You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/05/28 08:42:55 UTC
[isis] branch master updated: ISIS-2709: fixes permission seed data:
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new d7d8691 ISIS-2709: fixes permission seed data:
d7d8691 is described below
commit d7d8691b42aeffcb1761ad6998f17bd2784555da
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Fri May 28 09:42:32 2021 +0100
ISIS-2709: fixes permission seed data:
- h2 console perm was incorrect
- simplify perms for isis.feat and isis.conf
- fix secman regular role fr ApplicatoinUser#effectiveMemberPermissions and filterEffectiveMemberPermissions
- make secman admin role hae h2 console
---
.../isis/extensions/secman/applib/SecmanConfiguration.java | 2 ++
.../applib/role/seed/IsisAppFeatureRoleAndPermissions.java | 10 ++--------
.../applib/role/seed/IsisConfigurationRoleAndPermissions.java | 7 +++----
.../applib/role/seed/IsisExtH2ConsoleRoleAndPermissions.java | 9 ++++-----
.../role/seed/IsisExtSecmanRegularUserRoleAndPermissions.java | 4 ++--
5 files changed, 13 insertions(+), 19 deletions(-)
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
index 04c21da..69e200e 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
@@ -24,6 +24,7 @@ import java.util.stream.Stream;
import org.apache.isis.applib.IsisModuleApplib;
import org.apache.isis.commons.internal.base._NullSafe;
import org.apache.isis.core.security.IsisModuleCoreSecurity;
+import org.apache.isis.extensions.secman.applib.role.seed.IsisExtH2ConsoleRoleAndPermissions;
import lombok.Builder;
import lombok.Getter;
@@ -142,6 +143,7 @@ public class SecmanConfiguration {
IsisModuleApplib.NAMESPACE_SUDO,
IsisModuleApplib.NAMESPACE_CONF,
IsisModuleApplib.NAMESPACE_FEAT,
+ IsisExtH2ConsoleRoleAndPermissions.NAMESPACE,
IsisModuleExtSecmanApplib.NAMESPACE
};
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisAppFeatureRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisAppFeatureRoleAndPermissions.java
index e4cf156..a223b36 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisAppFeatureRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisAppFeatureRoleAndPermissions.java
@@ -18,6 +18,7 @@
*/
package org.apache.isis.extensions.secman.applib.role.seed;
+import org.apache.isis.applib.IsisModuleApplib;
import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
import org.apache.isis.applib.services.appfeatui.ApplicationFeatureMenu;
import org.apache.isis.applib.services.appfeatui.ApplicationFeatureViewModel;
@@ -50,14 +51,7 @@ extends AbstractRoleAndPermissionsFixtureScript {
ApplicationPermissionRule.ALLOW,
ApplicationPermissionMode.CHANGING,
Can.of(
- ApplicationFeatureId.newType(ApplicationFeatureMenu.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationFeatureViewModel.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationNamespace.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationType.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationTypeMember.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationTypeAction.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationTypeProperty.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ApplicationTypeCollection.LOGICAL_TYPE_NAME)
+ ApplicationFeatureId.newNamespace(IsisModuleApplib.NAMESPACE_FEAT)
)
);
}
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisConfigurationRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisConfigurationRoleAndPermissions.java
index 77e08d4..9e0c2f1 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisConfigurationRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisConfigurationRoleAndPermissions.java
@@ -18,6 +18,7 @@
*/
package org.apache.isis.extensions.secman.applib.role.seed;
+import org.apache.isis.applib.IsisModuleApplib;
import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
import org.apache.isis.applib.services.confview.ConfigurationMenu;
import org.apache.isis.applib.services.confview.ConfigurationProperty;
@@ -45,10 +46,8 @@ extends AbstractRoleAndPermissionsFixtureScript {
ApplicationPermissionRule.ALLOW,
ApplicationPermissionMode.CHANGING,
Can.of(
- ApplicationFeatureId.newType(ConfigurationMenu.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ConfigurationProperty.LOGICAL_TYPE_NAME),
- ApplicationFeatureId.newType(ConfigurationViewmodel.LOGICAL_TYPE_NAME)
- )
+ ApplicationFeatureId.newNamespace(IsisModuleApplib.NAMESPACE_CONF)
+ )
);
}
}
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtH2ConsoleRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtH2ConsoleRoleAndPermissions.java
index c6f9706..f1819e1 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtH2ConsoleRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtH2ConsoleRoleAndPermissions.java
@@ -23,7 +23,6 @@ import org.apache.isis.commons.collections.Can;
import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionMode;
import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionRule;
import org.apache.isis.extensions.secman.applib.role.fixtures.AbstractRoleAndPermissionsFixtureScript;
-import org.apache.isis.testing.fixtures.applib.IsisModuleTestingFixturesApplib;
/**
* Access to the h2 console UI.
@@ -32,12 +31,12 @@ import org.apache.isis.testing.fixtures.applib.IsisModuleTestingFixturesApplib;
*/
public class IsisExtH2ConsoleRoleAndPermissions extends AbstractRoleAndPermissionsFixtureScript {
- private static final String SERVICE_LOGICAL_TYPE_NAME = "isis.ext.h2Console";
+ public static final String NAMESPACE = "isis.ext.h2Console";
- public static final String ROLE_NAME = SERVICE_LOGICAL_TYPE_NAME.replace(".","-");
+ public static final String ROLE_NAME = NAMESPACE.replace(".","-");
public IsisExtH2ConsoleRoleAndPermissions() {
- super(ROLE_NAME, String.format("Access to the H2 console UI", IsisModuleTestingFixturesApplib.NAMESPACE));
+ super(ROLE_NAME, "Access to the H2 console UI");
}
@Override
@@ -46,7 +45,7 @@ public class IsisExtH2ConsoleRoleAndPermissions extends AbstractRoleAndPermissio
ApplicationPermissionRule.ALLOW,
ApplicationPermissionMode.CHANGING,
Can.ofSingleton(
- ApplicationFeatureId.newNamespace(IsisModuleTestingFixturesApplib.NAMESPACE)));
+ ApplicationFeatureId.newNamespace(NAMESPACE)));
}
}
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanRegularUserRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanRegularUserRoleAndPermissions.java
index 34cf4f6..e1c5d2f 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanRegularUserRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/role/seed/IsisExtSecmanRegularUserRoleAndPermissions.java
@@ -104,8 +104,8 @@ public class IsisExtSecmanRegularUserRoleAndPermissions extends AbstractRoleAndP
val vetoViewing = Can.of(
// we explicitly ensure that the user cannot grant themselves
// additional privileges or see stuff that they shouldn't
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "permissions"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "filterPermissions"),
+ ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "effectiveMemberPermissions"),
+ ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "filterEffectiveMemberPermissions"),
ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "resetPassword"),
ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "lock"),
ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "unlock"),