From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 1 Mar 2011 17:51:14 +0000 (+0000)
Subject: Introduce UI activity filtering based on roles
X-Git-Tag: argeo-commons-2.1.30~1395
X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=61e9e5e89933b419916b767a2977297b32ba7d36;p=lgpl%2Fargeo-commons.git

Introduce UI activity filtering based on roles

git-svn-id: https://svn.argeo.org/commons/trunk@4252 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
index a89876ad1..f2009b9cc 100644
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
@@ -4,18 +4,18 @@
 	xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<bean id="org.argeo.security.ui.openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+	<bean id="openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
 		scope="prototype" />
-	<bean id="org.argeo.security.ui.newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+	<bean id="newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
 		scope="prototype" />
-	<bean id="org.argeo.security.ui.addRole" class="org.argeo.security.ui.commands.AddRole"
+	<bean id="addRole" class="org.argeo.security.ui.commands.AddRole"
 		scope="prototype">
 		<property name="securityService" ref="securityService" />
 	</bean>
-	<bean id="org.argeo.security.ui.openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
+	<bean id="openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
 		scope="prototype">
 		<property name="securityService" ref="securityService" />
 	</bean>
-	<bean id="org.argeo.security.ui.refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
+	<bean id="refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
 		scope="prototype" />
 </beans>
diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
index 747c2b7b6..bd0151513 100644
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
@@ -5,7 +5,7 @@
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<!-- Editors -->
-	<bean id="org.argeo.security.ui.argeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
+	<bean id="adminArgeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
 		scope="prototype">
 		<property name="securityService" ref="securityService" />
 	</bean>
diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
index 7ae3b62e3..cdc214f9a 100644
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
@@ -4,15 +4,12 @@
 	xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<bean id="org.argeo.security.ui.usersView" class="org.argeo.security.ui.views.UsersView"
+	<bean id="adminUsersView" class="org.argeo.security.ui.views.UsersView"
 		scope="prototype">
 		<property name="securityService" ref="securityService" />
 	</bean>
-	<bean id="org.argeo.security.ui.rolesView" class="org.argeo.security.ui.views.RolesView"
+	<bean id="adminRolesView" class="org.argeo.security.ui.views.RolesView"
 		scope="prototype">
 		<property name="securityService" ref="securityService" />
 	</bean>
-	<bean id="org.argeo.security.ui.currentUserView" class="org.argeo.security.ui.views.CurrentUserView"
-		scope="prototype">
-	</bean>
 </beans>
diff --git a/security/plugins/org.argeo.security.ui/plugin.xml b/security/plugins/org.argeo.security.ui/plugin.xml
index 3a741cb09..0a78645af 100644
--- a/security/plugins/org.argeo.security.ui/plugin.xml
+++ b/security/plugins/org.argeo.security.ui/plugin.xml
@@ -6,7 +6,7 @@
       <perspective
             class="org.argeo.security.ui.SecurityPerspective"
             icon="icons/security.gif"
-            id="org.argeo.security.ui.securityPerspective"
+            id="org.argeo.security.ui.adminSecurityPerspective"
             name="Security">
       </perspective>
    </extension>
@@ -15,20 +15,14 @@
       <view
             class="org.argeo.eclipse.spring.SpringExtensionFactory"
             icon="icons/users.gif"
-            id="org.argeo.security.ui.usersView"
+            id="org.argeo.security.ui.adminUsersView"
             name="Users"
             restorable="false">
       </view>
-      <view
-            class="org.argeo.eclipse.spring.SpringExtensionFactory"
-            id="org.argeo.security.ui.currentUserView"
-            name="Current User"
-            restorable="false">
-      </view>
       <view
             class="org.argeo.eclipse.spring.SpringExtensionFactory"
             icon="icons/role.gif"
-            id="org.argeo.security.ui.rolesView"
+            id="org.argeo.security.ui.adminRolesView"
             name="Roles"
             restorable="false">
       </view>
@@ -68,7 +62,7 @@
            point="org.eclipse.ui.editors">
 	        <editor
 	          class="org.argeo.eclipse.spring.SpringExtensionFactory"
-              id="org.argeo.security.ui.argeoUserEditor"
+              id="org.argeo.security.ui.adminArgeoUserEditor"
               name="User"
               icon="icons/user.gif"
               default="false">
@@ -133,11 +127,9 @@
             </command>
         </menuContribution>
         <menuContribution
-                allPopups="false"
                 locationURI="menu:file?after=additions">
                 <command
                       commandId="org.argeo.security.ui.openChangePasswordDialog"
-                      disabledIcon="icons/password.gif"
                       icon="icons/password.gif"
                       label="Change password"
                       style="push"
@@ -157,4 +149,34 @@
            </property>
         </product>
      </extension>
+     <extension
+           point="org.eclipse.ui.services">
+        <sourceProvider
+              provider="org.argeo.security.ui.RolesSourceProvider">
+           <variable
+                 name="org.argeo.security.ui.rolesVariable"
+                 priorityLevel="workbench">
+           </variable>
+        </sourceProvider>
+     </extension>
+     <extension
+           point="org.eclipse.ui.activities">
+        <activity
+              description="Only for admins"
+              id="org.argeo.security.ui.adminActivity"
+              name="Admin">
+		  <enabledWhen>
+		    <with variable="roles">
+		      <iterate ifEmpty="false" operator="or">
+		        <equals value="ROLE_ADMIN" />
+		      </iterate>
+		    </with>
+		  </enabledWhen>
+        </activity>
+        <activityPatternBinding
+              activityId="org.argeo.security.ui.adminActivity"
+              isEqualityPattern="true"
+              pattern="org.argeo.security.ui/.*admin.*">
+        </activityPatternBinding>
+     </extension>
  </plugin>
diff --git a/security/plugins/org.argeo.security.ui/pom.xml b/security/plugins/org.argeo.security.ui/pom.xml
index 0d9ed3165..ab1ec19c1 100644
--- a/security/plugins/org.argeo.security.ui/pom.xml
+++ b/security/plugins/org.argeo.security.ui/pom.xml
@@ -56,6 +56,10 @@
 							org.argeo.eclipse.spring,
 							*
 						</Import-Package>
+						<Export-Package>
+							!org.argeo.security.ui.internal.*,
+							org.argeo.security.ui.*
+						</Export-Package>
 					</instructions>
 				</configuration>
 			</plugin>
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
deleted file mode 100644
index a864c3a10..000000000
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.argeo.security.ui;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.argeo.ArgeoException;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-
-public class CurrentUser {
-	public final static String getUsername() {
-		Subject subject = getSubject();
-		if (subject == null)
-			return null;
-		Principal principal = subject.getPrincipals().iterator().next();
-		return principal.getName();
-
-	}
-
-	public final static Set<String> roles() {
-		Principal principal = getSubject().getPrincipals().iterator().next();
-		Authentication authentication = (Authentication) principal;
-		Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
-		for (GrantedAuthority ga : authentication.getAuthorities()) {
-			roles.add(ga.getAuthority());
-		}
-		return Collections.unmodifiableSet(roles);
-	}
-
-	public final static Subject getSubject() {
-
-		Subject subject = Subject.getSubject(AccessController.getContext());
-		if (subject == null)
-			throw new ArgeoException("Not authenticated.");
-		return subject;
-
-	}
-}
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java
new file mode 100644
index 000000000..b05cd5f48
--- /dev/null
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java
@@ -0,0 +1,34 @@
+package org.argeo.security.ui;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import org.argeo.security.ui.internal.CurrentUser;
+import org.eclipse.ui.AbstractSourceProvider;
+
+/**
+ * Provides the roles of the current user as a variable to be used for activity
+ * binding
+ */
+public class RolesSourceProvider extends AbstractSourceProvider {
+	public final static String ROLES_VARIABLE = "roles";
+	private final static String[] PROVIDED_SOURCE_NAMES = new String[] { ROLES_VARIABLE };
+
+	public Map<String, Set<String>> getCurrentState() {
+		Map<String, Set<String>> stateMap = new HashMap<String, Set<String>>();
+		stateMap.put(ROLES_VARIABLE, CurrentUser.roles());
+		return stateMap;
+	}
+
+	public String[] getProvidedSourceNames() {
+		return PROVIDED_SOURCE_NAMES;
+	}
+
+	public void updateRoles() {
+		fireSourceChanged(0, getCurrentState());
+	}
+
+	public void dispose() {
+	}
+}
\ No newline at end of file
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
index 3b3b9b840..d6bff90f3 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
@@ -1,5 +1,6 @@
 package org.argeo.security.ui;
 
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.swt.widgets.Display;
 import org.eclipse.ui.IFolderLayout;
@@ -10,13 +11,13 @@ public class SecurityPerspective implements IPerspectiveFactory {
 	private String adminRole = "ROLE_ADMIN";
 
 	public void createInitialLayout(IPageLayout layout) {
-		if (!CurrentUser.roles().contains(adminRole)) {
-			MessageDialog
-					.openError(Display.getCurrent().getActiveShell(),
-							"Forbidden",
-							"You are not allowed to access this resource.");
-			return;
-		}
+//		if (!CurrentUser.roles().contains(adminRole)) {
+//			MessageDialog
+//					.openError(Display.getCurrent().getActiveShell(),
+//							"Forbidden",
+//							"You are not allowed to access this resource.");
+//			return;
+//		}
 
 		String editorArea = layout.getEditorArea();
 		layout.setEditorAreaVisible(true);
@@ -25,9 +26,8 @@ public class SecurityPerspective implements IPerspectiveFactory {
 		IFolderLayout left = layout.createFolder("left", IPageLayout.LEFT,
 				0.4f, editorArea);
 
-		left.addView("org.argeo.security.ui.usersView");
-		left.addView("org.argeo.security.ui.rolesView");
-		// left.addView("org.argeo.security.ui.currentUserView");
+		left.addView("org.argeo.security.ui.adminUsersView");
+		left.addView("org.argeo.security.ui.adminRolesView");
 	}
 
 	public void setAdminRole(String adminRole) {
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
index 99a4652a9..a896f6170 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
@@ -13,7 +13,7 @@ import org.eclipse.ui.forms.editor.FormEditor;
 
 /** Editor for an Argeo user. */
 public class ArgeoUserEditor extends FormEditor {
-	public final static String ID = "org.argeo.security.ui.argeoUserEditor";
+	public final static String ID = "org.argeo.security.ui.adminArgeoUserEditor";
 
 	private ArgeoUser user;
 	private ArgeoSecurityService securityService;
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java
new file mode 100644
index 000000000..1abdc1564
--- /dev/null
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java
@@ -0,0 +1,43 @@
+package org.argeo.security.ui.internal;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.argeo.ArgeoException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+
+public class CurrentUser {
+	public final static String getUsername() {
+		Subject subject = getSubject();
+		if (subject == null)
+			return null;
+		Principal principal = subject.getPrincipals().iterator().next();
+		return principal.getName();
+
+	}
+
+	public final static Set<String> roles() {
+		Principal principal = getSubject().getPrincipals().iterator().next();
+		Authentication authentication = (Authentication) principal;
+		Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
+		for (GrantedAuthority ga : authentication.getAuthorities()) {
+			roles.add(ga.getAuthority());
+		}
+		return Collections.unmodifiableSet(roles);
+	}
+
+	public final static Subject getSubject() {
+
+		Subject subject = Subject.getSubject(AccessController.getContext());
+		if (subject == null)
+			throw new ArgeoException("Not authenticated.");
+		return subject;
+
+	}
+}
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
index 5b0492828..366ac34fb 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
@@ -1,6 +1,6 @@
 package org.argeo.security.ui.views;
 
-import org.argeo.security.ui.CurrentUser;
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.jface.viewers.IStructuredContentProvider;
 import org.eclipse.jface.viewers.ITableLabelProvider;
 import org.eclipse.jface.viewers.LabelProvider;
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
index 5d7817827..08bf7b595 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
@@ -6,9 +6,9 @@ import org.argeo.ArgeoException;
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
 import org.argeo.security.nature.SimpleUserNature;
-import org.argeo.security.ui.CurrentUser;
 import org.argeo.security.ui.SecurityUiPlugin;
 import org.argeo.security.ui.commands.OpenArgeoUserEditor;
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.core.commands.Command;
 import org.eclipse.core.commands.IParameter;
 import org.eclipse.core.commands.Parameterization;