parent
8aa371571d
commit
dd6070384a
|
|
@ -18,7 +18,15 @@
|
|||
*/
|
||||
package org.librecms.contentsection.privileges;
|
||||
|
||||
import org.libreccm.workflow.Workflow;
|
||||
import org.librecms.contentsection.ContentItem;
|
||||
import org.librecms.contentsection.ContentSection;
|
||||
import org.librecms.contentsection.Folder;
|
||||
import org.librecms.contentsection.rs.ContentItems;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Constants for privileges allowing actions on the items of a content section.
|
||||
|
|
|
|||
|
|
@ -11,7 +11,10 @@ import org.libreccm.api.Identifier;
|
|||
import org.libreccm.api.IdentifierParser;
|
||||
import org.libreccm.l10n.GlobalizationHelper;
|
||||
import org.libreccm.security.AuthorizationRequired;
|
||||
import org.libreccm.security.Permission;
|
||||
import org.libreccm.security.PermissionChecker;
|
||||
import org.libreccm.security.PermissionManager;
|
||||
import org.libreccm.security.Role;
|
||||
import org.librecms.contentsection.ContentItem;
|
||||
import org.librecms.contentsection.ContentItemL10NManager;
|
||||
import org.librecms.contentsection.ContentItemManager;
|
||||
|
|
@ -117,6 +120,9 @@ public class DocumentFolderController {
|
|||
@Inject
|
||||
private PermissionChecker permissionChecker;
|
||||
|
||||
@Inject
|
||||
private PermissionManager permissionManager;
|
||||
|
||||
@GET
|
||||
@Path("/")
|
||||
@AuthorizationRequired
|
||||
|
|
@ -228,6 +234,20 @@ public class DocumentFolderController {
|
|||
ItemPrivileges.CREATE_NEW, folder
|
||||
)
|
||||
);
|
||||
documentFolderModel.setCanAdminister(
|
||||
permissionChecker.isPermitted(
|
||||
ItemPrivileges.ADMINISTER, folder
|
||||
)
|
||||
);
|
||||
documentFolderModel.setGrantedPermissions(
|
||||
buildPermissionsMatrix(section, folder)
|
||||
);
|
||||
documentFolderModel.setPrivileges(
|
||||
permissionManager.listDefiniedPrivileges(ItemPrivileges.class)
|
||||
);
|
||||
documentFolderModel.setCurrentUserPermissions(
|
||||
buildCurrentUserPermissions(folder)
|
||||
);
|
||||
|
||||
return "org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml";
|
||||
}
|
||||
|
|
@ -627,7 +647,6 @@ public class DocumentFolderController {
|
|||
).orElse("?")
|
||||
);
|
||||
row.setPermissions(buildItemPermissionsModel(contentItem));
|
||||
|
||||
}
|
||||
|
||||
return row;
|
||||
|
|
@ -693,7 +712,7 @@ public class DocumentFolderController {
|
|||
private ItemPermissionsModel buildItemPermissionsModel(
|
||||
final ContentItem item
|
||||
) {
|
||||
final ItemPermissionsModel model = new ItemPermissionsModel();
|
||||
final ItemPermissionsModel model = new ItemPermissionsModel();
|
||||
model.setGrantedAdminister(
|
||||
permissionChecker.isPermitted(
|
||||
ItemPrivileges.ADMINISTER, item
|
||||
|
|
@ -747,4 +766,80 @@ final ItemPermissionsModel model = new ItemPermissionsModel();
|
|||
return model;
|
||||
}
|
||||
|
||||
private List<PrivilegesGrantedToRoleModel> buildPermissionsMatrix(
|
||||
final ContentSection section, final Folder folder
|
||||
) {
|
||||
return section
|
||||
.getRoles()
|
||||
.stream()
|
||||
.map(role -> buildPrivilegesGrantedToRoleModel(role, folder))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
private PrivilegesGrantedToRoleModel buildPrivilegesGrantedToRoleModel(
|
||||
final Role role, final Folder folder
|
||||
) {
|
||||
final List<GrantedPrivilegeModel> grantedPrivilges = permissionManager
|
||||
.listDefiniedPrivileges(ItemPrivileges.class)
|
||||
.stream()
|
||||
.map(
|
||||
privilege -> buildGrantedPrivilegeModel(
|
||||
role,
|
||||
folder,
|
||||
privilege,
|
||||
permissionManager.findPermissionsForRoleAndObject(
|
||||
role, folder
|
||||
)
|
||||
)
|
||||
)
|
||||
.collect(Collectors.toList());
|
||||
|
||||
final PrivilegesGrantedToRoleModel model = new PrivilegesGrantedToRoleModel();
|
||||
model.setGrantedPrivileges(grantedPrivilges);
|
||||
model.setGrantee(role.getName());
|
||||
|
||||
return model;
|
||||
}
|
||||
|
||||
private GrantedPrivilegeModel buildGrantedPrivilegeModel(
|
||||
final Role role,
|
||||
final Folder folder,
|
||||
final String privilege,
|
||||
final List<Permission> permissions
|
||||
) {
|
||||
final GrantedPrivilegeModel model = new GrantedPrivilegeModel();
|
||||
model.setGranted(permissionChecker.isPermitted(privilege, folder, role));
|
||||
model.setInherited(
|
||||
model.isGranted()
|
||||
&& permissions
|
||||
.stream()
|
||||
.anyMatch(
|
||||
permission
|
||||
-> permission.getGrantee().equals(role)
|
||||
&& permission.getGrantedPrivilege().equals(privilege)
|
||||
)
|
||||
);
|
||||
model.setPrivilege(privilege);
|
||||
|
||||
return model;
|
||||
}
|
||||
|
||||
private List<GrantedPrivilegeModel> buildCurrentUserPermissions(
|
||||
final Folder folder
|
||||
) {
|
||||
return permissionManager
|
||||
.listDefiniedPrivileges(ItemPrivileges.class)
|
||||
.stream()
|
||||
.map(privilege -> buildCurrentUserPermission(folder, privilege))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
private GrantedPrivilegeModel buildCurrentUserPermission(
|
||||
final Folder folder, final String privilege
|
||||
) {
|
||||
final GrantedPrivilegeModel model = new GrantedPrivilegeModel();
|
||||
model.setPrivilege(privilege);
|
||||
model.setGranted(permissionChecker.isPermitted(privilege, folder));
|
||||
return model;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,6 +37,14 @@ public class DocumentFolderModel {
|
|||
|
||||
private boolean canCreateItems;
|
||||
|
||||
private boolean canAdminister;
|
||||
|
||||
private List<GrantedPrivilegeModel> currentUserPermissions;
|
||||
|
||||
private List<PrivilegesGrantedToRoleModel> grantedPermissions;
|
||||
|
||||
private List<String> privileges;
|
||||
|
||||
public long getCount() {
|
||||
return count;
|
||||
}
|
||||
|
|
@ -103,7 +111,6 @@ public class DocumentFolderModel {
|
|||
this.canCreateSubFolders = canCreateSubFolders;
|
||||
}
|
||||
|
||||
|
||||
public boolean isCanCreateItems() {
|
||||
return canCreateItems;
|
||||
}
|
||||
|
|
@ -111,4 +118,41 @@ public class DocumentFolderModel {
|
|||
protected void setCanCreateItems(final boolean canCreateItems) {
|
||||
this.canCreateItems = canCreateItems;
|
||||
}
|
||||
|
||||
public boolean isCanAdminister() {
|
||||
return canAdminister;
|
||||
}
|
||||
|
||||
public void setCanAdminister(boolean canAdminister) {
|
||||
this.canAdminister = canAdminister;
|
||||
}
|
||||
|
||||
public List<PrivilegesGrantedToRoleModel> getGrantedPermissions() {
|
||||
return Collections.unmodifiableList(grantedPermissions);
|
||||
}
|
||||
|
||||
public void setGrantedPermissions(
|
||||
final List<PrivilegesGrantedToRoleModel> grantedPermissions
|
||||
) {
|
||||
this.grantedPermissions = grantedPermissions;
|
||||
}
|
||||
|
||||
public List<String> getPrivileges() {
|
||||
return Collections.unmodifiableList(privileges);
|
||||
}
|
||||
|
||||
public void setPrivileges(final List<String> privileges) {
|
||||
this.privileges = privileges;
|
||||
}
|
||||
|
||||
public List<GrantedPrivilegeModel> getCurrentUserPermissions() {
|
||||
return Collections.unmodifiableList(currentUserPermissions);
|
||||
}
|
||||
|
||||
public void setCurrentUserPermissions(
|
||||
final List<GrantedPrivilegeModel> currentUserPermissions
|
||||
) {
|
||||
this.currentUserPermissions = new ArrayList<>(currentUserPermissions);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package org.librecms.ui.contentsections;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
|
||||
*/
|
||||
public class GrantedPrivilegeModel {
|
||||
|
||||
private String privilege;
|
||||
|
||||
private boolean granted;
|
||||
|
||||
private boolean inherited;
|
||||
|
||||
public String getPrivilege() {
|
||||
return privilege;
|
||||
}
|
||||
|
||||
protected void setPrivilege(final String privilege) {
|
||||
this.privilege = privilege;
|
||||
}
|
||||
|
||||
public boolean isGranted() {
|
||||
return granted;
|
||||
}
|
||||
|
||||
protected void setGranted(final boolean granted) {
|
||||
this.granted = granted;
|
||||
}
|
||||
|
||||
public boolean isInherited() {
|
||||
return inherited;
|
||||
}
|
||||
|
||||
protected void setInherited(final boolean inherited) {
|
||||
this.inherited = inherited;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package org.librecms.ui.contentsections;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
|
||||
*/
|
||||
public class PrivilegesGrantedToRoleModel {
|
||||
|
||||
private String grantee;
|
||||
|
||||
private List<GrantedPrivilegeModel> grantedPrivileges;
|
||||
|
||||
public String getGrantee() {
|
||||
return grantee;
|
||||
}
|
||||
|
||||
public void setGrantee(final String grantee) {
|
||||
this.grantee = grantee;
|
||||
}
|
||||
|
||||
public List<GrantedPrivilegeModel> getGrantedPrivileges() {
|
||||
return Collections.unmodifiableList(grantedPrivileges);
|
||||
}
|
||||
|
||||
public void setGrantedPrivileges(
|
||||
final List<GrantedPrivilegeModel> grantedPrivileges
|
||||
) {
|
||||
this.grantedPrivileges = grantedPrivileges;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -287,10 +287,48 @@
|
|||
<td>
|
||||
<c:if test="#{row.permissions.grantedAdminister}">
|
||||
<button class="btn btn-info"
|
||||
data-toggle="modal"
|
||||
data-target="#edit-permissions-item-#{row.name}"
|
||||
title="#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}">
|
||||
<bootstrap:svgIcon icon="shield" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.actions.edit_permissions.button.label']}</span>
|
||||
</button>
|
||||
<div aria-hidden="true"
|
||||
aria-labelledby="edit-permisisons-item-#{row.name}-title"
|
||||
id="edit-permissions-item-#{row.name}"
|
||||
class="modal fade"
|
||||
tabindex="-1">
|
||||
<div class="modal-dialog">
|
||||
<form action="#{mvc.basePath}/#{ContentSectionModel.sectionName}/documentfolders/#{DocumentFolderModel.path}/#{row.name}"
|
||||
class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h2 class="modal-title"
|
||||
id="edit-permissions-item-#{row.name}-title">
|
||||
<c:choose>
|
||||
<c:when test="#{row.folder}">
|
||||
#{CmsAdminMessages.getMessage('contentsection.documentfolder.edit_permissions_dialog.title.folder', [row.name])}
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
#{CmsAdminMessages.getMessage('contentsection.documentfolder.edit_permissions_dialog.title.item', [row.name])}
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
<button aria-label="Close"
|
||||
class="#{CmsAdminMessages['contentsection.documentfolder.edit_permissions_dialog.close']}"
|
||||
data-dismiss="modal"
|
||||
type="button" >
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</h2>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</c:if>
|
||||
</td>
|
||||
<td>
|
||||
|
|
@ -357,6 +395,94 @@
|
|||
</c:choose>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
<h2>#{CmsAdminMessages['contentsection.documentfolder.your_permissions.title']}</h2>
|
||||
<table class="table table-hover">
|
||||
<thead class="thead-light">
|
||||
<tr>
|
||||
<c:forEach items="#{DocumentFolderModel.privileges}"
|
||||
var="privilege">
|
||||
<th class="text-center">
|
||||
<code>#{CmsAdminMessages['item_permissions.'.concat(privilege)]}</code>
|
||||
</th>
|
||||
</c:forEach>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<c:forEach items="#{DocumentFolderModel.currentUserPermissions}"
|
||||
var="granted">
|
||||
<td class="text-center">
|
||||
<c:choose>
|
||||
<c:when test="#{granted.granted}">
|
||||
<div class="text-success">
|
||||
<bootstrap:svgIcon icon="check" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.granted']}</span>
|
||||
</div>
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<div class="text-danger">
|
||||
<bootstrap:svgIcon icon="x" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.denied']}</span>
|
||||
</div>
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
</td>
|
||||
</c:forEach>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<c:if test="#{DocumentFolderModel.canAdminister}">
|
||||
<h2>#{CmsAdminMessages['contentsection.documentfolder.permissions.title']}</h2>
|
||||
<table class="table table-hover permissions-table">
|
||||
<thead class="thead-light">
|
||||
<tr>
|
||||
<th class="">
|
||||
#{CmsAdminMessages['contentsection.documentfolder.permissions.role.header']}
|
||||
</th>
|
||||
<c:forEach items="#{DocumentFolderModel.privileges}"
|
||||
var="privilege">
|
||||
<th class="text-center">
|
||||
<code>#{CmsAdminMessages['item_permissions.'.concat(privilege)]}</code>
|
||||
</th>
|
||||
</c:forEach>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<c:forEach items="#{DocumentFolderModel.grantedPermissions}"
|
||||
var="permissions">
|
||||
<tr>
|
||||
<td>#{permissions.grantee}</td>
|
||||
<c:forEach items="#{permissions.grantedPrivileges}"
|
||||
var="granted">
|
||||
<td class="text-center">
|
||||
<c:choose>
|
||||
<c:when test="#{granted.inherited}">
|
||||
<div class="text-success">
|
||||
<bootstrap:svgIcon icon="check" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.inherited']}</span>
|
||||
</div>
|
||||
</c:when>
|
||||
<c:when test="#{granted.granted}">
|
||||
<div class="text-secondary">
|
||||
<bootstrap:svgIcon icon="check" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.granted']}</span>
|
||||
</div>
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<div class="text-danger">
|
||||
<bootstrap:svgIcon icon="x" />
|
||||
<span class="sr-only">#{CmsAdminMessages['contentsection.documentfolder.permissions.denied']}</span>
|
||||
</div>
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
</td>
|
||||
</c:forEach>
|
||||
</tr>
|
||||
</c:forEach>
|
||||
</tbody>
|
||||
</table>
|
||||
</c:if>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Cancel
|
|||
contentsection.documentfolders.root.title=Documents
|
||||
contentsection.documentfolder.actions.rename_folder.button.label=Rename folder
|
||||
contentsection.documentfolder.actions.edit_permissions.button.label=Edit permissions
|
||||
contentsection.documentfolder.edit_permissions_dialog.title.item=Edit permissions for item {0}
|
||||
contentsection.documentfolder.edit_permissions_dialog.title.folder=Edit permissions for folder {0}
|
||||
contentsection.documentfolder.edit_permissions_dialog.close=Cancel
|
||||
contentsection.documentfolder.permissions.title=Permissions
|
||||
contentsection.documentfolder.permissions.role.header=Role
|
||||
contentsection.documentfolder.permissions.inherited=Granted (Inherited)
|
||||
contentsection.documentfolder.permissions.granted=Granted
|
||||
contentsection.documentfolder.permissions.denied=Denied
|
||||
item_permissions.administer_items=Administer items
|
||||
item_permissions.apply_alternate_workflow=Apply alternate workflow
|
||||
item_permissions.approve_items=Approve
|
||||
item_permissions.categorize_items=Categorizie
|
||||
item_permissions.create_new_items=Create
|
||||
item_permissions.delete_items=Delete
|
||||
item_permissions.edit_items=Edit
|
||||
item_permissions.preview_items=Preview
|
||||
item_permissions.publish_items=Publish
|
||||
item_permissions.view_published_items=View
|
||||
contentsection.documentfolder.your_permissions.title=Your permissions
|
||||
|
|
|
|||
|
|
@ -64,3 +64,22 @@ contentsection.documentfolder.new_subfolder_dialog.close=Abbrechen
|
|||
contentsection.documentfolders.root.title=Dokumente
|
||||
contentsection.documentfolder.actions.rename_folder.button.label=Ordner umbebennen
|
||||
contentsection.documentfolder.actions.edit_permissions.button.label=Berechtigungen bearbeiten
|
||||
contentsection.documentfolder.edit_permissions_dialog.title.item=Berechtigungen f\u00fcr Dokument {0} bearbeiten
|
||||
contentsection.documentfolder.edit_permissions_dialog.title.folder=Berechtigungen f\u00fcr Folder {0} bearbeiten
|
||||
contentsection.documentfolder.edit_permissions_dialog.close=Abbrechen
|
||||
contentsection.documentfolder.permissions.title=Berechtigungen
|
||||
contentsection.documentfolder.permissions.role.header=Rolle
|
||||
contentsection.documentfolder.permissions.inherited=Gew\u00e4hrt (Geerbt)
|
||||
contentsection.documentfolder.permissions.granted=Gew\u00e4hrt
|
||||
contentsection.documentfolder.permissions.denied=Verweigert
|
||||
item_permissions.administer_items=Dokumente verwalten
|
||||
item_permissions.apply_alternate_workflow=Alternativen Arbeitsablauf anwenden
|
||||
item_permissions.approve_items=Freigeben
|
||||
item_permissions.categorize_items=Kategorizieren
|
||||
item_permissions.create_new_items=Anlegen
|
||||
item_permissions.delete_items=L\u00f6schen
|
||||
item_permissions.edit_items=Bearbeiten
|
||||
item_permissions.preview_items=Vorschau
|
||||
item_permissions.publish_items=Publizieren
|
||||
item_permissions.view_published_items=Ansehen
|
||||
contentsection.documentfolder.your_permissions.title=Ihre Berechtigungen
|
||||
|
|
|
|||
|
|
@ -76,3 +76,4 @@ table.contentsections-table {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue