You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/15 08:11:15 UTC
[isis-app-helloworld] 03/04: Merge branch 'jdo-secman' into
jpa-secman
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch jpa-secman
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git
commit fb80adeac474f99793279473da069940d80e5a6e
Merge: 32c1202 46234bf
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Apr 15 09:07:59 2021 +0100
Merge branch 'jdo-secman' into jpa-secman
.../java/domainapp/security/SeedUsersAndRoles.java | 14 +++++++++-
.../RoleAndPerms__ApplibConfiguration__Veto.java | 30 ++++++++++++++++++++++
.../isisroles/RoleAndPerms__Applib__Allow.java | 28 ++++++++++++++++++++
.../RoleAndPerms__ExtFixtures__Allow.java | 28 ++++++++++++++++++++
.../RoleAndPerms__ExtH2Console__Allow.java | 28 ++++++++++++++++++++
.../isisroles/RoleAndPerms__MetaModel_Allow.java | 28 ++++++++++++++++++++
.../RoleAndPerms__PersistenceJdo_Allow.java | 28 ++++++++++++++++++++
.../security/isisroles/SecmanRoleNames.java | 11 ++++++++
.../security/scripts/SecmanConstants.java | 11 --------
.../security/scripts/UserToRole__bob_UserRw.java | 14 +++++++++-
.../security/scripts/UserToRole__dick_UserRo.java | 12 ++++++++-
.../UserToRole__joe_UserRw_but_NoDelete.java | 18 +++++++++++--
src/main/java/domainapp/webapp/AppManifest.java | 6 ++---
13 files changed, 237 insertions(+), 19 deletions(-)
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
index 0000000,398a92a..ec1b112
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ApplibConfiguration__Veto.java
@@@ -1,0 -1,30 +1,30 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__ApplibConfiguration__Veto extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-applib-configuration--veto";
+
+ public RoleAndPerms__ApplibConfiguration__Veto() {
+ super(ROLE_NAME, "Veto access to configuration menu");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.VETO,
+ ApplicationPermissionMode.VIEWING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "isis.applib.ConfigurationMenu#configuration"),
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.TYPE, "isis.applib.ConfigurationProperty"),
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.TYPE, "isis.applib.ConfigurationViewModel")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
index 0000000,2c3b423..d5d7408
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__Applib__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__Applib__Allow extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-applib--allow";
+
+ public RoleAndPerms__Applib__Allow() {
+ super(ROLE_NAME, "Access objects defined in isis' applib. Note that this includes access to configuration");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.applib")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
index 0000000,3897753..85ea42d
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtFixtures__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__ExtFixtures__Allow extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-ext-fixtures--allow";
+
+ public RoleAndPerms__ExtFixtures__Allow() {
+ super(ROLE_NAME, "Execute fixture scripts");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.ext.fixtures")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
index 0000000,a847f11..ee60606
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__ExtH2Console__Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__ExtH2Console__Allow extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-ext-h2-console--allow";
+
+ public RoleAndPerms__ExtH2Console__Allow() {
+ super(ROLE_NAME, "Access the H2 Console");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.ext.h2Console")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
index 0000000,a778c3c..e63f8c1
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__MetaModel_Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__MetaModel_Allow extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-metamodel--allow";
+
+ public RoleAndPerms__MetaModel_Allow() {
+ super(ROLE_NAME, "Access objects defined in isis' metamodel. Note that this includes access to configuration");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.applib")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
index 0000000,9c435fc..859ddac
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
+++ b/src/main/java/domainapp/security/isisroles/RoleAndPerms__PersistenceJdo_Allow.java
@@@ -1,0 -1,28 +1,28 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+ import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+ import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+ public class RoleAndPerms__PersistenceJdo_Allow extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "isis-persistence-jdo--allow";
+
+ public RoleAndPerms__PersistenceJdo_Allow() {
+ super(ROLE_NAME, "Download the JDO metamodel");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.NAMESPACE, "isis.persistence.jdo")
+ )
+ );
+ }
+ }
diff --cc src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
index 0000000,3c0cfb7..3841214
mode 000000,100644..100644
--- a/src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
+++ b/src/main/java/domainapp/security/isisroles/SecmanRoleNames.java
@@@ -1,0 -1,11 +1,11 @@@
+ package domainapp.security.isisroles;
+
+ import org.apache.isis.commons.collections.Can;
+ import org.apache.isis.extensions.secman.api.user.AccountType;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
++import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+ public class SecmanRoleNames {
+ private SecmanRoleNames(){}
+ public static final String ADMIN = "isis-ext-secman-admin";
+ public static final String USER = "isis-ext-secman-user";
+ }
diff --cc src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
index 8ecb9df,561a189..1d2dd28
--- a/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
@@@ -2,8 -2,15 +2,15 @@@ package domainapp.security.scripts
import org.apache.isis.commons.collections.Can;
import org.apache.isis.extensions.secman.api.user.AccountType;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.RoleAndPerms__PersistenceJdo_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+
public class UserToRole__bob_UserRw extends AbstractUserAndRolesFixtureScript {
public UserToRole__bob_UserRw() {
diff --cc src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
index d059383,2e62850..344607b
--- a/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
@@@ -2,8 -2,15 +2,15 @@@ package domainapp.security.scripts
import org.apache.isis.commons.collections.Can;
import org.apache.isis.extensions.secman.api.user.AccountType;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
+ import domainapp.security.isisroles.RoleAndPerms__ApplibConfiguration__Veto;
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+
public class UserToRole__dick_UserRo extends AbstractUserAndRolesFixtureScript {
public UserToRole__dick_UserRo() {
diff --cc src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
index 5eafe7c,6af2a88..6f5f6ee
--- a/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
+++ b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
@@@ -2,8 -2,16 +2,16 @@@ package domainapp.security.scripts
import org.apache.isis.commons.collections.Can;
import org.apache.isis.extensions.secman.api.user.AccountType;
-import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+import org.apache.isis.extensions.secman.jpa.seed.scripts.AbstractUserAndRolesFixtureScript;
+ import domainapp.security.isisroles.RoleAndPerms__ApplibConfiguration__Veto;
+ import domainapp.security.isisroles.RoleAndPerms__Applib__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtFixtures__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__ExtH2Console__Allow;
+ import domainapp.security.isisroles.RoleAndPerms__MetaModel_Allow;
+ import domainapp.security.isisroles.RoleAndPerms__PersistenceJdo_Allow;
+ import domainapp.security.isisroles.SecmanRoleNames;
+
public class UserToRole__joe_UserRw_but_NoDelete extends AbstractUserAndRolesFixtureScript {
public UserToRole__joe_UserRw_but_NoDelete() {