You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/01/30 07:37:55 UTC

[syncope] branch 2_1_X updated: [SYNCOPE-1531] Ensure proper auth checks for CSV push / pull

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_1_X by this push:
     new bf23994  [SYNCOPE-1531] Ensure proper auth checks for CSV push / pull
bf23994 is described below

commit bf23994d23b3da85c6f9116c6cc587d0d01d2451
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Thu Jan 30 08:37:19 2020 +0100

    [SYNCOPE-1531] Ensure proper auth checks for CSV push / pull
---
 .../org/apache/syncope/client/console/panels/AnyDirectoryPanel.java  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
index 8cca209..90f8c1f 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyDirectoryPanel.java
@@ -58,6 +58,7 @@ import org.apache.syncope.common.lib.to.ConnObjectTO;
 import org.apache.syncope.common.lib.to.ProvisioningReport;
 import org.apache.syncope.common.lib.to.ProvisioningResult;
 import org.apache.syncope.common.lib.types.SchemaType;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
 import org.apache.syncope.common.rest.api.beans.AnyQuery;
 import org.apache.syncope.common.rest.api.beans.CSVPullSpec;
 import org.apache.syncope.common.rest.api.beans.CSVPushSpec;
@@ -231,6 +232,8 @@ public abstract class AnyDirectoryPanel<A extends AnyTO, E extends AbstractAnyRe
                 modal.show(true);
             }
         };
+        MetaDataRoleAuthorizationStrategy.authorize(csvPushLink, RENDER,
+                String.format("%s,%s", StandardEntitlement.IMPLEMENTATION_LIST, StandardEntitlement.TASK_EXECUTE));
         addInnerObject(csvPushLink.setOutputMarkupId(true).setOutputMarkupPlaceholderTag(true));
         csvPullLink = new AjaxLink<Void>("csvPull") {
 
@@ -248,6 +251,8 @@ public abstract class AnyDirectoryPanel<A extends AnyTO, E extends AbstractAnyRe
                 modal.show(true);
             }
         };
+        MetaDataRoleAuthorizationStrategy.authorize(csvPullLink, RENDER,
+                String.format("%s,%s", StandardEntitlement.IMPLEMENTATION_LIST, StandardEntitlement.TASK_EXECUTE));
         addInnerObject(csvPullLink.setOutputMarkupId(true).setOutputMarkupPlaceholderTag(true));
     }