Author: chathura
Date: Mon Jan 14 02:00:07 2008
New Revision: 12201
Log:
Restricting UI options for adding and deleting users and roles based on the
permissions of the logged in user.
Modified:
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/SignInAction.java
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/UserManagementAction.java
trunk/registry/modules/webapps/src/main/webapp/admin/people.jsp
Modified:
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/SignInAction.java
==============================================================================
---
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/SignInAction.java
(original)
+++
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/SignInAction.java
Mon Jan 14 02:00:07 2008
@@ -42,6 +42,11 @@
setRequest(request);
+ if (userName.equals(RegistryConstants.SYSTEM_USER)) {
+ String msg = "Users are not allowed to log in as the system user.";
+ throw new RegistryException(msg);
+ }
+
ServletContext context =
request.getSession().getServletContext();
Registry jdbcRegistry =
Modified:
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/UserManagementAction.java
==============================================================================
---
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/UserManagementAction.java
(original)
+++
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/UserManagementAction.java
Mon Jan 14 02:00:07 2008
@@ -20,6 +20,7 @@
import org.wso2.registry.secure.SecureRegistry;
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.UserManagerConstants;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
@@ -31,6 +32,8 @@
private Map userNames = new HashMap();
private List roleNames = new ArrayList();
+ private boolean addAllowed;
+ private boolean deleteAllowed;
public String execute(HttpServletRequest request) throws RegistryException
{
@@ -40,6 +43,17 @@
Realm userRealm = secureRegistry.getUserRealm();
try {
+ addAllowed = userRealm.getAuthorizer().isUserAuthorized(
+ getUserName(), UserManagerConstants.USER_RESOURCE,
UserManagerConstants.ADD);
+
+ deleteAllowed = userRealm.getAuthorizer().isUserAuthorized(
+ getUserName(), UserManagerConstants.USER_RESOURCE,
UserManagerConstants.DELETE);
+ } catch (UserManagerException e) {
+ String msg = "Could not read permissions for user: " +
getUserName();
+ throw new RegistryException(msg, e);
+ }
+
+ try {
String[] userNamesArray =
userRealm.getUserStoreReader().getAllUserNames();
for (int i = 0; i < userNamesArray.length; i++) {
String friendlyName = (String) userRealm.getUserStoreAdmin().
@@ -75,4 +89,12 @@
public List getRoleNames() {
return roleNames;
}
+
+ public boolean isAddAllowed() {
+ return addAllowed;
+ }
+
+ public boolean isDeleteAllowed() {
+ return deleteAllowed;
+ }
}
Modified: trunk/registry/modules/webapps/src/main/webapp/admin/people.jsp
==============================================================================
--- trunk/registry/modules/webapps/src/main/webapp/admin/people.jsp
(original)
+++ trunk/registry/modules/webapps/src/main/webapp/admin/people.jsp Mon Jan
14 02:00:07 2008
@@ -46,9 +46,9 @@
<h2>Users </h2>
</td>
<td align="right" valign="top">
- <table width="100%" border="0"
cellspacing="0" cellpadding="0" class="toolBarTable">
+ <table width="100%" border="0" cellspacing="0"
cellpadding="0" class="toolBarTable">
<tr>
- <td><a href="#"
onclick="showHideCommon('userAddBox');" title="Add New User"><img
src="/wso2registry/admin/images/universal-add.gif" border="0" align="top"
style="margin-top:-5px;" /></a></td>
+ <td><% if
(userManagementAction.isAddAllowed()) { %><a href="#"
onclick="showHideCommon('userAddBox');" title="Add New User"><img
src="/wso2registry/admin/images/universal-add.gif" border="0" align="top"
style="margin-top:-5px;" /></a><% } %></td>
<td>
<a
href="#"
onclick="showHideCommon('userIconExpanded');showHideCommon('userIconMinimized');showHideCommon('userExpanded');showHideCommon('userMinimized');">
<img
src="/wso2registry/admin/images/icon-expanded.gif" border="0" align="top"
id="userIconExpanded" style="margin-top:-3px;" />
@@ -143,7 +143,7 @@
<td><%=friendlyName%></td>
<td align="left">
- <a
href="/wso2registry/system/removeUser?user=<%=regUser%>" title="Delete"
style="margin-left:5px;"><img src="/wso2registry/admin/images/icon-trash.gif"
border="0" /></a>
+ <% if
(userManagementAction.isDeleteAllowed()) { %><a
href="/wso2registry/system/removeUser?user=<%=regUser%>" title="Delete"
style="margin-left:5px;"><img src="/wso2registry/admin/images/icon-trash.gif"
border="0" /></a><% } %>
</td>
</tr>
@@ -180,7 +180,7 @@
<td align="right" valign="top">
<table width="100%" border="0"
cellspacing="0" cellpadding="0" class="toolBarTable">
<tr>
- <td
valign="top"><a href="#" onclick="showHideCommon('addRoleBox');" title="Add New
Role"><img src="/wso2registry/admin/images/universal-add.gif"
style="margin-top:-5px;" border="0" align="top" /></a></td>
+ <td
valign="top"><% if (userManagementAction.isAddAllowed()) { %><a href="#"
onclick="showHideCommon('addRoleBox');" title="Add New Role"><img
src="/wso2registry/admin/images/universal-add.gif" style="margin-top:-5px;"
border="0" align="top" /></a><% } %></td>
<td>
<a href="#"
onclick="showHideCommon('roleIconExpanded');showHideCommon('roleIconMinimized');showHideCommon('roleExpanded');showHideCommon('roleMinimized');">
<img
src="/wso2registry/admin/images/icon-expanded.gif" border="0" align="top"
id="roleIconExpanded" style="margin-top:-3px;" />
@@ -233,7 +233,7 @@
<tr>
<td><%=role%></td>
<td>
- <a
href="/wso2registry/system/removeRole?role=<%=role%>" title="Delete"
style="margin-left:5px;"><img src="/wso2registry/admin/images/icon-trash.gif"
border="0" /></a>
+ <% if
(userManagementAction.isDeleteAllowed()) { %><a
href="/wso2registry/system/removeRole?role=<%=role%>" title="Delete"
style="margin-left:5px;"><img src="/wso2registry/admin/images/icon-trash.gif"
border="0" /></a><% } %>
</td>
</tr>
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
