Skip to content

Commit

Permalink
Require global role editing permission to see global authorities
Browse files Browse the repository at this point in the history
  • Loading branch information
@solth
solth committed Oct 30, 2024
1 parent bc0970f commit 8a1bbd3
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 4 deletions.
18 changes: 18 additions & 0 deletions Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -956,6 +956,24 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
return securityAccessService.hasAuthorityGlobalToAddOrEditRole();
}

/**
* Checks if current user has global authority for editing roles.
*
* @return true if current user has global authority for editing roles
*/
public boolean hasAuthorityGlobalToEditRole() {
return securityAccessService.hasAuthorityGlobalToEditRole();
}

/**
* Checks if current user has global authority for viewing a role.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToViewRole() {
return securityAccessService.hasAuthorityGlobalToViewRole();
}

/**
* Checks if current user has authority to configure displayed columns in list
* views.
Expand Down
19 changes: 19 additions & 0 deletions Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -889,6 +889,25 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
return hasAnyAuthorityGlobal("addRole, editRole");
}

/**
* Checks if current user has global authority for editing a role.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToEditRole() {
return hasAnyAuthorityGlobal("editRole");
}

/**
* Checks if current user has global authority for viewing a role.
* Having the authority to edit a role also grants permission to view it inherently.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToViewRole() {
return hasAnyAuthorityGlobal("viewRole, editRole");
}

/**
* Check if current user has global authority to view role list. It returns true
* if user has "viewAllRoles" authority globally.
Expand Down
10 changes: 6 additions & 4 deletions Kitodo/src/main/webapp/WEB-INF/templates/includes/roleEdit/details.xhtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,20 @@
</p:row>
<p:row rendered="#{not SecurityAccessController.hasAuthorityGlobalToAddOrEditRole()}" />
</p:panelGrid>
<p:panelGrid columns="2" layout="grid">
<p:row>
<p:panelGrid columns="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? 2 : 1}"
layout="grid">
<p:row rendered="#{SecurityAccessController.hasAuthorityGlobalToViewRole()}">
<!--global authorities-->
<h:panelGroup>
<h3 style="margin-bottom: 20px">
<h:outputText value="#{msgs.globalAssignable}"/>
</h3>
<!--@elvariable id="authority" type="org.kitodo.data.database.beans.Authority"-->
<p:pickList id="authoritiesGlobalPick"
showSourceFilter="true" showTargetFilter="true"
filterMatchMode="contains"
responsive="true"
disabled="#{isViewMode}"
disabled="#{not SecurityAccessController.hasAuthorityGlobalToEditRole() or isViewMode}"
value="#{RoleForm.globalAssignableAuthorities}"
converter="#{authorityConverter}"
var="authority"
Expand All @@ -70,7 +72,7 @@
<!--client authorities-->
<h:panelGroup>
<h3 style="margin-bottom: 20px">
<h:outputText value="#{msgs.clientAssignable}"/>
<h:outputText value="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? msgs.clientAssignable : msgs.authorities}"/>
</h3>
<p:pickList id="authoritiesClientPick"
value="#{RoleForm.clientAssignableAuthorities}"
Expand Down

0 comments on commit 8a1bbd3

Please sign in to comment.