[Suiviobsmer-commits] r845 - in trunk/wao-ui/src/main/java/fr/ifremer/wao/ui: data pages services

Author: bleny Date: 2010-12-21 11:17:49 +0000 (Tue, 21 Dec 2010) New Revision: 845 Log: enable per-program page authorisation Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/data/RequiresAuthentication.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Administration.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/BoatActivityCalendar.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Boats.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Cartography.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/ContactForm.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Contacts.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/IndicatorsHistory.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/SampleRowForm.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Synthesis.java trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/services/ServiceAuthenticationImpl.java Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/data/RequiresAuthentication.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/data/RequiresAuthentication.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/data/RequiresAuthentication.java 2010-12-21 11:17:49 UTC (rev 845) @@ -21,6 +21,7 @@ package fr.ifremer.wao.ui.data; +import fr.ifremer.wao.bean.ObsProgram; import fr.ifremer.wao.bean.UserRole; import java.lang.annotation.Documented; @@ -44,8 +45,10 @@ public @interface RequiresAuthentication { // By default everybody can access - UserRole[] value() default + UserRole[] allowedRoles() default {UserRole.OBSERVER, UserRole.ADMIN, UserRole.COORDINATOR, UserRole.GUEST}; + ObsProgram[] allowedPrograms() default {ObsProgram.OBSMER, ObsProgram.OBSVENTE}; + boolean readOnlyAllowed() default true; } Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Administration.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Administration.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Administration.java 2010-12-21 11:17:49 UTC (rev 845) @@ -93,7 +93,7 @@ * * @author fdesbois <fdesbois at codelutin.com> */ - at RequiresAuthentication(value = {UserRole.ADMIN, UserRole.COORDINATOR}, readOnlyAllowed = false) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR}, readOnlyAllowed = false) @IncludeStylesheet("context:css/administration.css") @IncludeJavaScriptLibrary("context:js/administration.js") public class Administration { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/BoatActivityCalendar.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/BoatActivityCalendar.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/BoatActivityCalendar.java 2010-12-21 11:17:49 UTC (rev 845) @@ -54,7 +54,7 @@ * * @author fdesbois <fdesbois at codelutin.com> */ - at RequiresAuthentication({UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) @IncludeStylesheet("context:css/boats.css") public class BoatActivityCalendar { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Boats.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Boats.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Boats.java 2010-12-21 11:17:49 UTC (rev 845) @@ -85,7 +85,7 @@ * * @author fdesbois <fdesbois at codelutin.com> */ - at RequiresAuthentication({UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) @IncludeStylesheet("context:css/boats.css") public class Boats extends AbstractFilteredPage { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Cartography.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Cartography.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Cartography.java 2010-12-21 11:17:49 UTC (rev 845) @@ -51,7 +51,7 @@ * @author fdesbois <fdesbois at codelutin.com> * @version $Id$ */ - at RequiresAuthentication({UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) public class Cartography { @SessionState Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/ContactForm.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/ContactForm.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/ContactForm.java 2010-12-21 11:17:49 UTC (rev 845) @@ -48,7 +48,7 @@ * * */ - at RequiresAuthentication(value = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}, readOnlyAllowed = false) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}, readOnlyAllowed = false) @IncludeStylesheet("context:css/common.css") @IncludeJavaScriptLibrary("context:js/contactForm.js") public class ContactForm { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Contacts.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Contacts.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Contacts.java 2010-12-21 11:17:49 UTC (rev 845) @@ -92,7 +92,7 @@ * @version $Id$ */ @SuppressWarnings({"UnusedDeclaration"}) - at RequiresAuthentication({UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) + at RequiresAuthentication(allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) @IncludeStylesheet("context:css/contacts.css") @IncludeJavaScriptLibrary("context:js/contacts.js") public class Contacts extends AbstractFilteredPage { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/IndicatorsHistory.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/IndicatorsHistory.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/IndicatorsHistory.java 2010-12-21 11:17:49 UTC (rev 845) @@ -20,6 +20,7 @@ */ package fr.ifremer.wao.ui.pages; +import fr.ifremer.wao.bean.ObsProgram; import fr.ifremer.wao.bean.UserRole; import fr.ifremer.wao.entity.IndicatorLog; import fr.ifremer.wao.service.ServiceSynthesis; @@ -38,7 +39,7 @@ * * @author bleny */ - at RequiresAuthentication(value = {UserRole.ADMIN}, readOnlyAllowed = true) + at RequiresAuthentication(allowedPrograms = {ObsProgram.OBSMER}, allowedRoles = {UserRole.ADMIN}, readOnlyAllowed = true) @IncludeStylesheet("context:css/common.css") public class IndicatorsHistory { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/SampleRowForm.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/SampleRowForm.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/SampleRowForm.java 2010-12-21 11:17:49 UTC (rev 845) @@ -88,7 +88,7 @@ * * @author fdesbois <fdesbois at codelutin.com> */ - at RequiresAuthentication(value = UserRole.ADMIN, readOnlyAllowed = false) + at RequiresAuthentication(allowedRoles = UserRole.ADMIN, readOnlyAllowed = false) @IncludeStylesheet("context:css/sampling.css") public class SampleRowForm { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Synthesis.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Synthesis.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/pages/Synthesis.java 2010-12-21 11:17:49 UTC (rev 845) @@ -33,6 +33,7 @@ import fr.ifremer.wao.bean.GlobalIndicatorValue; import fr.ifremer.wao.bean.GlobalSynthesisParameters; import fr.ifremer.wao.bean.GlobalSynthesisResult; +import fr.ifremer.wao.bean.ObsProgram; import fr.ifremer.wao.bean.SamplingFilter; import fr.ifremer.wao.bean.SamplingFilterImpl; import fr.ifremer.wao.bean.SynthesisId; @@ -83,7 +84,7 @@ * * @author fdesbois <fdesbois at codelutin.com> */ - at RequiresAuthentication({UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) + at RequiresAuthentication(allowedPrograms = {ObsProgram.OBSMER}, allowedRoles = {UserRole.ADMIN, UserRole.COORDINATOR, UserRole.OBSERVER}) @IncludeStylesheet("context:css/synthesis.css") public class Synthesis extends AbstractFilteredPage { Modified: trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/services/ServiceAuthenticationImpl.java =================================================================== --- trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/services/ServiceAuthenticationImpl.java 2010-12-21 11:13:57 UTC (rev 844) +++ trunk/wao-ui/src/main/java/fr/ifremer/wao/ui/services/ServiceAuthenticationImpl.java 2010-12-21 11:17:49 UTC (rev 845) @@ -23,6 +23,7 @@ import fr.ifremer.wao.bean.ConnectedUser; import fr.ifremer.wao.bean.ConnectedUserImpl; +import fr.ifremer.wao.bean.ObsProgram; import fr.ifremer.wao.bean.UserRole; import fr.ifremer.wao.ui.data.RequiresAuthentication; import org.apache.tapestry5.services.ApplicationStateManager; @@ -60,29 +61,46 @@ @Override public boolean isAllowed(Class<?> page) { - if (page.isAnnotationPresent(RequiresAuthentication.class) && - existConnectedUser()) { + boolean isAllowed = false; + if (existConnectedUser()) { + if (page.isAnnotationPresent(RequiresAuthentication.class)) { - RequiresAuthentication check = - page.getAnnotation(RequiresAuthentication.class); + RequiresAuthentication check = + page.getAnnotation(RequiresAuthentication.class); - ConnectedUser user = getConnectedUser(); + ConnectedUser connectedUser = getConnectedUser(); - // Check if user readOnly is allowed - if (user.isReadOnly() && !check.readOnlyAllowed()) { - return false; - } + // Check if user readOnly is allowed + if (connectedUser.isReadOnly() && ! check.readOnlyAllowed()) { + isAllowed = false; + } else { - // Check if user role is allowed - for (UserRole role : check.value()) { - if (role.equals(user.getRole())) { - return true; + boolean roleAllowed = false; + boolean programAllowed = false; + + // Check if user role is allowed + for (UserRole role : check.allowedRoles()) { + if (role.equals(connectedUser.getRole())) { + roleAllowed = true; + } + } + + // check if program is allowed + if (roleAllowed) { // skip if role is not allowed + for (ObsProgram program : check.allowedPrograms()) { + if (program.equals(connectedUser.getProfile().getObsProgram())) { + programAllowed = true; + } + } + } + + isAllowed = roleAllowed && programAllowed; } + } else { + isAllowed = true; } - return false; } - // No restriction if annotation is not present - return true; + return isAllowed; } @Override