You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by fm...@apache.org on 2017/05/09 11:45:08 UTC
syncope git commit: [SYNCOPE-1072] fix for entitlement check in
action panel
Repository: syncope
Updated Branches:
refs/heads/master 0315ac634 -> 4b991ec91
[SYNCOPE-1072] fix for entitlement check in action panel
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4b991ec9
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4b991ec9
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4b991ec9
Branch: refs/heads/master
Commit: 4b991ec91de5b7d53c7f0eef1d89fefb4e813957
Parents: 0315ac6
Author: fmartelli <fa...@gmail.com>
Authored: Tue May 9 13:25:11 2017 +0200
Committer: fmartelli <fa...@gmail.com>
Committed: Tue May 9 13:27:24 2017 +0200
----------------------------------------------------------------------
.../client/console/SyncopeConsoleSession.java | 27 ++++++++++++++++--
.../syncope/client/console/pages/BasePage.java | 30 +++++++++++---------
.../console/panels/AnyDirectoryPanel.java | 8 ++++--
.../console/panels/AnyObjectDirectoryPanel.java | 13 ++++++---
.../console/panels/GroupDirectoryPanel.java | 14 +++++----
.../console/panels/UserDirectoryPanel.java | 15 +++++-----
.../console/wicket/markup/html/form/Action.java | 10 +++++++
.../wicket/markup/html/form/ActionPanel.java | 10 +++++++
8 files changed, 92 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index 62f1a76..0ec23f1 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -30,6 +30,8 @@ import java.util.concurrent.ScheduledExecutorService;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.MediaType;
import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.IterableUtils;
+import org.apache.commons.collections4.Predicate;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.FastDateFormat;
import org.apache.commons.lang3.tuple.Pair;
@@ -234,8 +236,29 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
return availableRealms;
}
- public boolean owns(final String entitlement) {
- return auth != null && auth.containsKey(entitlement);
+ public boolean owns(final String entitlements) {
+ return owns(entitlements, "/");
+ }
+
+ public boolean owns(final String entitlements, final String realm) {
+ if (StringUtils.isEmpty(entitlements)) {
+ return true;
+ }
+
+ for (String entitlement : entitlements.split(",")) {
+ if (auth != null && auth.containsKey(entitlement)
+ && (realm == null || IterableUtils.matchesAny(auth.get(entitlement), new Predicate<String>() {
+
+ @Override
+ public boolean evaluate(final String ownedRealm) {
+ return realm.startsWith(ownedRealm);
+ }
+ }))) {
+ return true;
+ }
+ }
+
+ return false;
}
@Override
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/pages/BasePage.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/pages/BasePage.java b/client/console/src/main/java/org/apache/syncope/client/console/pages/BasePage.java
index c02a499..e7e23ae 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/pages/BasePage.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/pages/BasePage.java
@@ -133,7 +133,7 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
}
};
MetaDataRoleAuthorizationStrategy.authorize(
- dbExportLink, WebPage.ENABLE, StandardEntitlement.CONFIGURATION_EXPORT);
+ dbExportLink, WebPage.RENDER, StandardEntitlement.CONFIGURATION_EXPORT);
body.add(dbExportLink);
// menu
@@ -143,8 +143,10 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
liContainer = new WebMarkupContainer(getLIContainerId("realms"));
body.add(liContainer);
+
BookmarkablePageLink<? extends BasePage> link = BookmarkablePageLinkBuilder.build("realms", Realms.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.REALM_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.REALM_LIST);
+
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("topology"));
@@ -153,13 +155,13 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
StringBuilder bld = new StringBuilder();
bld.append(StandardEntitlement.CONNECTOR_LIST).append(",").
append(StandardEntitlement.RESOURCE_LIST).append(",");
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, bld.toString());
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, bld.toString());
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("reports"));
body.add(liContainer);
link = BookmarkablePageLinkBuilder.build("reports", Reports.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.REPORT_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.REPORT_LIST);
liContainer.add(link);
WebMarkupContainer confLIContainer = new WebMarkupContainer(getLIContainerId("configuration"));
@@ -173,19 +175,19 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
SyncopeConsoleSession.get().getPlatformInfo().getUserWorkflowAdapter().contains("Activiti"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("workflow", Workflow.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.WORKFLOW_DEF_GET);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.WORKFLOW_DEF_GET);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("audit"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("audit", Audit.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.AUDIT_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.AUDIT_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("logs"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("logs", Logs.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.LOG_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.LOG_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("securityquestions"));
@@ -195,37 +197,37 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
append(StandardEntitlement.SECURITY_QUESTION_DELETE).append(",").
append(StandardEntitlement.SECURITY_QUESTION_UPDATE);
link = BookmarkablePageLinkBuilder.build("securityquestions", SecurityQuestions.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, bld.toString());
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, bld.toString());
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("types"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("types", Types.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.SCHEMA_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.SCHEMA_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("roles"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("roles", Roles.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.ROLE_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.ROLE_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("policies"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("policies", Policies.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.POLICY_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.POLICY_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("notifications"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("notifications", Notifications.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.NOTIFICATION_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.NOTIFICATION_LIST);
liContainer.add(link);
liContainer = new WebMarkupContainer(getLIContainerId("parameters"));
confULContainer.add(liContainer);
link = BookmarkablePageLinkBuilder.build("parameters", Parameters.class);
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, StandardEntitlement.CONFIGURATION_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, StandardEntitlement.CONFIGURATION_LIST);
liContainer.add(link);
body.add(new AjaxLink<Void>("collapse") {
@@ -349,7 +351,7 @@ public class BasePage extends WebPage implements IAjaxIndicatorAware {
BookmarkablePageLink<Page> link = new BookmarkablePageLink<>("extPage", item.getModelObject());
link.add(new Label("extPageLabel", ann.label()));
if (StringUtils.isNotBlank(ann.listEntitlement())) {
- MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.ENABLE, ann.listEntitlement());
+ MetaDataRoleAuthorizationStrategy.authorize(link, WebPage.RENDER, ann.listEntitlement());
}
containingLI.add(link);
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
index 0bbaf55..64cb0b0 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
@@ -91,8 +91,12 @@ public abstract class AnyDirectoryPanel<A extends AnyTO, E extends AbstractAnyRe
protected AnyDirectoryPanel(final String id, final Builder<A, E> builder, final boolean wizardInModal) {
super(id, builder, wizardInModal);
- MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, String.format("%s_CREATE", builder.type));
- setReadOnly(!SyncopeConsoleSession.get().owns(String.format("%s_UPDATE", builder.type)));
+ if (SyncopeConsoleSession.get().owns(String.format("%s_CREATE", builder.type), builder.realm)) {
+ MetaDataRoleAuthorizationStrategy.authorizeAll(addAjaxLink, RENDER);
+ } else {
+ MetaDataRoleAuthorizationStrategy.unauthorizeAll(addAjaxLink, RENDER);
+ }
+ setReadOnly(!SyncopeConsoleSession.get().owns(String.format("%s_UPDATE", builder.type), builder.realm));
this.realm = builder.realm;
this.type = builder.type;
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyObjectDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyObjectDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyObjectDirectoryPanel.java
index 8ea0cea..a8a1207 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyObjectDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyObjectDirectoryPanel.java
@@ -155,7 +155,9 @@ public class AnyObjectDirectoryPanel extends AnyDirectoryPanel<AnyObjectTO, AnyO
new AnyWrapper<>(new AnyObjectRestClient().read(model.getObject().getKey())),
target));
}
- }, ActionType.EDIT, AnyEntitlement.READ.getFor(type));
+ }, ActionType.EDIT, new StringBuilder().append(AnyEntitlement.READ.getFor(type)).append(",").
+ append(AnyEntitlement.UPDATE.getFor(type)).toString()).setRealm(realm);
+
panel.add(new ActionLink<AnyObjectTO>() {
private static final long serialVersionUID = -7978723352517770645L;
@@ -172,7 +174,7 @@ public class AnyObjectDirectoryPanel extends AnyDirectoryPanel<AnyObjectTO, AnyO
protected boolean statusCondition(final AnyObjectTO modelObject) {
return addAjaxLink.isVisibleInHierarchy();
}
- }, ActionType.CLONE, AnyEntitlement.CREATE.getFor(type));
+ }, ActionType.CLONE, AnyEntitlement.CREATE.getFor(type)).setRealm(realm);
if (wizardInModal) {
panel.add(new ActionLink<AnyObjectTO>() {
@@ -197,7 +199,9 @@ public class AnyObjectDirectoryPanel extends AnyDirectoryPanel<AnyObjectTO, AnyO
altDefaultModal.show(true);
}
- }, ActionType.MANAGE_RESOURCES, AnyEntitlement.READ.getFor(type));
+ }, ActionType.MANAGE_RESOURCES, new StringBuilder().append(AnyEntitlement.READ.getFor(type)).append(",").
+ append(AnyEntitlement.UPDATE.getFor(type)).toString()).setRealm(realm);
+
panel.add(
new ActionLink<AnyObjectTO>() {
@@ -212,6 +216,7 @@ public class AnyObjectDirectoryPanel extends AnyDirectoryPanel<AnyObjectTO, AnyO
utilityModal.show(true);
}
}, ActionType.PROPAGATION_TASKS, StandardEntitlement.TASK_LIST);
+
panel.add(new ActionLink<AnyObjectTO>() {
private static final long serialVersionUID = -7978723352517770644L;
@@ -245,7 +250,7 @@ public class AnyObjectDirectoryPanel extends AnyDirectoryPanel<AnyObjectTO, AnyO
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- }, ActionType.DELETE, AnyEntitlement.DELETE.getFor(type), true);
+ }, ActionType.DELETE, AnyEntitlement.DELETE.getFor(type), true).setRealm(realm);
return panel;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
index 04ec300..889bf8f 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/GroupDirectoryPanel.java
@@ -256,7 +256,8 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
new AjaxWizard.EditItemActionEvent<>(new GroupWrapper(
restClient.read(model.getObject().getKey())), target));
}
- }, ActionType.EDIT, StandardEntitlement.GROUP_READ);
+ }, ActionType.EDIT, new StringBuilder().append(StandardEntitlement.GROUP_READ).append(",").
+ append(StandardEntitlement.GROUP_UPDATE).toString()).setRealm(realm);
panel.add(new ActionLink<GroupTO>() {
@@ -269,7 +270,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
send(GroupDirectoryPanel.this, Broadcast.EXACT,
new AjaxWizard.NewItemActionEvent<>(new GroupWrapper(clone), target));
}
- }, ActionType.CLONE, StandardEntitlement.GROUP_CREATE);
+ }, ActionType.CLONE, StandardEntitlement.GROUP_CREATE).setRealm(realm);
panel.add(new ActionLink<GroupTO>() {
@@ -282,7 +283,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
typeExtensionsModal.header(new StringResourceModel("typeExtensions", model));
typeExtensionsModal.show(true);
}
- }, ActionType.TYPE_EXTENSIONS, StandardEntitlement.GROUP_UPDATE);
+ }, ActionType.TYPE_EXTENSIONS, StandardEntitlement.GROUP_UPDATE).setRealm(realm);
panel.add(new ActionLink<GroupTO>() {
@@ -298,7 +299,8 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
public boolean isIndicatorEnabled() {
return false;
}
- }, ActionType.MEMBERS, StandardEntitlement.GROUP_READ);
+ }, ActionType.MEMBERS, new StringBuilder().append(StandardEntitlement.GROUP_READ).append(",").
+ append(StandardEntitlement.GROUP_UPDATE).toString()).setRealm(realm);
panel.add(new ActionLink<GroupTO>() {
@@ -363,7 +365,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
altDefaultModal.show(true);
}
- }, ActionType.MANAGE_RESOURCES, StandardEntitlement.GROUP_READ);
+ }, ActionType.MANAGE_RESOURCES, StandardEntitlement.GROUP_READ).setRealm(realm);
panel.add(new ActionLink<GroupTO>() {
@@ -408,7 +410,7 @@ public class GroupDirectoryPanel extends AnyDirectoryPanel<GroupTO, GroupRestCli
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- }, ActionType.DELETE, StandardEntitlement.GROUP_DELETE, true);
+ }, ActionType.DELETE, StandardEntitlement.GROUP_DELETE, true).setRealm(realm);
return panel;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/panels/UserDirectoryPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/UserDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/UserDirectoryPanel.java
index ad8bbec..5a62063 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/UserDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/UserDirectoryPanel.java
@@ -181,7 +181,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
target));
}
}, ActionType.EDIT, new StringBuilder().append(StandardEntitlement.USER_READ).append(",").
- append(StandardEntitlement.USER_UPDATE).toString());
+ append(StandardEntitlement.USER_UPDATE).toString()).setRealm(realm);
panel.add(new ActionLink<UserTO>() {
@@ -201,7 +201,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
return addAjaxLink.isVisibleInHierarchy();
}
- }, ActionType.CLONE, StandardEntitlement.USER_CREATE);
+ }, ActionType.CLONE, StandardEntitlement.USER_CREATE).setRealm(realm);
panel.add(new ActionLink<UserTO>() {
@@ -223,7 +223,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- }, ActionType.MUSTCHANGEPASSWORD, StandardEntitlement.USER_UPDATE);
+ }, ActionType.MUSTCHANGEPASSWORD, StandardEntitlement.USER_UPDATE).setRealm(realm);
if (wizardInModal) {
panel.add(new ActionLink<UserTO>() {
@@ -247,7 +247,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
displayAttributeModal.show(true);
}
}, ActionType.PASSWORD_RESET,
- new StringBuilder().append(StandardEntitlement.USER_UPDATE).toString());
+ new StringBuilder().append(StandardEntitlement.USER_UPDATE).toString()).setRealm(realm);
panel.add(new ActionLink<UserTO>() {
@@ -271,7 +271,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
altDefaultModal.show(true);
}
- }, ActionType.ENABLE, StandardEntitlement.USER_UPDATE);
+ }, ActionType.ENABLE, StandardEntitlement.USER_UPDATE).setRealm(realm);
panel.add(new ActionLink<UserTO>() {
@@ -295,7 +295,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
altDefaultModal.show(true);
}
- }, ActionType.MANAGE_RESOURCES, StandardEntitlement.USER_UPDATE);
+ }, ActionType.MANAGE_RESOURCES, StandardEntitlement.USER_UPDATE).setRealm(realm);
panel.add(new ActionLink<UserTO>() {
@@ -310,6 +310,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
utilityModal.show(true);
}
}, ActionType.PROPAGATION_TASKS, StandardEntitlement.TASK_LIST);
+
panel.add(new ActionLink<UserTO>() {
private static final long serialVersionUID = -7978723352517770644L;
@@ -342,7 +343,7 @@ public class UserDirectoryPanel extends AnyDirectoryPanel<UserTO, UserRestClient
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
- }, ActionType.DELETE, StandardEntitlement.USER_DELETE, true);
+ }, ActionType.DELETE, StandardEntitlement.USER_DELETE, true).setRealm(realm);
return panel;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/Action.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/Action.java b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/Action.java
index ab12413..15d99dd 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/Action.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/Action.java
@@ -31,6 +31,8 @@ public final class Action<T extends Serializable> implements Serializable {
private static final long serialVersionUID = -7989237020377623993L;
+ private String realm = null;
+
private final ActionLink<T> link;
private final ActionLink.ActionType type;
@@ -64,6 +66,14 @@ public final class Action<T extends Serializable> implements Serializable {
this.indicator = true;
}
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(final String realm) {
+ this.realm = realm;
+ }
+
public ActionLink<T> getLink() {
return link;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/4b991ec9/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionPanel.java
index a3c9aef..fbe6a7e 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/ActionPanel.java
@@ -18,12 +18,16 @@
*/
package org.apache.syncope.client.console.wicket.markup.html.form;
+import static org.apache.wicket.Component.RENDER;
+
import java.io.Serializable;
import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.client.console.SyncopeConsoleSession;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink.ActionType;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.AjaxLink;
+import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxLink;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.panel.Panel;
@@ -114,6 +118,12 @@ public final class ActionPanel<T extends Serializable> extends Panel {
};
}
+ if (SyncopeConsoleSession.get().owns(action.getEntitlements(), action.getRealm())) {
+ MetaDataRoleAuthorizationStrategy.authorizeAll(actionLink, RENDER);
+ } else {
+ MetaDataRoleAuthorizationStrategy.unauthorizeAll(actionLink, RENDER);
+ }
+
actionLink.setVisible(enabled);
actionIcon = new Label("actionIcon", "");