mirror of
https://github.com/sismics/docs.git
synced 2025-12-26 16:11:42 +00:00
Closes #252: route model permissions
This commit is contained in:
Benjamin Gamard
@@ -1,16 +1,14 @@
|
||||
package com.sismics.docs.rest.resource;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import com.sismics.docs.core.constant.AclTargetType;
|
||||
import com.sismics.docs.core.constant.ActionType;
|
||||
import com.sismics.docs.core.constant.RouteStepTransition;
|
||||
import com.sismics.docs.core.constant.RouteStepType;
|
||||
import com.sismics.docs.core.constant.*;
|
||||
import com.sismics.docs.core.dao.AclDao;
|
||||
import com.sismics.docs.core.dao.GroupDao;
|
||||
import com.sismics.docs.core.dao.RouteModelDao;
|
||||
import com.sismics.docs.core.dao.TagDao;
|
||||
import com.sismics.docs.core.dao.UserDao;
|
||||
import com.sismics.docs.core.dao.criteria.RouteModelCriteria;
|
||||
import com.sismics.docs.core.dao.dto.RouteModelDto;
|
||||
import com.sismics.docs.core.model.jpa.Acl;
|
||||
import com.sismics.docs.core.model.jpa.Group;
|
||||
import com.sismics.docs.core.model.jpa.RouteModel;
|
||||
import com.sismics.docs.core.model.jpa.User;
|
||||
@@ -19,6 +17,7 @@ import com.sismics.docs.core.util.jpa.SortCriteria;
|
||||
import com.sismics.docs.rest.constant.BaseFunction;
|
||||
import com.sismics.rest.exception.ClientException;
|
||||
import com.sismics.rest.exception.ForbiddenClientException;
|
||||
import com.sismics.rest.util.AclUtil;
|
||||
import com.sismics.rest.util.ValidationUtil;
|
||||
|
||||
import javax.json.*;
|
||||
@@ -64,7 +63,7 @@ public class RouteModelResource extends BaseResource {
|
||||
SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
|
||||
|
||||
RouteModelDao routeModelDao = new RouteModelDao();
|
||||
List<RouteModelDto> routeModelDtoList = routeModelDao.findByCriteria(new RouteModelCriteria(), sortCriteria);
|
||||
List<RouteModelDto> routeModelDtoList = routeModelDao.findByCriteria(new RouteModelCriteria().setTargetIdList(getTargetIdList(null)), sortCriteria);
|
||||
for (RouteModelDto routeModelDto : routeModelDtoList) {
|
||||
routeModels.add(Json.createObjectBuilder()
|
||||
.add("id", routeModelDto.getId())
|
||||
@@ -111,6 +110,23 @@ public class RouteModelResource extends BaseResource {
|
||||
.setName(name)
|
||||
.setSteps(steps), principal.getId());
|
||||
|
||||
// Create read ACL
|
||||
AclDao aclDao = new AclDao();
|
||||
Acl acl = new Acl();
|
||||
acl.setPerm(PermType.READ);
|
||||
acl.setType(AclType.USER);
|
||||
acl.setSourceId(id);
|
||||
acl.setTargetId(principal.getId());
|
||||
aclDao.create(acl, principal.getId());
|
||||
|
||||
// Create write ACL
|
||||
acl = new Acl();
|
||||
acl.setPerm(PermType.WRITE);
|
||||
acl.setType(AclType.USER);
|
||||
acl.setSourceId(id);
|
||||
acl.setTargetId(principal.getId());
|
||||
aclDao.create(acl, principal.getId());
|
||||
|
||||
// Always return OK
|
||||
JsonObjectBuilder response = Json.createObjectBuilder()
|
||||
.add("id", id);
|
||||
@@ -125,7 +141,6 @@ public class RouteModelResource extends BaseResource {
|
||||
private void validateRouteModelSteps(String steps) {
|
||||
UserDao userDao = new UserDao();
|
||||
GroupDao groupDao = new GroupDao();
|
||||
TagDao tagDao = new TagDao();
|
||||
|
||||
try (JsonReader reader = Json.createReader(new StringReader(steps))) {
|
||||
JsonArray stepsJson = reader.readArray();
|
||||
@@ -374,6 +389,9 @@ public class RouteModelResource extends BaseResource {
|
||||
.add("create_date", routeModel.getCreateDate().getTime())
|
||||
.add("steps", routeModel.getSteps());
|
||||
|
||||
// Add ACL
|
||||
AclUtil.addAcls(response, id, getTargetIdList(null));
|
||||
|
||||
return Response.ok().entity(response.build()).build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,6 +70,11 @@ public class RouteResource extends BaseResource {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
// Check permission on this route model
|
||||
if (!aclDao.checkPermission(routeModelId, PermType.READ, getTargetIdList(null))) {
|
||||
throw new ForbiddenClientException();
|
||||
}
|
||||
|
||||
// Avoid creating 2 running routes on the same document
|
||||
RouteStepDao routeStepDao = new RouteStepDao();
|
||||
if (routeStepDao.getCurrentStep(documentId) != null) {
|
||||
|
||||
@@ -59,26 +59,6 @@ angular.module('docs').controller('SettingsWorkflowEdit', function($scope, $dial
|
||||
return $stateParams.id;
|
||||
};
|
||||
|
||||
/**
|
||||
* In edit mode, load the current workflow.
|
||||
*/
|
||||
if ($scope.isEdit()) {
|
||||
Restangular.one('routemodel', $stateParams.id).get().then(function (data) {
|
||||
$scope.workflow = data;
|
||||
$scope.workflow.steps = JSON.parse(data.steps);
|
||||
_.each($scope.workflow.steps, function (step) {
|
||||
if (!step.transitions) {
|
||||
// Patch for old route models
|
||||
$scope.updateTransitions(step);
|
||||
}
|
||||
});
|
||||
});
|
||||
} else {
|
||||
$scope.workflow = {
|
||||
steps: []
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the current workflow.
|
||||
*/
|
||||
@@ -188,4 +168,25 @@ angular.module('docs').controller('SettingsWorkflowEdit', function($scope, $dial
|
||||
Restangular.one('tag/list').get().then(function(data) {
|
||||
$scope.tags = data.tags;
|
||||
});
|
||||
|
||||
/**
|
||||
* In edit mode, load the current workflow.
|
||||
*/
|
||||
if ($scope.isEdit()) {
|
||||
Restangular.one('routemodel', $stateParams.id).get().then(function (data) {
|
||||
$scope.workflow = data;
|
||||
$scope.workflow.steps = JSON.parse(data.steps);
|
||||
_.each($scope.workflow.steps, function (step) {
|
||||
if (!step.transitions) {
|
||||
// Patch for old route models
|
||||
$scope.updateTransitions(step);
|
||||
}
|
||||
});
|
||||
});
|
||||
} else {
|
||||
$scope.workflow = {
|
||||
steps: []
|
||||
};
|
||||
$scope.addStep();
|
||||
}
|
||||
});
|
||||
@@ -311,7 +311,8 @@
|
||||
"target_help": "<strong>Approve:</strong> Accept or reject the review<br/><strong>Validate:</strong> Review and continue the workflow",
|
||||
"add_step": "Add a workflow step",
|
||||
"actions": "What happens after?",
|
||||
"remove_action": "Remove action"
|
||||
"remove_action": "Remove action",
|
||||
"acl_info": "Only users and groups defined here will be able to start this workflow on a document"
|
||||
}
|
||||
},
|
||||
"security": {
|
||||
|
||||
@@ -136,6 +136,16 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="panel panel-default mt-30" ng-show="isEdit()">
|
||||
<div class="panel-body">
|
||||
<p translate="settings.workflow.edit.acl_info"></p>
|
||||
<acl-edit source="workflow.id"
|
||||
acls="workflow.acls"
|
||||
writable="workflow.writable"
|
||||
creator="workflow.creator"></acl-edit>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="clearfix form-group mt-10">
|
||||
<div class="col-sm-offset-2 col-sm-10">
|
||||
<button type="submit" class="btn btn-primary" ng-click="edit()" ng-disabled="!editWorkflowForm.$valid">
|
||||
|
||||
@@ -607,6 +607,10 @@ input[readonly].share-link {
|
||||
margin-bottom: 19px;
|
||||
}
|
||||
|
||||
.mt-30 {
|
||||
margin-top: 30px;
|
||||
}
|
||||
|
||||
.ml-10 {
|
||||
margin-left: 10px;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user