Commit ea6f6c20 authored by OUGHDI's avatar OUGHDI
Browse files

RELEASER-15 : Add RBAC to site and cluster resources

parent 022b89f0
......@@ -35,16 +35,29 @@ package fr.paris.lutece.plugins.releaser.business;
import javax.validation.constraints.*;
import org.hibernate.validator.constraints.*;
import fr.paris.lutece.portal.service.rbac.RBACResource;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
/**
* This is the business class for the object Cluster
*/
public class Cluster implements Serializable
public class Cluster implements RBACResource, Serializable
{
private static final long serialVersionUID = 1L;
// RBAC management
public static final String RESOURCE_TYPE = "cluster";
// Cluster permissions
public static final String PERMISSION_ADD_CLUSTER = "addClusterPermission";
public static final String PERMISSION_MODIFY_CLUSTER = "modifyClusterPermission";
public static final String PERMISSION_DELETE_CLUSTER = "deleteClusterPermission";
public static final String PERMISSION_ADD_SITES_TO_CLUSTER = "addSitesToClusterPermission";
private HashMap<String, Boolean> permissions;
// Variables declarations
private int _nId;
......@@ -142,4 +155,22 @@ public class Cluster implements Serializable
_listSites = listSites;
}
@Override
public String getResourceTypeCode() {
return RESOURCE_TYPE;
}
@Override
public String getResourceId() {
return String.valueOf( _nId );
}
public HashMap<String, Boolean> getPermissions() {
return permissions;
}
public void setPermissions(HashMap<String, Boolean> permissions) {
this.permissions = permissions;
}
}
......@@ -33,17 +33,24 @@
*/
package fr.paris.lutece.plugins.releaser.business;
import java.util.HashMap;
import java.util.List;
import fr.paris.lutece.plugins.releaser.util.ConstanteUtils;
import fr.paris.lutece.plugins.releaser.util.version.Version;
import fr.paris.lutece.portal.service.rbac.RBACResource;
// TODO: Auto-generated Javadoc
/**
* This is the business class for the object Component.
*/
public class Component extends AbstractReleaserResource
public class Component extends AbstractReleaserResource implements RBACResource
{
// RBAC management
public static final String RESOURCE_TYPE = "component";
// Component permissions
public static final String PERMISSION_SEARCH_COMPONENT = "searchComponentPermission";
private HashMap<String, Boolean> permissions;
/** The str artifact id. */
// Variables declarations
......@@ -626,4 +633,22 @@ public class Component extends AbstractReleaserResource
return getScmDeveloperConnection( );
}
@Override
public String getResourceTypeCode() {
return RESOURCE_TYPE;
}
@Override
public String getResourceId() {
return _strArtifactId;
}
public HashMap<String, Boolean> getPermissions() {
return permissions;
}
public void setPermissions(HashMap<String, Boolean> permissions) {
this.permissions = permissions;
}
}
......@@ -54,6 +54,12 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
// RBAC management
public static final String RESOURCE_TYPE = "site";
// site Permissions
public static final String PERMISSION_RELEASE_SITE = "releaseSitePermission";
public static final String PERMISSION_MODIFY_SITE = "modifySitePermission";
public static final String PERMISSION_DELETE_SITE = "deleteSitePermission";
private HashMap<String, Boolean> permissions;
/** The Constant serialVersionUID. */
......@@ -523,6 +529,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
* RBAC resource implementation
* @return The resource type code
*/
@Override
public String getResourceTypeCode( )
{
return RESOURCE_TYPE;
......@@ -532,6 +539,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
* RBAC resource implementation
* @return The resourceId
*/
@Override
public String getResourceId( )
{
return String.valueOf( _nId );
......@@ -546,6 +554,7 @@ public class Site extends AbstractReleaserResource implements RBACResource, Seri
this.permissions = new HashMap<String, Boolean>();
else
this.permissions.clear();
if (permissions != null) {
this.permissions.putAll(permissions);
}
......
......@@ -2,16 +2,23 @@
plugin.provider=City of Paris
plugin.description=Releaser components, sites and clusters
#RBAC Resources
rbac.site.resourceType=site
rbac.site.permission.create=Add sites
rbac.site.permission.view=View sites
rbac.site.permission.modify=Modify sites
rbac.site.permission.delete=Delete sites
rbac.site.resourceType=Manage sites
rbac.site.permission.release=Release site
rbac.site.permission.modify=Modify site
rbac.site.permission.delete=Delete site
# Admin features keys
rbac.cluster.resourceType=Manage clusters
rbac.cluster.permission.addSite=Add site to the cluster
rbac.cluster.permission.view=View cluster
rbac.cluster.permission.add=Add cluster
rbac.cluster.permission.modify=Modify the cluster
rbac.cluster.permission.delete=Delete the cluster
rbac.component.resourceType=Release generic components
rbac.component.permission.release=Search generic components to release
# Admin features keys
adminFeature.ManageSites.name=ManageSites
adminFeature.ManageSites.description=Manage Sites
adminFeature.ManageReleaser.name=ManageReleaser
......@@ -19,6 +26,7 @@ adminFeature.ManageReleaser.description=Manage Releasers
adminFeature.ManageReleaserComponent.name=ManageComponentReleaser
adminFeature.ManageReleaserComponent.description=Manage Component Releasers
# Business classes keys
......@@ -137,7 +145,7 @@ message.moreRecentVersionAvailable=Une version <b>{0}</b> plus r\u00e9cente est
message.releleaseVersionAlreadyExist=Release version <b>{0}</b> already exist.
message.twitterMessage=Le composant <b>{0}<b> est dsormais disponible en version <b>{1}<b>.
message.wrongPomParentSiteVersion=la version du POM parent du site doit \u00e9tre <b>{0}<b>, lors de la release le POM sera mise jour avec cette version
message.accessDenied=Access denied
# JSR 303 constraint validator messages
validation.releaseruser.SvnSiteAccountLogin.notEmpty=Login Svn
......
......@@ -2,23 +2,27 @@
plugin.provider=Ville de Paris
plugin.description=Mont\u00e9e de version des composants Lut\u00e8ce
#RBAC Resources
rbac.site.resourceType=Gestion des sites
rbac.site.permission.release=Releaser le site
rbac.site.permission.modify=Modifier le site
rbac.site.permission.delete=Supprimer le site
# Admin features keys
rbac.cluster.resourceType=Gestion des clusters
rbac.cluster.permission.addSite=Ajouter un site au cluster
rbac.cluster.permission.add=Ajouter un cluster
rbac.cluster.permission.modify=Modifier le cluster
rbac.cluster.permission.delete=Supprimer le cluster
rbac.component.resourceType=Release des composants génériques
rbac.component.permission.search=Chercher des composants génériques à releaser
# Admin features keys
adminFeature.ManageReleaser.name=Mont\u00e9e de version des composants Lut\u00e8ce
adminFeature.ManageReleaser.description=Mont\u00e9e de version des composants Lut\u00e8ce
#RBAC Resources
rbac.site.resourceType=sites
rbac.site.permission.create=Ajouter des sites
rbac.site.permission.view=Visualiser les sites
rbac.site.permission.modify=Modifier des sites
rbac.site.permission.delete=Supprimer des sites
# Business classes keys
# keys for business classes keys : Site
manage_sites.pageTitle=Sites
manage_sites.title=Liste des Sites
......@@ -146,6 +150,8 @@ message.moreRecentVersionAvailable=Une version <b>{0}</b> plus r\u00e9cente est
message.releleaseVersionAlreadyExist=La version release <b>{0}</b> est disponible.
message.twitterMessage=Le composant <b>{0}<b> est d\u00e9sormais disponible en version <b>{1}<b>.
message.wrongPomParentSiteVersion=la version du POM parent du site doit \u00e9tre <b>{0}<b>, lors de la release le POM sera mise à jour avec cette version
message.accessDenied=Accès refusé
# JSR 303 constraint validator messages
validation.releaseruser.SvnSiteAccountLogin.notEmpty=Login Svn
validation.releaseruser.SvnSiteAccountPassword.notEmpty=Password Svn
......
package fr.paris.lutece.plugins.releaser.service;
import java.util.List;
import java.util.Locale;
import fr.paris.lutece.plugins.releaser.business.Cluster;
import fr.paris.lutece.plugins.releaser.business.ClusterHome;
import fr.paris.lutece.portal.service.rbac.Permission;
import fr.paris.lutece.portal.service.rbac.ResourceIdService;
import fr.paris.lutece.portal.service.rbac.ResourceType;
import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.util.ReferenceList;
public class ClusterResourceIdService extends ResourceIdService
{
private static final String PROPERTY_LABEL_RESOURCE_TYPE = "releaser.rbac.cluster.resourceType";
private static final String PROPERTY_LABEL_ADD = "releaser.rbac.cluster.permission.add";
private static final String PROPERTY_LABEL_MODIFY = "releaser.rbac.cluster.permission.modify";
private static final String PROPERTY_LABEL_DELETE = "releaser.rbac.cluster.permission.delete";
private static final String PROPERTY_LABEL_ADD_SITE_TO_CLUSTER = "releaser.rbac.cluster.permission.addSite";
private static final String PLUGIN_NAME = "releaser";
/** Permission for creating Cluster */
public static final String PERMISSION_ADD = "ADD";
/** Permission for creating Cluster */
public static final String PERMISSION_ADD_SITE_TO_CLUSTER = "ADD_SITE_TO_CLUSTER";
/** Permission for deleting Cluster */
public static final String PERMISSION_DELETE = "DELETE";
/** Permission for modifying Cluster */
public static final String PERMISSION_MODIFY = "MODIFY";
/** Creates a new instance of SuggestTypeResourceIdService */
public ClusterResourceIdService( )
{
setPluginName( PLUGIN_NAME );
}
@Override
public void register()
{
ResourceType rt = new ResourceType( );
rt.setResourceIdServiceClass( ClusterResourceIdService.class.getName( ) );
rt.setPluginName( PLUGIN_NAME );
rt.setResourceTypeKey( Cluster.RESOURCE_TYPE );
rt.setResourceTypeLabelKey( PROPERTY_LABEL_RESOURCE_TYPE );
Permission p;
p = new Permission( );
p.setPermissionKey( PERMISSION_ADD );
p.setPermissionTitleKey( PROPERTY_LABEL_ADD );
rt.registerPermission( p );
p = new Permission( );
p.setPermissionKey( PERMISSION_MODIFY );
p.setPermissionTitleKey( PROPERTY_LABEL_MODIFY );
rt.registerPermission( p );
p = new Permission( );
p.setPermissionKey( PERMISSION_DELETE );
p.setPermissionTitleKey( PROPERTY_LABEL_DELETE );
rt.registerPermission( p );
p = new Permission( );
p.setPermissionKey( PERMISSION_ADD_SITE_TO_CLUSTER );
p.setPermissionTitleKey( PROPERTY_LABEL_ADD_SITE_TO_CLUSTER );
rt.registerPermission( p );
ResourceTypeManager.registerResourceType( rt );
}
@Override
public ReferenceList getResourceIdList(Locale locale) {
ReferenceList referenceListCluster = new ReferenceList( );
List<Cluster> listClusters = ClusterHome.getClustersList();
for ( Cluster cluster : listClusters )
{
referenceListCluster.addItem( cluster.getId(), cluster.getName() );
}
return referenceListCluster;
}
@Override
public String getTitle(String strId, Locale locale)
{
int nIdCluster = -1;
try
{
nIdCluster = Integer.parseInt( strId );
}
catch ( NumberFormatException ne )
{
AppLogService.error( ne );
}
Cluster cluster = ClusterHome.findByPrimaryKey( nIdCluster );
return cluster.getName();
}
}
......@@ -16,15 +16,9 @@ import fr.paris.lutece.portal.service.rbac.RBACService;
*/
public class ClusterService
{
// Permissions
private static final String PERMISSION_ADD_SITE = "addSitePermission";
private static final String PERMISSION_VIEW_SITE = "viewSitePermission";
private static final String PERMISSION_MODIFY_SITE = "modifySitePermission";
private static final String PERMISSION_DELETE_SITE = "deleteSitePermission";
/**
* Load the liste of sites into each cluster object and returns the list of clusters
* Load the list of sites into each cluster object and returns the list of clusters
*
* @return the list which contains the data of all the cluster objects
*/
......@@ -45,77 +39,100 @@ public class ClusterService
}
/**
* Load the liste of sites into each cluster object and returns the list of clusters
* Load the list of sites into each cluster object and returns the list of clusters
*
* @return the list which contains the data of all the cluster objects
*/
public static List<Cluster> getClustersListWithAuthorizedSites( AdminUser adminUser)
public static List<Cluster> getUserClusters( AdminUser adminUser)
{
List<Cluster> listCluster = ClusterHome.getClustersList( );
List<Cluster> listClusterWithAuthorizedSites = new ArrayList<Cluster>( );
HashMap<String, Boolean> sitePermissions = new HashMap<String, Boolean>( );
List<Cluster> listAuthorizedClusters = new ArrayList<Cluster>( );
for ( Cluster cluster : listCluster )
{
Cluster clusterWithAuthorizedList = cluster;
List<Site> listAuthorizedSites = new ArrayList<Site>( );
List<Site> listSite = SiteHome.findByCluster( cluster.getId( ) );
for ( Site site : listSite )
{
if ( RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(),
SiteResourceIdService.PERMISSION_VIEW, adminUser ) )
{
sitePermissions.clear();
// Add site's permissions
sitePermissions.put(PERMISSION_VIEW_SITE, true);
if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(),
SiteResourceIdService.PERMISSION_ADD, adminUser ))
{
sitePermissions.put(PERMISSION_ADD_SITE, true);
}
else
{
sitePermissions.put(PERMISSION_ADD_SITE, false);
}
if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(),
SiteResourceIdService.PERMISSION_MODIFY, adminUser ))
{
sitePermissions.put(PERMISSION_MODIFY_SITE, true);
}
else
{
sitePermissions.put(PERMISSION_MODIFY_SITE, false);
}
if (RBACService.isAuthorized( Site.RESOURCE_TYPE, site.getResourceId(),
SiteResourceIdService.PERMISSION_DELETE, adminUser ))
{
sitePermissions.put(PERMISSION_DELETE_SITE, true);
}
else
{
sitePermissions.put(PERMISSION_DELETE_SITE, false);
}
// Add permissions to the site
site.setPermissions( sitePermissions );
// Add the site to list of Authorized sites
listAuthorizedSites.add( site );
}
}
if ( listAuthorizedSites != null && !listAuthorizedSites.isEmpty( ) )
{
HashMap<String, Boolean> clusterPermissions = new HashMap<String, Boolean>( );
boolean bAuthoriseViewCluster = false;
// Add site to the cluster permission
if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(),
ClusterResourceIdService.PERMISSION_ADD_SITE_TO_CLUSTER, adminUser ))
{
clusterPermissions.put(Cluster.PERMISSION_ADD_SITES_TO_CLUSTER, true);
bAuthoriseViewCluster = true;
}
else
{
clusterPermissions.put(Cluster.PERMISSION_ADD_SITES_TO_CLUSTER, false);
}
// Modify cluster permission
if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(),
ClusterResourceIdService.PERMISSION_MODIFY, adminUser ))
{
clusterPermissions.put(Cluster.PERMISSION_MODIFY_CLUSTER, true);
bAuthoriseViewCluster = true;
}
else
{
clusterPermissions.put(Cluster.PERMISSION_MODIFY_CLUSTER, false);
}
// Delete cluster permission
if (RBACService.isAuthorized( Cluster.RESOURCE_TYPE, cluster.getResourceId(),
ClusterResourceIdService.PERMISSION_DELETE, adminUser ))
{
clusterPermissions.put(Cluster.PERMISSION_DELETE_CLUSTER, true);
bAuthoriseViewCluster = true;
}
else
{
clusterPermissions.put(Cluster.PERMISSION_DELETE_CLUSTER, false);
}
// Add permissions to the cluster
cluster.setPermissions( clusterPermissions );
// Add autorized sites
List<Site> listAuthorizedSites = SiteService.getAuthorizedSites( cluster.getId( ), adminUser);
if ( listAuthorizedSites != null )
{
clusterWithAuthorizedList.setSites( listAuthorizedSites );
listClusterWithAuthorizedSites.add( clusterWithAuthorizedList );
}
}
return listClusterWithAuthorizedSites;
cluster.setSites( listAuthorizedSites );
if ( !listAuthorizedSites.isEmpty() )
{
bAuthoriseViewCluster = true;
}
}
if (bAuthoriseViewCluster)
listAuthorizedClusters.add( cluster );
}
return listAuthorizedClusters;
}
public static boolean IsAddClusterAuthorized (AdminUser adminUser)
{
if ( RBACService.isAuthorized( new Cluster(), ClusterResourceIdService.PERMISSION_ADD, adminUser ) )
{
return true;
}
return false;
}
public static boolean IsUserAuthorized (AdminUser adminUser, String clusterId, String permission)
{
boolean bAuthorized = false;
if ( RBACService.isAuthorized( Cluster.RESOURCE_TYPE, clusterId, permission, adminUser ) )
{
bAuthorized = true;
}
return bAuthorized;
}
}
package fr.paris.lutece.plugins.releaser.service;
import java.util.Locale;
import fr.paris.lutece.plugins.releaser.business.Component;
import fr.paris.lutece.portal.service.rbac.Permission;
import fr.paris.lutece.portal.service.rbac.ResourceIdService;
import fr.paris.lutece.portal.service.rbac.ResourceType;
import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
import fr.paris.lutece.util.ReferenceList;
public class ComponentResourceIdService extends ResourceIdService
{
private static final String PROPERTY_LABEL_RESOURCE_TYPE = "releaser.rbac.component.resourceType";
private static final String PROPERTY_LABEL_SEARCH = "releaser.rbac.component.permission.search";
private static final String PLUGIN_NAME = "releaser";
/** Permission for search Component to release */
public static final String PERMISSION_SEARCH = "SEARCH";
/** Creates a new instance of SuggestTypeResourceIdService */
public ComponentResourceIdService( )
{
setPluginName( PLUGIN_NAME );
}
@Override
public void register()
{
ResourceType rt = new ResourceType( );
rt.setResourceIdServiceClass( ComponentResourceIdService.class.getName( ) );
rt.setPluginName( PLUGIN_NAME );
rt.setResourceTypeKey( Component.RESOURCE_TYPE );
rt.setResourceTypeLabelKey( PROPERTY_LABEL_RESOURCE_TYPE );
Permission p;
p = new Permission( );
p.setPermissionKey( PERMISSION_SEARCH );
p.setPermissionTitleKey( PROPERTY_LABEL_SEARCH );
rt.registerPermission( p );
ResourceTypeManager.registerResourceType( rt );
}
@Override
public ReferenceList getResourceIdList(Locale locale) {
// TODO Auto-generated method stub
return null;
}
@Override
public String getTitle(String strId, Locale locale) {
// TODO Auto-generated method stub
return null;