xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
- <bean id="org.argeo.security.ui.openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+ <bean id="openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
scope="prototype" />
- <bean id="org.argeo.security.ui.newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+ <bean id="newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
scope="prototype" />
- <bean id="org.argeo.security.ui.addRole" class="org.argeo.security.ui.commands.AddRole"
+ <bean id="addRole" class="org.argeo.security.ui.commands.AddRole"
scope="prototype">
<property name="securityService" ref="securityService" />
</bean>
- <bean id="org.argeo.security.ui.openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
+ <bean id="openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
scope="prototype">
<property name="securityService" ref="securityService" />
</bean>
- <bean id="org.argeo.security.ui.refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
+ <bean id="refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
scope="prototype" />
</beans>
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- Editors -->
- <bean id="org.argeo.security.ui.argeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
+ <bean id="adminArgeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
scope="prototype">
<property name="securityService" ref="securityService" />
</bean>
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
- <bean id="org.argeo.security.ui.usersView" class="org.argeo.security.ui.views.UsersView"
+ <bean id="adminUsersView" class="org.argeo.security.ui.views.UsersView"
scope="prototype">
<property name="securityService" ref="securityService" />
</bean>
- <bean id="org.argeo.security.ui.rolesView" class="org.argeo.security.ui.views.RolesView"
+ <bean id="adminRolesView" class="org.argeo.security.ui.views.RolesView"
scope="prototype">
<property name="securityService" ref="securityService" />
</bean>
- <bean id="org.argeo.security.ui.currentUserView" class="org.argeo.security.ui.views.CurrentUserView"
- scope="prototype">
- </bean>
</beans>
<perspective
class="org.argeo.security.ui.SecurityPerspective"
icon="icons/security.gif"
- id="org.argeo.security.ui.securityPerspective"
+ id="org.argeo.security.ui.adminSecurityPerspective"
name="Security">
</perspective>
</extension>
<view
class="org.argeo.eclipse.spring.SpringExtensionFactory"
icon="icons/users.gif"
- id="org.argeo.security.ui.usersView"
+ id="org.argeo.security.ui.adminUsersView"
name="Users"
restorable="false">
</view>
- <view
- class="org.argeo.eclipse.spring.SpringExtensionFactory"
- id="org.argeo.security.ui.currentUserView"
- name="Current User"
- restorable="false">
- </view>
<view
class="org.argeo.eclipse.spring.SpringExtensionFactory"
icon="icons/role.gif"
- id="org.argeo.security.ui.rolesView"
+ id="org.argeo.security.ui.adminRolesView"
name="Roles"
restorable="false">
</view>
point="org.eclipse.ui.editors">
<editor
class="org.argeo.eclipse.spring.SpringExtensionFactory"
- id="org.argeo.security.ui.argeoUserEditor"
+ id="org.argeo.security.ui.adminArgeoUserEditor"
name="User"
icon="icons/user.gif"
default="false">
</command>
</menuContribution>
<menuContribution
- allPopups="false"
locationURI="menu:file?after=additions">
<command
commandId="org.argeo.security.ui.openChangePasswordDialog"
- disabledIcon="icons/password.gif"
icon="icons/password.gif"
label="Change password"
style="push"
</property>
</product>
</extension>
+ <extension
+ point="org.eclipse.ui.services">
+ <sourceProvider
+ provider="org.argeo.security.ui.RolesSourceProvider">
+ <variable
+ name="org.argeo.security.ui.rolesVariable"
+ priorityLevel="workbench">
+ </variable>
+ </sourceProvider>
+ </extension>
+ <extension
+ point="org.eclipse.ui.activities">
+ <activity
+ description="Only for admins"
+ id="org.argeo.security.ui.adminActivity"
+ name="Admin">
+ <enabledWhen>
+ <with variable="roles">
+ <iterate ifEmpty="false" operator="or">
+ <equals value="ROLE_ADMIN" />
+ </iterate>
+ </with>
+ </enabledWhen>
+ </activity>
+ <activityPatternBinding
+ activityId="org.argeo.security.ui.adminActivity"
+ isEqualityPattern="true"
+ pattern="org.argeo.security.ui/.*admin.*">
+ </activityPatternBinding>
+ </extension>
</plugin>
org.argeo.eclipse.spring,
*
</Import-Package>
+ <Export-Package>
+ !org.argeo.security.ui.internal.*,
+ org.argeo.security.ui.*
+ </Export-Package>
</instructions>
</configuration>
</plugin>
+++ /dev/null
-package org.argeo.security.ui;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.argeo.ArgeoException;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-
-public class CurrentUser {
- public final static String getUsername() {
- Subject subject = getSubject();
- if (subject == null)
- return null;
- Principal principal = subject.getPrincipals().iterator().next();
- return principal.getName();
-
- }
-
- public final static Set<String> roles() {
- Principal principal = getSubject().getPrincipals().iterator().next();
- Authentication authentication = (Authentication) principal;
- Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
- for (GrantedAuthority ga : authentication.getAuthorities()) {
- roles.add(ga.getAuthority());
- }
- return Collections.unmodifiableSet(roles);
- }
-
- public final static Subject getSubject() {
-
- Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject == null)
- throw new ArgeoException("Not authenticated.");
- return subject;
-
- }
-}
--- /dev/null
+package org.argeo.security.ui;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import org.argeo.security.ui.internal.CurrentUser;
+import org.eclipse.ui.AbstractSourceProvider;
+
+/**
+ * Provides the roles of the current user as a variable to be used for activity
+ * binding
+ */
+public class RolesSourceProvider extends AbstractSourceProvider {
+ public final static String ROLES_VARIABLE = "roles";
+ private final static String[] PROVIDED_SOURCE_NAMES = new String[] { ROLES_VARIABLE };
+
+ public Map<String, Set<String>> getCurrentState() {
+ Map<String, Set<String>> stateMap = new HashMap<String, Set<String>>();
+ stateMap.put(ROLES_VARIABLE, CurrentUser.roles());
+ return stateMap;
+ }
+
+ public String[] getProvidedSourceNames() {
+ return PROVIDED_SOURCE_NAMES;
+ }
+
+ public void updateRoles() {
+ fireSourceChanged(0, getCurrentState());
+ }
+
+ public void dispose() {
+ }
+}
\ No newline at end of file
package org.argeo.security.ui;
+import org.argeo.security.ui.internal.CurrentUser;
import org.eclipse.jface.dialogs.MessageDialog;
import org.eclipse.swt.widgets.Display;
import org.eclipse.ui.IFolderLayout;
private String adminRole = "ROLE_ADMIN";
public void createInitialLayout(IPageLayout layout) {
- if (!CurrentUser.roles().contains(adminRole)) {
- MessageDialog
- .openError(Display.getCurrent().getActiveShell(),
- "Forbidden",
- "You are not allowed to access this resource.");
- return;
- }
+// if (!CurrentUser.roles().contains(adminRole)) {
+// MessageDialog
+// .openError(Display.getCurrent().getActiveShell(),
+// "Forbidden",
+// "You are not allowed to access this resource.");
+// return;
+// }
String editorArea = layout.getEditorArea();
layout.setEditorAreaVisible(true);
IFolderLayout left = layout.createFolder("left", IPageLayout.LEFT,
0.4f, editorArea);
- left.addView("org.argeo.security.ui.usersView");
- left.addView("org.argeo.security.ui.rolesView");
- // left.addView("org.argeo.security.ui.currentUserView");
+ left.addView("org.argeo.security.ui.adminUsersView");
+ left.addView("org.argeo.security.ui.adminRolesView");
}
public void setAdminRole(String adminRole) {
/** Editor for an Argeo user. */
public class ArgeoUserEditor extends FormEditor {
- public final static String ID = "org.argeo.security.ui.argeoUserEditor";
+ public final static String ID = "org.argeo.security.ui.adminArgeoUserEditor";
private ArgeoUser user;
private ArgeoSecurityService securityService;
--- /dev/null
+package org.argeo.security.ui.internal;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.argeo.ArgeoException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+
+public class CurrentUser {
+ public final static String getUsername() {
+ Subject subject = getSubject();
+ if (subject == null)
+ return null;
+ Principal principal = subject.getPrincipals().iterator().next();
+ return principal.getName();
+
+ }
+
+ public final static Set<String> roles() {
+ Principal principal = getSubject().getPrincipals().iterator().next();
+ Authentication authentication = (Authentication) principal;
+ Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
+ for (GrantedAuthority ga : authentication.getAuthorities()) {
+ roles.add(ga.getAuthority());
+ }
+ return Collections.unmodifiableSet(roles);
+ }
+
+ public final static Subject getSubject() {
+
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject == null)
+ throw new ArgeoException("Not authenticated.");
+ return subject;
+
+ }
+}
package org.argeo.security.ui.views;
-import org.argeo.security.ui.CurrentUser;
+import org.argeo.security.ui.internal.CurrentUser;
import org.eclipse.jface.viewers.IStructuredContentProvider;
import org.eclipse.jface.viewers.ITableLabelProvider;
import org.eclipse.jface.viewers.LabelProvider;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
import org.argeo.security.nature.SimpleUserNature;
-import org.argeo.security.ui.CurrentUser;
import org.argeo.security.ui.SecurityUiPlugin;
import org.argeo.security.ui.commands.OpenArgeoUserEditor;
+import org.argeo.security.ui.internal.CurrentUser;
import org.eclipse.core.commands.Command;
import org.eclipse.core.commands.IParameter;
import org.eclipse.core.commands.Parameterization;