From 01446a0f6a4b4d29c51d8fcd7b0ce40fc052ef28 Mon Sep 17 00:00:00 2001 From: Manuel Rego Casasnovas Date: Tue, 26 Jun 2012 11:11:12 +0200 Subject: [PATCH] Add permissions for ROLE_SUPERUSER where ROLE_EDIT_ALL_PROJECTS is used FEA: ItEr76S30PermissionsEnhancements --- .../java/org/libreplan/business/orders/daos/OrderDAO.java | 8 +++++--- .../web/limitingresources/LimitingResourceQueueModel.java | 5 +++-- .../main/java/org/libreplan/web/orders/OrderModel.java | 8 +++++--- .../libreplan/web/planner/order/OrderPlanningModel.java | 3 ++- .../org/libreplan/web/resourceload/ResourceLoadModel.java | 5 +++-- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/libreplan-business/src/main/java/org/libreplan/business/orders/daos/OrderDAO.java b/libreplan-business/src/main/java/org/libreplan/business/orders/daos/OrderDAO.java index 8a3d8f7b4..34dbec841 100644 --- a/libreplan-business/src/main/java/org/libreplan/business/orders/daos/OrderDAO.java +++ b/libreplan-business/src/main/java/org/libreplan/business/orders/daos/OrderDAO.java @@ -193,8 +193,9 @@ public class OrderDAO extends IntegrationEntityDAO implements @Override public List getOrdersByReadAuthorization(User user) { - if (user.isInRole(UserRole.ROLE_READ_ALL_PROJECTS) || - user.isInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (user.isInRole(UserRole.ROLE_SUPERUSER) + || user.isInRole(UserRole.ROLE_READ_ALL_PROJECTS) + || user.isInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { return getOrders(); } else { @@ -217,7 +218,8 @@ public class OrderDAO extends IntegrationEntityDAO implements @Override public List getOrdersByWriteAuthorization(User user) { - if (user.isInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (user.isInRole(UserRole.ROLE_SUPERUSER) + || user.isInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { return getOrders(); } else { diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/limitingresources/LimitingResourceQueueModel.java b/libreplan-webapp/src/main/java/org/libreplan/web/limitingresources/LimitingResourceQueueModel.java index 2d9737d7b..f5b8d561c 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/limitingresources/LimitingResourceQueueModel.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/limitingresources/LimitingResourceQueueModel.java @@ -387,8 +387,9 @@ public class LimitingResourceQueueModel implements ILimitingResourceQueueModel { @Override @Transactional(readOnly = true) public boolean userCanRead(Order order, String loginName) { - if (SecurityUtils.isUserInRole(UserRole.ROLE_READ_ALL_PROJECTS) - || SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (SecurityUtils.isSuperuserOrUserInRoles( + UserRole.ROLE_READ_ALL_PROJECTS, + UserRole.ROLE_EDIT_ALL_PROJECTS)) { return true; } try { diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderModel.java b/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderModel.java index 85e71d366..96004cb27 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderModel.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderModel.java @@ -759,8 +759,9 @@ public class OrderModel extends IntegrationEntityModel implements IOrderModel { @Override @Transactional(readOnly = true) public boolean userCanRead(Order order, String loginName) { - if (SecurityUtils.isUserInRole(UserRole.ROLE_READ_ALL_PROJECTS) || - SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (SecurityUtils.isSuperuserOrUserInRoles( + UserRole.ROLE_READ_ALL_PROJECTS, + UserRole.ROLE_EDIT_ALL_PROJECTS)) { return true; } if (order.isNewObject() @@ -789,7 +790,8 @@ public class OrderModel extends IntegrationEntityModel implements IOrderModel { @Override @Transactional(readOnly = true) public boolean userCanWrite(Order order, String loginName) { - if (SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (SecurityUtils + .isSuperuserOrUserInRoles(UserRole.ROLE_EDIT_ALL_PROJECTS)) { return true; } if (order.isNewObject() diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/planner/order/OrderPlanningModel.java b/libreplan-webapp/src/main/java/org/libreplan/web/planner/order/OrderPlanningModel.java index ae0e5a0b1..83451bf6f 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/planner/order/OrderPlanningModel.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/planner/order/OrderPlanningModel.java @@ -959,7 +959,8 @@ public class OrderPlanningModel implements IOrderPlanningModel { // STORED orders can't be saved, independently of user permissions return false; } - if (SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (SecurityUtils + .isSuperuserOrUserInRoles(UserRole.ROLE_EDIT_ALL_PROJECTS)) { return true; } return thereIsWriteAuthorizationFor(planningState.getOrder()); diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/resourceload/ResourceLoadModel.java b/libreplan-webapp/src/main/java/org/libreplan/web/resourceload/ResourceLoadModel.java index a2385a97e..b558a54b8 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/resourceload/ResourceLoadModel.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/resourceload/ResourceLoadModel.java @@ -156,8 +156,9 @@ public class ResourceLoadModel implements IResourceLoadModel { @Override @Transactional(readOnly = true) public boolean userCanRead(Order order, String loginName) { - if (SecurityUtils.isUserInRole(UserRole.ROLE_READ_ALL_PROJECTS) - || SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_PROJECTS)) { + if (SecurityUtils.isSuperuserOrUserInRoles( + UserRole.ROLE_READ_ALL_PROJECTS, + UserRole.ROLE_EDIT_ALL_PROJECTS)) { return true; } try {