RELEASER-15 : Add RBAC to site and cluster resources

ea6f6c20 · OUGHDI · 022b89f0 · ea6f6c20 · ea6f6c20 · ea6f6c20
Commit ea6f6c20 authored Jul 23, 2021 by OUGHDI
--- a/src/java/fr/paris/lutece/plugins/releaser/business/Cluster.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/business/Cluster.java
@@ -35,16 +35,29 @@ package fr.paris.lutece.plugins.releaser.business;

 import javax.validation.constraints.*;
 import org.hibernate.validator.constraints.*;
+import fr.paris.lutece.portal.service.rbac.RBACResource;
 import java.io.Serializable;
+import java.util.HashMap;
 import java.util.List;

 /**
 * This is the business class for the object Cluster
 */
-public class Cluster implements Serializable
+public class Cluster implements RBACResource, Serializable
 {
    private static final long serialVersionUID = 1L;

+	// RBAC management
+    public static final String RESOURCE_TYPE = "cluster";
+
+    // Cluster permissions
+    public static final String PERMISSION_ADD_CLUSTER = "addClusterPermission";
+    public static final String PERMISSION_MODIFY_CLUSTER = "modifyClusterPermission";
+    public static final String PERMISSION_DELETE_CLUSTER = "deleteClusterPermission";
+    public static final String PERMISSION_ADD_SITES_TO_CLUSTER = "addSitesToClusterPermission";
+
+    private HashMap<String, Boolean> permissions;
+        
    // Variables declarations
    private int _nId;

@@ -142,4 +155,22 @@ public class Cluster implements Serializable
        _listSites = listSites;
    }

+	@Override
+	public String getResourceTypeCode() {
+        return RESOURCE_TYPE;
+	}
+
+	@Override
+	public String getResourceId() {
+        return String.valueOf( _nId );
+	}
+
+	public HashMap<String, Boolean> getPermissions() {
+		return permissions;
+	}
+
+	public void setPermissions(HashMap<String, Boolean> permissions) {
+		this.permissions = permissions;
+	}
+
 }
--- a/src/java/fr/paris/lutece/plugins/releaser/business/Component.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/business/Component.java
@@ -33,17 +33,24 @@
 */
 package fr.paris.lutece.plugins.releaser.business;

+import java.util.HashMap;
 import java.util.List;
-
 import fr.paris.lutece.plugins.releaser.util.ConstanteUtils;
 import fr.paris.lutece.plugins.releaser.util.version.Version;
+import fr.paris.lutece.portal.service.rbac.RBACResource;

 // TODO: Auto-generated Javadoc
 /**
 * This is the business class for the object Component.
 */
-public class Component extends AbstractReleaserResource
+public class Component extends AbstractReleaserResource implements RBACResource 
 {
+	// RBAC management
+    public static final String RESOURCE_TYPE = "component";
+       
+    // Component permissions
+    public static final String PERMISSION_SEARCH_COMPONENT = "searchComponentPermission";
+    private HashMap<String, Boolean> permissions;
    
    /** The str artifact id. */
    // Variables declarations
@@ -626,4 +633,22 @@ public class Component extends AbstractReleaserResource
        return getScmDeveloperConnection( );
    }

+	@Override
+	public String getResourceTypeCode() {
+        return RESOURCE_TYPE;
+	}
+
+	@Override
+	public String getResourceId() {
+        return _strArtifactId;
+	}
+
+	public HashMap<String, Boolean> getPermissions() {
+		return permissions;
+	}
+
+	public void setPermissions(HashMap<String, Boolean> permissions) {
+		this.permissions = permissions;
+	}
+
 }
--- a/src/java/fr/paris/lutece/plugins/releaser/business/Site.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/business/Site.java
@@ -54,6 +54,12 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
 	
 	// RBAC management
    public static final String RESOURCE_TYPE = "site";
+
+	// site Permissions
+    public static final String PERMISSION_RELEASE_SITE = "releaseSitePermission";
+    public static final String PERMISSION_MODIFY_SITE = "modifySitePermission";
+    public static final String PERMISSION_DELETE_SITE = "deleteSitePermission";
+    
    private HashMap<String, Boolean> permissions;

    /** The Constant serialVersionUID. */
@@ -523,6 +529,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
    * RBAC resource implementation
    * @return The resource type code
    */
+    @Override
    public String getResourceTypeCode(  )
    {
        return RESOURCE_TYPE;
@@ -532,6 +539,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
     * RBAC resource implementation
     * @return The resourceId
     */
+    @Override
    public String getResourceId(  )
    {
        return String.valueOf( _nId );
@@ -546,6 +554,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
 			this.permissions = new HashMap<String, Boolean>();
 		else
 			this.permissions.clear();
+		
 		if (permissions != null) {
 			this.permissions.putAll(permissions);
 		}

--- a/src/java/fr/paris/lutece/plugins/releaser/resources/releaser_messages.properties
+++ b/src/java/fr/paris/lutece/plugins/releaser/resources/releaser_messages.properties
@@ -2,16 +2,23 @@
 plugin.provider=City of Paris
 plugin.description=Releaser components, sites and clusters

-
 #RBAC Resources
-rbac.site.resourceType=site
-rbac.site.permission.create=Add sites  
-rbac.site.permission.view=View sites
-rbac.site.permission.modify=Modify sites
-rbac.site.permission.delete=Delete sites
+rbac.site.resourceType=Manage sites
+rbac.site.permission.release=Release site
+rbac.site.permission.modify=Modify site
+rbac.site.permission.delete=Delete site

-# Admin features keys
+rbac.cluster.resourceType=Manage clusters
+rbac.cluster.permission.addSite=Add site to the cluster
+rbac.cluster.permission.view=View cluster
+rbac.cluster.permission.add=Add cluster
+rbac.cluster.permission.modify=Modify the cluster
+rbac.cluster.permission.delete=Delete the cluster
+
+rbac.component.resourceType=Release generic components
+rbac.component.permission.release=Search generic components to release

+# Admin features keys
 adminFeature.ManageSites.name=ManageSites
 adminFeature.ManageSites.description=Manage Sites
 adminFeature.ManageReleaser.name=ManageReleaser
@@ -19,6 +26,7 @@ adminFeature.ManageReleaser.description=Manage Releasers

 adminFeature.ManageReleaserComponent.name=ManageComponentReleaser
 adminFeature.ManageReleaserComponent.description=Manage Component Releasers
+
 # Business classes keys


@@ -137,7 +145,7 @@ message.moreRecentVersionAvailable=Une version <b>{0}</b> plus r\u00e9cente est
 message.releleaseVersionAlreadyExist=Release version <b>{0}</b> already exist.
 message.twitterMessage=Le composant <b>{0}<b>  est dsormais disponible en version  <b>{1}<b>.
 message.wrongPomParentSiteVersion=la version du POM parent du site doit \u00e9tre  <b>{0}<b>, lors de la release le POM sera mise  jour avec cette version
-
+message.accessDenied=Access denied

 # JSR 303 constraint validator messages
 validation.releaseruser.SvnSiteAccountLogin.notEmpty=Login Svn

--- a/src/java/fr/paris/lutece/plugins/releaser/resources/releaser_messages_fr.properties
+++ b/src/java/fr/paris/lutece/plugins/releaser/resources/releaser_messages_fr.properties
@@ -2,23 +2,27 @@
 plugin.provider=Ville de Paris
 plugin.description=Mont\u00e9e de version des composants Lut\u00e8ce

+#RBAC Resources
+rbac.site.resourceType=Gestion des sites
+rbac.site.permission.release=Releaser le site
+rbac.site.permission.modify=Modifier le site
+rbac.site.permission.delete=Supprimer le site

-# Admin features keys
+rbac.cluster.resourceType=Gestion des clusters
+rbac.cluster.permission.addSite=Ajouter un site au cluster
+rbac.cluster.permission.add=Ajouter un cluster
+rbac.cluster.permission.modify=Modifier le cluster
+rbac.cluster.permission.delete=Supprimer le cluster
+
+rbac.component.resourceType=Release des composants génériques
+rbac.component.permission.search=Chercher des composants génériques à releaser

+# Admin features keys
 adminFeature.ManageReleaser.name=Mont\u00e9e de version des composants Lut\u00e8ce
 adminFeature.ManageReleaser.description=Mont\u00e9e de version des composants Lut\u00e8ce

-
-#RBAC Resources
-rbac.site.resourceType=sites
-rbac.site.permission.create=Ajouter des sites     
-rbac.site.permission.view=Visualiser les sites
-rbac.site.permission.modify=Modifier des sites
-rbac.site.permission.delete=Supprimer des sites
-
 # Business classes keys

-
 # keys for business classes keys : Site
 manage_sites.pageTitle=Sites
 manage_sites.title=Liste des Sites
@@ -146,6 +150,8 @@ message.moreRecentVersionAvailable=Une version <b>{0}</b> plus r\u00e9cente est
 message.releleaseVersionAlreadyExist=La version release <b>{0}</b> est disponible.
 message.twitterMessage=Le composant <b>{0}<b> est d\u00e9sormais disponible en version <b>{1}<b>.
 message.wrongPomParentSiteVersion=la version du POM parent du site doit \u00e9tre  <b>{0}<b>, lors de la release le POM sera mise à jour avec cette version
+message.accessDenied=Accès refusé
+
 # JSR 303 constraint validator messages
 validation.releaseruser.SvnSiteAccountLogin.notEmpty=Login Svn
 validation.releaseruser.SvnSiteAccountPassword.notEmpty=Password Svn

--- a/src/java/fr/paris/lutece/plugins/releaser/service/ClusterResourceIdService.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/service/ClusterResourceIdService.java
+package fr.paris.lutece.plugins.releaser.service;
+
+import java.util.List;
+import java.util.Locale;
+
+import fr.paris.lutece.plugins.releaser.business.Cluster;
+import fr.paris.lutece.plugins.releaser.business.ClusterHome;
+import fr.paris.lutece.portal.service.rbac.Permission;
+import fr.paris.lutece.portal.service.rbac.ResourceIdService;
+import fr.paris.lutece.portal.service.rbac.ResourceType;
+import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
+import fr.paris.lutece.portal.service.util.AppLogService;
+import fr.paris.lutece.util.ReferenceList;
+
+public class ClusterResourceIdService extends ResourceIdService
+{
+	private static final String PROPERTY_LABEL_RESOURCE_TYPE = "releaser.rbac.cluster.resourceType";
+    private static final String PROPERTY_LABEL_ADD = "releaser.rbac.cluster.permission.add";
+    private static final String PROPERTY_LABEL_MODIFY = "releaser.rbac.cluster.permission.modify";
+    private static final String PROPERTY_LABEL_DELETE = "releaser.rbac.cluster.permission.delete";
+    private static final String PROPERTY_LABEL_ADD_SITE_TO_CLUSTER = "releaser.rbac.cluster.permission.addSite";
+    
+    private static final String PLUGIN_NAME = "releaser";
+
+    /** Permission for creating Cluster */
+    public static final String PERMISSION_ADD = "ADD";
+
+    /** Permission for creating Cluster */
+    public static final String PERMISSION_ADD_SITE_TO_CLUSTER = "ADD_SITE_TO_CLUSTER";
+    
+    /** Permission for deleting Cluster */
+    public static final String PERMISSION_DELETE = "DELETE";
+
+    /** Permission for modifying Cluster */
+    public static final String PERMISSION_MODIFY = "MODIFY";
+
+    /** Creates a new instance of SuggestTypeResourceIdService */
+    public ClusterResourceIdService(  )
+    {
+        setPluginName( PLUGIN_NAME );
+    }
+
+	@Override
+	public void register() 
+	{
+
+		ResourceType rt = new ResourceType(  );
+        rt.setResourceIdServiceClass( ClusterResourceIdService.class.getName(  ) );
+        rt.setPluginName( PLUGIN_NAME );
+        rt.setResourceTypeKey( Cluster.RESOURCE_TYPE );
+        rt.setResourceTypeLabelKey( PROPERTY_LABEL_RESOURCE_TYPE );
+      
+        Permission p;
+
+        p = new Permission(  );
+        p.setPermissionKey( PERMISSION_ADD );
+        p.setPermissionTitleKey( PROPERTY_LABEL_ADD );
+        rt.registerPermission( p );
+
+        p = new Permission(  );
+        p.setPermissionKey( PERMISSION_MODIFY );
+        p.setPermissionTitleKey( PROPERTY_LABEL_MODIFY );
+        rt.registerPermission( p );
+
+        p = new Permission(  );
+        p.setPermissionKey( PERMISSION_DELETE );
+        p.setPermissionTitleKey( PROPERTY_LABEL_DELETE );
+        rt.registerPermission( p );
+
+        p = new Permission(  );
+        p.setPermissionKey( PERMISSION_ADD_SITE_TO_CLUSTER );
+        p.setPermissionTitleKey( PROPERTY_LABEL_ADD_SITE_TO_CLUSTER );
+        rt.registerPermission( p );
+
+        ResourceTypeManager.registerResourceType( rt );
+		
+	}
+
+	@Override
+	public ReferenceList getResourceIdList(Locale locale) {
+
+		ReferenceList referenceListCluster = new ReferenceList(  );
+        List<Cluster> listClusters = ClusterHome.getClustersList();
+
+        for ( Cluster cluster : listClusters )
+        {
+            referenceListCluster.addItem( cluster.getId(), cluster.getName() );
+        }
+        
+        return referenceListCluster;    
+	}
+
+	@Override
+	public String getTitle(String strId, Locale locale) 
+	{
+
+        int nIdCluster = -1;
+
+        try
+        {
+            nIdCluster = Integer.parseInt( strId );
+        }
+        catch ( NumberFormatException ne )
+        {
+            AppLogService.error( ne );
+        }
+
+        Cluster cluster = ClusterHome.findByPrimaryKey( nIdCluster );
+
+        return cluster.getName();
+	}
+
+}
--- a/src/java/fr/paris/lutece/plugins/releaser/service/ClusterService.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/service/ClusterService.java
@@ -16,15 +16,9 @@ import fr.paris.lutece.portal.service.rbac.RBACService;
 */
 public class ClusterService 
 {
-	// Permissions
-    private static final String PERMISSION_ADD_SITE = "addSitePermission";
-    private static final String PERMISSION_VIEW_SITE = "viewSitePermission";
-    private static final String PERMISSION_MODIFY_SITE = "modifySitePermission";
-    private static final String PERMISSION_DELETE_SITE = "deleteSitePermission";

-    
 	/**
-     * Load the liste of sites into each cluster object and returns the list of clusters
+     * Load the list of sites into each cluster object and returns the list of clusters
     * 
     * @return the list which contains the data of all the cluster objects
     */
@@ -45,77 +39,100 @@ public class ClusterService
    }
    
    /**
-     * Load the liste of sites into each cluster object and returns the list of clusters
+     * Load the list of sites into each cluster object and returns the list of clusters
     * 
     * @return the list which contains the data of all the cluster objects
     */
-    public static List<Cluster> getClustersListWithAuthorizedSites( AdminUser adminUser)
+    public static List<Cluster> getUserClusters( AdminUser adminUser)
    {
        List<Cluster> listCluster = ClusterHome.getClustersList( );
-        List<Cluster> listClusterWithAuthorizedSites = new ArrayList<Cluster>( );
-        HashMap<String, Boolean> sitePermissions = new HashMap<String, Boolean>( );
+        List<Cluster> listAuthorizedClusters = new ArrayList<Cluster>( );
        
        for ( Cluster cluster : listCluster )
-        {
-			Cluster clusterWithAuthorizedList = cluster;			
-			List<Site> listAuthorizedSites = new ArrayList<Site>( );
-			
-        	List<Site> listSite = SiteHome.findByCluster( cluster.getId( ) );
-        	for ( Site site : listSite )
-        	{        			
-        		if ( RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(), 
-        				SiteResourceIdService.PERMISSION_VIEW, adminUser ) )
-        		{
-        			sitePermissions.clear();
-        			
-        			// Add site's permissions
-        			sitePermissions.put(PERMISSION_VIEW_SITE, true);
-        			
-        			if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(), 
-            				SiteResourceIdService.PERMISSION_ADD, adminUser ))
-        	        {
-        		        sitePermissions.put(PERMISSION_ADD_SITE, true);
-        	        }
-        			else 
-        			{
-        				sitePermissions.put(PERMISSION_ADD_SITE, false);
-        			}
-                
-        	        if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(), 
-            				SiteResourceIdService.PERMISSION_MODIFY, adminUser ))
-        	        {
-        	        	sitePermissions.put(PERMISSION_MODIFY_SITE, true);
-        	        }
-        			else 
-        			{
-        				sitePermissions.put(PERMISSION_MODIFY_SITE, false);
-        			}
-        	        
-        	        if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(), 
-            				SiteResourceIdService.PERMISSION_DELETE, adminUser ))
-        	        {
-        	        	sitePermissions.put(PERMISSION_DELETE_SITE, true);
-        	        } 
-        			else 
-        			{
-        				sitePermissions.put(PERMISSION_DELETE_SITE, false);
-        			}   
-        	        
-        	        // Add permissions to the site
-        	        site.setPermissions( sitePermissions );
-        	        
-        	        // Add the site to list of Authorized sites
-        			listAuthorizedSites.add( site );
-        		}	     
-        	}
-        	
-        	if ( listAuthorizedSites != null && !listAuthorizedSites.isEmpty( ) )
+        {   			
+    		HashMap<String, Boolean> clusterPermissions = new HashMap<String, Boolean>( );
+    		boolean bAuthoriseViewCluster = false;
+    		   	        
+   			// Add site to the cluster permission
+   	        if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(), 
+       				ClusterResourceIdService.PERMISSION_ADD_SITE_TO_CLUSTER, adminUser ))
+   	        {
+   	        	clusterPermissions.put(Cluster.PERMISSION_ADD_SITES_TO_CLUSTER, true);
+   	        	bAuthoriseViewCluster = true;
+   	        }
+   			else 
+   			{
+   				clusterPermissions.put(Cluster.PERMISSION_ADD_SITES_TO_CLUSTER, false);
+   			}
+       	                        
+			// Modify cluster permission
+	        if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(), 
+    				ClusterResourceIdService.PERMISSION_MODIFY, adminUser ))
+	        {
+	        	clusterPermissions.put(Cluster.PERMISSION_MODIFY_CLUSTER, true);
+	        	bAuthoriseViewCluster = true;
+	        }
+			else 
+			{
+				clusterPermissions.put(Cluster.PERMISSION_MODIFY_CLUSTER, false);
+			}
+	                	        
+	        // Delete cluster permission
+	        if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(), 
+    				ClusterResourceIdService.PERMISSION_DELETE, adminUser ))
+	        {
+	        	clusterPermissions.put(Cluster.PERMISSION_DELETE_CLUSTER, true);
+	        	bAuthoriseViewCluster = true;
+	        } 
+			else 
+			{
+				clusterPermissions.put(Cluster.PERMISSION_DELETE_CLUSTER, false);
+			}   
+	        
+	        // Add permissions to the cluster 
+	        cluster.setPermissions( clusterPermissions );
+	        
+	        // Add autorized sites
+	        List<Site> listAuthorizedSites = SiteService.getAuthorizedSites( cluster.getId( ), adminUser);
+		 
+        	if ( listAuthorizedSites != null )
        	{
-        		clusterWithAuthorizedList.setSites( listAuthorizedSites );
-        		listClusterWithAuthorizedSites.add( clusterWithAuthorizedList );        		
-        	}        	
-        }
-        
-        return listClusterWithAuthorizedSites;
+        		cluster.setSites( listAuthorizedSites );
+        		
+        		if ( !listAuthorizedSites.isEmpty() )
+            	{
+            		bAuthoriseViewCluster = true;
+            	}   
+        	}    	        
+	            
+        	if (bAuthoriseViewCluster)
+    		listAuthorizedClusters.add( cluster );
+		}
+	    
+        return listAuthorizedClusters;
    }	
+
+    public static boolean IsAddClusterAuthorized (AdminUser adminUser)
+    {
+    	
+        if ( RBACService.isAuthorized( new Cluster(), ClusterResourceIdService.PERMISSION_ADD, adminUser ) )
+        {
+        	return true;
+        }	        
+    	
+    	return false;
+    }
+
+    public static boolean IsUserAuthorized (AdminUser adminUser, String clusterId, String permission)
+    {
+    	
+    	boolean bAuthorized = false;
+    	
+    	if ( RBACService.isAuthorized( Cluster.RESOURCE_TYPE, clusterId, permission, adminUser ) )
+        {
+    		bAuthorized = true;
+        }  
+    	
+    	return bAuthorized;
+    }
 }
--- a/src/java/fr/paris/lutece/plugins/releaser/service/ComponentResourceIdService.java
+++ b/src/java/fr/paris/lutece/plugins/releaser/service/ComponentResourceIdService.java
+package fr.paris.lutece.plugins.releaser.service;
+
+import java.util.Locale;
+
+import fr.paris.lutece.plugins.releaser.business.Component;
+import fr.paris.lutece.portal.service.rbac.Permission;
+import fr.paris.lutece.portal.service.rbac.ResourceIdService;
+import fr.paris.lutece.portal.service.rbac.ResourceType;
+import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
+import fr.paris.lutece.util.ReferenceList;
+
+public class ComponentResourceIdService extends ResourceIdService
+{
+	private static final String PROPERTY_LABEL_RESOURCE_TYPE = "releaser.rbac.component.resourceType";
+    private static final String PROPERTY_LABEL_SEARCH = "releaser.rbac.component.permission.search";
+    
+    private static final String PLUGIN_NAME = "releaser";
+
+    /** Permission for search Component to release */
+    public static final String PERMISSION_SEARCH = "SEARCH";
+
+    /** Creates a new instance of SuggestTypeResourceIdService */
+    public ComponentResourceIdService(  )
+    {
+        setPluginName( PLUGIN_NAME );
+    }
+
+	@Override
+	public void register() 
+	{
+
+		ResourceType rt = new ResourceType(  );
+        rt.setResourceIdServiceClass( ComponentResourceIdService.class.getName(  ) );
+        rt.setPluginName( PLUGIN_NAME );
+        rt.setResourceTypeKey( Component.RESOURCE_TYPE );
+        rt.setResourceTypeLabelKey( PROPERTY_LABEL_RESOURCE_TYPE );
+      
+        Permission p;
+
+        p = new Permission(  );
+        p.setPermissionKey( PERMISSION_SEARCH );
+        p.setPermissionTitleKey( PROPERTY_LABEL_SEARCH );
+        rt.registerPermission( p );
+
+        ResourceTypeManager.registerResourceType( rt );
+	}
+
+	@Override
+	public ReferenceList getResourceIdList(Locale locale) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getTitle(String strId, Locale locale) {
+		// TODO Auto-generated method stub
+		return null;