You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/05/06 15:50:47 UTC
[syncope] branch 2_1_X updated: More sensible checks of Realms with
Delegated Admin
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_1_X by this push:
new 01b5b92 More sensible checks of Realms with Delegated Admin
01b5b92 is described below
commit 01b5b9257025d5c9612fbad4165b0e3807cc47a2
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed May 6 17:43:00 2020 +0200
More sensible checks of Realms with Delegated Admin
---
.../syncope/client/console/SyncopeConsoleSession.java | 16 ++++++++++------
.../client/console/panels/GroupDirectoryPanel.java | 4 ++--
.../client/console/panels/LinkedAccountModalPanel.java | 13 +++++++------
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index 14b8d49..dd3bafe 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -305,7 +305,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
}
Set<String> requested = ArrayUtils.isEmpty(realms)
- ? Collections.singleton(SyncopeConstants.ROOT_REALM)
+ ? Collections.emptySet()
: new HashSet<>(Arrays.asList(realms));
for (String entitlement : entitlements.split(",")) {
@@ -313,11 +313,15 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
boolean owns = false;
Set<String> owned = auth.get(entitlement);
- for (String realm : requested) {
- if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
- owns |= owned.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm));
- } else {
- owns |= owned.contains(realm);
+ if (requested.isEmpty()) {
+ return !owned.isEmpty();
+ } else {
+ for (String realm : requested) {
+ if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
+ owns |= owned.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm));
+ } else {
+ owns |= owned.contains(realm);
+ }
}
}
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index feb0337..0f503bd 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -115,7 +115,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new UserDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(fiql).
disableCheckBoxes().
@@ -135,7 +135,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new AnyObjectDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(fiql).
disableCheckBoxes().
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
index f065462..36e2bc2 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
@@ -143,7 +143,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
@Override
@SuppressWarnings("unchecked")
protected void customActionOnFinishCallback(final AjaxRequestTarget target) {
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
linkedAccountTOs.clear();
linkedAccountTOs.addAll(model.getObject().getLinkedAccounts());
@@ -247,7 +247,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new ListViewPanel.ListViewReload<>(target));
}
@@ -330,7 +330,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
SyncopeConsoleSession.get().onException(e);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new ListViewPanel.ListViewReload<>(target));
}
@@ -341,7 +341,8 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
list = builder.build(MultilevelPanel.FIRST_LEVEL_ID);
list.setOutputMarkupId(true);
- list.setReadOnly(!SyncopeConsoleSession.get().owns(StandardEntitlement.USER_UPDATE));
+ list.setReadOnly(!SyncopeConsoleSession.get().
+ owns(StandardEntitlement.USER_UPDATE, model.getObject().getRealm()));
addAjaxLink = new AjaxLink<LinkedAccountTO>("add") {
@@ -367,7 +368,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
linkedAccountTOs.sort(Comparator.comparing(LinkedAccountTO::getConnObjectKeyValue));
}
- private void checkAddButton() {
- addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(StandardEntitlement.USER_UPDATE));
+ private void checkAddButton(final String realm) {
+ addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(StandardEntitlement.USER_UPDATE, realm));
}
}