I have implemented dynamic menu rendering, based on user roles, that the user
can assign himself. Here are the necessary changes:
DB: add column 'role' of type varchar (3) to table 'role'
set sort column for roles USER_ROLE and ADMIN_ROLE to "sys" to indicate
these roles are system roles and may not be added / removed by the user
add role ROLE_SOMETHING, "User definable role", "usr" <-- To indicate this
role may be added / removed by the user
Role.java:
Change constructor to:
public Role(final String name, String sort) {
this.name = name;
this.sort = sort;
}
ADD:
// @Column(length = 3)
public String getSort() {
return this.sort;
}
public void setSort(String string) {
sort = string;
UserSecurityAdvice:
Change to:
// get the list of roles the user has
Set<Role> currentRoles = new HashSet<Role>();
for (GrantedAuthority role : roles) {
currentRoles.add((Role) role);
}
Boolean modifySystemRole = false;
// determine the list of roles the wants to have
if (user.getRoles() != null) {
// check the list of roles the user wants to remove
for (Object o : user.getRoles()) {
Role role = (Role) o;
// check if the user tries to remove a system role - this is
forbidden
if (role.getSort().equalsIgnoreCase("sys") &&
!currentRoles.contains(role)) {
modifySystemRole = true;
}
}
// check the list of roles the user wants to add
for (Object o : currentRoles) {
Role role = (Role) o;
// check if the user tries to add a system role - this is
forbidden
if (role.getSort().equalsIgnoreCase("sys") &&
!user.getRoles().contains(role)) {
modifySystemRole = true;
}
}
}
// regular users aren't allowed to change system roles
if (modifySystemRole) {
log.warn("Access Denied: '" + currentUser.getUsername() + "'
tried to change system role(s)!");
throw new AccessDeniedException(ACCESS_DENIED);
}
UserSecurityAdviceTest.java:
Change all
user.addRole(new Role(Constants.ADMIN_ROLE)); TO user.addRole(new
Role(Constants.ADMIN_ROLE,"sys"));
user.addRole(new Role(Constants.USER_ROLE)); TO user.addRole(new
Role(Constants.USER_ROLE,"usr"));
Other test and java classes: same change as the one directly above.
Implementation: implement for instance a checkbox and add / remove
ROLE_SOMETHING according to chekbox setting.
Note: as for now the dynamic rendering works only on main menu entries, but
it does not work well for menu sub items.
--
View this message in context:
http://www.nabble.com/dynamic-menu-rendering-based-on-user-roles-tp25513990s2369p25513990.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
