From fd5e751676160458c48a9e614cd434c0e3d250bc Mon Sep 17 00:00:00 2001 From: Manuel Rego Casasnovas Date: Tue, 19 Jun 2012 09:44:59 +0200 Subject: [PATCH] Limit visibility of planning pages depending on roles If the user has read or write authorization over any project then the pages "Planning > Company View" and "Planning > Projects" will be visible. Configure properly the perspectives (tabs) in order to hide some of them if user is not ROLE_SUPERUSER or ROLE_PLANNING. FEA: ItEr76S30PermissionsEnhancements --- .../libreplan/business/common/Registry.java | 9 +++++ .../users/daos/IOrderAuthorizationDAO.java | 12 ++++++ .../users/daos/OrderAuthorizationDAO.java | 13 +++++++ .../web/common/CustomMenuController.java | 4 +- .../tabs/MultipleTabsPlannerController.java | 26 ++++++++++--- .../libreplan/web/security/SecurityUtils.java | 37 +++++++++++++++++++ 6 files changed, 95 insertions(+), 6 deletions(-) diff --git a/libreplan-business/src/main/java/org/libreplan/business/common/Registry.java b/libreplan-business/src/main/java/org/libreplan/business/common/Registry.java index e0a63fd41..82cbf840f 100644 --- a/libreplan-business/src/main/java/org/libreplan/business/common/Registry.java +++ b/libreplan-business/src/main/java/org/libreplan/business/common/Registry.java @@ -55,6 +55,7 @@ import org.libreplan.business.resources.daos.IWorkerDAO; import org.libreplan.business.scenarios.IScenarioManager; import org.libreplan.business.scenarios.daos.IScenarioDAO; import org.libreplan.business.templates.daos.IOrderElementTemplateDAO; +import org.libreplan.business.users.daos.IOrderAuthorizationDAO; import org.libreplan.business.users.daos.IProfileDAO; import org.libreplan.business.users.daos.IUserDAO; import org.libreplan.business.workreports.daos.IWorkReportDAO; @@ -199,6 +200,9 @@ public class Registry { @Autowired private IExpenseSheetLineDAO expenseSheetLineDAO; + @Autowired + private IOrderAuthorizationDAO orderAuthorizationDAO; + @Autowired private IAdHocTransactionService transactionServiceDAO; @@ -370,4 +374,9 @@ public class Registry { public static IExpenseSheetLineDAO getExpenseSheetLineDAO() { return getInstance().expenseSheetLineDAO; } + + public static IOrderAuthorizationDAO getOrderAuthorizationDAO() { + return getInstance().orderAuthorizationDAO; + } + } diff --git a/libreplan-business/src/main/java/org/libreplan/business/users/daos/IOrderAuthorizationDAO.java b/libreplan-business/src/main/java/org/libreplan/business/users/daos/IOrderAuthorizationDAO.java index 26090e507..9515eed16 100644 --- a/libreplan-business/src/main/java/org/libreplan/business/users/daos/IOrderAuthorizationDAO.java +++ b/libreplan-business/src/main/java/org/libreplan/business/users/daos/IOrderAuthorizationDAO.java @@ -69,6 +69,18 @@ public interface IOrderAuthorizationDAO extends IGenericDAO listByUserAndItsProfiles(User user); + /** + * Returns true if the user or its profile have any + * {@link OrderAuthorization}. That means that the user should have access + * to the proper pages (company view and projects list). + * + * @param user + * {@link User} object + * @return true if the user or its profile have any + * authorization + */ + boolean userOrItsProfilesHaveAnyAuthorization(User user); + /** * Retrieves the list of {@link OrderAuthorization} objects related with * the specified {@link Order} and {@link User} objects. diff --git a/libreplan-business/src/main/java/org/libreplan/business/users/daos/OrderAuthorizationDAO.java b/libreplan-business/src/main/java/org/libreplan/business/users/daos/OrderAuthorizationDAO.java index 51c20721f..657ab0cac 100644 --- a/libreplan-business/src/main/java/org/libreplan/business/users/daos/OrderAuthorizationDAO.java +++ b/libreplan-business/src/main/java/org/libreplan/business/users/daos/OrderAuthorizationDAO.java @@ -73,6 +73,19 @@ public class OrderAuthorizationDAO extends GenericDAOHibernate listByOrderAndUser(Order order, User user) { Criteria c = getSession().createCriteria(OrderAuthorization.class); diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java b/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java index b0b4475cf..4eac07ea2 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java @@ -260,7 +260,7 @@ public class CustomMenuController extends Div implements IMenuItemsRegister { public void initializeMenu() { List planningItems = new ArrayList(); - if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) { + if (SecurityUtils.isSuperuserOrRolePlanningOrHasAnyAuthorization()) { planningItems.add(subItem(_("Company view"), new ICapture() { @Override public void capture() { @@ -273,6 +273,8 @@ public class CustomMenuController extends Div implements IMenuItemsRegister { globalView.goToOrdersList(); } }, "01-introducion.html#id2")); + } + if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) { planningItems.add(subItem(_("Resource Load"), new ICapture() { @Override public void capture() { diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/MultipleTabsPlannerController.java b/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/MultipleTabsPlannerController.java index 51584a115..434701c19 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/MultipleTabsPlannerController.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/MultipleTabsPlannerController.java @@ -287,10 +287,16 @@ public class MultipleTabsPlannerController implements Composer, TabsConfiguration tabsConfiguration = TabsConfiguration.create() .add(tabWithNameReloading(planningTab, typeChanged)) - .add(tabWithNameReloading(ordersTab, typeChanged)) - .add(tabWithNameReloading(resourceLoadTab, typeChanged)) - .add(tabWithNameReloading(limitingResourcesTab, typeChanged)) - .add(visibleOnlyAtOrderMode(advancedAllocationTab)) + .add(tabWithNameReloading(ordersTab, typeChanged)); + if (SecurityUtils.isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) { + tabsConfiguration.add( + tabWithNameReloading(resourceLoadTab, typeChanged)).add( + tabWithNameReloading(limitingResourcesTab, typeChanged)); + } else { + tabsConfiguration.add(visibleOnlyAtOrderModeWithNameReloading( + resourceLoadTab, typeChanged)); + } + tabsConfiguration.add(visibleOnlyAtOrderMode(advancedAllocationTab)) .add(visibleOnlyAtOrderMode(dashboardTab)); if (isMontecarloVisible) { @@ -364,8 +370,18 @@ public class MultipleTabsPlannerController implements Composer, } private ChangeableTab visibleOnlyAtOrderMode(ITab tab) { + return visibleOnlyAtOrderModeWithNameReloading(tab, null); + } + + private ChangeableTab visibleOnlyAtOrderModeWithNameReloading(ITab tab, + final State typeChanged) { final State state = State.create(mode.isOf(ModeType.ORDER)); - ChangeableTab result = configure(tab).visibleOn(state); + ChangeableTab result; + if (typeChanged == null) { + result = configure(tab).visibleOn(state); + } else { + result = configure(tab).visibleOn(state).reloadNameOn(typeChanged); + } mode.addListener(new ModeTypeChangedListener() { @Override diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/security/SecurityUtils.java b/libreplan-webapp/src/main/java/org/libreplan/web/security/SecurityUtils.java index 3886370ea..c76364416 100644 --- a/libreplan-webapp/src/main/java/org/libreplan/web/security/SecurityUtils.java +++ b/libreplan-webapp/src/main/java/org/libreplan/web/security/SecurityUtils.java @@ -25,6 +25,10 @@ import java.security.Principal; import javax.servlet.http.HttpServletRequest; +import org.libreplan.business.common.IOnTransaction; +import org.libreplan.business.common.Registry; +import org.libreplan.business.common.exceptions.InstanceNotFoundException; +import org.libreplan.business.users.entities.OrderAuthorization; import org.libreplan.business.users.entities.UserRole; import org.libreplan.web.users.bootstrap.MandatoryUser; import org.libreplan.web.users.services.CustomUser; @@ -95,4 +99,37 @@ public final class SecurityUtils { private static Authentication getAuthentication() { return SecurityContextHolder.getContext().getAuthentication(); } + + /** + * Returns true if current user: + * + *
    + *
  • Has role {@link UserRole#ROLE_SUPERUSER}
    • + *
  • Or has role {@link UserRole#ROLE_PLANNING}
    • + *
  • Or has any {@link OrderAuthorization} over any project
    • + *
+ */ + public final static boolean isSuperuserOrRolePlanningOrHasAnyAuthorization() { + if (isSuperuserOrUserInRoles(UserRole.ROLE_PLANNING)) { + return true; + } + + return Registry.getTransactionService().runOnReadOnlyTransaction( + new IOnTransaction() { + @Override + public Boolean execute() { + try { + return Registry + .getOrderAuthorizationDAO() + .userOrItsProfilesHaveAnyAuthorization( + Registry.getUserDAO() + .findByLoginName( + getSessionUserLoginName())); + } catch (InstanceNotFoundException e) { + throw new RuntimeException(e); + } + } + }); + } + }