You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/05/06 15:50:43 UTC
[syncope] branch master updated: More sensible checks of Realms
with Delegated Admin
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 472ec3e More sensible checks of Realms with Delegated Admin
472ec3e is described below
commit 472ec3e611a242ffa18cdb41cc94916049dee282
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed May 6 17:43:00 2020 +0200
More sensible checks of Realms with Delegated Admin
---
.../client/console/panels/LinkedAccountModalPanel.java | 13 +++++++------
.../syncope/client/console/SyncopeConsoleSession.java | 16 ++++++++++------
.../client/console/panels/GroupDirectoryPanel.java | 4 ++--
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java b/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
index f6bcf8c..d5d2e09 100644
--- a/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
+++ b/client/idm/console/src/main/java/org/apache/syncope/client/console/panels/LinkedAccountModalPanel.java
@@ -149,7 +149,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
@Override
@SuppressWarnings("unchecked")
protected void customActionOnFinishCallback(final AjaxRequestTarget target) {
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
linkedAccountTOs.clear();
linkedAccountTOs.addAll(model.getObject().getLinkedAccounts());
@@ -254,7 +254,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new ListViewPanel.ListViewReload<>(target));
}
@@ -337,7 +337,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
SyncopeConsoleSession.get().onException(e);
}
- checkAddButton();
+ checkAddButton(model.getObject().getRealm());
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
send(LinkedAccountModalPanel.this, Broadcast.DEPTH, new ListViewPanel.ListViewReload<>(target));
}
@@ -348,7 +348,8 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
list = builder.build(MultilevelPanel.FIRST_LEVEL_ID);
list.setOutputMarkupId(true);
- list.setReadOnly(!SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE));
+ list.setReadOnly(!SyncopeConsoleSession.get().
+ owns(IdRepoEntitlement.USER_UPDATE, model.getObject().getRealm()));
addAjaxLink = new AjaxLink<LinkedAccountTO>("add") {
@@ -374,7 +375,7 @@ public class LinkedAccountModalPanel extends Panel implements ModalPanel {
linkedAccountTOs.sort(Comparator.comparing(LinkedAccountTO::getConnObjectKeyValue));
}
- private void checkAddButton() {
- addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE));
+ private void checkAddButton(final String realm) {
+ addAjaxLink.setVisible(SyncopeConsoleSession.get().owns(IdRepoEntitlement.USER_UPDATE, realm));
}
}
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index 73d4833..34dff66 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -275,7 +275,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession implements Ba
}
Set<String> requested = ArrayUtils.isEmpty(realms)
- ? Set.of(SyncopeConstants.ROOT_REALM)
+ ? Set.of()
: Set.of(realms);
for (String entitlement : entitlements.split(",")) {
@@ -283,11 +283,15 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession implements Ba
boolean owns = false;
Set<String> owned = auth.get(entitlement);
- for (String realm : requested) {
- if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
- owns |= owned.stream().anyMatch(realm::startsWith);
- } else {
- owns |= owned.contains(realm);
+ if (requested.isEmpty()) {
+ return !owned.isEmpty();
+ } else {
+ for (String realm : requested) {
+ if (realm.startsWith(SyncopeConstants.ROOT_REALM)) {
+ owns |= owned.stream().anyMatch(realm::startsWith);
+ } else {
+ owns |= owned.contains(realm);
+ }
}
}
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index 14ef858..503a49d 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -117,7 +117,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new UserDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(query).
disableCheckBoxes().
@@ -139,7 +139,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
panel = new AnyObjectDirectoryPanel.Builder(
classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).
- setRealm(SyncopeConstants.ROOT_REALM).
+ setRealm(realm).
setFiltered(true).
setFiql(query).
disableCheckBoxes().