This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 472ec3e More sensible checks of Realms with Delegated Admin
472ec3e is described below
commit 472ec3e611a242ffa18cdb41cc94916049dee282
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Wed May 6 17:43:00 2020 +0200
More sensible checks of Realms with Delegated Admin
---
.../client/console/panels/LinkedAccountModalPanel.java | 13 +++++++------
.../syncope/client/console/SyncopeConsoleSession.java | 16 ++++++++++------
.../client/console/panels/GroupDirectoryPanel.java | 4 ++--
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git
a/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
b/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
index f6bcf8c..d5d2e09 100644
---
a/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
+++
b/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
@@ -149,7 +149,7 @@ public class LinkedAccountModalPanel extends Panel
implements ModalPanel {
@Override
@SuppressWarnings("unchecked")
protected void customActionOnFinishCallback(final
AjaxRequestTarget target) {
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
linkedAccountTOs.clear();
linkedAccountTOs.addAll(model.getObject().getLinkedAccounts());
@@ -254,7 +254,7 @@ public class LinkedAccountModalPanel extends Panel
implements ModalPanel {
((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(target);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new
ListViewPanel.ListViewReload<>(target));
}
@@ -337,7 +337,7 @@ public class LinkedAccountModalPanel extends Panel
implements ModalPanel {
SyncopeConsoleSession.get().onException(e);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new
ListViewPanel.ListViewReload<>(target));
}
@@ -348,7 +348,8 @@ public class LinkedAccountModalPanel extends Panel
implements ModalPanel {
list = builder.build(MultilevelPanel.FIRST_LEVEL_ID);
list.setOutputMarkupId(true);
-
list.setReadOnly(!SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE));
+ list.setReadOnly(!SyncopeConsoleSession.get().
+ owns(IdRepoEntitlement.USER_UPDATE,
model.getObject().getRealm()));
addAjaxLink = new AjaxLink<LinkedAccountTO>("add") {
@@ -374,7 +375,7 @@ public class LinkedAccountModalPanel extends Panel
implements ModalPanel {
linkedAccountTOs.sort(Comparator.comparing(LinkedAccountTO::getConnObjectKeyValue));
}
- private void checkAddButton() {
-
addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE));
+ private void checkAddButton(final String realm) {
+
addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE,
realm));
}
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index 73d4833..34dff66 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -275,7 +275,7 @@ public class SyncopeConsoleSession extends
AuthenticatedWebSession implements Ba
}
Set<String> requested = ArrayUtils.isEmpty(realms)
- ? Set.of(SyncopeConstants.ROOT_REALM)
+ ? Set.of()
: Set.of(realms);
for (String entitlement : entitlements.split(",")) {
@@ -283,11 +283,15 @@ public class SyncopeConsoleSession extends
AuthenticatedWebSession implements Ba
boolean owns = false;
Set<String> owned = auth.get(entitlement);
- for (String realm : requested) {
- if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
- owns |= owned.stream().anyMatch(realm::startsWith);
- } else {
- owns |= owned.contains(realm);
+ if (requested.isEmpty()) {
+ return !owned.isEmpty();
+ } else {
+ for (String realm : requested) {
+ if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
+ owns |= owned.stream().anyMatch(realm::startsWith);
+ } else {
+ owns |= owned.contains(realm);
+ }
}
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index 14ef858..503a49d 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -117,7 +117,7 @@ public class GroupDirectoryPanel extends
AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new UserDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(query).
disableCheckBoxes().
@@ -139,7 +139,7 @@ public class GroupDirectoryPanel extends
AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new AnyObjectDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(query).
disableCheckBoxes().
