isis-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ahu...@apache.org
Subject [isis] branch master updated: ISIS-2291: improved usability on ApplicationRole
Date Tue, 18 Feb 2020 12:17:20 GMT
This is an automated email from the ASF dual-hosted git repository.

ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git


The following commit(s) were added to refs/heads/master by this push:
     new 3284b4d  ISIS-2291: improved usability on ApplicationRole
3284b4d is described below

commit 3284b4d1c5a2482e05bd4510923ef53338f900a2
Author: Andi Huber <ahuber@apache.org>
AuthorDate: Tue Feb 18 13:17:08 2020 +0100

    ISIS-2291: improved usability on ApplicationRole
---
 .../dom/role/ApplicationRole_removePermission.java | 12 +++--
 ...java => ApplicationRole_removePermissions.java} | 55 +++++++++++++---------
 .../model/dom/role/ApplicationRole_removeUser.java | 14 +++---
 ...eUser.java => ApplicationRole_removeUsers.java} | 31 +++++++-----
 4 files changed, 64 insertions(+), 48 deletions(-)

diff --git a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermission.java
b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermission.java
index 7e9e4d5..9e24a04 100644
--- a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermission.java
+++ b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermission.java
@@ -23,8 +23,6 @@ import java.util.Collection;
 import javax.enterprise.inject.Model;
 import javax.inject.Inject;
 
-import org.apache.isis.applib.annotation.Action;
-import org.apache.isis.applib.annotation.MemberOrder;
 import org.apache.isis.applib.annotation.ParameterLayout;
 import org.apache.isis.applib.services.repository.RepositoryService;
 import org.apache.isis.core.commons.internal.collections._Lists;
@@ -35,12 +33,16 @@ import org.apache.isis.extensions.secman.api.permission.ApplicationPermission;
 import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRepository;
 import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 import org.apache.isis.extensions.secman.api.role.ApplicationRole;
-import org.apache.isis.extensions.secman.api.role.ApplicationRole.RemovePermissionDomainEvent;
 import org.apache.isis.extensions.secman.api.role.ApplicationRoleRepository;
 
 import lombok.RequiredArgsConstructor;
 
-@Action(domainEvent = RemovePermissionDomainEvent.class, associateWith = "permissions")
+//@Action(
+//        domainEvent = RemovePermissionDomainEvent.class, 
+//        associateWith = "permissions",
+//        associateWithSequence = "9"
+//        )
+@Deprecated
 @RequiredArgsConstructor
 public class ApplicationRole_removePermission {
 
@@ -51,7 +53,7 @@ public class ApplicationRole_removePermission {
     
     private final ApplicationRole holder;
 
-    @MemberOrder(sequence = "9")
+    @Model
     public ApplicationRole act(
             @ParameterLayout(named="Rule")
             final ApplicationPermissionRule rule,
diff --git a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermissions.java
similarity index 53%
copy from extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
copy to extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermissions.java
index e4854ee..4922169 100644
--- a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
+++ b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removePermissions.java
@@ -19,50 +19,61 @@
 package org.apache.isis.extensions.secman.model.dom.role;
 
 import java.util.Collection;
+import java.util.Objects;
 
 import javax.enterprise.inject.Model;
 import javax.inject.Inject;
 
 import org.apache.isis.applib.annotation.Action;
 import org.apache.isis.applib.annotation.ActionLayout;
+import org.apache.isis.applib.services.message.MessageService;
+import org.apache.isis.applib.services.repository.RepositoryService;
+import org.apache.isis.core.commons.internal.base._NullSafe;
+import org.apache.isis.extensions.secman.api.SecurityModuleConfig;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermission;
 import org.apache.isis.extensions.secman.api.role.ApplicationRole;
-import org.apache.isis.extensions.secman.api.role.ApplicationRole.RemoveUserDomainEvent;
+import org.apache.isis.extensions.secman.api.role.ApplicationRole.RemovePermissionDomainEvent;
 import org.apache.isis.extensions.secman.api.role.ApplicationRoleRepository;
-import org.apache.isis.extensions.secman.api.user.ApplicationUser;
-import org.apache.isis.extensions.secman.api.user.ApplicationUserRepository;
 
 import lombok.RequiredArgsConstructor;
 
 @Action(
-        domainEvent = RemoveUserDomainEvent.class,
-        associateWith = "users",
-        associateWithSequence = "2")
+        domainEvent = RemovePermissionDomainEvent.class, 
+        associateWith = "permissions",
+        associateWithSequence = "10"
+        )
 @ActionLayout(named="Remove")
 @RequiredArgsConstructor
-public class ApplicationRole_removeUser {
-    
+public class ApplicationRole_removePermissions {
+
+    @Inject private MessageService messageService;
+    @Inject private SecurityModuleConfig configBean;
+    @Inject private RepositoryService repository;
     @Inject private ApplicationRoleRepository<? extends ApplicationRole> applicationRoleRepository;
-    @Inject private ApplicationUserRepository<? extends ApplicationUser> applicationUserRepository;
     
     private final ApplicationRole holder;
 
     @Model
-    public ApplicationRole act(final ApplicationUser applicationUser) {
-        applicationRoleRepository.removeRoleFromUser(holder, applicationUser);
+    public ApplicationRole act(Collection<ApplicationPermission> permissions) {
+        
+        _NullSafe.stream(permissions)
+        .filter(this::canRemove)
+        .forEach(repository::remove);
+        
         return holder;
     }
 
-    @Model
-    public Collection<? extends ApplicationUser> choices0Act() {
-        return applicationUserRepository.findByRole(holder);
-    }
-
-    @Model
-    public String validateAct(final ApplicationUser applicationUser) {
-        if(applicationUserRepository.isAdminUser(applicationUser) 
-                && applicationRoleRepository.isAdminRole(holder)) {
-            return "Cannot remove admin user from the admin role.";
+    private boolean canRemove(ApplicationPermission permission) {
+        if(!Objects.equals(permission.getRole(), holder)) {
+            return false;
         }
-        return null;
+        if(applicationRoleRepository.isAdminRole(holder) 
+                && configBean.isStickyAdminPackage(permission.getFeatureFqn())) {
+            
+            messageService.warnUser("Cannot remove top-level package permissions for the
admin role.");
+            return false;
+        }
+        return true;
     }
+
 }
diff --git a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
index e4854ee..4720c3c 100644
--- a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
+++ b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
@@ -23,21 +23,19 @@ import java.util.Collection;
 import javax.enterprise.inject.Model;
 import javax.inject.Inject;
 
-import org.apache.isis.applib.annotation.Action;
-import org.apache.isis.applib.annotation.ActionLayout;
 import org.apache.isis.extensions.secman.api.role.ApplicationRole;
-import org.apache.isis.extensions.secman.api.role.ApplicationRole.RemoveUserDomainEvent;
 import org.apache.isis.extensions.secman.api.role.ApplicationRoleRepository;
 import org.apache.isis.extensions.secman.api.user.ApplicationUser;
 import org.apache.isis.extensions.secman.api.user.ApplicationUserRepository;
 
 import lombok.RequiredArgsConstructor;
 
-@Action(
-        domainEvent = RemoveUserDomainEvent.class,
-        associateWith = "users",
-        associateWithSequence = "2")
-@ActionLayout(named="Remove")
+//@Action(
+//        domainEvent = RemoveUserDomainEvent.class,
+//        associateWith = "users",
+//        associateWithSequence = "2")
+//@ActionLayout(named="Remove")
+@Deprecated
 @RequiredArgsConstructor
 public class ApplicationRole_removeUser {
     
diff --git a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUsers.java
similarity index 76%
copy from extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
copy to extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUsers.java
index e4854ee..b1241ee 100644
--- a/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUser.java
+++ b/extensions/security/secman/model/src/main/java/org/apache/isis/extensions/secman/model/dom/role/ApplicationRole_removeUsers.java
@@ -25,6 +25,8 @@ import javax.inject.Inject;
 
 import org.apache.isis.applib.annotation.Action;
 import org.apache.isis.applib.annotation.ActionLayout;
+import org.apache.isis.applib.services.message.MessageService;
+import org.apache.isis.core.commons.internal.base._NullSafe;
 import org.apache.isis.extensions.secman.api.role.ApplicationRole;
 import org.apache.isis.extensions.secman.api.role.ApplicationRole.RemoveUserDomainEvent;
 import org.apache.isis.extensions.secman.api.role.ApplicationRoleRepository;
@@ -39,30 +41,33 @@ import lombok.RequiredArgsConstructor;
         associateWithSequence = "2")
 @ActionLayout(named="Remove")
 @RequiredArgsConstructor
-public class ApplicationRole_removeUser {
+public class ApplicationRole_removeUsers {
     
+    @Inject private MessageService messageService;
     @Inject private ApplicationRoleRepository<? extends ApplicationRole> applicationRoleRepository;
     @Inject private ApplicationUserRepository<? extends ApplicationUser> applicationUserRepository;
     
     private final ApplicationRole holder;
 
     @Model
-    public ApplicationRole act(final ApplicationUser applicationUser) {
-        applicationRoleRepository.removeRoleFromUser(holder, applicationUser);
-        return holder;
-    }
+    public ApplicationRole act(Collection<ApplicationUser> users) {
+        
+        _NullSafe.stream(users)
+        .filter(this::canRemove)
+        .forEach(user->applicationRoleRepository.removeRoleFromUser(holder, user));
 
-    @Model
-    public Collection<? extends ApplicationUser> choices0Act() {
-        return applicationUserRepository.findByRole(holder);
+        return holder;
     }
-
-    @Model
-    public String validateAct(final ApplicationUser applicationUser) {
+    
+    private boolean canRemove(ApplicationUser applicationUser) {
         if(applicationUserRepository.isAdminUser(applicationUser) 
                 && applicationRoleRepository.isAdminRole(holder)) {
-            return "Cannot remove admin user from the admin role.";
+            messageService.warnUser("Cannot remove admin user from the admin role.");
+            return false;
         }
-        return null;
+        return true;
     }
+    
+    
+    
 }


Mime
View raw message