You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/15 08:11:15 UTC

[isis-app-helloworld] 03/04: Merge branch 'jdo-secman' into jpa-secman

This is an automated email from the ASF dual-hosted git repository.

danhaywood pushed a commit to branch jpa-secman
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git

commit fb80adeac474f99793279473da069940d80e5a6e
Merge: 32c1202 46234bf
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Apr 15 09:07:59 2021 +0100

    Merge branch 'jdo-secman' into jpa-secman

 .../java/domainapp/security/SeedUsersAndRoles.java | 14 +++++++++-
 .../RoleAndPerms__ApplibConfiguration__Veto.java   | 30 ++++++++++++++++++++++
 .../isisroles/RoleAndPerms__Applib__Allow.java     | 28 ++++++++++++++++++++
 .../RoleAndPerms__ExtFixtures__Allow.java          | 28 ++++++++++++++++++++
 .../RoleAndPerms__ExtH2Console__Allow.java         | 28 ++++++++++++++++++++
 .../isisroles/RoleAndPerms__MetaModel_Allow.java   | 28 ++++++++++++++++++++
 .../RoleAndPerms__PersistenceJdo_Allow.java        | 28 ++++++++++++++++++++
 .../security/isisroles/SecmanRoleNames.java        | 11 ++++++++
 .../security/scripts/SecmanConstants.java          | 11 --------
 .../security/scripts/UserToRole__bob_UserRw.java   | 14 +++++++++-
 .../security/scripts/UserToRole__dick_UserRo.java  | 12 ++++++++-
 .../UserToRole__joe_UserRw_but_NoDelete.java       | 18 +++++++++++--
 src/main/java/domainapp/webapp/AppManifest.java    |  6 ++---
 13 files changed, 237 insertions(+), 19 deletions(-)

diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
index 0000000,398a92a..ec1b112
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
@@@ -1,0 -1,30 +1,30 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__ApplibConfiguration__Veto extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-applib-configuration--veto";
+ 
+     public RoleAndPerms__ApplibConfiguration__Veto() {
+         super(ROLE_NAME, "Veto access to configuration menu");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.VETO,
+                 ApplicationPermissionMode.VIEWING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "isis.applib.ConfigurationMenu#configuration"),
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.TYPE, "isis.applib.ConfigurationProperty"),
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.TYPE, "isis.applib.ConfigurationViewModel")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
index 0000000,2c3b423..d5d7408
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__Applib__Allow extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-applib--allow";
+ 
+     public RoleAndPerms__Applib__Allow() {
+         super(ROLE_NAME, "Access objects defined in isis' applib.  Note that this includes access to configuration");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.ALLOW,
+                 ApplicationPermissionMode.CHANGING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.applib")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
index 0000000,3897753..85ea42d
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__ExtFixtures__Allow extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-ext-fixtures--allow";
+ 
+     public RoleAndPerms__ExtFixtures__Allow() {
+         super(ROLE_NAME, "Execute fixture scripts");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.ALLOW,
+                 ApplicationPermissionMode.CHANGING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.ext.fixtures")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
index 0000000,a847f11..ee60606
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__ExtH2Console__Allow extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-ext-h2-console--allow";
+ 
+     public RoleAndPerms__ExtH2Console__Allow() {
+         super(ROLE_NAME, "Access the H2 Console");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.ALLOW,
+                 ApplicationPermissionMode.CHANGING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.ext.h2Console")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
index 0000000,a778c3c..e63f8c1
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__MetaModel_Allow extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-metamodel--allow";
+ 
+     public RoleAndPerms__MetaModel_Allow() {
+         super(ROLE_NAME, "Access objects defined in isis' metamodel.  Note that this includes access to configuration");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.ALLOW,
+                 ApplicationPermissionMode.CHANGING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.applib")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
index 0000000,9c435fc..859ddac
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+ 
+ public class RoleAndPerms__PersistenceJdo_Allow extends AbstractRoleAndPermissionsFixtureScript {
+ 
+     public static final String ROLE_NAME = "isis-persistence-jdo--allow";
+ 
+     public RoleAndPerms__PersistenceJdo_Allow() {
+         super(ROLE_NAME, "Download the JDO metamodel");
+     }
+ 
+     @Override
+     protected void execute(ExecutionContext ec) {
+         newPermissions(
+                 ApplicationPermissionRule.ALLOW,
+                 ApplicationPermissionMode.CHANGING,
+                 Can.of(
+                         ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.persistence.jdo")
+                 )
+         );
+     }
+ }
diff --cc src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
index 0000000,3c0cfb7..3841214
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
+++ b/src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
@@@ -1,0 -1,11 +1,11 @@@
+ package domainapp.security.isisroles;
+ 
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.user.AccountType;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
+ 
+ public class SecmanRoleNames {
+     private SecmanRoleNames(){}
+     public static final String ADMIN = "isis-ext-secman-admin";
+     public static final String USER = "isis-ext-secman-user";
+ }
diff --cc src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
index 8ecb9df,561a189..1d2dd28
--- a/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
@@@ -2,8 -2,15 +2,15 @@@ package domainapp.security.scripts
  
  import org.apache.isis.commons.collections.Can;
  import org.apache.isis.extensions.secman.api.user.AccountType;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
 +import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
  
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.RoleAndPerms__PersistenceJdo_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+ 
  public class UserToRole__bob_UserRw extends AbstractUserAndRolesFixtureScript {
  
      public UserToRole__bob_UserRw() {
diff --cc src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
index d059383,2e62850..344607b
--- a/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
@@@ -2,8 -2,15 +2,15 @@@ package domainapp.security.scripts
  
  import org.apache.isis.commons.collections.Can;
  import org.apache.isis.extensions.secman.api.user.AccountType;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
 +import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
  
+ import domainapp.security.isisroles.RoleAndPerms__ApplibConfiguration__Veto;
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+ 
  public class UserToRole__dick_UserRo extends AbstractUserAndRolesFixtureScript {
  
      public UserToRole__dick_UserRo() {
diff --cc src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
index 5eafe7c,6af2a88..6f5f6ee
--- a/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
@@@ -2,8 -2,16 +2,16 @@@ package domainapp.security.scripts
  
  import org.apache.isis.commons.collections.Can;
  import org.apache.isis.extensions.secman.api.user.AccountType;
 -import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
 +import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
  
+ import domainapp.security.isisroles.RoleAndPerms__ApplibConfiguration__Veto;
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.RoleAndPerms__PersistenceJdo_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+ 
  public class UserToRole__joe_UserRw_but_NoDelete extends AbstractUserAndRolesFixtureScript {
  
      public UserToRole__joe_UserRw_but_NoDelete() {