Repository: syncope Updated Branches: refs/heads/2_0_X 0b5da3865 -> bec5e2bb9
[SYNCOPE-1143] Cleaner handling for less-privileged delegated admins Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/bec5e2bb Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/bec5e2bb Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/bec5e2bb Branch: refs/heads/2_0_X Commit: bec5e2bb9b9780e58b7798bc8a86ae62e0caad29 Parents: 0b5da38 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Tue Aug 8 16:49:42 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Tue Aug 8 16:50:05 2017 +0200 ---------------------------------------------------------------------- .../panels/ProvisionAuxClassesPanel.java | 33 ++++++++++------ .../console/panels/SubmitableModalPanel.java | 4 +- .../console/topology/TopologyTogglePanel.java | 40 +++++++------------- .../client/console/wizards/WizardMgtPanel.java | 4 +- .../resources/ConnectorDetailsPanel.java | 2 +- .../wizards/resources/ResourceMappingPanel.java | 25 ++++++++++-- .../resources/ResourceProvisionPanel.java | 15 ++++---- 7 files changed, 71 insertions(+), 52 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/panels/ProvisionAuxClassesPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/ProvisionAuxClassesPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/ProvisionAuxClassesPanel.java index 574939a..0ce0ab2 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/ProvisionAuxClassesPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/ProvisionAuxClassesPanel.java @@ -31,18 +31,22 @@ import org.apache.wicket.markup.html.panel.Panel; import org.apache.wicket.model.IModel; import org.apache.wicket.model.PropertyModel; import org.apache.wicket.model.util.ListModel; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class ProvisionAuxClassesPanel extends Panel { private static final long serialVersionUID = -3962956154520358784L; - private final ProvisionTO provisionTO; + private static final Logger LOG = LoggerFactory.getLogger(ProvisionAuxClassesPanel.class); - public ProvisionAuxClassesPanel(final String id, final ProvisionTO provisionTO) { + private final ProvisionTO provision; + + public ProvisionAuxClassesPanel(final String id, final ProvisionTO provision) { super(id); setOutputMarkupId(true); - this.provisionTO = provisionTO; + this.provision = provision; } @Override @@ -51,17 +55,24 @@ public class ProvisionAuxClassesPanel extends Panel { IModel<List<String>> model; List<String> choices; - if (provisionTO == null) { + if (provision == null) { model = new ListModel<>(Collections.<String>emptyList()); choices = Collections.emptyList(); } else { - model = new PropertyModel<>(provisionTO, "auxClasses"); - - AnyTypeTO anyType = new AnyTypeRestClient().read(provisionTO.getAnyType()); + model = new PropertyModel<>(provision, "auxClasses"); choices = new ArrayList<>(); - for (AnyTypeClassTO aux : new AnyTypeClassRestClient().list()) { - if (!anyType.getClasses().contains(aux.getKey())) { - choices.add(aux.getKey()); + + AnyTypeTO anyType = null; + try { + anyType = new AnyTypeRestClient().read(provision.getAnyType()); + } catch (Exception e) { + LOG.error("Could not read AnyType {}", provision.getAnyType(), e); + } + if (anyType != null) { + for (AnyTypeClassTO aux : new AnyTypeClassRestClient().list()) { + if (!anyType.getClasses().contains(aux.getKey())) { + choices.add(aux.getKey()); + } } } } @@ -69,7 +80,7 @@ public class ProvisionAuxClassesPanel extends Panel { new AjaxPalettePanel.Builder<String>().build("auxClasses", model, new ListModel<>(choices)). hideLabel(). setOutputMarkupId(true). - setEnabled(provisionTO != null)); + setEnabled(provision != null)); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/panels/SubmitableModalPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/SubmitableModalPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/SubmitableModalPanel.java index a7ce5dd..e3f2b17 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/SubmitableModalPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/SubmitableModalPanel.java @@ -23,7 +23,7 @@ import org.apache.wicket.markup.html.form.Form; public interface SubmitableModalPanel extends ModalPanel { - void onSubmit(final AjaxRequestTarget target, final Form<?> form); + void onSubmit(AjaxRequestTarget target, Form<?> form); - void onError(final AjaxRequestTarget target, final Form<?> form); + void onError(AjaxRequestTarget target, Form<?> form); } http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyTogglePanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyTogglePanel.java b/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyTogglePanel.java index df1e273..8b6b1a5 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyTogglePanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/topology/TopologyTogglePanel.java @@ -106,7 +106,9 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { provisionModal = new BaseModal<>("outer"); provisionModal.size(Modal.Size.Large); - provisionModal.addSubmitButton(); + if (SyncopeConsoleSession.get().owns(StandardEntitlement.RESOURCE_UPDATE)) { + provisionModal.addSubmitButton(); + } addOuterObject(provisionModal); historyModal = new BaseModal<>("outer"); @@ -227,10 +229,6 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { build(BaseModal.CONTENT_ID, AjaxWizard.Mode.CREATE))); modal.header(new Model<>(MessageFormat.format(getString("connector.new"), node.getKey()))); - - MetaDataRoleAuthorizationStrategy. - authorize(modal.getForm(), RENDER, StandardEntitlement.CONNECTOR_CREATE); - modal.show(true); } @@ -288,10 +286,6 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { build(BaseModal.CONTENT_ID, AjaxWizard.Mode.CREATE))); modal.header(new Model<>(MessageFormat.format(getString("resource.new"), node.getKey()))); - - MetaDataRoleAuthorizationStrategy. - authorize(modal.getForm(), RENDER, StandardEntitlement.RESOURCE_CREATE); - modal.show(true); } @@ -316,14 +310,13 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { modal.setFormModel(model); target.add(modal.setContent(new ConnectorWizardBuilder(modelObject, pageRef). - build(BaseModal.CONTENT_ID, AjaxWizard.Mode.EDIT))); + build(BaseModal.CONTENT_ID, + SyncopeConsoleSession.get().owns(StandardEntitlement.CONNECTOR_UPDATE) + ? AjaxWizard.Mode.EDIT + : AjaxWizard.Mode.READONLY))); modal.header( new Model<>(MessageFormat.format(getString("connector.edit"), modelObject.getDisplayName()))); - - MetaDataRoleAuthorizationStrategy. - authorize(modal.getForm(), RENDER, StandardEntitlement.CONNECTOR_UPDATE); - modal.show(true); } @@ -333,7 +326,7 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { } }; - MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.CONNECTOR_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.CONNECTOR_READ); fragment.add(edit); AjaxLink<String> history = new IndicatingAjaxLink<String>("history") { @@ -402,13 +395,12 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { modal.setFormModel(model); target.add(modal.setContent(new ResourceWizardBuilder(modelObject, pageRef). - build(BaseModal.CONTENT_ID, AjaxWizard.Mode.EDIT))); + build(BaseModal.CONTENT_ID, + SyncopeConsoleSession.get().owns(StandardEntitlement.RESOURCE_UPDATE) + ? AjaxWizard.Mode.EDIT + : AjaxWizard.Mode.READONLY))); modal.header(new Model<>(MessageFormat.format(getString("resource.edit"), node.getKey()))); - - MetaDataRoleAuthorizationStrategy.authorize( - modal.getForm(), RENDER, StandardEntitlement.RESOURCE_UPDATE); - modal.show(true); } @@ -418,7 +410,7 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { } }; - MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.RESOURCE_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.RESOURCE_READ); fragment.add(edit); AjaxLink<String> status = new IndicatingAjaxLink<String>("status") { @@ -458,10 +450,6 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { target.add(provisionModal.setContent(new ResourceProvisionPanel(provisionModal, resource, pageRef))); provisionModal.header(new Model<>(MessageFormat.format(getString("resource.edit"), node.getKey()))); - - MetaDataRoleAuthorizationStrategy. - authorize(provisionModal.getForm(), RENDER, StandardEntitlement.RESOURCE_UPDATE); - provisionModal.show(true); } @@ -471,7 +459,7 @@ public class TopologyTogglePanel extends TogglePanel<Serializable> { } }; - MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.RESOURCE_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(edit, RENDER, StandardEntitlement.RESOURCE_READ); fragment.add(provision); AjaxLink<String> explore = new IndicatingAjaxLink<String>("explore") { http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/wizards/WizardMgtPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/WizardMgtPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/WizardMgtPanel.java index 509dd92..7f52dd1 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/WizardMgtPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/WizardMgtPanel.java @@ -296,7 +296,7 @@ public abstract class WizardMgtPanel<T extends Serializable> extends Panel imple public MarkupContainer addInnerObject(final Component... childs) { return initialFragment.add(childs); } - + /** * Add or replace object inside the main container. * @@ -402,7 +402,7 @@ public abstract class WizardMgtPanel<T extends Serializable> extends Panel imple */ public abstract static class Builder<T extends Serializable> implements Serializable { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 1908836274665387084L; protected final PageReference pageRef; http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ConnectorDetailsPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ConnectorDetailsPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ConnectorDetailsPanel.java index 43d4d85..80a7a85 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ConnectorDetailsPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ConnectorDetailsPanel.java @@ -113,7 +113,7 @@ public class ConnectorDetailsPanel extends WizardStep { new PropertyModel<String>(connInstanceTO, "bundleName"), false); ((DropDownChoice<String>) bundleName.getField()).setNullValid(true); - List<String> bundleNames = new ArrayList<String>(); + List<String> bundleNames = new ArrayList<>(); for (ConnBundleTO bundle : bundles) { if (!bundleNames.contains(bundle.getBundleName())) { bundleNames.add(bundle.getBundleName()); http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceMappingPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceMappingPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceMappingPanel.java index 853873e..02ae10f 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceMappingPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceMappingPanel.java @@ -36,6 +36,8 @@ import org.apache.syncope.common.lib.types.MappingPurpose; import org.apache.wicket.model.IModel; import org.apache.wicket.model.LoadableDetachableModel; import org.apache.wicket.model.util.ListModel; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Resource mapping panel. @@ -44,6 +46,8 @@ public class ResourceMappingPanel extends AbstractMappingPanel { private static final long serialVersionUID = -7982691107029848579L; + private static final Logger LOG = LoggerFactory.getLogger(ResourceMappingPanel.class); + /** * External resource provisioning configuration instance to be updated. */ @@ -120,12 +124,27 @@ public class ResourceMappingPanel extends AbstractMappingPanel { choices.add("name"); choices.add("fullpath"); } else { - AnyTypeTO anyTypeTO = anyTypeRestClient.read(provision.getAnyType()); + AnyTypeTO anyType = null; + try { + anyType = anyTypeRestClient.read(provision.getAnyType()); + } catch (Exception e) { + LOG.error("Could not read AnyType {}", provision.getAnyType(), e); + } List<AnyTypeClassTO> anyTypeClassTOs = new ArrayList<>(); - anyTypeClassTOs.addAll(anyTypeClassRestClient.list(anyTypeTO.getClasses())); + if (anyType != null) { + try { + anyTypeClassTOs.addAll(anyTypeClassRestClient.list(anyType.getClasses())); + } catch (Exception e) { + LOG.error("Could not read AnyType classes for {}", anyType.getClasses(), e); + } + } for (String auxClass : provision.getAuxClasses()) { - anyTypeClassTOs.add(anyTypeClassRestClient.read(auxClass)); + try { + anyTypeClassTOs.add(anyTypeClassRestClient.read(auxClass)); + } catch (Exception e) { + LOG.error("Could not read AnyTypeClass for {}", auxClass, e); + } } switch (provision.getAnyType()) { http://git-wip-us.apache.org/repos/asf/syncope/blob/bec5e2bb/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceProvisionPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceProvisionPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceProvisionPanel.java index dfdac8a..ceab536 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceProvisionPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/resources/ResourceProvisionPanel.java @@ -168,7 +168,7 @@ public class ResourceProvisionPanel extends AbstractModalPanel<Serializable> { ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target); } } - }, ActionLink.ActionType.MAPPING, StandardEntitlement.RESOURCE_UPDATE). + }, ActionLink.ActionType.MAPPING, StandardEntitlement.RESOURCE_READ). addAction(new ActionLink<ResourceProvision>() { private static final long serialVersionUID = -7780999687733432439L; @@ -225,6 +225,7 @@ public class ResourceProvisionPanel extends AbstractModalPanel<Serializable> { builder.addNewItemPanelBuilder(wizard); list = builder.build("provision"); + list.setReadOnly(!SyncopeConsoleSession.get().owns(StandardEntitlement.RESOURCE_UPDATE)); addAjaxLink = new AjaxLink<ResourceProvision>("add") { @@ -243,14 +244,12 @@ public class ResourceProvisionPanel extends AbstractModalPanel<Serializable> { // toggle panel, used to choose 'type' before starting wizard - SYNCOPE-1167 final ResourceProvision provision = new ResourceProvision(); provision.setAnyType(""); - objectTypeTogglePanel = - new ObjectTypeTogglePanel("objectTypeToggle", provision, getAnyTypes(), pageRef) { + objectTypeTogglePanel = new ObjectTypeTogglePanel("objectTypeToggle", provision, getAnyTypes(), pageRef) { private static final long serialVersionUID = 7878063325027015067L; @Override protected void onSubmit(final String type, final AjaxRequestTarget target) { - provision.setAnyType(type); send(list, Broadcast.BREADTH, @@ -348,8 +347,10 @@ public class ResourceProvisionPanel extends AbstractModalPanel<Serializable> { } private void checkAddButton() { - boolean test = !getAnyTypes().getObject().isEmpty(); - addAjaxLink.setVisible(test); - objectTypeTogglePanel.setEnabled(test); + boolean enabled = + SyncopeConsoleSession.get().owns(StandardEntitlement.RESOURCE_UPDATE) + && !getAnyTypes().getObject().isEmpty(); + addAjaxLink.setVisible(enabled); + objectTypeTogglePanel.setEnabled(enabled); } }