You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2016/09/29 15:25:45 UTC
[1/2] syncope git commit: [SYNCOPE-940] Fix provided - besides
listing,
now also searching for Groups does not require special entitlements any more,
removing StandardEntitlements.GROUP_SEARCH
Repository: syncope
Updated Branches:
refs/heads/2_0_X 37d967032 -> c757e3dea
refs/heads/master 55b9e83d7 -> a02401fea
[SYNCOPE-940] Fix provided - besides listing, now also searching for Groups does not require special entitlements any more, removing StandardEntitlements.GROUP_SEARCH
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c757e3de
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c757e3de
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c757e3de
Branch: refs/heads/2_0_X
Commit: c757e3dea4032ac5ae341992059cbfd7c846dc92
Parents: 37d9670
Author: Francesco Chicchiricc� <il...@apache.org>
Authored: Thu Sep 29 17:25:10 2016 +0200
Committer: Francesco Chicchiricc� <il...@apache.org>
Committed: Thu Sep 29 17:25:10 2016 +0200
----------------------------------------------------------------------
.../client/console/commons/ITabComponent.java | 9 +++++++--
.../console/panels/GroupDirectoryPanel.java | 2 +-
.../syncope/client/console/panels/Realm.java | 18 ++++++++++--------
.../client/console/wizards/any/Groups.java | 8 +++-----
.../client/console/wizards/any/Ownership.java | 4 +---
.../client/enduser/resources/GroupResource.java | 5 ++++-
.../app/js/controllers/UserController.js | 6 ++++++
.../common/lib/types/StandardEntitlement.java | 2 --
.../org/apache/syncope/core/logic/GroupLogic.java | 8 ++++----
9 files changed, 36 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
index 91043b5..af09113 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
@@ -16,6 +16,7 @@
package org.apache.syncope.client.console.commons;
import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.Component;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions;
@@ -34,7 +35,7 @@ public abstract class ITabComponent extends Component implements ITab {
private final IModel<String> title;
/**
- * Constructor
+ * Constructor.
*
* @param title IModel used to represent the title of the tab. Must contain a string
* @param roles authorized roles
@@ -45,7 +46,11 @@ public abstract class ITabComponent extends Component implements ITab {
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(roles));
+ if (StringUtils.isBlank(roles)) {
+ permissions.authorizeAll(RENDER);
+ } else {
+ permissions.authorize(RENDER, new Roles(roles));
+ }
}
/**
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index 67e806d..118c415 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -395,7 +395,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
target.add(container);
}
}
- }, ActionType.RELOAD, StandardEntitlement.GROUP_SEARCH).build(componentId);
+ }, ActionType.RELOAD).build(componentId);
}
});
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
index d2a869c..857bff0 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
@@ -50,6 +50,7 @@ import org.apache.syncope.common.lib.to.ConnObjectTO;
import org.apache.syncope.common.lib.to.PropagationStatus;
import org.apache.syncope.common.lib.to.ProvisioningResult;
import org.apache.syncope.common.lib.to.RealmTO;
+import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.PropagationTaskExecStatus;
import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.wicket.Component;
@@ -85,8 +86,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
setPageRef(pageRef);
- AjaxBootstrapTabbedPanel<ITab> tabbedPanel
- = new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef));
+ AjaxBootstrapTabbedPanel<ITab> tabbedPanel =
+ new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef));
tabbedPanel.setSelectedTab(selectedIndex);
addInnerObject(tabbedPanel);
this.wizardBuilder = new RealmWizardBuilder(pageRef);
@@ -157,14 +158,15 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
}
});
- final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo
- = FormLayoutInfoUtils.fetch(anyTypeTOs);
+ final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo =
+ FormLayoutInfoUtils.fetch(anyTypeTOs);
Collections.sort(anyTypeTOs, new AnyTypeComparator());
for (final AnyTypeTO anyTypeTO : anyTypeTOs) {
tabs.add(new ITabComponent(
new Model<>(anyTypeTO.getKey()),
- String.format("%s_SEARCH", anyTypeTO.getKey())) {
+ AnyTypeKind.GROUP.name().equals(anyTypeTO.getKey())
+ ? null : String.format("%s_SEARCH", anyTypeTO.getKey())) {
private static final long serialVersionUID = 1169585538404171118L;
@@ -202,8 +204,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
propagations.add(syncope);
propagations.addAll(((ProvisioningResult) result).getPropagationStatuses());
- ListViewPanel.Builder<PropagationStatus> builder
- = new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) {
+ ListViewPanel.Builder<PropagationStatus> builder =
+ new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) {
private static final long serialVersionUID = -6809736686861678498L;
@@ -218,7 +220,7 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues())
? StringUtils.EMPTY
: afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues().
- iterator().next();
+ iterator().next();
return new Label("field", remoteId);
} else if ("status".equalsIgnoreCase(key)) {
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
index 8181baf..e8aba25 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
@@ -42,10 +42,8 @@ import org.apache.wicket.model.IModel;
import org.apache.wicket.model.util.ListModel;
import org.apache.wicket.util.lang.Args;
import org.apache.syncope.common.lib.to.GroupableRelatableTO;
-import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
-import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.extensions.wizard.WizardModel.ICondition;
public class Groups extends WizardStep implements ICondition {
@@ -66,7 +64,7 @@ public class Groups extends WizardStep implements ICondition {
// -----------------------------------------------------------------
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(StandardEntitlement.GROUP_SEARCH));
+ permissions.authorizeAll(RENDER);
// -----------------------------------------------------------------
setOutputMarkupId(true);
@@ -114,7 +112,7 @@ public class Groups extends WizardStep implements ICondition {
groupRestClient.search(
realm,
SyncopeClient.getGroupSearchConditionBuilder().
- isAssignable().and().is("name").equalTo(filter).query(),
+ isAssignable().and().is("name").equalTo(filter).query(),
-1, -1,
new SortParam<>("name", true),
null),
@@ -160,6 +158,6 @@ public class Groups extends WizardStep implements ICondition {
public boolean evaluate() {
return CollectionUtils.isNotEmpty(allGroups)
&& SyncopeConsoleApplication.get().getSecuritySettings().getAuthorizationStrategy().
- isActionAuthorized(this, RENDER);
+ isActionAuthorized(this, RENDER);
}
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
index eb5b318..9fe6a0f 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
@@ -106,9 +106,7 @@ public class Ownership extends WizardStep implements WizardModel.ICondition {
// -----------------------------------------------------------------
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(new StringBuilder().
- append(StandardEntitlement.USER_SEARCH).append(",").
- append(StandardEntitlement.GROUP_SEARCH).toString()));
+ permissions.authorize(RENDER, new Roles(StandardEntitlement.USER_SEARCH));
// -----------------------------------------------------------------
setTitleModel(new ResourceModel("group.ownership"));
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
index 365d7df..0099859 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
@@ -23,6 +23,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.syncope.client.enduser.SyncopeEnduserSession;
+import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.GroupTO;
import org.apache.syncope.common.rest.api.beans.AnyQuery;
@@ -55,7 +56,9 @@ public class GroupResource extends AbstractBaseResource {
String realm = java.net.URLDecoder.decode(attributes.getParameters().get("realm").
toString(SyncopeConstants.ROOT_REALM), "UTF-8");
- final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm).build()).getResult();
+ final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm).
+ fiql(SyncopeClient.getGroupSearchConditionBuilder().isAssignable().query()).
+ build()).getResult();
response.setWriteCallback(new AbstractResource.WriteCallback() {
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
index 1d33e3d..c6b0b4e 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
@@ -181,6 +181,7 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
for (var i in response) {
$scope.dynamicForm.resources.push(response[i].key);
}
+ $scope.dynamicForm.resources.sort();
});
};
@@ -191,6 +192,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
for (var i in response) {
$scope.dynamicForm.groups.push({"rightKey": response[i].key, "groupName": response[i].name});
}
+ $scope.dynamicForm.groups.sort(function (a, b) {
+ var x = a.groupName;
+ var y = b.groupName;
+ return x < y ? -1 : x > y ? 1 : 0;
+ });
}, function (e) {
$scope.showError("An error occur during retrieving groups " + e, $scope.notification)
});
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
----------------------------------------------------------------------
diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
index ecaa25f..74c59b7 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
@@ -96,8 +96,6 @@ public final class StandardEntitlement {
public static final String USER_DELETE = "USER_DELETE";
- public static final String GROUP_SEARCH = "GROUP_SEARCH";
-
public static final String GROUP_CREATE = "GROUP_CREATE";
public static final String GROUP_READ = "GROUP_READ";
http://git-wip-us.apache.org/repos/asf/syncope/blob/c757e3de/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
index bd07a22..157a7d6 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
@@ -189,23 +189,23 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> {
}, new ArrayList<GroupTO>());
}
- @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')")
+ @PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
@Override
public int searchCount(final SearchCond searchCondition, final String realm) {
return searchDAO.count(
- getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm),
+ getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm),
searchCondition, AnyTypeKind.GROUP);
}
- @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')")
+ @PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
@Override
public List<GroupTO> search(final SearchCond searchCondition, final int page, final int size,
final List<OrderByClause> orderBy, final String realm, final boolean details) {
List<Group> matchingGroups = searchDAO.search(
- getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm),
+ getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm),
searchCondition, page, size, orderBy, AnyTypeKind.GROUP);
return CollectionUtils.collect(matchingGroups, new Transformer<Group, GroupTO>() {
[2/2] syncope git commit: [SYNCOPE-940] Fix provided - besides
listing,
now also searching for Groups does not require special entitlements any more,
removing StandardEntitlements.GROUP_SEARCH
Posted by il...@apache.org.
[SYNCOPE-940] Fix provided - besides listing, now also searching for Groups does not require special entitlements any more, removing StandardEntitlements.GROUP_SEARCH
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a02401fe
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a02401fe
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a02401fe
Branch: refs/heads/master
Commit: a02401feaaa959614d5e93d4c363c4e18ba2d07f
Parents: 55b9e83
Author: Francesco Chicchiricc� <il...@apache.org>
Authored: Thu Sep 29 17:25:10 2016 +0200
Committer: Francesco Chicchiricc� <il...@apache.org>
Committed: Thu Sep 29 17:25:28 2016 +0200
----------------------------------------------------------------------
.../client/console/commons/ITabComponent.java | 9 +++++++--
.../console/panels/GroupDirectoryPanel.java | 2 +-
.../syncope/client/console/panels/Realm.java | 18 ++++++++++--------
.../client/console/wizards/any/Groups.java | 8 +++-----
.../client/console/wizards/any/Ownership.java | 4 +---
.../client/enduser/resources/GroupResource.java | 5 ++++-
.../app/js/controllers/UserController.js | 6 ++++++
.../common/lib/types/StandardEntitlement.java | 2 --
.../org/apache/syncope/core/logic/GroupLogic.java | 8 ++++----
9 files changed, 36 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
index 91043b5..af09113 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/commons/ITabComponent.java
@@ -16,6 +16,7 @@
package org.apache.syncope.client.console.commons;
import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.Component;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions;
@@ -34,7 +35,7 @@ public abstract class ITabComponent extends Component implements ITab {
private final IModel<String> title;
/**
- * Constructor
+ * Constructor.
*
* @param title IModel used to represent the title of the tab. Must contain a string
* @param roles authorized roles
@@ -45,7 +46,11 @@ public abstract class ITabComponent extends Component implements ITab {
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(roles));
+ if (StringUtils.isBlank(roles)) {
+ permissions.authorizeAll(RENDER);
+ } else {
+ permissions.authorize(RENDER, new Roles(roles));
+ }
}
/**
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index 67e806d..118c415 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -395,7 +395,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
target.add(container);
}
}
- }, ActionType.RELOAD, StandardEntitlement.GROUP_SEARCH).build(componentId);
+ }, ActionType.RELOAD).build(componentId);
}
});
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
index d2a869c..857bff0 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/Realm.java
@@ -50,6 +50,7 @@ import org.apache.syncope.common.lib.to.ConnObjectTO;
import org.apache.syncope.common.lib.to.PropagationStatus;
import org.apache.syncope.common.lib.to.ProvisioningResult;
import org.apache.syncope.common.lib.to.RealmTO;
+import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.PropagationTaskExecStatus;
import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.wicket.Component;
@@ -85,8 +86,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
setPageRef(pageRef);
- AjaxBootstrapTabbedPanel<ITab> tabbedPanel
- = new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef));
+ AjaxBootstrapTabbedPanel<ITab> tabbedPanel =
+ new AjaxBootstrapTabbedPanel<>("tabbedPanel", buildTabList(pageRef));
tabbedPanel.setSelectedTab(selectedIndex);
addInnerObject(tabbedPanel);
this.wizardBuilder = new RealmWizardBuilder(pageRef);
@@ -157,14 +158,15 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
}
});
- final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo
- = FormLayoutInfoUtils.fetch(anyTypeTOs);
+ final Triple<UserFormLayoutInfo, GroupFormLayoutInfo, Map<String, AnyObjectFormLayoutInfo>> formLayoutInfo =
+ FormLayoutInfoUtils.fetch(anyTypeTOs);
Collections.sort(anyTypeTOs, new AnyTypeComparator());
for (final AnyTypeTO anyTypeTO : anyTypeTOs) {
tabs.add(new ITabComponent(
new Model<>(anyTypeTO.getKey()),
- String.format("%s_SEARCH", anyTypeTO.getKey())) {
+ AnyTypeKind.GROUP.name().equals(anyTypeTO.getKey())
+ ? null : String.format("%s_SEARCH", anyTypeTO.getKey())) {
private static final long serialVersionUID = 1169585538404171118L;
@@ -202,8 +204,8 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
propagations.add(syncope);
propagations.addAll(((ProvisioningResult) result).getPropagationStatuses());
- ListViewPanel.Builder<PropagationStatus> builder
- = new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) {
+ ListViewPanel.Builder<PropagationStatus> builder =
+ new ListViewPanel.Builder<PropagationStatus>(PropagationStatus.class, pageRef) {
private static final long serialVersionUID = -6809736686861678498L;
@@ -218,7 +220,7 @@ public abstract class Realm extends WizardMgtPanel<RealmTO> {
afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues())
? StringUtils.EMPTY
: afterObj.getAttrMap().get(ConnIdSpecialAttributeName.NAME).getValues().
- iterator().next();
+ iterator().next();
return new Label("field", remoteId);
} else if ("status".equalsIgnoreCase(key)) {
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
index 8181baf..e8aba25 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
@@ -42,10 +42,8 @@ import org.apache.wicket.model.IModel;
import org.apache.wicket.model.util.ListModel;
import org.apache.wicket.util.lang.Args;
import org.apache.syncope.common.lib.to.GroupableRelatableTO;
-import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
-import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.extensions.wizard.WizardModel.ICondition;
public class Groups extends WizardStep implements ICondition {
@@ -66,7 +64,7 @@ public class Groups extends WizardStep implements ICondition {
// -----------------------------------------------------------------
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(StandardEntitlement.GROUP_SEARCH));
+ permissions.authorizeAll(RENDER);
// -----------------------------------------------------------------
setOutputMarkupId(true);
@@ -114,7 +112,7 @@ public class Groups extends WizardStep implements ICondition {
groupRestClient.search(
realm,
SyncopeClient.getGroupSearchConditionBuilder().
- isAssignable().and().is("name").equalTo(filter).query(),
+ isAssignable().and().is("name").equalTo(filter).query(),
-1, -1,
new SortParam<>("name", true),
null),
@@ -160,6 +158,6 @@ public class Groups extends WizardStep implements ICondition {
public boolean evaluate() {
return CollectionUtils.isNotEmpty(allGroups)
&& SyncopeConsoleApplication.get().getSecuritySettings().getAuthorizationStrategy().
- isActionAuthorized(this, RENDER);
+ isActionAuthorized(this, RENDER);
}
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
index eb5b318..9fe6a0f 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Ownership.java
@@ -106,9 +106,7 @@ public class Ownership extends WizardStep implements WizardModel.ICondition {
// -----------------------------------------------------------------
final ActionPermissions permissions = new ActionPermissions();
setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
- permissions.authorize(RENDER, new Roles(new StringBuilder().
- append(StandardEntitlement.USER_SEARCH).append(",").
- append(StandardEntitlement.GROUP_SEARCH).toString()));
+ permissions.authorize(RENDER, new Roles(StandardEntitlement.USER_SEARCH));
// -----------------------------------------------------------------
setTitleModel(new ResourceModel("group.ownership"));
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
index 365d7df..0099859 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/GroupResource.java
@@ -23,6 +23,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.syncope.client.enduser.SyncopeEnduserSession;
+import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.GroupTO;
import org.apache.syncope.common.rest.api.beans.AnyQuery;
@@ -55,7 +56,9 @@ public class GroupResource extends AbstractBaseResource {
String realm = java.net.URLDecoder.decode(attributes.getParameters().get("realm").
toString(SyncopeConstants.ROOT_REALM), "UTF-8");
- final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm).build()).getResult();
+ final List<GroupTO> groupTOs = groupService.search(new AnyQuery.Builder().realm(realm).
+ fiql(SyncopeClient.getGroupSearchConditionBuilder().isAssignable().query()).
+ build()).getResult();
response.setWriteCallback(new AbstractResource.WriteCallback() {
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
index 1d33e3d..c6b0b4e 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
@@ -181,6 +181,7 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
for (var i in response) {
$scope.dynamicForm.resources.push(response[i].key);
}
+ $scope.dynamicForm.resources.sort();
});
};
@@ -191,6 +192,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
for (var i in response) {
$scope.dynamicForm.groups.push({"rightKey": response[i].key, "groupName": response[i].name});
}
+ $scope.dynamicForm.groups.sort(function (a, b) {
+ var x = a.groupName;
+ var y = b.groupName;
+ return x < y ? -1 : x > y ? 1 : 0;
+ });
}, function (e) {
$scope.showError("An error occur during retrieving groups " + e, $scope.notification)
});
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
----------------------------------------------------------------------
diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
index ecaa25f..74c59b7 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/StandardEntitlement.java
@@ -96,8 +96,6 @@ public final class StandardEntitlement {
public static final String USER_DELETE = "USER_DELETE";
- public static final String GROUP_SEARCH = "GROUP_SEARCH";
-
public static final String GROUP_CREATE = "GROUP_CREATE";
public static final String GROUP_READ = "GROUP_READ";
http://git-wip-us.apache.org/repos/asf/syncope/blob/a02401fe/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
index bd07a22..157a7d6 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
@@ -189,23 +189,23 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> {
}, new ArrayList<GroupTO>());
}
- @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')")
+ @PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
@Override
public int searchCount(final SearchCond searchCondition, final String realm) {
return searchDAO.count(
- getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm),
+ getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm),
searchCondition, AnyTypeKind.GROUP);
}
- @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')")
+ @PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
@Override
public List<GroupTO> search(final SearchCond searchCondition, final int page, final int size,
final List<OrderByClause> orderBy, final String realm, final boolean details) {
List<Group> matchingGroups = searchDAO.search(
- getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realm),
+ getEffectiveRealms(SyncopeConstants.FULL_ADMIN_REALMS, realm),
searchCondition, page, size, orderBy, AnyTypeKind.GROUP);
return CollectionUtils.collect(matchingGroups, new Transformer<Group, GroupTO>() {