[jboss-cvs] JBossBlog SVN: r219 - in trunk: src/action/org/jboss/blog/session/feed/mod and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Feb 25 15:30:13 EST 2008
Author: adamw
Date: 2008-02-25 15:30:13 -0500 (Mon, 25 Feb 2008)
New Revision: 219
Modified:
trunk/resources/META-INF/security.drl
trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java
trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java
trunk/src/action/org/jboss/blog/session/search/PostSearchBean.java
trunk/view/layout/menu.xhtml
trunk/view/manage/index.xhtml
Log:
Modified: trunk/resources/META-INF/security.drl
===================================================================
--- trunk/resources/META-INF/security.drl 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/resources/META-INF/security.drl 2008-02-25 20:30:13 UTC (rev 219)
@@ -1,5 +1,7 @@
package FeedsPermissions;
+import java.util.ArrayList;
+
import org.jboss.seam.security.PermissionCheck;
import org.jboss.seam.security.Role;
@@ -16,11 +18,27 @@
c.grant();
end;
+rule CanAddFeed
+when
+ c: PermissionCheck(name == "feed", action == "add") and
+ group : Group() and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN, id == group.id)
+then
+ c.grant();
+end;
+
+rule CanProposeFeed
+when
+ c: PermissionCheck(name == "feed", action == "add") and
+ feed : Feed(accepted == false)
+then
+ c.grant();
+end;
+
rule CanEditFeed
when
c: PermissionCheck(name == "feed", action == "edit") and
(
- FeedsCombinedRole(role == FeedsSecurityRole.ADMIN) or
(
feed : Feed() and
FeedsCombinedRole(role == FeedsSecurityRole.FEED_ADMIN, id == feed.id)
@@ -32,4 +50,68 @@
)
then
c.grant();
+end;
+
+rule CanAddGroup
+when
+ c: PermissionCheck(name == "group", action == "add") and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN)
+then
+ c.grant();
+end;
+
+rule CanEditGroup
+when
+ c: PermissionCheck(name == "group", action == "edit") and
+ group : Group() and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN, id == group.id)
+then
+ c.grant();
+end;
+
+// View-related rules
+
+rule CanViewGroupsManagement
+when
+ c: PermissionCheck(name == "management_groups", action == "view") and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN)
+then
+ c.grant();
+end;
+
+rule CanViewGroupManagement
+when
+ c: PermissionCheck(name == "management_group", action == "view") and
+ (
+ (
+ feeds : ArrayList() and
+ feed : Feed() from feeds and
+ FeedsCombinedRole(role == FeedsSecurityRole.FEED_ADMIN, id == feed.id)
+ ) or
+ (
+ group : Group() and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN, id == group.id)
+ )
+ )
+then
+ c.grant();
+end;
+
+rule CanViewManagement
+when
+ c: PermissionCheck(name == "management", action == "view") and
+ (
+ FeedsCombinedRole(role == FeedsSecurityRole.FEED_ADMIN) or
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN)
+ )
+then
+ c.grant();
+end;
+
+rule CanAddAnyFeed
+when
+ c: PermissionCheck(name == "feed", action == "add_any") and
+ FeedsCombinedRole(role == FeedsSecurityRole.GROUP_ADMIN)
+then
+ c.grant();
end;
\ No newline at end of file
Modified: trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/src/action/org/jboss/blog/session/feed/mod/AggregatedFeedModBean.java 2008-02-25 20:30:13 UTC (rev 219)
@@ -199,12 +199,12 @@
getAggregatedFeed().setGlobalFilter(new AndFilter(globalFilters));
}
- @Restrict("#{identity.hasPermission('feed', 'add', aggregatedFeedMod.feed, aggregatedFeedMod.feed.group)}")
+ @Restrict("#{identity.hasPermission('feed', 'add', feedMod.feed, feedMod.feed.group)}")
public void saveNew() {
save();
}
- @Restrict("#{identity.hasPermission('feed', 'edit', aggregatedFeedMod.feed, aggregatedFeedMod.feed.group)}")
+ @Restrict("#{identity.hasPermission('feed', 'edit', feedMod.feed, feedMod.feed.group)}")
public void saveExisting() {
save();
entityManager.flush();
Modified: trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/src/action/org/jboss/blog/session/feed/mod/RemoteFeedModBean.java 2008-02-25 20:30:13 UTC (rev 219)
@@ -119,7 +119,7 @@
}
}
- @Restrict("#{identity.hasPermission('feed', 'add', remoteFeedMod.feed.group)}")
+ @Restrict("#{identity.hasPermission('feed', 'add', feedMod.feed.group)}")
public void saveNew() {
getRemoteFeed().setAuthor(parsedFeed.getAuthor());
getRemoteFeed().setDescription(parsedFeed.getDescription());
@@ -131,7 +131,7 @@
}
}
- @Restrict("#{identity.hasPermission('feed', 'edit', remoteFeedMod.feed, remoteFeedMod.feed.group)}")
+ @Restrict("#{identity.hasPermission('feed', 'edit', feedMod.feed, feedMod.feed.group)}")
public void saveExisting() {
getRemoteFeed().setLink(parsedFeed.getLink());
@@ -143,7 +143,7 @@
Events.instance().raiseEvent("org.jboss.blog.feed.updated", getRemoteFeed().getName());
}
- @Restrict("#{identity.hasPermission('feed', 'edit', remoteFeedMod.feed, remoteFeedMod.feed.group)}")
+ @Restrict("#{identity.hasPermission('feed', 'edit', feedMod.feed, feedMod.feed.group)}")
public void saveOnlyPostAuthorType() {
PostAuthorType newPostAuthorType = getRemoteFeed().getPostAuthorType();
Modified: trunk/src/action/org/jboss/blog/session/search/PostSearchBean.java
===================================================================
--- trunk/src/action/org/jboss/blog/session/search/PostSearchBean.java 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/src/action/org/jboss/blog/session/search/PostSearchBean.java 2008-02-25 20:30:13 UTC (rev 219)
@@ -11,6 +11,7 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.faces.FacesMessages;
import javax.faces.application.FacesMessage;
@@ -124,6 +125,7 @@
}
@SuppressWarnings("unchecked")
+ @Restrict("#{identity.hasPermission('admin', null)}")
public void reindex() {
List<Post> posts = entityManager.createQuery("select post from Post post").getResultList();
for (Post post : posts) {
Modified: trunk/view/layout/menu.xhtml
===================================================================
--- trunk/view/layout/menu.xhtml 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/view/layout/menu.xhtml 2008-02-25 20:30:13 UTC (rev 219)
@@ -46,9 +46,11 @@
<li>
<s:link view="/home.xhtml" value="Home"/>
</li>
- <li>
- <s:link value="Manage" view="/manage/index.xhtml" propagation="none" />
- </li>
+ <s:fragment rendered="#{identity.hasPermission('management', 'view')}">
+ <li>
+ <s:link value="Manage" view="/manage/index.xhtml" propagation="none" />
+ </li>
+ </s:fragment>
</ul>
</div>
</div>
Modified: trunk/view/manage/index.xhtml
===================================================================
--- trunk/view/manage/index.xhtml 2008-02-25 18:27:57 UTC (rev 218)
+++ trunk/view/manage/index.xhtml 2008-02-25 20:30:13 UTC (rev 219)
@@ -8,12 +8,14 @@
xmlns:rich="http://richfaces.org/rich"
xmlns:a="http://richfaces.org/a4j"
template="../layout/template.xhtml">
- <ui:define name="header">
- Manage feeds
- </ui:define>
- <ui:define name="body">
- <div class="adminlist">
- <dl>
+<ui:define name="header">
+ Manage feeds
+</ui:define>
+<ui:define name="body">
+ <div class="adminlist">
+ <dl>
+ <s:fragment rendered="#{propositionsCount.pendingPropositions > 0 ||
+ identity.hasPermission('feed', 'add_any')}">
<dt>New feed operations:</dt>
<hr />
<s:fragment rendered="#{propositionsCount.pendingPropositions > 0}">
@@ -22,66 +24,88 @@
view="/manage/proposition/proposition_list.xhtml" />
</dd>
</s:fragment>
- <ui:repeat var="feedType" value="#{feedTypes.allTypes}">
- <dd>
- <s:link value="Add a new #{feedType.name()} feed" view="#{feedType.addPage()}" />
- </dd>
- </ui:repeat>
+ <s:fragment rendered="#{identity.hasPermission('feed', 'add_any')}">
+ <ui:repeat var="feedType" value="#{feedTypes.allTypes}">
+ <dd>
+ <s:link value="Add a new #{feedType.name()} feed" view="#{feedType.addPage()}" />
+ </dd>
+ </ui:repeat>
+ </s:fragment>
+ </s:fragment>
+ <s:fragment rendered="#{identity.hasPermission('management_groups', 'view') ||
+ identity.hasPermission('management_template', 'view') ||
+ identity.hasPermission('management_update', 'view')}">
<dt>Other operations:</dt>
<hr />
- <dd><s:link value="Manage feed groups" view="/manage/group/group_list.xhtml" /></dd>
- <dd><s:link value="Manage feed templates" view="/manage/template/template_list.xhtml" /></dd>
- <dd><s:link value="Manage updates" view="/manage/update_manager.xhtml" /></dd>
+ <s:fragment rendered="#{identity.hasPermission('management_groups', 'view')}">
+ <dd><s:link value="Manage feed groups" view="/manage/group/group_list.xhtml" /></dd>
+ </s:fragment>
+ <s:fragment rendered="#{identity.hasPermission('management_template', 'view')}">
+ <dd><s:link value="Manage feed templates" view="/manage/template/template_list.xhtml" /></dd>
+ </s:fragment>
+ <s:fragment rendered="#{identity.hasPermission('management_update', 'view')}">
+ <dd><s:link value="Manage updates" view="/manage/update_manager.xhtml" /></dd>
+ </s:fragment>
+ </s:fragment>
+ <s:fragment rendered="#{identity.hasPermission('admin', null)}">
<dt>Global posts operations:</dt>
<hr />
<dd><s:link value="Fix html in all posts" action="#{feedView.fixHtml}" /></dd>
<dd><s:link value="Re-index posts (for search)" action="#{postSearch.reindex}" /></dd>
- <dt>Existing feed operations:</dt>
- <hr />
- </dl>
- </div>
+ </s:fragment>
+ <dt>Existing feed operations:</dt>
+ <hr />
+ </dl>
+ </div>
- <table border="0" width="100%" cellpadding="0" cellspacing="0" class="basetablestyle" style="margin-top:12px;">
- <tr class="header">
- <td class="tableheaderfirst" style="width:160px;">Feed title</td>
- <td class="tableheader">Feed name</td>
- <td class="tableheader">Feed type</td>
- <td class="tableheader">Edit common feed properties</td>
- <td class="tableheader">Edit feed-type-specific properties</td>
- <td class="tableheader">Delete the feed</td>
- </tr>
+ <table border="0" width="100%" cellpadding="0" cellspacing="0" class="basetablestyle" style="margin-top:12px;">
+ <tr class="header">
+ <td class="tableheaderfirst" style="width:160px;">Feed title</td>
+ <td class="tableheader">Feed name</td>
+ <td class="tableheader">Feed type</td>
+ <td class="tableheader">Edit common feed properties</td>
+ <td class="tableheader">Edit feed-type-specific properties</td>
+ <td class="tableheader">Delete the feed</td>
+ </tr>
- <ui:repeat var="group" value="#{groupsService.allGroups}">
- <s:fragment rendered="#{groupsService.acceptedFeeds(group).size() > 0}">
- <tr>
- <td colspan="7" class="categoryRow">#{group.displayName}</td>
- </tr>
+ <ui:repeat var="group" value="#{groupsService.allGroups}">
+ <s:fragment rendered="#{groupsService.acceptedFeeds(group).size() > 0 and
+ identity.hasPermission('management_group', 'view', group, groupsService.acceptedFeeds(group))}">
+ <tr>
+ <td colspan="7" class="categoryRow">#{group.displayName}</td>
+ </tr>
- <a:repeat var="feed" value="#{groupsService.acceptedFeeds(group)}" rowKeyVar="rowNumber">
+ <a:repeat var="feed" value="#{groupsService.acceptedFeeds(group)}" rowKeyVar="rowNumber">
+ <s:fragment rendered="#{identity.hasPermission('feed', 'edit', feed, group) ||
+ identity.hasPermission('feed', 'delete', feed, group)}">
<tr class="#{(rowNumber%2 == 0) ? 'evenRow' : 'oddRow'}">
<td class="rowlinefirst" style="font-weight:bold;">#{feed.title}</td>
<td class="rowline">#{feed.name}</td>
<td class="rowline">#{feedTypes.getFeedType(feed).name()}</td>
<td class="rowline">
- <s:link view="/manage/feed_edit.xhtml" value="Edit common">
+ <s:link view="/manage/feed_edit.xhtml" value="Edit common"
+ rendered="#{identity.hasPermission('feed', 'edit', feed, group)}">
<f:param name="name" value="#{feed.name}" />
</s:link>
</td>
<td class="rowline">
- <s:link view="#{feedTypes.getFeedType(feed).editPage()}" value="Edit specific">
+ <s:link view="#{feedTypes.getFeedType(feed).editPage()}" value="Edit specific"
+ rendered="#{identity.hasPermission('feed', 'edit', feed, group)}">
<f:param name="name" value="#{feed.name}" />
</s:link>
</td>
<td class="rowline">
<s:link view="/manage/feed_delete.xhtml" action="#{feedMod.delete}" value="Delete"
- onclick="if (!confirm('Are you sure you want to delete this feed?')) return false">
+ onclick="if (!confirm('Are you sure you want to delete this feed?')) return false"
+ rendered="#{identity.hasPermission('feed', 'delete', feed, group)}">
<f:param name="name" value="#{feed.name}" />
</s:link>
</td>
</tr>
- </a:repeat>
- </s:fragment>
- </ui:repeat>
- </table>
- </ui:define>
+ </s:fragment>
+ </a:repeat>
+ </s:fragment>
+ </ui:repeat>
+ </table>
+</ui:define>
</ui:composition>
More information about the jboss-cvs-commits
mailing list