LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

Permissions table 

Former-commit-id: 3562852d18
pull/10/head
Jens Pelzetter 2021-02-04 21:18:56 +01:00
parent 8aa371571d
commit dd6070384a
10 changed files with 412 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java
View File

@ -18,7 +18,15 @@
*/ */
package org.librecms.contentsection.privileges; package org.librecms.contentsection.privileges;
import org.libreccm.workflow.Workflow;
import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.rs.ContentItems;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/** /**
* Constants for privileges allowing actions on the items of a content section. * Constants for privileges allowing actions on the items of a content section.

99
ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java
View File

@ -11,7 +11,10 @@ import org.libreccm.api.Identifier;
import org.libreccm.api.IdentifierParser; import org.libreccm.api.IdentifierParser;
import org.libreccm.l10n.GlobalizationHelper; import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.Permission;
import org.libreccm.security.PermissionChecker; import org.libreccm.security.PermissionChecker;
import org.libreccm.security.PermissionManager;
import org.libreccm.security.Role;
import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentItemL10NManager; import org.librecms.contentsection.ContentItemL10NManager;
import org.librecms.contentsection.ContentItemManager; import org.librecms.contentsection.ContentItemManager;
@ -117,6 +120,9 @@ public class DocumentFolderController {
@Inject @Inject
private PermissionChecker permissionChecker; private PermissionChecker permissionChecker;
@Inject
private PermissionManager permissionManager;
@GET @GET
@Path("/") @Path("/")
@AuthorizationRequired @AuthorizationRequired
@ -228,6 +234,20 @@ public class DocumentFolderController {
ItemPrivileges.CREATE_NEW, folder ItemPrivileges.CREATE_NEW, folder
) )
); );
documentFolderModel.setCanAdminister(
permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, folder
)
);
documentFolderModel.setGrantedPermissions(
buildPermissionsMatrix(section, folder)
);
documentFolderModel.setPrivileges(
permissionManager.listDefiniedPrivileges(ItemPrivileges.class)
);
documentFolderModel.setCurrentUserPermissions(
buildCurrentUserPermissions(folder)
);
return "org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml"; return "org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml";
} }
@ -627,7 +647,6 @@ public class DocumentFolderController {
).orElse("?") ).orElse("?")
); );
row.setPermissions(buildItemPermissionsModel(contentItem)); row.setPermissions(buildItemPermissionsModel(contentItem));
} }
return row; return row;
@ -693,7 +712,7 @@ public class DocumentFolderController {
private ItemPermissionsModel buildItemPermissionsModel( private ItemPermissionsModel buildItemPermissionsModel(
final ContentItem item final ContentItem item
) { ) {
final ItemPermissionsModel model = new ItemPermissionsModel(); final ItemPermissionsModel model = new ItemPermissionsModel();
model.setGrantedAdminister( model.setGrantedAdminister(
permissionChecker.isPermitted( permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, item ItemPrivileges.ADMINISTER, item
@ -747,4 +766,80 @@ final ItemPermissionsModel model = new ItemPermissionsModel();
return model; return model;
} }
private List<PrivilegesGrantedToRoleModel> buildPermissionsMatrix(
final ContentSection section, final Folder folder
) {
return section
.getRoles()
.stream()
.map(role -> buildPrivilegesGrantedToRoleModel(role, folder))
.collect(Collectors.toList());
}
private PrivilegesGrantedToRoleModel buildPrivilegesGrantedToRoleModel(
final Role role, final Folder folder
) {
final List<GrantedPrivilegeModel> grantedPrivilges = permissionManager
.listDefiniedPrivileges(ItemPrivileges.class)
.stream()
.map(
privilege -> buildGrantedPrivilegeModel(
role,
folder,
privilege,
permissionManager.findPermissionsForRoleAndObject(
role, folder
)
)
)
.collect(Collectors.toList());
final PrivilegesGrantedToRoleModel model = new PrivilegesGrantedToRoleModel();
model.setGrantedPrivileges(grantedPrivilges);
model.setGrantee(role.getName());
return model;
}
private GrantedPrivilegeModel buildGrantedPrivilegeModel(
final Role role,
final Folder folder,
final String privilege,
final List<Permission> permissions
) {
final GrantedPrivilegeModel model = new GrantedPrivilegeModel();
model.setGranted(permissionChecker.isPermitted(privilege, folder, role));
model.setInherited(
model.isGranted()
&& permissions
.stream()
.anyMatch(
permission
-> permission.getGrantee().equals(role)
&& permission.getGrantedPrivilege().equals(privilege)
)
);
model.setPrivilege(privilege);
return model;
}
private List<GrantedPrivilegeModel> buildCurrentUserPermissions(
final Folder folder
) {
return permissionManager
.listDefiniedPrivileges(ItemPrivileges.class)
.stream()
.map(privilege -> buildCurrentUserPermission(folder, privilege))
.collect(Collectors.toList());
}
private GrantedPrivilegeModel buildCurrentUserPermission(
final Folder folder, final String privilege
) {
final GrantedPrivilegeModel model = new GrantedPrivilegeModel();
model.setPrivilege(privilege);
model.setGranted(permissionChecker.isPermitted(privilege, folder));
return model;
}
} }

46
ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderModel.java
View File

@ -37,6 +37,14 @@ public class DocumentFolderModel {
private boolean canCreateItems; private boolean canCreateItems;
private boolean canAdminister;
private List<GrantedPrivilegeModel> currentUserPermissions;
private List<PrivilegesGrantedToRoleModel> grantedPermissions;
private List<String> privileges;
public long getCount() { public long getCount() {
return count; return count;
} }
@ -103,7 +111,6 @@ public class DocumentFolderModel {
this.canCreateSubFolders = canCreateSubFolders; this.canCreateSubFolders = canCreateSubFolders;
} }
public boolean isCanCreateItems() { public boolean isCanCreateItems() {
return canCreateItems; return canCreateItems;
} }
@ -111,4 +118,41 @@ public class DocumentFolderModel {
protected void setCanCreateItems(final boolean canCreateItems) { protected void setCanCreateItems(final boolean canCreateItems) {
this.canCreateItems = canCreateItems; this.canCreateItems = canCreateItems;
} }
public boolean isCanAdminister() {
return canAdminister;
}
public void setCanAdminister(boolean canAdminister) {
this.canAdminister = canAdminister;
}
public List<PrivilegesGrantedToRoleModel> getGrantedPermissions() {
return Collections.unmodifiableList(grantedPermissions);
}
public void setGrantedPermissions(
final List<PrivilegesGrantedToRoleModel> grantedPermissions
) {
this.grantedPermissions = grantedPermissions;
}
public List<String> getPrivileges() {
return Collections.unmodifiableList(privileges);
}
public void setPrivileges(final List<String> privileges) {
this.privileges = privileges;
}
public List<GrantedPrivilegeModel> getCurrentUserPermissions() {
return Collections.unmodifiableList(currentUserPermissions);
}
public void setCurrentUserPermissions(
final List<GrantedPrivilegeModel> currentUserPermissions
) {
this.currentUserPermissions = new ArrayList<>(currentUserPermissions);
}
} }

44
ccm-cms/src/main/java/org/librecms/ui/contentsections/GrantedPrivilegeModel.java 100644
View File

@ -0,0 +1,44 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public class GrantedPrivilegeModel {
private String privilege;
private boolean granted;
private boolean inherited;
public String getPrivilege() {
return privilege;
}
protected void setPrivilege(final String privilege) {
this.privilege = privilege;
}
public boolean isGranted() {
return granted;
}
protected void setGranted(final boolean granted) {
this.granted = granted;
}
public boolean isInherited() {
return inherited;
}
protected void setInherited(final boolean inherited) {
this.inherited = inherited;
}
}

40
ccm-cms/src/main/java/org/librecms/ui/contentsections/PrivilegesGrantedToRoleModel.java 100644
View File

@ -0,0 +1,40 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import java.util.Collections;
import java.util.List;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public class PrivilegesGrantedToRoleModel {
private String grantee;
private List<GrantedPrivilegeModel> grantedPrivileges;
public String getGrantee() {
return grantee;
}
public void setGrantee(final String grantee) {
this.grantee = grantee;
}
public List<GrantedPrivilegeModel> getGrantedPrivileges() {
return Collections.unmodifiableList(grantedPrivileges);
}
public void setGrantedPrivileges(
final List<GrantedPrivilegeModel> grantedPrivileges
) {
this.grantedPrivileges = grantedPrivileges;
}
}

126
ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml
View File

@ -287,10 +287,48 @@
<td> <td>
<c:if test="#{row.permissions.grantedAdminister}"> <c:if test="#{row.permissions.grantedAdminister}">
<button class="btn btn-info" <button class="btn btn-info"
data-toggle="modal"
data-target="#edit-permissions-item-#{row.name}"
title="#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}"> title="#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}">
<bootstrap:svgIcon icon="shield" /> <bootstrap:svgIcon icon="shield" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}</span> <span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}</span>
</button> </button>
<div aria-hidden="true"
aria-labelledby="edit-permisisons-item-#{row.name}-title"
id="edit-permissions-item-#{row.name}"
class="modal fade"
tabindex="-1">
<div class="modal-dialog">
<form action="#{mvc.basePath}/#{ContentSectionModel.sectionName}/documentfolders/#{DocumentFolderModel.path}/#{row.name}"
class="modal-content">
<div class="modal-header">
<h2 class="modal-title"
id="edit-permissions-item-#{row.name}-title">
<c:choose>
<c:when test="#{row.folder}">
#{CmsAdminMessages.getMessage('contentsection.documentfolder.edit_permissions_dialog.title.folder', [row.name])}
</c:when>
<c:otherwise>
#{CmsAdminMessages.getMessage('contentsection.documentfolder.edit_permissions_dialog.title.item', [row.name])}
</c:otherwise>
</c:choose>
<button aria-label="Close"
class="#{CmsAdminMessages['contentsection.documentfolder.edit_permissions_dialog.close']}"
data-dismiss="modal"
type="button" >
<span aria-hidden="true">&times;</span>
</button>
</h2>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
</div>
</form>
</div>
</div>
</c:if> </c:if>
</td> </td>
<td> <td>
@ -357,6 +395,94 @@
</c:choose> </c:choose>
</ul> </ul>
</nav> </nav>
<h2>#{CmsAdminMessages['contentsection.documentfolder.your_permissions.title']}</h2>
<table class="table table-hover">
<thead class="thead-light">
<tr>
<c:forEach items="#{DocumentFolderModel.privileges}"
var="privilege">
<th class="text-center">
<code>#{CmsAdminMessages['item_permissions.'.concat(privilege)]}</code>
</th>
</c:forEach>
</tr>
</thead>
<tbody>
<tr>
<c:forEach items="#{DocumentFolderModel.currentUserPermissions}"
var="granted">
<td class="text-center">
<c:choose>
<c:when test="#{granted.granted}">
<div class="text-success">
<bootstrap:svgIcon icon="check" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.granted']}</span>
</div>
</c:when>
<c:otherwise>
<div class="text-danger">
<bootstrap:svgIcon icon="x" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.denied']}</span>
</div>
</c:otherwise>
</c:choose>
</td>
</c:forEach>
</tr>
</tbody>
</table>
<c:if test="#{DocumentFolderModel.canAdminister}">
<h2>#{CmsAdminMessages['contentsection.documentfolder.permissions.title']}</h2>
<table class="table table-hover permissions-table">
<thead class="thead-light">
<tr>
<th class="">
#{CmsAdminMessages['contentsection.documentfolder.permissions.role.header']}
</th>
<c:forEach items="#{DocumentFolderModel.privileges}"
var="privilege">
<th class="text-center">
<code>#{CmsAdminMessages['item_permissions.'.concat(privilege)]}</code>
</th>
</c:forEach>
</tr>
</thead>
<tbody>
<c:forEach items="#{DocumentFolderModel.grantedPermissions}"
var="permissions">
<tr>
<td>#{permissions.grantee}</td>
<c:forEach items="#{permissions.grantedPrivileges}"
var="granted">
<td class="text-center">
<c:choose>
<c:when test="#{granted.inherited}">
<div class="text-success">
<bootstrap:svgIcon icon="check" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.inherited']}</span>
</div>
</c:when>
<c:when test="#{granted.granted}">
<div class="text-secondary">
<bootstrap:svgIcon icon="check" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.granted']}</span>
</div>
</c:when>
<c:otherwise>
<div class="text-danger">
<bootstrap:svgIcon icon="x" />
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.denied']}</span>
</div>
</c:otherwise>
</c:choose>
</td>
</c:forEach>
</tr>
</c:forEach>
</tbody>
</table>
</c:if>
</div> </div>
</div> </div>
</div> </div>

19
ccm-cms/src/main/resources/org/librecms/CmsAdminMessages.properties
View File

@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Cancel
contentsection.documentfolders.root.title=Documents contentsection.documentfolders.root.title=Documents
contentsection.documentfolder.actions.rename_folder.button.label=Rename folder contentsection.documentfolder.actions.rename_folder.button.label=Rename folder
contentsection.documentfolder.actions.edit_permissions.button.label=Edit permissions contentsection.documentfolder.actions.edit_permissions.button.label=Edit permissions
contentsection.documentfolder.edit_permissions_dialog.title.item=Edit permissions for item {0}
contentsection.documentfolder.edit_permissions_dialog.title.folder=Edit permissions for folder {0}
contentsection.documentfolder.edit_permissions_dialog.close=Cancel
contentsection.documentfolder.permissions.title=Permissions
contentsection.documentfolder.permissions.role.header=Role
contentsection.documentfolder.permissions.inherited=Granted (Inherited)
contentsection.documentfolder.permissions.granted=Granted
contentsection.documentfolder.permissions.denied=Denied
item_permissions.administer_items=Administer items
item_permissions.apply_alternate_workflow=Apply alternate workflow
item_permissions.approve_items=Approve
item_permissions.categorize_items=Categorizie
item_permissions.create_new_items=Create
item_permissions.delete_items=Delete
item_permissions.edit_items=Edit
item_permissions.preview_items=Preview
item_permissions.publish_items=Publish
item_permissions.view_published_items=View
contentsection.documentfolder.your_permissions.title=Your permissions

19
ccm-cms/src/main/resources/org/librecms/CmsAdminMessages_de.properties
View File

@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Abbrechen
contentsection.documentfolders.root.title=Dokumente contentsection.documentfolders.root.title=Dokumente
contentsection.documentfolder.actions.rename_folder.button.label=Ordner umbebennen contentsection.documentfolder.actions.rename_folder.button.label=Ordner umbebennen
contentsection.documentfolder.actions.edit_permissions.button.label=Berechtigungen bearbeiten contentsection.documentfolder.actions.edit_permissions.button.label=Berechtigungen bearbeiten
contentsection.documentfolder.edit_permissions_dialog.title.item=Berechtigungen f\u00fcr Dokument {0} bearbeiten
contentsection.documentfolder.edit_permissions_dialog.title.folder=Berechtigungen f\u00fcr Folder {0} bearbeiten
contentsection.documentfolder.edit_permissions_dialog.close=Abbrechen
contentsection.documentfolder.permissions.title=Berechtigungen
contentsection.documentfolder.permissions.role.header=Rolle
contentsection.documentfolder.permissions.inherited=Gew\u00e4hrt (Geerbt)
contentsection.documentfolder.permissions.granted=Gew\u00e4hrt
contentsection.documentfolder.permissions.denied=Verweigert
item_permissions.administer_items=Dokumente verwalten
item_permissions.apply_alternate_workflow=Alternativen Arbeitsablauf anwenden
item_permissions.approve_items=Freigeben
item_permissions.categorize_items=Kategorizieren
item_permissions.create_new_items=Anlegen
item_permissions.delete_items=L\u00f6schen
item_permissions.edit_items=Bearbeiten
item_permissions.preview_items=Vorschau
item_permissions.publish_items=Publizieren
item_permissions.view_published_items=Ansehen
contentsection.documentfolder.your_permissions.title=Ihre Berechtigungen

1
ccm-cms/src/main/scss/content-sections/_custom.scss
View File

@ -76,3 +76,4 @@ table.contentsections-table {
} }
} }
} }