Limit visibility of planning pages depending on roles
If the user has read or write authorization over any project then the pages "Planning > Company View" and "Planning > Projects" will be visible. Configure properly the perspectives (tabs) in order to hide some of them if user is not ROLE_SUPERUSER or ROLE_PLANNING. FEA: ItEr76S30PermissionsEnhancements
This commit is contained in:
Manuel Rego Casasnovas
parent
f3ada1bea4
commit
fd5e751676
6 changed files with 95 additions and 6 deletions
|
|
@ -55,6 +55,7 @@ import org.libreplan.business.resources.daos.IWorkerDAO;
|
|||
import org.libreplan.business.scenarios.IScenarioManager;
|
||||
import org.libreplan.business.scenarios.daos.IScenarioDAO;
|
||||
import org.libreplan.business.templates.daos.IOrderElementTemplateDAO;
|
||||
import org.libreplan.business.users.daos.IOrderAuthorizationDAO;
|
||||
import org.libreplan.business.users.daos.IProfileDAO;
|
||||
import org.libreplan.business.users.daos.IUserDAO;
|
||||
import org.libreplan.business.workreports.daos.IWorkReportDAO;
|
||||
|
|
@ -199,6 +200,9 @@ public class Registry {
|
|||
@Autowired
|
||||
private IExpenseSheetLineDAO expenseSheetLineDAO;
|
||||
|
||||
@Autowired
|
||||
private IOrderAuthorizationDAO orderAuthorizationDAO;
|
||||
|
||||
@Autowired
|
||||
private IAdHocTransactionService transactionServiceDAO;
|
||||
|
||||
|
|
@ -370,4 +374,9 @@ public class Registry {
|
|||
public static IExpenseSheetLineDAO getExpenseSheetLineDAO() {
|
||||
return getInstance().expenseSheetLineDAO;
|
||||
}
|
||||
|
||||
public static IOrderAuthorizationDAO getOrderAuthorizationDAO() {
|
||||
return getInstance().orderAuthorizationDAO;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -69,6 +69,18 @@ public interface IOrderAuthorizationDAO extends IGenericDAO<OrderAuthorization,
|
|||
*/
|
||||
List<OrderAuthorization> listByUserAndItsProfiles(User user);
|
||||
|
||||
/**
|
||||
* Returns <code>true</code> if the user or its profile have any
|
||||
* {@link OrderAuthorization}. That means that the user should have access
|
||||
* to the proper pages (company view and projects list).
|
||||
*
|
||||
* @param user
|
||||
* {@link User} object
|
||||
* @return <code>true</code> if the user or its profile have any
|
||||
* authorization
|
||||
*/
|
||||
boolean userOrItsProfilesHaveAnyAuthorization(User user);
|
||||
|
||||
/**
|
||||
* Retrieves the list of {@link OrderAuthorization} objects related with
|
||||
* the specified {@link Order} and {@link User} objects.
|
||||
|
|
|
|||
|
|
@ -73,6 +73,19 @@ public class OrderAuthorizationDAO extends GenericDAOHibernate<OrderAuthorizatio
|
|||
return list;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean userOrItsProfilesHaveAnyAuthorization(User user) {
|
||||
if (!listByUser(user).isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
for (Profile profile : user.getProfiles()) {
|
||||
if (!listByProfile(profile).isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<OrderAuthorization> listByOrderAndUser(Order order, User user) {
|
||||
Criteria c = getSession().createCriteria(OrderAuthorization.class);
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
|
|||
|
||||
public void initializeMenu() {
|
||||
List<CustomMenuItem> planningItems = new ArrayList<CustomMenuItem>();
|
||||
if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) {
|
||||
if (SecurityUtils.isSuperuserOrRolePlanningOrHasAnyAuthorization()) {
|
||||
planningItems.add(subItem(_("Company view"), new ICapture() {
|
||||
@Override
|
||||
public void capture() {
|
||||
|
|
@ -273,6 +273,8 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
|
|||
globalView.goToOrdersList();
|
||||
}
|
||||
}, "01-introducion.html#id2"));
|
||||
}
|
||||
if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) {
|
||||
planningItems.add(subItem(_("Resource Load"), new ICapture() {
|
||||
@Override
|
||||
public void capture() {
|
||||
|
|
|
|||
|
|
@ -287,10 +287,16 @@ public class MultipleTabsPlannerController implements Composer,
|
|||
|
||||
TabsConfiguration tabsConfiguration = TabsConfiguration.create()
|
||||
.add(tabWithNameReloading(planningTab, typeChanged))
|
||||
.add(tabWithNameReloading(ordersTab, typeChanged))
|
||||
.add(tabWithNameReloading(resourceLoadTab, typeChanged))
|
||||
.add(tabWithNameReloading(limitingResourcesTab, typeChanged))
|
||||
.add(visibleOnlyAtOrderMode(advancedAllocationTab))
|
||||
.add(tabWithNameReloading(ordersTab, typeChanged));
|
||||
if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) {
|
||||
tabsConfiguration.add(
|
||||
tabWithNameReloading(resourceLoadTab, typeChanged)).add(
|
||||
tabWithNameReloading(limitingResourcesTab, typeChanged));
|
||||
} else {
|
||||
tabsConfiguration.add(visibleOnlyAtOrderModeWithNameReloading(
|
||||
resourceLoadTab, typeChanged));
|
||||
}
|
||||
tabsConfiguration.add(visibleOnlyAtOrderMode(advancedAllocationTab))
|
||||
.add(visibleOnlyAtOrderMode(dashboardTab));
|
||||
|
||||
if (isMontecarloVisible) {
|
||||
|
|
@ -364,8 +370,18 @@ public class MultipleTabsPlannerController implements Composer,
|
|||
}
|
||||
|
||||
private ChangeableTab visibleOnlyAtOrderMode(ITab tab) {
|
||||
return visibleOnlyAtOrderModeWithNameReloading(tab, null);
|
||||
}
|
||||
|
||||
private ChangeableTab visibleOnlyAtOrderModeWithNameReloading(ITab tab,
|
||||
final State<Void> typeChanged) {
|
||||
final State<Boolean> state = State.create(mode.isOf(ModeType.ORDER));
|
||||
ChangeableTab result = configure(tab).visibleOn(state);
|
||||
ChangeableTab result;
|
||||
if (typeChanged == null) {
|
||||
result = configure(tab).visibleOn(state);
|
||||
} else {
|
||||
result = configure(tab).visibleOn(state).reloadNameOn(typeChanged);
|
||||
}
|
||||
mode.addListener(new ModeTypeChangedListener() {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -25,6 +25,10 @@ import java.security.Principal;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.libreplan.business.common.IOnTransaction;
|
||||
import org.libreplan.business.common.Registry;
|
||||
import org.libreplan.business.common.exceptions.InstanceNotFoundException;
|
||||
import org.libreplan.business.users.entities.OrderAuthorization;
|
||||
import org.libreplan.business.users.entities.UserRole;
|
||||
import org.libreplan.web.users.bootstrap.MandatoryUser;
|
||||
import org.libreplan.web.users.services.CustomUser;
|
||||
|
|
@ -95,4 +99,37 @@ public final class SecurityUtils {
|
|||
private static Authentication getAuthentication() {
|
||||
return SecurityContextHolder.getContext().getAuthentication();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns <code>true</code> if current user:
|
||||
*
|
||||
* <ul>
|
||||
* <li>Has role {@link UserRole#ROLE_SUPERUSER}</li>
|
||||
* <li>Or has role {@link UserRole#ROLE_PLANNING}</li>
|
||||
* <li>Or has any {@link OrderAuthorization} over any project</li>
|
||||
* </ul>
|
||||
*/
|
||||
public final static boolean isSuperuserOrRolePlanningOrHasAnyAuthorization() {
|
||||
if (isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return Registry.getTransactionService().runOnReadOnlyTransaction(
|
||||
new IOnTransaction<Boolean>() {
|
||||
@Override
|
||||
public Boolean execute() {
|
||||
try {
|
||||
return Registry
|
||||
.getOrderAuthorizationDAO()
|
||||
.userOrItsProfilesHaveAnyAuthorization(
|
||||
Registry.getUserDAO()
|
||||
.findByLoginName(
|
||||
getSessionUserLoginName()));
|
||||
} catch (InstanceNotFoundException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue