You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/05/30 19:47:45 UTC
[isis] 01/02: ISIS-2699: adds config props for
PermissionsEvaluationService also
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch ISIS-2699
in repository https://gitbox.apache.org/repos/asf/isis.git
commit 0abc75f089e15dbbca6bf41da16af55c17c80562
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sun May 30 20:32:53 2021 +0100
ISIS-2699: adds config props for PermissionsEvaluationService also
---
.../apache/isis/core/config/IsisConfiguration.java | 14 +++++++
.../secman/applib/IsisModuleExtSecmanApplib.java | 12 +++++-
.../secman/applib/SecmanAutoConfiguration.java | 48 +++++++++-------------
.../secman/applib/SecmanConfiguration.java | 14 +++----
...PermissionsEvaluationServiceAllowBeatsVeto.java | 3 ++
...PermissionsEvaluationServiceVetoBeatsAllow.java | 3 ++
6 files changed, 58 insertions(+), 36 deletions(-)
diff --git a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
index f790afd..7b7f29a 100644
--- a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
+++ b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
@@ -3182,6 +3182,20 @@ public class IsisConfiguration {
}
+ public enum PermissionsEvaluationPolicy {
+ ALLOW_BEATS_VETO,
+ VETO_BEATS_ALLOW
+ }
+
+ /**
+ * If there are conflicting (allow vs veto) permissions at the same scope, then this policy determines
+ * whether to prefer to allow the permission or to veto it.
+ *
+ * <p>
+ * This is only used if a {@link org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationService} has not been declared explicitly.
+ * </p>
+ */
+ private PermissionsEvaluationPolicy permissionsEvaluationPolicy = PermissionsEvaluationPolicy.ALLOW_BEATS_VETO;
private final UserRegistration userRegistration = new UserRegistration();
@Data
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/IsisModuleExtSecmanApplib.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/IsisModuleExtSecmanApplib.java
index c0db454..542ebd9 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/IsisModuleExtSecmanApplib.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/IsisModuleExtSecmanApplib.java
@@ -18,10 +18,15 @@
*/
package org.apache.isis.extensions.secman.applib;
+import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
+import org.apache.isis.applib.annotation.OrderPrecedence;
+import org.apache.isis.core.config.IsisConfiguration;
import org.apache.isis.extensions.secman.applib.feature.api.ApplicationFeatureChoices;
import org.apache.isis.extensions.secman.applib.feature.contributions.ApplicationFeatureViewModel_permissions;
import org.apache.isis.extensions.secman.applib.permission.app.ApplicationOrphanedPermissionManager;
@@ -34,6 +39,9 @@ import org.apache.isis.extensions.secman.applib.permission.dom.mixins.Applicatio
import org.apache.isis.extensions.secman.applib.permission.dom.mixins.ApplicationPermission_veto;
import org.apache.isis.extensions.secman.applib.permission.dom.mixins.ApplicationPermission_viewing;
import org.apache.isis.extensions.secman.applib.permission.menu.ApplicationPermissionMenu;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationService;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationServiceAllowBeatsVeto;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationServiceVetoBeatsAllow;
import org.apache.isis.extensions.secman.applib.role.dom.mixins.ApplicationRole_addPermission;
import org.apache.isis.extensions.secman.applib.role.dom.mixins.ApplicationRole_addUser;
import org.apache.isis.extensions.secman.applib.role.dom.mixins.ApplicationRole_delete;
@@ -77,6 +85,8 @@ import org.apache.isis.extensions.secman.applib.user.dom.mixins.perms.UserPermis
import org.apache.isis.extensions.secman.applib.user.menu.ApplicationUserMenu;
import org.apache.isis.extensions.secman.applib.user.menu.MeService;
+import lombok.val;
+
/**
* @since 2.0 {@index}
*/
@@ -167,7 +177,6 @@ import org.apache.isis.extensions.secman.applib.user.menu.MeService;
// SecmanAutoConfiguration.class,
})
-//@EnableAutoConfiguration()
public class IsisModuleExtSecmanApplib {
public static final String NAMESPACE = "isis.ext.secman";
@@ -181,4 +190,5 @@ public class IsisModuleExtSecmanApplib {
public abstract static class PropertyDomainEvent<S, T>
extends org.apache.isis.applib.events.domain.PropertyDomainEvent<S, T> {}
+
}
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanAutoConfiguration.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanAutoConfiguration.java
index df8b7d8..0120cc9 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanAutoConfiguration.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanAutoConfiguration.java
@@ -1,39 +1,16 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
package org.apache.isis.extensions.secman.applib;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Service;
import org.apache.isis.applib.annotation.OrderPrecedence;
import org.apache.isis.core.config.IsisConfiguration;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationService;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationServiceAllowBeatsVeto;
+import org.apache.isis.extensions.secman.applib.permission.spi.PermissionsEvaluationServiceVetoBeatsAllow;
-import lombok.RequiredArgsConstructor;
-import lombok.extern.log4j.Log4j2;
import lombok.val;
@AutoConfigureOrder(OrderPrecedence.LAST)
@@ -41,11 +18,11 @@ import lombok.val;
public class SecmanAutoConfiguration {
/**
- * Provides a default implementation of {@link SecmanConfiguration}.
+ * Provides a default implementation of {@link SecmanConfiguration} based on configuration properties.
*/
@Bean
@ConditionalOnMissingBean(SecmanConfiguration.class)
- public SecmanConfiguration bean(final IsisConfiguration isisConfiguration) {
+ public SecmanConfiguration secmanConfiguration(final IsisConfiguration isisConfiguration) {
val secman = isisConfiguration.getExtensions().getSecman();
return SecmanConfiguration.builder()
.adminUserName(secman.getSeed().getAdmin().getUserName())
@@ -58,4 +35,19 @@ public class SecmanAutoConfiguration {
.build();
}
+ /**
+ * Provides a default implementation of {@link PermissionsEvaluationService} based on configuration properties.
+ */
+ @Bean
+ @ConditionalOnMissingBean(PermissionsEvaluationService.class)
+ public PermissionsEvaluationService permissionsEvaluationService(final IsisConfiguration isisConfiguration) {
+ val policy = isisConfiguration.getExtensions().getSecman().getPermissionsEvaluationPolicy();
+ switch (policy) {
+ case ALLOW_BEATS_VETO:
+ return new PermissionsEvaluationServiceAllowBeatsVeto();
+ case VETO_BEATS_ALLOW:
+ return new PermissionsEvaluationServiceVetoBeatsAllow();
+ }
+ throw new IllegalArgumentException(String.format("PermissionsEvaluationPolicy '%s' not recognised", policy));
+ }
}
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
index 88dfcfb..f484383 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/SecmanConfiguration.java
@@ -61,7 +61,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.Admin#getUserName()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -74,7 +74,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.Admin#getPassword()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -86,7 +86,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.Admin#getRoleName()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -97,7 +97,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.Admin.NamespacePermissions#getSticky()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -108,7 +108,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.Admin.NamespacePermissions#getAdditional()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -122,7 +122,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.Seed.RegularUser#getRoleName()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
@@ -133,7 +133,7 @@ public class SecmanConfiguration {
/**
* @see IsisConfiguration.Extensions.Secman.DelegatedUsers#getAutoCreatePolicy()
*
- * @deprecated
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
@Deprecated
@Getter
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceAllowBeatsVeto.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceAllowBeatsVeto.java
index d7a15e3..6cdedd2 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceAllowBeatsVeto.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceAllowBeatsVeto.java
@@ -27,7 +27,10 @@ import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermis
* An implementation whereby a VETO permission for a feature overrides an ALLOW (for same scope).
*
* @since 2.0 {@index}
+ *
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
+@Deprecated
public class PermissionsEvaluationServiceAllowBeatsVeto extends PermissionsEvaluationServiceAbstract {
private static final long serialVersionUID = 1L;
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceVetoBeatsAllow.java b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceVetoBeatsAllow.java
index c08b795..1b493db 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceVetoBeatsAllow.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/isis/extensions/secman/applib/permission/spi/PermissionsEvaluationServiceVetoBeatsAllow.java
@@ -31,7 +31,10 @@ import lombok.val;
* An implementation whereby a VETO permission for a feature overrides an ALLOW (for same scope).
*
* @since 2.0 {@index}
+ *
+ * @deprecated - use <code>application.yml</code> config properties instead.
*/
+@Deprecated
public class PermissionsEvaluationServiceVetoBeatsAllow extends PermissionsEvaluationServiceAbstract {
private static final long serialVersionUID = 1L;