From acf0edd35a1f4050ee767a363663e9d11be586c8 Mon Sep 17 00:00:00 2001
From: Bruno Sinou <bsinou@argeo.org>
Date: Mon, 23 Nov 2015 15:28:24 +0000
Subject: [PATCH] Add the ability to remove a JCR privilege from a given node

git-svn-id: https://svn.argeo.org/commons/trunk@8589 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../META-INF/spring/commands.xml              |   4 +
 .../{addPrivileges.png => addPrivileges.gif}  | Bin
 .../icons/removePrivileges.gif                | Bin 0 -> 636 bytes
 org.argeo.eclipse.ui.workbench/plugin.xml     |  34 ++-
 .../workbench/commands/RemovePrivileges.java  | 205 ++++++++++++++++++
 .../eclipse/ui/workbench/jcr/JcrImages.java   |   2 +
 .../ui/workbench/users/PickUpUserDialog.java  |  32 ++-
 7 files changed, 267 insertions(+), 10 deletions(-)
 rename org.argeo.eclipse.ui.workbench/icons/{addPrivileges.png => addPrivileges.gif} (100%)
 create mode 100644 org.argeo.eclipse.ui.workbench/icons/removePrivileges.gif
 create mode 100644 org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/commands/RemovePrivileges.java

diff --git a/org.argeo.eclipse.ui.workbench/META-INF/spring/commands.xml b/org.argeo.eclipse.ui.workbench/META-INF/spring/commands.xml
index 1d31e16b7..39ab24243 100644
--- a/org.argeo.eclipse.ui.workbench/META-INF/spring/commands.xml
+++ b/org.argeo.eclipse.ui.workbench/META-INF/spring/commands.xml
@@ -14,5 +14,9 @@
 	<bean id="addPrivileges" class="org.argeo.eclipse.ui.workbench.commands.AddPrivileges">
 		<property name="userAdmin" ref="userAdmin" />
 	</bean>
+	<bean id="removePrivileges"
+		class="org.argeo.eclipse.ui.workbench.commands.RemovePrivileges">
+		<!-- <property name="userAdmin" ref="userAdmin" /> -->
+	</bean>
 
 </beans>
\ No newline at end of file
diff --git a/org.argeo.eclipse.ui.workbench/icons/addPrivileges.png b/org.argeo.eclipse.ui.workbench/icons/addPrivileges.gif
similarity index 100%
rename from org.argeo.eclipse.ui.workbench/icons/addPrivileges.png
rename to org.argeo.eclipse.ui.workbench/icons/addPrivileges.gif
diff --git a/org.argeo.eclipse.ui.workbench/icons/removePrivileges.gif b/org.argeo.eclipse.ui.workbench/icons/removePrivileges.gif
new file mode 100644
index 0000000000000000000000000000000000000000..aa78fd2fad9572ee809f1cf409d0864d94ce81e5
GIT binary patch
literal 636
zcmZ?wbhEHb6krfwI99-LR9N+>g!)lQ^<$D6M-{Y>Dd-&6G`OLqe_zM=xUuO29h0X9
zmd9;@$m*$?T}8C;Gc&sr?)E3$?M}Mef3OeyXdmR0InOI=`N;rh-@H{HJt97NM4SqD
zI~n12D#Gn?kbgkgCjat{r(!*WDmRB#ZT=LJ@F_GQyk=`;-L?mb(Xov?uB4VMuah~K
z7xy_i>vMAUm*nivDcP%=<uf|>tZS3c>Dj-m(_&+{VnP3bFNGzai%LEhmwqWO+0w6E
zGU-sow4;^Nk6i7j`O;AL6^I&Zcg%EYnscIU{;BT8XS-IMnY#M){W&X+Zm7MpY{A?e
z*G_Khys<ZT%YmCWkF@VNeQU?*JCBbXd3tf`(d#!pT<<%7=l0iI9p~;nzIONS<$G_h
z+<$xZ!P`5}ZvA;O>%p@Zf1b_z@@(6mXY>C&Tkzn;%LgxCKY9D=>AP2d-|zkV;n3et
z$Nzph`S<hb|0Dv%pDc_F4D}2;3_t*i69)F14fRd+p-PU;O^!;TO(7nka`JNRowD*W
zJ?=5S63#9Xy1u#+PV;^1-GUt)1+8r~g*2@!g{RcpOV(@i8tUsA=<#Sb+hzKR)pPQx
zsi_KZHd|z6_<4!5aZ5={bF(#@X8Cz~YO{(yf6j8a-Z=V^HuH0KMs`sVro&p{A>It%
z7__IY`QXlYV3NJYfe^+83<{Igb=Z^`4!k%rQ=dEBL-F%6pZ><4e-i{AKXsEfGwWJo
wSj>EJzF_383kAtf4>D^fXY61RRO;f<NnGH-x!ASsw4+aiM(in;Km`VC0DXH%B>(^b

literal 0
HcmV?d00001

diff --git a/org.argeo.eclipse.ui.workbench/plugin.xml b/org.argeo.eclipse.ui.workbench/plugin.xml
index b450f5555..215f1203d 100644
--- a/org.argeo.eclipse.ui.workbench/plugin.xml
+++ b/org.argeo.eclipse.ui.workbench/plugin.xml
@@ -134,6 +134,11 @@
 			id="org.argeo.eclipse.ui.workbench.addPrivileges"
 			name="Add Privileges">
 		</command>
+		<command
+			defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
+			id="org.argeo.eclipse.ui.workbench.removePrivileges"
+			name="Remove Privileges">
+		</command>
 		<command
 			defaultHandler="org.argeo.eclipse.ui.workbench.commands.CreateWorkspace"
 			id="org.argeo.eclipse.ui.workbench.createWorkspace"
@@ -226,7 +231,7 @@
 			<command
 		         commandId="org.argeo.eclipse.ui.workbench.addFolderNode"
 		         icon="icons/addFolder.gif"
-		         label="Add Folder"
+		         label="Add Folder..."
 		         style="push">
 				<visibleWhen>
 					<iterate>
@@ -246,8 +251,29 @@
 			</command>
 			<command
 		         commandId="org.argeo.eclipse.ui.workbench.addPrivileges"
-		         icon="icons/addPrivileges.png"
-		         label="Add Privileges"
+		         icon="icons/addPrivileges.gif"
+		         label="Add Privileges..."
+		         style="push">
+				<visibleWhen>
+					<iterate>
+				      <and>
+				         <or>
+				            <instanceof
+				                  value="org.argeo.eclipse.ui.workbench.internal.jcr.model.SingleJcrNodeElem">
+				            </instanceof>
+				            <instanceof
+				                  value="org.argeo.eclipse.ui.workbench.internal.jcr.model.WorkspaceElem">
+				            </instanceof>
+				         </or>
+             			<with variable="activeMenuSelection"><count value="1"/></with>
+				      </and>
+					</iterate>
+				</visibleWhen>
+			</command>
+			<command
+		         commandId="org.argeo.eclipse.ui.workbench.removePrivileges"
+		         icon="icons/removePrivileges.gif"
+		         label="Remove Privileges..."
 		         style="push">
 				<visibleWhen>
 					<iterate>
@@ -268,7 +294,7 @@
 			<command
 		         commandId="org.argeo.eclipse.ui.workbench.createWorkspace"
 		         icon="icons/addWorkspace.png"
-		         label="Create Workspace"
+		         label="Create Workspace..."
 		         style="push">
 				<visibleWhen>
 					<iterate>
diff --git a/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/commands/RemovePrivileges.java b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/commands/RemovePrivileges.java
new file mode 100644
index 000000000..c11413d9f
--- /dev/null
+++ b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/commands/RemovePrivileges.java
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2007-2012 Argeo GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.eclipse.ui.workbench.commands;
+
+import java.security.Principal;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import org.argeo.ArgeoException;
+import org.argeo.eclipse.ui.EclipseUiUtils;
+import org.argeo.eclipse.ui.TreeParent;
+import org.argeo.eclipse.ui.dialogs.ErrorFeedback;
+import org.argeo.eclipse.ui.workbench.WorkbenchUiPlugin;
+import org.argeo.eclipse.ui.workbench.internal.jcr.model.SingleJcrNodeElem;
+import org.argeo.eclipse.ui.workbench.internal.jcr.model.WorkspaceElem;
+import org.argeo.eclipse.ui.workbench.jcr.JcrImages;
+import org.argeo.jcr.JcrUtils;
+import org.eclipse.core.commands.AbstractHandler;
+import org.eclipse.core.commands.ExecutionEvent;
+import org.eclipse.core.commands.ExecutionException;
+import org.eclipse.jface.dialogs.Dialog;
+import org.eclipse.jface.dialogs.IMessageProvider;
+import org.eclipse.jface.dialogs.MessageDialog;
+import org.eclipse.jface.dialogs.TitleAreaDialog;
+import org.eclipse.jface.viewers.ISelection;
+import org.eclipse.jface.viewers.IStructuredSelection;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
+import org.eclipse.swt.layout.GridData;
+import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.widgets.Button;
+import org.eclipse.swt.widgets.Composite;
+import org.eclipse.swt.widgets.Control;
+import org.eclipse.swt.widgets.Label;
+import org.eclipse.swt.widgets.Shell;
+import org.eclipse.ui.handlers.HandlerUtil;
+
+/** Open a dialog to remove privileges from the selected node */
+public class RemovePrivileges extends AbstractHandler {
+	public final static String ID = WorkbenchUiPlugin.ID + ".removePrivileges";
+
+	public Object execute(ExecutionEvent event) throws ExecutionException {
+
+		ISelection selection = HandlerUtil.getActiveWorkbenchWindow(event)
+				.getActivePage().getSelection();
+		if (selection != null && !selection.isEmpty()
+				&& selection instanceof IStructuredSelection) {
+			Object obj = ((IStructuredSelection) selection).getFirstElement();
+			TreeParent uiNode = null;
+			Node jcrNode = null;
+
+			if (obj instanceof SingleJcrNodeElem) {
+				uiNode = (TreeParent) obj;
+				jcrNode = ((SingleJcrNodeElem) uiNode).getNode();
+			} else if (obj instanceof WorkspaceElem) {
+				uiNode = (TreeParent) obj;
+				jcrNode = ((WorkspaceElem) uiNode).getRootNode();
+			} else
+				return null;
+
+			try {
+				String targetPath = jcrNode.getPath();
+				Dialog dialog = new RemovePrivDialog(
+						HandlerUtil.getActiveShell(event),
+						jcrNode.getSession(), targetPath);
+				dialog.open();
+				return null;
+			} catch (RepositoryException re) {
+				throw new ArgeoException("Unable to retrieve "
+						+ "path or JCR session to add privilege on " + jcrNode,
+						re);
+			}
+		} else {
+			ErrorFeedback.show("Cannot add privileges");
+		}
+		return null;
+	}
+
+	private class RemovePrivDialog extends TitleAreaDialog {
+		private static final long serialVersionUID = 280139710002698692L;
+
+		private Composite body;
+
+		private final String path;
+		private final Session session;
+
+		public RemovePrivDialog(Shell parentShell, Session session, String path) {
+			super(parentShell);
+			this.session = session;
+			this.path = path;
+		}
+
+		@Override
+		protected void configureShell(Shell newShell) {
+			super.configureShell(newShell);
+			newShell.setText("Remove privileges");
+		}
+
+		protected Control createDialogArea(Composite parent) {
+			Composite dialogarea = (Composite) super.createDialogArea(parent);
+			dialogarea.setLayoutData(new GridData(SWT.CENTER, SWT.TOP, true,
+					true));
+			body = new Composite(dialogarea, SWT.NONE);
+			body.setLayoutData(EclipseUiUtils.fillAll());
+			refreshContent();
+			parent.pack();
+			return body;
+		}
+
+		private void refreshContent() {
+			EclipseUiUtils.clear(body);
+			try {
+				AccessControlManager acm = session.getAccessControlManager();
+				AccessControlList acl = JcrUtils
+						.getAccessControlList(acm, path);
+				if (acl == null || acl.getAccessControlEntries().length <= 0)
+					setMessage("No privilege are defined on this node",
+							IMessageProvider.INFORMATION);
+				else {
+					body.setLayout(new GridLayout(3, false));
+					for (AccessControlEntry ace : acl.getAccessControlEntries()) {
+						addOnePrivRow(body, ace);
+					}
+					setMessage("Remove some of the defined privileges",
+							IMessageProvider.INFORMATION);
+				}
+			} catch (RepositoryException e) {
+				throw new ArgeoException(
+						"Unable to list privileges on " + path, e);
+			}
+			body.layout(true, true);
+		}
+
+		private void addOnePrivRow(Composite parent, AccessControlEntry ace) {
+			Principal currentPrincipal = ace.getPrincipal();
+			final String currPrincipalName = currentPrincipal.getName();
+			new Label(parent, SWT.WRAP).setText(currPrincipalName);
+			new Label(parent, SWT.WRAP).setText(privAsString(ace
+					.getPrivileges()));
+			final Button rmBtn = new Button(parent, SWT.FLAT);
+			rmBtn.setImage(JcrImages.REMOVE);
+
+			rmBtn.addSelectionListener(new SelectionAdapter() {
+				private static final long serialVersionUID = 7566938841363890730L;
+
+				@Override
+				public void widgetSelected(SelectionEvent e) {
+
+					if (MessageDialog.openConfirm(rmBtn.getShell(),
+							"Confirm deletion",
+							"Are you sure you want to remove this privilege?")) {
+						try {
+							session.save();
+							JcrUtils.clearAccessControList(session, path,
+									currPrincipalName);
+							session.save();
+							refreshContent();
+						} catch (RepositoryException re) {
+							throw new ArgeoException("Unable to "
+									+ "remove privilege for "
+									+ currPrincipalName + " on " + path, re);
+						}
+					}
+
+					super.widgetSelected(e);
+				}
+			});
+
+		}
+
+		private String privAsString(Privilege[] currentPrivileges) {
+
+			StringBuilder builder = new StringBuilder();
+			builder.append("[ ");
+			for (Privilege priv : currentPrivileges) {
+				builder.append(priv.getName()).append(", ");
+			}
+			if (builder.length() > 3)
+				return builder.substring(0, builder.length() - 2) + " ]";
+			else
+				return "[]";
+
+		}
+	}
+}
\ No newline at end of file
diff --git a/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/jcr/JcrImages.java b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/jcr/JcrImages.java
index db24d6c22..2da973a47 100644
--- a/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/jcr/JcrImages.java
+++ b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/jcr/JcrImages.java
@@ -32,6 +32,8 @@ public class JcrImages {
 			"icons/home.gif").createImage();
 	public final static Image SORT = WorkbenchUiPlugin.getImageDescriptor(
 			"icons/sort.gif").createImage();
+	public final static Image REMOVE = WorkbenchUiPlugin.getImageDescriptor(
+			"icons/remove.gif").createImage();
 
 	public final static Image REPOSITORIES = WorkbenchUiPlugin
 			.getImageDescriptor("icons/repositories.gif").createImage();
diff --git a/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/users/PickUpUserDialog.java b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/users/PickUpUserDialog.java
index 7caec2b97..6b9344b02 100644
--- a/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/users/PickUpUserDialog.java
+++ b/org.argeo.eclipse.ui.workbench/src/org/argeo/eclipse/ui/workbench/users/PickUpUserDialog.java
@@ -24,6 +24,7 @@ import org.argeo.eclipse.ui.EclipseUiUtils;
 import org.argeo.eclipse.ui.parts.LdifUsersTable;
 import org.argeo.eclipse.ui.workbench.internal.users.UsersUtils;
 import org.argeo.osgi.useradmin.LdifName;
+import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.jface.dialogs.TrayDialog;
 import org.eclipse.jface.viewers.DoubleClickEvent;
 import org.eclipse.jface.viewers.IDoubleClickListener;
@@ -35,8 +36,8 @@ import org.eclipse.swt.SWT;
 import org.eclipse.swt.events.SelectionAdapter;
 import org.eclipse.swt.events.SelectionEvent;
 import org.eclipse.swt.events.SelectionListener;
-import org.eclipse.swt.graphics.Point;
 import org.eclipse.swt.layout.FillLayout;
+import org.eclipse.swt.layout.GridData;
 import org.eclipse.swt.layout.GridLayout;
 import org.eclipse.swt.widgets.Button;
 import org.eclipse.swt.widgets.Composite;
@@ -62,14 +63,17 @@ public class PickUpUserDialog extends TrayDialog {
 	private TableViewer userViewer;
 	private List<ColumnDefinition> columnDefs = new ArrayList<ColumnDefinition>();
 
+	/**
+	 * A dialog to pick up a group or a user, showing a table with default
+	 * columns
+	 */
 	public PickUpUserDialog(Shell parentShell, String title, UserAdmin userAdmin) {
 		super(parentShell);
 		this.title = title;
 		this.userAdmin = userAdmin;
 
-		// Define the displayed columns
 		columnDefs.add(new ColumnDefinition(new UserLP(UserLP.COL_ICON), "",
-				26, 0));
+				24, 24));
 		columnDefs.add(new ColumnDefinition(
 				new UserLP(UserLP.COL_DISPLAY_NAME), "Common Name", 150, 100));
 		columnDefs.add(new ColumnDefinition(new UserLP(UserLP.COL_DOMAIN),
@@ -78,8 +82,22 @@ public class PickUpUserDialog extends TrayDialog {
 				"Distinguished Name", 300, 100));
 	}
 
-	protected Point getInitialSize() {
-		return new Point(700, 450);
+	/** A dialog to pick up a group or a user */
+	public PickUpUserDialog(Shell parentShell, String title,
+			UserAdmin userAdmin, List<ColumnDefinition> columnDefs) {
+		super(parentShell);
+		this.title = title;
+		this.userAdmin = userAdmin;
+		this.columnDefs = columnDefs;
+	}
+
+	@Override
+	protected void okPressed() {
+		if (getSelected() == null)
+			MessageDialog.openError(getShell(), "No user chosen",
+					"Please, choose a user or press Cancel.");
+		else
+			super.okPressed();
 	}
 
 	protected Control createDialogArea(Composite parent) {
@@ -95,7 +113,9 @@ public class PickUpUserDialog extends TrayDialog {
 
 		userTableViewerCmp.setColumnDefinitions(columnDefs);
 		userTableViewerCmp.populateWithStaticFilters(false, false);
-		userTableViewerCmp.setLayoutData(EclipseUiUtils.fillAll());
+		GridData gd = EclipseUiUtils.fillAll();
+		gd.minimumHeight = 300;
+		userTableViewerCmp.setLayoutData(gd);
 		userTableViewerCmp.refresh();
 
 		// Controllers
-- 
2.30.2