Author: ito
Date: Mon Jan 17 10:39:09 2011
New Revision: 1059856
URL: http://svn.apache.org/viewvc?rev=1059856&view=rev
Log:
CLEREZZA-397: access permissions for usermanager implemented
Added:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/PermissionManagerAccessPermission.java
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerAccessPermission.java
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/add-user-template.xhtml
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-permission-template.xhtml
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/update-user-template.xhtml
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/user-permission-template.xhtml
Added:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/PermissionManagerAccessPermission.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/PermissionManagerAccessPermission.java?rev=1059856&view=auto
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/PermissionManagerAccessPermission.java
(added)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/PermissionManagerAccessPermission.java
Mon Jan 17 10:39:09 2011
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.clerezza.platform.usermanager.webinterface;
+
+import java.security.Permission;
+import org.apache.clerezza.permissiondescriptions.PermissionInfo;
+
+/**
+ * Permission to use the Permission-Manager page. Note that the user
+ * additionally needs read/write permission from the system graph and
getPolicy permission
+ *
+ * @author tio
+ */
+@PermissionInfo(value="Permission Manager Access Permission",
description="Grants access " +
+ "to the Permission Manager")
+public class PermissionManagerAccessPermission extends Permission{
+
+ public PermissionManagerAccessPermission() {
+ super("Permission Manager permission");
+ }
+ /**
+ *
+ * @param target ignored
+ * @param action ignored
+ */
+ public PermissionManagerAccessPermission(String target, String actions)
{
+ super("Permission Manager permission");
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ return equals(permission);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ return getClass().equals(obj.getClass());
+ }
+
+ @Override
+ public int hashCode() {
+ return 77987 + "Permission Manager permission".hashCode();
+ }
+
+ @Override
+ public String getActions() {
+ return "";
+ }
+}
Added:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerAccessPermission.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerAccessPermission.java?rev=1059856&view=auto
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerAccessPermission.java
(added)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerAccessPermission.java
Mon Jan 17 10:39:09 2011
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.clerezza.platform.usermanager.webinterface;
+
+import java.security.Permission;
+import org.apache.clerezza.permissiondescriptions.PermissionInfo;
+
+/**
+ * Permission to use the User-Manager page. Note that the user
+ * additionally needs read/write permission from the system graph.
+ *
+ * @author tio
+ */
+@PermissionInfo(value="User Manager Access Permission", description="Grants
access " +
+ "to the User Manager")
+public class UserManagerAccessPermission extends Permission{
+
+ public UserManagerAccessPermission() {
+ super("User Manager permission");
+ }
+ /**
+ *
+ * @param target ignored
+ * @param action ignored
+ */
+ public UserManagerAccessPermission(String target, String actions) {
+ super("User Manager permission");
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ return equals(permission);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ return getClass().equals(obj.getClass());
+ }
+
+ @Override
+ public int hashCode() {
+ return 55784 + "User Manager permission".hashCode();
+ }
+
+ @Override
+ public String getActions() {
+ return "";
+ }
+}
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java?rev=1059856&r1=1059855&r2=1059856&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/java/org/apache/clerezza/platform/usermanager/webinterface/UserManagerWeb.java
Mon Jan 17 10:39:09 2011
@@ -24,8 +24,11 @@ import java.io.UnsupportedEncodingExcept
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
+import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@@ -35,6 +38,7 @@ import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.locks.Lock;
+import javax.security.auth.Subject;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
@@ -139,6 +143,8 @@ public class UserManagerWeb implements G
private final Logger logger = LoggerFactory.getLogger(getClass());
private FileServer fileServer;
+ private final static String ALL_PERMISSION_ENTRY_STRING =
"(java.security.AllPermission \"\" \"\")";
+
protected void activate(final ComponentContext context) throws
IOException,
URISyntaxException {
Bundle bundle = context.getBundleContext().getBundle();
@@ -197,6 +203,7 @@ public class UserManagerWeb implements G
@GET
public Response userMgmtHome(@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
if (uriInfo.getAbsolutePath().toString().endsWith("/")) {
return
RedirectUtil.createSeeOtherResponse("list-users", uriInfo);
}
@@ -208,6 +215,7 @@ public class UserManagerWeb implements G
@Path("list-users")
public GraphNode listUsers(@QueryParam(value = "from") Integer from,
@QueryParam(value = "to") Integer to, @Context UriInfo
uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
MGraph resultGraph = new SimpleMGraph();
@@ -280,7 +288,7 @@ public class UserManagerWeb implements G
@GET
@Path("add-user")
public GraphNode addUser(@Context UriInfo uriInfo) {
-
+ AccessController.checkPermission(new
UserManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
MGraph resultGraph = new SimpleMGraph();
@@ -315,17 +323,29 @@ public class UserManagerWeb implements G
@Consumes("multipart/form")
@Path("add-user")
public Response addUser(MultiPartBody form, @Context UriInfo uriInfo) {
-
+ AccessController.checkPermission(new
UserManagerAccessPermission());
String userName = form.getTextParameterValues("userName")[0];
String email = form.getTextParameterValues("email")[0];
String pathPrefix =
form.getTextParameterValues("pathPrefix")[0];
String psw = form.getTextParameterValues("psw")[0];
String[] userRole = form.getTextParameterValues("userRoles");
- List<String> userRoles = new ArrayList<String>();
- for (int i = 0; i < userRole.length; i++) {
- userRoles.add(userRole[i]);
+ List<String> userRoles = Arrays.asList(userRole);
+
+ String currentUserName = getCurrentUserName();
+ //Checks if logged in user has all permissions.
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(currentUserName);
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+
+ Set<String> currentUserRoleTitles =
retrieveRoleTitlesOfUser(getCurrentUserName());
+ //Current user is not associated with the following roles.
+ Set<String> remainingRoles = new HashSet<String>(userRoles);
+ remainingRoles.removeAll(currentUserRoleTitles);
+ if(!currentUserHasAllPermission && remainingRoles.size() > 0) {
+ return Response.status(Status.FORBIDDEN).entity("You
don't have the "
+ + "permissions to add these roles to a
user.").build();
}
+
StringWriter writer = new StringWriter();
checkParamLength(writer, userName, "Username");
checkQuote(writer, userName, "Username");
@@ -356,6 +376,25 @@ public class UserManagerWeb implements G
return RedirectUtil.createSeeOtherResponse("list-users",
uriInfo);
}
+ private Set<String> retrieveRoleTitlesOfUser(String userName) {
+ NonLiteral user = userManager.getUserByName(userName);
+ Iterator<NonLiteral> roles = userManager.getRolesOfUser(user);
+ Set<String> userRoleTitles = new HashSet<String>();
+ Lock lock = systemGraph.getLock().readLock();
+ lock.lock();
+ try {
+ while(roles.hasNext()) {
+ Iterator<Triple> titles =
systemGraph.filter(roles.next(), DC.title, null);
+ if(titles.hasNext()) {
+ userRoleTitles.add(((Literal)
titles.next().getObject()).getLexicalForm());
+ }
+ }
+ } finally {
+ lock.unlock();
+ }
+ return userRoleTitles;
+ }
+
private void saveCustomUserInformation(LockableMGraph contentGraph,
String userName, List<String> roles, MultiPartBody
form) {
NonLiteral user = getCustomUser(contentGraph, userName);
@@ -418,6 +457,7 @@ public class UserManagerWeb implements G
@QueryParam(value = "roles") String roles,
@QueryParam(value = "user") String userName,
@Context UriInfo uriInfo) throws ParseException {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
LockableMGraph contentGraph = (LockableMGraph)
cgProvider.getContentGraph();
MGraph resultGraph = new SimpleMGraph();
NonLiteral node = new BNode();
@@ -500,6 +540,7 @@ public class UserManagerWeb implements G
public Response deleteUser(@FormParam(value = "userName") String
userName,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
checkUserParam(userName);
userManager.deleteUser(userName);
LockableMGraph contentGraph = (LockableMGraph)
cgProvider.getContentGraph();
@@ -539,6 +580,8 @@ public class UserManagerWeb implements G
@QueryParam(value = "userName") String userName,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
MGraph resultGraph = new SimpleMGraph();
@@ -588,13 +631,92 @@ public class UserManagerWeb implements G
@FormParam(value = "name") String userName,
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkUserParam(userName);
+
+ //Retrieves permissions of the current user.
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+
+ //Retrieves the current permissions of the specified user
+ Iterator<NonLiteral> permissions =
userManager.getPermissionsOfUser(userManager.getUserByName(userName));
+ Set<String> oldPermissionEntries = new HashSet<String>();
+ retrievePermissionEntries(oldPermissionEntries, permissions);
+
+ //Permission, which are already assigned to the specified user.
+ Set<String> addedEntries = new
HashSet<String>(oldPermissionEntries);
+ addedEntries.retainAll(permissionEntries);
+ availablePermissionEntries.addAll(addedEntries);
+ //Permissions, which should be removed.
+ Set<String> removedEntries = new
HashSet<String>(oldPermissionEntries);
+ removedEntries.removeAll(permissionEntries);
+ boolean containsRemovedEntries =
availablePermissionEntries.containsAll(removedEntries);
+ if(!currentUserHasAllPermission &&
(!availablePermissionEntries.containsAll(
+ permissionEntries) || !containsRemovedEntries))
{
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to assign "
+ + "the specified permissions to the
user " + userName + ".").build();
+ }
+
userManager.deleteAllPermissionsOfUser(userName);
userManager.assignPermissionsToUser(userName,
permissionEntries);
return Response.status(Status.CREATED).build();
}
+ private String getCurrentUserName() {
+ final AccessControlContext userContext =
AccessController.getContext();
+ Subject subject = AccessController.doPrivileged(
+ new PrivilegedAction<Subject> (){
+ @Override
+ public Subject run() {
+ return Subject.getSubject(userContext);
+ }
+ });
+ if (subject == null) {
+ return null;
+ }
+ Iterator<Principal> iter = subject.getPrincipals().iterator();
+ String name = null;
+
+ if (iter.hasNext()) {
+ name = iter.next().getName();
+ }
+ return name;
+ }
+
+ private Set<String> retrieveAllPermissionEntriesFromUser(String
userName) {
+ Set<String> permissionEntries = new HashSet<String>();
+ NonLiteral currentUser = (NonLiteral)
userManager.getUserInSystemGraph(userName).getNode();
+ Iterator<NonLiteral> roles =
userManager.getRolesOfUser(currentUser);
+ while(roles.hasNext()) {
+ Iterator<NonLiteral> permissions =
userManager.getPermissionsOfRole(roles.next());
+ retrievePermissionEntries(permissionEntries,
permissions);
+ }
+
+ Iterator<NonLiteral> permissions =
userManager.getPermissionsOfUser(currentUser);
+ retrievePermissionEntries(permissionEntries, permissions);
+ return permissionEntries;
+ }
+
+ private void retrievePermissionEntries(Set<String> permissionEntries,
Iterator<NonLiteral> permissions) {
+ while(permissions.hasNext()) {
+ NonLiteral permission = permissions.next();
+ Lock lock = systemGraph.getLock().readLock();
+ lock.lock();
+ try {
+ Iterator<Triple> triples =
systemGraph.filter(permission, PERMISSION.javaPermissionEntry, null);
+ if(triples.hasNext()) {
+ Literal entry = (Literal)
triples.next().getObject();
+
permissionEntries.add(entry.getLexicalForm());
+ }
+ } finally {
+ lock.unlock();
+ }
+ }
+ }
+
+
/**
* add user permissionEntries
*/
@@ -604,7 +726,19 @@ public class UserManagerWeb implements G
@FormParam(value = "name") String userName,
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkUserParam(userName);
+
+ //Retrieves permissions from current user.
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+ if(!currentUserHasAllPermission &&
!availablePermissionEntries.containsAll(permissionEntries)) {
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to assign "
+ + "the specified permissions to the
user " + userName + ".").build();
+ }
+
userManager.assignPermissionsToUser(userName,
permissionEntries);
try {
return RedirectUtil.createSeeOtherResponse(
@@ -624,7 +758,18 @@ public class UserManagerWeb implements G
@FormParam(value = "name") String userName,
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkUserParam(userName);
+
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+ if(!currentUserHasAllPermission &&
!availablePermissionEntries.containsAll(permissionEntries)) {
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to delete "
+ + "the specified permissions from the
user " + userName + ". Refresh the page to get the correct
permissions.").build();
+ }
+
userManager.deletePermissionsOfUser(userName,
permissionEntries);
try {
return RedirectUtil.createSeeOtherResponse(
@@ -640,6 +785,7 @@ public class UserManagerWeb implements G
public GraphNode updateUser(
@QueryParam(value = "userName") String userName,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
NonLiteral user = userManager.getUserByName(userName);
@@ -701,16 +847,43 @@ public class UserManagerWeb implements G
public Response updateUser(MultiPartBody form, @Context UriInfo uriInfo)
throws UnsupportedEncodingException {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
String userName = getTextParamValueOfForm(form, 0, "userName");
String pathPrefix = getTextParamValueOfForm(form, 0,
"pathPrefix");
String[] userRole = form.getTextParameterValues("userRoles");
List<String> userRoleList = Arrays.asList(userRole);
String email = getTextParamValueOfForm(form, 0, "email");
+
if (email != null) {
email = email.replaceAll("mailto:";, "");
}
NonLiteral user = (NonLiteral)
userManager.getUserInSystemGraph(userName).getNode();
if (user != null) {
+
+ //Check if the currently logged in user has the all
permissions
+ String currentUserName = getCurrentUserName();
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(currentUserName);
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+
+ //Retrieve all currently assigned roles of the
specified user
+ Set<String> oldRoles =
retrieveRoleTitlesOfUser(userName);
+ Set<String> currentUserRoleTitles =
retrieveRoleTitlesOfUser(getCurrentUserName());
+
+ //Roles, which are already assigned
+ Set<String> alreadyAssignedRoles = new
HashSet<String>(oldRoles);
+ alreadyAssignedRoles.retainAll(userRoleList);
+ currentUserRoleTitles.addAll(alreadyAssignedRoles);
+
+ //Roles, which are currently assigned but removed after
the update.
+ Set<String> removedRoles = new
HashSet<String>(oldRoles);
+ removedRoles.removeAll(userRoleList);
+ boolean containsRemovedRoles =
currentUserRoleTitles.containsAll(removedRoles);
+
+ if(!currentUserHasAllPermission &&
(!currentUserRoleTitles.containsAll(userRoleList)
+ || !containsRemovedRoles)) {
+ return
Response.status(Status.FORBIDDEN).entity("You don't have the "
+ + "permission to assign these
permissions to the user.").build();
+ }
userManager.updateUser(userName, email, null,
userRoleList,
pathPrefix);
LockableMGraph contentGraph = (LockableMGraph)
cgProvider.getContentGraph();
@@ -730,6 +903,7 @@ public class UserManagerWeb implements G
@GET
@Path("list-roles")
public GraphNode listRoles(@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
MGraph resultGraph = new SimpleMGraph();
@@ -761,6 +935,7 @@ public class UserManagerWeb implements G
public Response addRole(@FormParam(value = "roleTitle") String title,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
StringWriter writer = new StringWriter();
checkParamLength(writer, title, "Role title");
checkQuote(writer, title, "Role title");
@@ -788,6 +963,7 @@ public class UserManagerWeb implements G
public Response deleteRole(@FormParam(value = "roleTitle") String title,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
checkRoleParam(title);
userManager.deleteRole(title);
return RedirectUtil.createSeeOtherResponse("list-roles",
uriInfo);
@@ -812,6 +988,9 @@ public class UserManagerWeb implements G
public GraphNode manageRolePermissions(
@QueryParam(value = "roleTitle") String title,
@Context UriInfo uriInfo) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
TrailingSlash.enforceNotPresent(uriInfo);
MGraph resultGraph = new SimpleMGraph();
@@ -858,7 +1037,17 @@ public class UserManagerWeb implements G
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkRoleParam(title);
+ //Retrieves permissions from current user
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+ if(!currentUserHasAllPermission &&
!availablePermissionEntries.containsAll(permissionEntries)) {
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to assign "
+ + "the specified permissions to the
role " + title + ".").build();
+ }
+
userManager.assignPermissionsToRole(title, permissionEntries);
try {
return RedirectUtil.createSeeOtherResponse(
@@ -879,7 +1068,17 @@ public class UserManagerWeb implements G
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkRoleParam(title);
+
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+ if(!currentUserHasAllPermission &&
!availablePermissionEntries.containsAll(permissionEntries)) {
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to delete "
+ + "the specified permissions from the
role " + title + ".").build();
+ }
+
userManager.deletePermissionsOfRole(title, permissionEntries);
try {
return RedirectUtil.createSeeOtherResponse(
@@ -900,7 +1099,30 @@ public class UserManagerWeb implements G
@FormParam(value = "permEntries") List<String>
permissionEntries,
@Context UriInfo uriInfo) {
+ AccessController.checkPermission(new
UserManagerAccessPermission());
+ AccessController.checkPermission(new
PermissionManagerAccessPermission());
checkRoleParam(title);
+
+ Set<String> availablePermissionEntries =
retrieveAllPermissionEntriesFromUser(getCurrentUserName());
+ boolean currentUserHasAllPermission =
availablePermissionEntries.contains(ALL_PERMISSION_ENTRY_STRING);
+ Iterator<NonLiteral> permissions =
userManager.getPermissionsOfRole(
+ userManager.getRoleByTitle(title));
+
+ Set<String> oldPermissionEntries = new HashSet<String>();
+ retrievePermissionEntries(oldPermissionEntries, permissions);
+
+ Set<String> addEntries = new
HashSet<String>(oldPermissionEntries);
+ addEntries.retainAll(permissionEntries);
+ availablePermissionEntries.addAll(addEntries);
+ Set<String> removedEntries = new
HashSet<String>(oldPermissionEntries);
+ removedEntries.removeAll(permissionEntries);
+ boolean containsRemovedEntries =
availablePermissionEntries.containsAll(removedEntries);
+ if(!currentUserHasAllPermission &&
(!availablePermissionEntries.containsAll(
+ permissionEntries) || !containsRemovedEntries))
{
+ return Response.status(Status.FORBIDDEN).entity("You
are not allowed to assign "
+ + "the specified permissions to the
role " + title + ".").build();
+ }
+
userManager.deleteAllPermissionsOfRole(title);
userManager.assignPermissionsToRole(title, permissionEntries);
@@ -913,6 +1135,8 @@ public class UserManagerWeb implements G
@Path("add-property")
public GraphNode getAddSinglePropertyPage(
@QueryParam(value = "roleTitle") String role) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
MGraph resultGraph = new SimpleMGraph();
NonLiteral node = new BNode();
resultGraph.add(new TripleImpl(node, RDF.type,
@@ -934,6 +1158,7 @@ public class UserManagerWeb implements G
@FormParam(value = "property") String property,
@FormParam(value = "length") int length, @Context
UriInfo uriInfo) {
UriRef propertyUri = new UriRef(property);
+ AccessController.checkPermission(new
UserManagerAccessPermission());
customPropertyManager.addSingleCustomField(PERMISSION.Role,
title,
label, propertyUri, length, 1);
return
RedirectUtil.createSeeOtherResponse("manage-custom-properties?role=" + title,
uriInfo);
@@ -949,6 +1174,8 @@ public class UserManagerWeb implements G
@FormParam(value = "multiselect") String multiselect,
@FormParam(value = "selectablevalues") String
selectablevalues,
@Context UriInfo uriInfo) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
UriRef propertyUri = new UriRef(property);
customPropertyManager.addMultipleCustomField(PERMISSION.Role,
title,
label, propertyUri, multiselect,
selectablevalues, 1);
@@ -962,6 +1189,8 @@ public class UserManagerWeb implements G
@FormParam(value = "role") String role,
@FormParam(value = "property") String property,
@Context UriInfo uriInfo) {
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
UriRef propertyUri = new UriRef(property);
if (customPropertyManager.deleteCustomField(PERMISSION.Role,
role,
propertyUri)) {
@@ -977,6 +1206,8 @@ public class UserManagerWeb implements G
public GraphNode manageCustomProperties(
@QueryParam(value = "role") String role, @Context
UriInfo uriInfo) {
TrailingSlash.enforceNotPresent(uriInfo);
+
+ AccessController.checkPermission(new
UserManagerAccessPermission());
MGraph contentGraph = cgProvider.getContentGraph();
MGraph resultGraph = new SimpleMGraph();
NonLiteral propertyManagementPage = new BNode();
@@ -1017,6 +1248,7 @@ public class UserManagerWeb implements G
try {
AccessController.checkPermission(new TcPermission(
SystemConfig.SYSTEM_GRAPH_URI.getUnicodeString(), "readwrite"));
+ AccessController.checkPermission(new
UserManagerAccessPermission());
} catch (AccessControlException e) {
return items;
}
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/add-user-template.xhtml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/add-user-template.xhtml?rev=1059856&r1=1059855&r2=1059856&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/add-user-template.xhtml
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/add-user-template.xhtml
Mon Jan 17 10:39:09 2011
@@ -1,4 +1,8 @@
+def permission(s: Any) = new UriRef("http://clerezza.org/2008/10/permission#";
+ s)
def umr(s: Any) = new UriRef("http://clerezza.org/2009/05/usermanager#"; + s)
+def platform(s: Any) = new UriRef("http://clerezza.org/2009/08/platform#"; + s)
+def dct(s: Any) = new UriRef("http://purl.org/dc/terms/"; + s)
+def sioc(s: Any) = new UriRef("http://rdfs.org/sioc/ns#"; + s)
def dc(s: Any) = new UriRef("http://purl.org/dc/elements/1.1/"; + s)
resultDocModifier.addScriptReference("/scripts/alert-message.js");
@@ -14,6 +18,22 @@ resultDocModifier.addNodes2Elem("tx-modu
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="editButton" class="tx-button tx-button-generic" href="list-users">Back to
Overview</a></li>);
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="addButton" class="tx-button tx-button-create"
href="javascript:saveUser()">Save</a></li>);
+
+var roleTitles = "";
+var allAvailablePermissions = "";
+for (perm <- (context/platform("user")/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+}
+
+for(role <- (context/platform("user")/sioc("has_function"))) {
+ roleTitles = roleTitles + "," + (role/dc("title")*)
+ for (perm <- (role/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+ }
+}
+
+val userHasAllPermissions =
allAvailablePermissions.contains("(java.security.AllPermission \"\" \"\")");
+
<div id="tx-content">
<script type="text/javascript">
@@ -68,7 +88,10 @@ resultDocModifier.addNodes2Elem("tx-cont
<span
class="tx-item">
<select
name="userRoles" id="userRoles" size="3" multiple="multiple">
{for (role <- (res/umr("role"))) yield {
-
<option>{role/dc("title")*}</option>
+
val title = (role/dc("title")*);
+
ifx(userHasAllPermissions || roleTitles.contains("," + title)) {
+
<option>{title}</option>
+
}
}
}
</select>
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-permission-template.xhtml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-permission-template.xhtml?rev=1059856&r1=1059855&r2=1059856&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-permission-template.xhtml
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/role-permission-template.xhtml
Mon Jan 17 10:39:09 2011
@@ -2,6 +2,15 @@ def dc(s: Any) = new UriRef("http://purl
def permission(s: Any) = new UriRef("http://clerezza.org/2008/10/permission#";
+ s)
def umr(s: Any) = new UriRef("http://clerezza.org/2009/05/usermanager#"; + s)
def dct(s: Any) = new UriRef("http://purl.org/dc/terms/"; + s)
+def platform(s: Any) = new UriRef("http://clerezza.org/2009/08/platform#"; + s)
+def sioc(s: Any) = new UriRef("http://rdfs.org/sioc/ns#"; + s)
+
+resultDocModifier.addStyleSheet("/yui/2/container/assets/container-core.css");
+
+resultDocModifier.addScriptReference("/yui/2/yahoo-dom-event/yahoo-dom-event.js");
+resultDocModifier.addScriptReference("/yui/2/element/element-min.js");
+resultDocModifier.addScriptReference("/yui/2/container/container-min.js");
+resultDocModifier.addScriptReference("/yui/2/resize/resize-min.js")
resultDocModifier.addScriptReference("/scripts/alert-message.js");
resultDocModifier.addScriptReference("/scripts/ajax-options.js");
@@ -16,6 +25,18 @@ resultDocModifier.addNodes2Elem("tx-modu
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="editButton" class="tx-button tx-button-generic" href="list-roles">Back to
Overview</a></li>);
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="saveButton" class="tx-button tx-button-create tx-inactive" href="#">Save
Permissions</a></li>);
+var allAvailablePermissions = "";
+for (perm <- (context/platform("user")/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+}
+
+for(role <- (context/platform("user")/sioc("has_function"))) {
+ for (perm <- (role/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+ }
+}
+val userHasAllPermissions =
allAvailablePermissions.contains("(java.security.AllPermission \"\" \"\")");
+
var allRolePermissions = "";
for (perm <- (res/umr("role")/permission("hasPermission"))) {
allRolePermissions = allRolePermissions + "," +
(perm/permission("javaPermissionEntry")*)
@@ -44,9 +65,18 @@ for (perm <- (res/umr("role")/permission
<td>{
if(allRolePermissions.contains(javaPermission)) {
allRolePermissions =
allRolePermissions.replace("," + javaPermission, "")
- <input type="checkbox"
checked="checked" name="permEntries" value={javaPermission} />
+
if(userHasAllPermissions || allAvailablePermissions.contains(javaPermission)) {
+ <input
type="checkbox" checked="checked" name="permEntries" value={javaPermission} />
+ } else {
+ <input
type="checkbox" checked="checked" disabled="disabled" value={javaPermission} />
+ <input
type="hidden" name="permEntries" value={javaPermission} />
+ }
} else {
- <input type="checkbox"
name="permEntries" value={javaPermission} />
+
if(userHasAllPermissions || allAvailablePermissions.contains(javaPermission)) {
+ <input
type="checkbox" name="permEntries" value={javaPermission} />
+ } else {
+ <input
type="checkbox" disabled="disabled" value={javaPermission} />
+ }
}
}
@@ -62,12 +92,23 @@ for (perm <- (res/umr("role")/permission
val otherRolePermissions =
allRolePermissions.split(",")
for(perm <- otherRolePermissions) yield {
ifx(!perm.equals("")) {
+ if(userHasAllPermissions ||
allAvailablePermissions.contains(perm)) {
<tr>
<td><input type="checkbox"
checked="checked" name="permEntries" value={perm} /></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;">{perm}</span></td>
</tr>
+ } else {
+ <tr>
+ <td><input type="checkbox"
checked="checked" disabled="disabled" value={perm} />
+ <input type="hidden"
name="permEntries" value={perm} />
+ </td>
+ <td><span style="line-height:
1.5em;"></span></td>
+ <td><span style="line-height:
1.5em;"></span></td>
+ <td><span style="line-height:
1.5em;">{perm}</span></td>
+ </tr>
+ }
}
}
}
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/update-user-template.xhtml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/update-user-template.xhtml?rev=1059856&r1=1059855&r2=1059856&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/update-user-template.xhtml
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/update-user-template.xhtml
Mon Jan 17 10:39:09 2011
@@ -19,20 +19,31 @@ resultDocModifier.addNodes2Elem("tx-modu
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="deleteButton" class="tx-button tx-button-generic" href="list-users">Back
to Overview</a></li>);
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="addButton" class="tx-button tx-button-create"
href="javascript:saveUser()">Save</a></li>);
+var roleTitles = "";
+var allAvailablePermissions = "";
+for (perm <- (context/platform("user")/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+}
+
+for(role <- (context/platform("user")/sioc("has_function"))) {
+ roleTitles = roleTitles + "," + (role/dc("title")*)
+ for (perm <- (role/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+ }
+}
+
+var selectedTitles = "";
+for (funct <- (res/umr("user")/sioc("has_function"))) yield {
+ selectedTitles = selectedTitles + "," + (funct/dc("title")*);
+}
+
+
+val userHasAllPermissions =
allAvailablePermissions.contains("(java.security.AllPermission \"\" \"\")");
+
<div id="tx-content">
<script type="text/javascript">
- var userRoles = new Array();
- {
- var titles = "";
- for (user <- (res/umr("user"))) yield {
- for (funct <-
(user/sioc("has_function"))) yield {
- "userRoles.push('" +
{funct/dc("title")*} +"');"
- }
- }
- }
$(document).ready(function() {{
- $('#userRoles').val(userRoles);
refreshCustomInformation({"'" +
(res/umr("user")/platform("userName")*) + "'"});
@@ -77,10 +88,27 @@ resultDocModifier.addNodes2Elem("tx-cont
<span
class="tx-item">
<select
name="userRoles" id="userRoles" size="3" multiple="multiple">
{for (role <- (res/umr("role"))) yield {
-
<option value={role/dc("title")*}>{role/dc("title")*}</option>
+
val title = (role/dc("title")*);
+
ifx(userHasAllPermissions || roleTitles.contains("," + title)) {
+
+
if(selectedTitles.contains("," + title)) {
+
<option value={title}
selected="selected">{title}</option>
+
} else {
+
<option value={title}>{title}</option>
+
}
+
}
}
}
</select>
+ <div>
+ {for
(role <- (res/umr("role"))) yield {
+
val title = (role/dc("title")*);
+
ifx(selectedTitles.contains("," + title) && !userHasAllPermissions &&
!roleTitles.contains("," + title)) {
+
<input type="hidden" value={title} name="userRoles"/>
+
}
+
}
+
}
+ </div>
</span>
</li>
<div
id="custominfos"></div>
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/user-permission-template.xhtml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/user-permission-template.xhtml?rev=1059856&r1=1059855&r2=1059856&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/user-permission-template.xhtml
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.usermanager.webinterface/src/main/resources/org/apache/clerezza/platform/usermanager/webinterface/user-permission-template.xhtml
Mon Jan 17 10:39:09 2011
@@ -4,6 +4,13 @@ def platform(s: Any) = new UriRef("http:
def dct(s: Any) = new UriRef("http://purl.org/dc/terms/"; + s)
def sioc(s: Any) = new UriRef("http://rdfs.org/sioc/ns#"; + s)
+resultDocModifier.addStyleSheet("/yui/2/container/assets/container-core.css");
+
+resultDocModifier.addScriptReference("/yui/2/yahoo-dom-event/yahoo-dom-event.js");
+resultDocModifier.addScriptReference("/yui/2/element/element-min.js");
+resultDocModifier.addScriptReference("/yui/2/container/container-min.js");
+resultDocModifier.addScriptReference("/yui/2/resize/resize-min.js")
+
resultDocModifier.addScriptReference("/scripts/alert-message.js");
resultDocModifier.addScriptReference("/scripts/ajax-options.js");
resultDocModifier.addScriptReference("js/usermanager-user-permission.js");
@@ -17,6 +24,19 @@ resultDocModifier.addNodes2Elem("tx-modu
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="backButton" class="tx-button tx-button-generic" href="list-users">Back to
Overview</a></li>);
resultDocModifier.addNodes2Elem("tx-contextual-buttons-ol", <li><a
id="saveButton" class="tx-button tx-button-create tx-inactive" href="#">Save
Permissions</a></li>);
+var allAvailablePermissions = "";
+for (perm <- (context/platform("user")/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+}
+
+for(role <- (context/platform("user")/sioc("has_function"))) {
+ for (perm <- (role/permission("hasPermission"))) {
+ allAvailablePermissions = allAvailablePermissions + "," +
(perm/permission("javaPermissionEntry")*)
+ }
+}
+
+val userHasAllPermissions =
allAvailablePermissions.contains("(java.security.AllPermission \"\" \"\")");
+
var allUserPermissions = "";
for (perm <- (res/umr("user")/permission("hasPermission"))) {
allUserPermissions = allUserPermissions + "," +
(perm/permission("javaPermissionEntry")*)
@@ -57,9 +77,18 @@ for (role <- (res/umr("user")/sioc("has_
} else {
if(allUserPermissions.contains(javaPermission)) {
allUserPermissions = allUserPermissions.replace("," + javaPermission, "")
- <input
type="checkbox" checked="checked" name="permEntries" value={javaPermission} />
+
if(userHasAllPermissions || allAvailablePermissions.contains(javaPermission)) {
+ <input
type="checkbox" checked="checked" name="permEntries" value={javaPermission} />
+ } else {
+ <input
type="checkbox" checked="checked" disabled="disabled" value={javaPermission} />
+ <input
type="hidden" name="permEntries" value={javaPermission} />
+ }
} else {
- <input
type="checkbox" name="permEntries" value={javaPermission} />
+
if(userHasAllPermissions || allAvailablePermissions.contains(javaPermission)) {
+ <input
type="checkbox" name="permEntries" value={javaPermission} />
+ } else {
+ <input
type="checkbox" disabled="disabled" value={javaPermission} />
+ }
}
}
}
@@ -75,12 +104,23 @@ for (role <- (res/umr("user")/sioc("has_
val otherUserPermissions =
allUserPermissions.split(",")
for(perm <- otherUserPermissions) yield {
ifx(!perm.equals("")) {
+ if(userHasAllPermissions ||
allAvailablePermissions.contains(perm)) {
<tr>
<td><input type="checkbox"
checked="checked" name="permEntries" value={perm} /></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;">{perm}</span></td>
</tr>
+ } else {
+ <tr>
+ <td><input type="checkbox"
checked="checked" disabled="disabled" value={perm} />
+ <input type="hidden"
name="permEntries" value={perm} />
+ </td>
+ <td><span style="line-height:
1.5em;"></span></td>
+ <td><span style="line-height:
1.5em;"></span></td>
+ <td><span style="line-height:
1.5em;">{perm}</span></td>
+ </tr>
+ }
}
}
}
@@ -89,7 +129,7 @@ for (role <- (res/umr("user")/sioc("has_
for(perm <- otherRolePermissions) yield {
ifx(!perm.equals("")) {
<tr>
- <td><input type="checkbox"
checked="checked" disabled="disabled" name="permEntries" value={perm} /></td>
+ <td><input type="checkbox"
checked="checked" disabled="disabled" value={perm} /></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;"></span></td>
<td><span style="line-height:
1.5em;">{perm}</span></td>
