionsForRoleAndObject( + role, folder + ) + ) + ) + .collect(Collectors.toList()); + + final PrivilegesGrantedToRoleModel model = new PrivilegesGrantedToRoleModel(); + model.setGrantedPrivileges(grantedPrivilges); + model.setGrantee(role.getName()); + + return model; + } + + private GrantedPrivilegeModel buildGrantedPrivilegeModel( + final Role role, + final Folder folder, + final String privilege, + final List permissions + ) { + final GrantedPrivilegeModel model = new GrantedPrivilegeModel(); + model.setGranted(permissionChecker.isPermitted(privilege, folder, role)); + model.setInherited( + model.isGranted() + && permissions + .stream() + .anyMatch( + permission + -> permission.getGrantee().equals(role) + && permission.getGrantedPrivilege().equals(privilege) + ) + ); + model.setPrivilege(privilege); + + return model; + } + + private List buildCurrentUserPermissions( + final Folder folder + ) { + return permissionManager + .listDefiniedPrivileges(ItemPrivileges.class) + .stream() + .map(privilege -> buildCurrentUserPermission(folder, privilege)) + .collect(Collectors.toList()); + } + + private GrantedPrivilegeModel buildCurrentUserPermission( + final Folder folder, final String privilege + ) { + final GrantedPrivilegeModel model = new GrantedPrivilegeModel(); + model.setPrivilege(privilege); + model.setGranted(permissionChecker.isPermitted(privilege, folder)); + return model; + } } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderModel.java index 84c2117de..8605f46f0 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderModel.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderModel.java @@ -32,11 +32,19 @@ public class DocumentFolderModel { private List breadcrumbs; private String path; - + private boolean canCreateSubFolders; - + private boolean canCreateItems; + private boolean canAdminister; + + private List currentUserPermissions; + + private List grantedPermissions; + + private List privileges; + public long getCount() { return count; } @@ -90,11 +98,11 @@ public class DocumentFolderModel { public String getPath() { return path; } - + protected void setPath(final String path) { this.path = path; } - + public boolean isCanCreateSubFolders() { return canCreateSubFolders; } @@ -103,12 +111,48 @@ public class DocumentFolderModel { this.canCreateSubFolders = canCreateSubFolders; } - - public boolean isCanCreateItems() { + public boolean isCanCreateItems() { return canCreateItems; } protected void setCanCreateItems(final boolean canCreateItems) { this.canCreateItems = canCreateItems; } + + public boolean isCanAdminister() { + return canAdminister; + } + + public void setCanAdminister(boolean canAdminister) { + this.canAdminister = canAdminister; + } + + public List getGrantedPermissions() { + return Collections.unmodifiableList(grantedPermissions); + } + + public void setGrantedPermissions( + final List grantedPermissions + ) { + this.grantedPermissions = grantedPermissions; + } + + public List getPrivileges() { + return Collections.unmodifiableList(privileges); + } + + public void setPrivileges(final List privileges) { + this.privileges = privileges; + } + + public List getCurrentUserPermissions() { + return Collections.unmodifiableList(currentUserPermissions); + } + + public void setCurrentUserPermissions( + final List currentUserPermissions + ) { + this.currentUserPermissions = new ArrayList<>(currentUserPermissions); + } + } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderRowModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderRowModel.java index 9d7bb1adc..d1b0d8587 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderRowModel.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderRowModel.java @@ -19,7 +19,7 @@ public class DocumentFolderRowModel { private boolean deletable; private boolean folder; - + private String folderPath; private SortedSet languages; @@ -35,7 +35,7 @@ public class DocumentFolderRowModel { private String title; private String type; - + private ItemPermissionsModel permissions; public String getCreated() { @@ -57,11 +57,11 @@ public class DocumentFolderRowModel { public boolean isFolder() { return folder; } - + public String getFolderPath() { return folderPath; } - + protected void setFolderPath(final String folderPath) { this.folderPath = folderPath; } @@ -73,7 +73,7 @@ public class DocumentFolderRowModel { public SortedSet getLanguages() { return Collections.unmodifiableSortedSet(languages); } - + public String getLanguagesAsString() { return String.join(", ", languages); } @@ -133,11 +133,11 @@ public class DocumentFolderRowModel { public ItemPermissionsModel getPermissions() { return permissions; } - + protected void setPermissions( final ItemPermissionsModel permissions ) { this.permissions = permissions; } - + } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/GrantedPrivilegeModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/GrantedPrivilegeModel.java new file mode 100644 index 000000000..d56e1686e --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/GrantedPrivilegeModel.java @@ -0,0 +1,44 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +/** + * + * @author Jens Pelzetter + */ +public class GrantedPrivilegeModel { + + private String privilege; + + private boolean granted; + + private boolean inherited; + + public String getPrivilege() { + return privilege; + } + + protected void setPrivilege(final String privilege) { + this.privilege = privilege; + } + + public boolean isGranted() { + return granted; + } + + protected void setGranted(final boolean granted) { + this.granted = granted; + } + + public boolean isInherited() { + return inherited; + } + + protected void setInherited(final boolean inherited) { + this.inherited = inherited; + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/PrivilegesGrantedToRoleModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/PrivilegesGrantedToRoleModel.java new file mode 100644 index 000000000..ea65946cd --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/PrivilegesGrantedToRoleModel.java @@ -0,0 +1,40 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +import java.util.Collections; +import java.util.List; + + +/** + * + * @author Jens Pelzetter + */ +public class PrivilegesGrantedToRoleModel { + + private String grantee; + + private List grantedPrivileges; + + public String getGrantee() { + return grantee; + } + + public void setGrantee(final String grantee) { + this.grantee = grantee; + } + + public List getGrantedPrivileges() { + return Collections.unmodifiableList(grantedPrivileges); + } + + public void setGrantedPrivileges( + final List grantedPrivileges + ) { + this.grantedPrivileges = grantedPrivileges; + } + +} diff --git a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml index 8052097a6..0ef922e1b 100644 --- a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml +++ b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml @@ -287,10 +287,48 @@ + @@ -357,6 +395,94 @@ + +

#{CmsAdminMessages['contentsection.documentfolder.your_permissions.title']}

+ + + + + + + + + + + + + + + +
+ #{CmsAdminMessages['item_permissions.'.concat(privilege)]} +
+ + +
+ + #{CmsAdminMessages['contentsection.documentfolder.permissions.granted']} +
+ + +
+ + #{CmsAdminMessages['contentsection.documentfolder.permissions.denied']} +
+ + +
+ +

#{CmsAdminMessages['contentsection.documentfolder.permissions.title']}

+ + + + + + + + + + + + + + + + + + + +
+ #{CmsAdminMessages['contentsection.documentfolder.permissions.role.header']} + + #{CmsAdminMessages['item_permissions.'.concat(privilege)]} +
#{permissions.grantee} + + +
+ + #{CmsAdminMessages['contentsection.documentfolder.permissions.inherited']} +
+ + +
+ + #{CmsAdminMessages['contentsection.documentfolder.permissions.granted']} +
+ + +
+ + #{CmsAdminMessages['contentsection.documentfolder.permissions.denied']} +
+ + +
+ diff --git a/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages.properties b/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages.properties index a58c3b905..09b3182d7 100644 --- a/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages.properties +++ b/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages.properties @@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Cancel contentsection.documentfolders.root.title=Documents contentsection.documentfolder.actions.rename_folder.button.label=Rename folder contentsection.documentfolder.actions.edit_permissions.button.label=Edit permissions +contentsection.documentfolder.edit_permissions_dialog.title.item=Edit permissions for item {0} +contentsection.documentfolder.edit_permissions_dialog.title.folder=Edit permissions for folder {0} +contentsection.documentfolder.edit_permissions_dialog.close=Cancel +contentsection.documentfolder.permissions.title=Permissions +contentsection.documentfolder.permissions.role.header=Role +contentsection.documentfolder.permissions.inherited=Granted (Inherited) +contentsection.documentfolder.permissions.granted=Granted +contentsection.documentfolder.permissions.denied=Denied +item_permissions.administer_items=Administer items +item_permissions.apply_alternate_workflow=Apply alternate workflow +item_permissions.approve_items=Approve +item_permissions.categorize_items=Categorizie +item_permissions.create_new_items=Create +item_permissions.delete_items=Delete +item_permissions.edit_items=Edit +item_permissions.preview_items=Preview +item_permissions.publish_items=Publish +item_permissions.view_published_items=View +contentsection.documentfolder.your_permissions.title=Your permissions diff --git a/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages_de.properties b/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages_de.properties index ec8add106..93fb17b76 100644 --- a/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages_de.properties +++ b/ccm-cms/src/main/resources/org/librecms/CmsAdminMessages_de.properties @@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Abbrechen contentsection.documentfolders.root.title=Dokumente contentsection.documentfolder.actions.rename_folder.button.label=Ordner umbebennen contentsection.documentfolder.actions.edit_permissions.button.label=Berechtigungen bearbeiten +contentsection.documentfolder.edit_permissions_dialog.title.item=Berechtigungen f\u00fcr Dokument {0} bearbeiten +contentsection.documentfolder.edit_permissions_dialog.title.folder=Berechtigungen f\u00fcr Folder {0} bearbeiten +contentsection.documentfolder.edit_permissions_dialog.close=Abbrechen +contentsection.documentfolder.permissions.title=Berechtigungen +contentsection.documentfolder.permissions.role.header=Rolle +contentsection.documentfolder.permissions.inherited=Gew\u00e4hrt (Geerbt) +contentsection.documentfolder.permissions.granted=Gew\u00e4hrt +contentsection.documentfolder.permissions.denied=Verweigert +item_permissions.administer_items=Dokumente verwalten +item_permissions.apply_alternate_workflow=Alternativen Arbeitsablauf anwenden +item_permissions.approve_items=Freigeben +item_permissions.categorize_items=Kategorizieren +item_permissions.create_new_items=Anlegen +item_permissions.delete_items=L\u00f6schen +item_permissions.edit_items=Bearbeiten +item_permissions.preview_items=Vorschau +item_permissions.publish_items=Publizieren +item_permissions.view_published_items=Ansehen +contentsection.documentfolder.your_permissions.title=Ihre Berechtigungen diff --git a/ccm-cms/src/main/scss/content-sections/_custom.scss b/ccm-cms/src/main/scss/content-sections/_custom.scss index 27fa57082..af9421ed7 100644 --- a/ccm-cms/src/main/scss/content-sections/_custom.scss +++ b/ccm-cms/src/main/scss/content-sections/_custom.scss @@ -75,4 +75,5 @@ table.contentsections-table { width: 11em; } } -} \ No newline at end of file +} +