Introduce UI activity filtering based on roles

git-svn-id: https://svn.argeo.org/commons/trunk@4252 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
index a89876ad16e06984602696e9045537ba26b112f9..f2009b9cca9d9bbad6bcbd3c78019075a8c1441f 100644 (file)
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/commands.xml
@@ -4,18 +4,18 @@
        xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-       <bean id="org.argeo.security.ui.openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+       <bean id="openArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
                scope="prototype" />
-       <bean id="org.argeo.security.ui.newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
+       <bean id="newArgeoUserEditor" class="org.argeo.security.ui.commands.OpenArgeoUserEditor"
                scope="prototype" />
-       <bean id="org.argeo.security.ui.addRole" class="org.argeo.security.ui.commands.AddRole"
+       <bean id="addRole" class="org.argeo.security.ui.commands.AddRole"
                scope="prototype">
                <property name="securityService" ref="securityService" />
        </bean>
-       <bean id="org.argeo.security.ui.openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
+       <bean id="openChangePasswordDialog" class="org.argeo.security.ui.commands.OpenChangePasswordDialog"
                scope="prototype">
                <property name="securityService" ref="securityService" />
        </bean>
-       <bean id="org.argeo.security.ui.refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
+       <bean id="refreshUsersList" class="org.argeo.security.ui.commands.RefreshUsersList"
                scope="prototype" />
 </beans>

diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
index 747c2b7b696e3ee7e3c0f278be207d8fa4ead385..bd01515132f2490f7833e23e4ec11daf3cd4bb48 100644 (file)
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/editors.xml
@@ -5,7 +5,7 @@
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
        <!-- Editors -->
-       <bean id="org.argeo.security.ui.argeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
+       <bean id="adminArgeoUserEditor" class="org.argeo.security.ui.editors.ArgeoUserEditor"
                scope="prototype">
                <property name="securityService" ref="securityService" />
        </bean>

diff --git a/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml b/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
index 7ae3b62e360cafd59c6c9c5e3c3e54e3c27c745c..cdc214f9a033ac12111c65975fc34d63ff9b37f1 100644 (file)
--- a/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
+++ b/security/plugins/org.argeo.security.ui/META-INF/spring/views.xml
@@ -4,15 +4,12 @@
        xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-       <bean id="org.argeo.security.ui.usersView" class="org.argeo.security.ui.views.UsersView"
+       <bean id="adminUsersView" class="org.argeo.security.ui.views.UsersView"
                scope="prototype">
                <property name="securityService" ref="securityService" />
        </bean>
-       <bean id="org.argeo.security.ui.rolesView" class="org.argeo.security.ui.views.RolesView"
+       <bean id="adminRolesView" class="org.argeo.security.ui.views.RolesView"
                scope="prototype">
                <property name="securityService" ref="securityService" />
        </bean>
-       <bean id="org.argeo.security.ui.currentUserView" class="org.argeo.security.ui.views.CurrentUserView"
-               scope="prototype">
-       </bean>
 </beans>

diff --git a/security/plugins/org.argeo.security.ui/plugin.xml b/security/plugins/org.argeo.security.ui/plugin.xml
index 3a741cb0906c4c4b98413682411843724bd2ff5d..0a78645affcec7938c6e5f00687d763f475550c3 100644 (file)
--- a/security/plugins/org.argeo.security.ui/plugin.xml
+++ b/security/plugins/org.argeo.security.ui/plugin.xml
@@ -6,7 +6,7 @@
       <perspective
             class="org.argeo.security.ui.SecurityPerspective"
             icon="icons/security.gif"
-            id="org.argeo.security.ui.securityPerspective"
+            id="org.argeo.security.ui.adminSecurityPerspective"
             name="Security">
       </perspective>
    </extension>
@@ -15,20 +15,14 @@
       <view
             class="org.argeo.eclipse.spring.SpringExtensionFactory"
             icon="icons/users.gif"
-            id="org.argeo.security.ui.usersView"
+            id="org.argeo.security.ui.adminUsersView"
             name="Users"
             restorable="false">
       </view>
-      <view
-            class="org.argeo.eclipse.spring.SpringExtensionFactory"
-            id="org.argeo.security.ui.currentUserView"
-            name="Current User"
-            restorable="false">
-      </view>
       <view
             class="org.argeo.eclipse.spring.SpringExtensionFactory"
             icon="icons/role.gif"
-            id="org.argeo.security.ui.rolesView"
+            id="org.argeo.security.ui.adminRolesView"
             name="Roles"
             restorable="false">
       </view>
@@ -68,7 +62,7 @@
            point="org.eclipse.ui.editors">
                <editor
                  class="org.argeo.eclipse.spring.SpringExtensionFactory"
-              id="org.argeo.security.ui.argeoUserEditor"
+              id="org.argeo.security.ui.adminArgeoUserEditor"
               name="User"
               icon="icons/user.gif"
               default="false">
@@ -133,11 +127,9 @@
             </command>
         </menuContribution>
         <menuContribution
-                allPopups="false"
                 locationURI="menu:file?after=additions">
                 <command
                       commandId="org.argeo.security.ui.openChangePasswordDialog"
-                      disabledIcon="icons/password.gif"
                       icon="icons/password.gif"
                       label="Change password"
                       style="push"
@@ -157,4 +149,34 @@
            </property>
         </product>
      </extension>
+     <extension
+           point="org.eclipse.ui.services">
+        <sourceProvider
+              provider="org.argeo.security.ui.RolesSourceProvider">
+           <variable
+                 name="org.argeo.security.ui.rolesVariable"
+                 priorityLevel="workbench">
+           </variable>
+        </sourceProvider>
+     </extension>
+     <extension
+           point="org.eclipse.ui.activities">
+        <activity
+              description="Only for admins"
+              id="org.argeo.security.ui.adminActivity"
+              name="Admin">
+                 <enabledWhen>
+                   <with variable="roles">
+                     <iterate ifEmpty="false" operator="or">
+                       <equals value="ROLE_ADMIN" />
+                     </iterate>
+                   </with>
+                 </enabledWhen>
+        </activity>
+        <activityPatternBinding
+              activityId="org.argeo.security.ui.adminActivity"
+              isEqualityPattern="true"
+              pattern="org.argeo.security.ui/.*admin.*">
+        </activityPatternBinding>
+     </extension>
  </plugin>

diff --git a/security/plugins/org.argeo.security.ui/pom.xml b/security/plugins/org.argeo.security.ui/pom.xml
index 0d9ed3165196ca375638d208e92d3dc95a6b1012..ab1ec19c1b9e618b195646cf412ce154992b7f7e 100644 (file)
--- a/security/plugins/org.argeo.security.ui/pom.xml
+++ b/security/plugins/org.argeo.security.ui/pom.xml
@@ -56,6 +56,10 @@
                                                        org.argeo.eclipse.spring,
                                                        *
                                                </Import-Package>
+                                               <Export-Package>
+                                                       !org.argeo.security.ui.internal.*,
+                                                       org.argeo.security.ui.*
+                                               </Export-Package>
                                        </instructions>
                                </configuration>
                        </plugin>

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
deleted file mode 100644 (file)
index a864c3a..0000000
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.argeo.security.ui;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.argeo.ArgeoException;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-
-public class CurrentUser {
-       public final static String getUsername() {
-               Subject subject = getSubject();
-               if (subject == null)
-                       return null;
-               Principal principal = subject.getPrincipals().iterator().next();
-               return principal.getName();
-
-       }
-
-       public final static Set<String> roles() {
-               Principal principal = getSubject().getPrincipals().iterator().next();
-               Authentication authentication = (Authentication) principal;
-               Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
-               for (GrantedAuthority ga : authentication.getAuthorities()) {
-                       roles.add(ga.getAuthority());
-               }
-               return Collections.unmodifiableSet(roles);
-       }
-
-       public final static Subject getSubject() {
-
-               Subject subject = Subject.getSubject(AccessController.getContext());
-               if (subject == null)
-                       throw new ArgeoException("Not authenticated.");
-               return subject;
-
-       }
-}

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java
new file mode 100644 (file)
index 0000000..b05cd5f
--- /dev/null
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/RolesSourceProvider.java
@@ -0,0 +1,34 @@
+package org.argeo.security.ui;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import org.argeo.security.ui.internal.CurrentUser;
+import org.eclipse.ui.AbstractSourceProvider;
+
+/**
+ * Provides the roles of the current user as a variable to be used for activity
+ * binding
+ */
+public class RolesSourceProvider extends AbstractSourceProvider {
+       public final static String ROLES_VARIABLE = "roles";
+       private final static String[] PROVIDED_SOURCE_NAMES = new String[] { ROLES_VARIABLE };
+
+       public Map<String, Set<String>> getCurrentState() {
+               Map<String, Set<String>> stateMap = new HashMap<String, Set<String>>();
+               stateMap.put(ROLES_VARIABLE, CurrentUser.roles());
+               return stateMap;
+       }
+
+       public String[] getProvidedSourceNames() {
+               return PROVIDED_SOURCE_NAMES;
+       }
+
+       public void updateRoles() {
+               fireSourceChanged(0, getCurrentState());
+       }
+
+       public void dispose() {
+       }
+}
\ No newline at end of file

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
index 3b3b9b840a6c58ed29c87aa8e3cd062ae7d176f7..d6bff90f3c69baebead087b70d8f374b3f73bb09 100644 (file)
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
@@ -1,5 +1,6 @@
 package org.argeo.security.ui;
 
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.swt.widgets.Display;
 import org.eclipse.ui.IFolderLayout;
@@ -10,13 +11,13 @@ public class SecurityPerspective implements IPerspectiveFactory {
        private String adminRole = "ROLE_ADMIN";
 
        public void createInitialLayout(IPageLayout layout) {
-               if (!CurrentUser.roles().contains(adminRole)) {
-                       MessageDialog
-                                       .openError(Display.getCurrent().getActiveShell(),
-                                                       "Forbidden",
-                                                       "You are not allowed to access this resource.");
-                       return;
-               }
+//             if (!CurrentUser.roles().contains(adminRole)) {
+//                     MessageDialog
+//                                     .openError(Display.getCurrent().getActiveShell(),
+//                                                     "Forbidden",
+//                                                     "You are not allowed to access this resource.");
+//                     return;
+//             }
 
                String editorArea = layout.getEditorArea();
                layout.setEditorAreaVisible(true);
@@ -25,9 +26,8 @@ public class SecurityPerspective implements IPerspectiveFactory {
                IFolderLayout left = layout.createFolder("left", IPageLayout.LEFT,
                                0.4f, editorArea);
 
-               left.addView("org.argeo.security.ui.usersView");
-               left.addView("org.argeo.security.ui.rolesView");
-               // left.addView("org.argeo.security.ui.currentUserView");
+               left.addView("org.argeo.security.ui.adminUsersView");
+               left.addView("org.argeo.security.ui.adminRolesView");
        }
 
        public void setAdminRole(String adminRole) {

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
index 99a4652a93910eeb591715808d4929c94669c44c..a896f617008c22237e7cd57454502ac1b3502202 100644 (file)
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java
@@ -13,7 +13,7 @@ import org.eclipse.ui.forms.editor.FormEditor;
 
 /** Editor for an Argeo user. */
 public class ArgeoUserEditor extends FormEditor {
-       public final static String ID = "org.argeo.security.ui.argeoUserEditor";
+       public final static String ID = "org.argeo.security.ui.adminArgeoUserEditor";
 
        private ArgeoUser user;
        private ArgeoSecurityService securityService;

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java
new file mode 100644 (file)
index 0000000..1abdc15
--- /dev/null
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/internal/CurrentUser.java
@@ -0,0 +1,43 @@
+package org.argeo.security.ui.internal;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.argeo.ArgeoException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+
+public class CurrentUser {
+       public final static String getUsername() {
+               Subject subject = getSubject();
+               if (subject == null)
+                       return null;
+               Principal principal = subject.getPrincipals().iterator().next();
+               return principal.getName();
+
+       }
+
+       public final static Set<String> roles() {
+               Principal principal = getSubject().getPrincipals().iterator().next();
+               Authentication authentication = (Authentication) principal;
+               Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
+               for (GrantedAuthority ga : authentication.getAuthorities()) {
+                       roles.add(ga.getAuthority());
+               }
+               return Collections.unmodifiableSet(roles);
+       }
+
+       public final static Subject getSubject() {
+
+               Subject subject = Subject.getSubject(AccessController.getContext());
+               if (subject == null)
+                       throw new ArgeoException("Not authenticated.");
+               return subject;
+
+       }
+}

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
index 5b049282886e9266d20d975c86bb81e4ec13df6f..366ac34fb9145d2ef8617bbe2dd3e26ed8bdb833 100644 (file)
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
@@ -1,6 +1,6 @@
 package org.argeo.security.ui.views;
 
-import org.argeo.security.ui.CurrentUser;
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.jface.viewers.IStructuredContentProvider;
 import org.eclipse.jface.viewers.ITableLabelProvider;
 import org.eclipse.jface.viewers.LabelProvider;

diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
index 5d78178273cadd324076c16ca57a0d1a22c50cc1..08bf7b59575b297b45a2ef7d0130ac0edd9ce5d9 100644 (file)
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
@@ -6,9 +6,9 @@ import org.argeo.ArgeoException;
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
 import org.argeo.security.nature.SimpleUserNature;
-import org.argeo.security.ui.CurrentUser;
 import org.argeo.security.ui.SecurityUiPlugin;
 import org.argeo.security.ui.commands.OpenArgeoUserEditor;
+import org.argeo.security.ui.internal.CurrentUser;
 import org.eclipse.core.commands.Command;
 import org.eclipse.core.commands.IParameter;
 import org.eclipse.core.commands.Parameterization;