This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push: new 576f61c [OPENMEETINGS-2546] additional types of admins are added new 573ee52 Merge branch 'master' of github.com:apache/openmeetings 576f61c is described below commit 576f61c91bc784d18b0043ea0d31ad9d0373bef3 Author: Maxim Solodovnik <solomax...@gmail.com> AuthorDate: Wed Mar 24 19:20:43 2021 +0700 [OPENMEETINGS-2546] additional types of admins are added --- .../apache/openmeetings/db/entity/user/User.java | 37 ++++++++++++++++++---- .../openmeetings/web/admin/backup/BackupPanel.java | 2 ++ .../web/admin/configurations/ConfigsPanel.java | 2 ++ .../web/admin/connection/ConnectionsPanel.java | 2 ++ .../openmeetings/web/admin/labels/LangPanel.java | 2 ++ .../openmeetings/web/admin/users/UserForm.java | 8 +---- .../apache/openmeetings/web/common/MainPanel.java | 27 ++++++++++++---- .../web/util/RestrictiveChoiceProvider.java | 4 --- 8 files changed, 60 insertions(+), 24 deletions(-) diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java index d93f90f..fb9cb98 100644 --- a/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java +++ b/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java @@ -34,6 +34,8 @@ import java.util.List; import java.util.Optional; import java.util.Set; import java.util.StringJoiner; +import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.persistence.Basic; import javax.persistence.CascadeType; @@ -135,12 +137,35 @@ public class User extends HistoricalEntity { @XmlType(namespace="org.apache.openmeetings.user.right") public enum Right { - ADMIN // access to Admin module - , GROUP_ADMIN // partial access to Admin module (should not be directly assigned) - , ROOM // enter the room - , DASHBOARD // access the dashboard - , LOGIN // login to Om internal DB - , SOAP // use rest/soap calls + ADMIN(false) // access to Admin module + , GROUP_ADMIN(false) // partial access to Admin module (should not be directly assigned) + , ADMIN_CONFIG(false) + , ADMIN_CONNECTIONS(false) + , ADMIN_BACKUP(false) + , ADMIN_LABEL(false) + , ROOM(true) // enter the room + , DASHBOARD(true) // access the dashboard + , LOGIN(true) // login to Om internal DB + , SOAP(false); // use rest/soap calls + + private final boolean groupAdminAllowed; + + private Right(boolean groupAdminAllowed) { + this.groupAdminAllowed = groupAdminAllowed; + } + + public boolean isGroupAdminAllowed() { + return groupAdminAllowed; + } + + public static List<Right> getAllowed(boolean groupAdmin) { + Stream<Right> stream = Stream.of(Right.values()) + .filter(r -> Right.GROUP_ADMIN != r); + if (groupAdmin) { + stream = stream.filter(Right::isGroupAdminAllowed); + } + return stream.collect(Collectors.toList()); + } } @XmlType(namespace="org.apache.openmeetings.user.type") diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/backup/BackupPanel.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/backup/BackupPanel.java index 305f4a4..06c939f 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/backup/BackupPanel.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/backup/BackupPanel.java @@ -41,6 +41,7 @@ import org.apache.openmeetings.web.util.upload.BootstrapFileUploadBehavior; import org.apache.wicket.AttributeModifier; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.ajax.form.AjaxFormSubmitBehavior; +import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation; import org.apache.wicket.core.request.handler.IPartialPageRequestHandler; import org.apache.wicket.extensions.ajax.AjaxDownloadBehavior; import org.apache.wicket.markup.html.WebMarkupContainer; @@ -70,6 +71,7 @@ import de.agilecoders.wicket.core.markup.html.bootstrap.utilities.BackgroundColo * @author swagner * */ +@AuthorizeInstantiation({"ADMIN", "ADMIN_BACKUP"}) public class BackupPanel extends AdminBasePanel { private static final Logger log = LoggerFactory.getLogger(BackupPanel.class); private static final long serialVersionUID = 1L; diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/configurations/ConfigsPanel.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/configurations/ConfigsPanel.java index f010a1c..1c50a1e 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/configurations/ConfigsPanel.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/configurations/ConfigsPanel.java @@ -31,6 +31,7 @@ import org.apache.openmeetings.web.data.SearchableDataProvider; import org.apache.wicket.AttributeModifier; import org.apache.wicket.ajax.AjaxEventBehavior; import org.apache.wicket.ajax.AjaxRequestTarget; +import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation; import org.apache.wicket.markup.html.WebMarkupContainer; import org.apache.wicket.markup.html.basic.Label; import org.apache.wicket.markup.repeater.Item; @@ -42,6 +43,7 @@ import org.apache.wicket.spring.injection.annot.SpringBean; * @author swagner * */ +@AuthorizeInstantiation({"ADMIN", "ADMIN_CONFIG"}) public class ConfigsPanel extends AdminBasePanel { private static final long serialVersionUID = 1L; private ConfigForm form; diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/connection/ConnectionsPanel.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/connection/ConnectionsPanel.java index f2bad46..0c933c2 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/connection/ConnectionsPanel.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/connection/ConnectionsPanel.java @@ -42,6 +42,7 @@ import org.apache.openmeetings.web.data.SearchableDataProvider; import org.apache.wicket.AttributeModifier; import org.apache.wicket.ajax.AjaxEventBehavior; import org.apache.wicket.ajax.AjaxRequestTarget; +import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation; import org.apache.wicket.markup.html.WebMarkupContainer; import org.apache.wicket.markup.html.basic.Label; import org.apache.wicket.markup.repeater.Item; @@ -52,6 +53,7 @@ import org.apache.wicket.spring.injection.annot.SpringBean; import de.agilecoders.wicket.core.markup.html.bootstrap.button.BootstrapAjaxLink; import de.agilecoders.wicket.core.markup.html.bootstrap.button.Buttons; +@AuthorizeInstantiation({"ADMIN", "ADMIN_CONNECTIONS"}) public class ConnectionsPanel extends AdminBasePanel { private static final long serialVersionUID = 1L; @SpringBean diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/labels/LangPanel.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/labels/LangPanel.java index 0a5774e..05219d3 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/labels/LangPanel.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/labels/LangPanel.java @@ -46,6 +46,7 @@ import org.apache.wicket.ajax.AjaxEventBehavior; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.ajax.form.AjaxFormSubmitBehavior; import org.apache.wicket.ajax.markup.html.AjaxLink; +import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation; import org.apache.wicket.extensions.ajax.AjaxDownloadBehavior; import org.apache.wicket.markup.html.WebMarkupContainer; import org.apache.wicket.markup.html.basic.Label; @@ -72,6 +73,7 @@ import de.agilecoders.wicket.extensions.markup.html.bootstrap.icon.FontAwesome5I * @author solomax, swagner * */ +@AuthorizeInstantiation({"ADMIN", "ADMIN_LABEL"}) public class LangPanel extends AdminBasePanel { private static final long serialVersionUID = 1L; private static final Logger log = LoggerFactory.getLogger(LangPanel.class); diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/users/UserForm.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/users/UserForm.java index 7119198..b60059c 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/users/UserForm.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/admin/users/UserForm.java @@ -154,13 +154,7 @@ public class UserForm extends AdminBaseForm<User> { @Override public void query(String term, int page, Response<Right> response) { boolean isGroupAdmin = hasGroupAdminLevel(getRights()); - for (Right r : Right.values()) { - if (Right.GROUP_ADMIN == r) { - continue; - } - if (isGroupAdmin && (Right.ADMIN == r || Right.SOAP == r)) { - continue; - } + for (Right r : Right.getAllowed(isGroupAdmin)) { if (Strings.isEmpty(term) || r.name().contains(term)) { response.add(r); } diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/MainPanel.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/MainPanel.java index 7020e06..f1382fe 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/MainPanel.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/MainPanel.java @@ -319,22 +319,35 @@ public class MainPanel extends Panel { } createSettingsMenu(mmenu); Set<Right> r = WebSession.getRights(); - boolean isAdmin = hasAdminLevel(r); - if (isAdmin || hasGroupAdminLevel(r)) { + if (r.stream().anyMatch(right -> right.name().contains("ADMIN"))) { + boolean isAdmin = hasAdminLevel(r); + boolean isGrpAdmin = hasGroupAdminLevel(r); // Administration Menu Points List<INavbarComponent> l = new ArrayList<>(); - l.add(getSubItem("125", "1454", MenuActions.ADMIN_USER)); - if (isAdmin) { + if (isAdmin || isGrpAdmin) { + l.add(getSubItem("125", "1454", MenuActions.ADMIN_USER)); + } + if (isAdmin || r.contains(Right.ADMIN_CONNECTIONS)) { l.add(getSubItem("597", "1455", MenuActions.ADMIN_CONNECTION)); } - l.add(getSubItem("126", "1456", MenuActions.ADMIN_GROUP)); - l.add(getSubItem("186", "1457", MenuActions.ADMIN_ROOM)); - if (isAdmin) { + if (isAdmin || isGrpAdmin) { + l.add(getSubItem("126", "1456", MenuActions.ADMIN_GROUP)); + l.add(getSubItem("186", "1457", MenuActions.ADMIN_ROOM)); + } + if (isAdmin || r.contains(Right.ADMIN_CONFIG)) { l.add(getSubItem("263", "1458", MenuActions.ADMIN_CONFIG)); + } + if (isAdmin || r.contains(Right.ADMIN_LABEL)) { l.add(getSubItem("348", "1459", MenuActions.ADMIN_LABEL)); + } + if (isAdmin) { l.add(getSubItem("1103", "1454", MenuActions.ADMIN_LDAP)); l.add(getSubItem("1571", "1572", MenuActions.ADMIN_OAUTH)); + } + if (isAdmin || r.contains(Right.ADMIN_BACKUP)) { l.add(getSubItem("367", "1461", MenuActions.ADMIN_BACKUP)); + } + if (isAdmin) { l.add(getSubItem("main.menu.admin.email", "main.menu.admin.email.desc", MenuActions.ADMIN_EMAIL)); } mmenu.add(new OmMenuItem(getString("6"), l)); diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/util/RestrictiveChoiceProvider.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/util/RestrictiveChoiceProvider.java index e5c9695..16af623 100644 --- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/util/RestrictiveChoiceProvider.java +++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/util/RestrictiveChoiceProvider.java @@ -52,8 +52,4 @@ public abstract class RestrictiveChoiceProvider<T> extends ChoiceProvider<T> { } return c; } - - @Override - public void detach() { - } }