Changeset 5370


Ignore:
Timestamp:
Jun 23, 2010, 2:51:50 PM (13 years ago)
Author:
Nicklas Nordborg
Message:

References #1459: Named permissions keys that store predefined permissions for projects/groups/users

Added gui pages for managing permission templates. It is now possible to assign a template to a project and to select templates when sharing items. Eg. item 2 and 3 in the list above have been fully implemented. I think I'll close this ticket now and implement the first item in #1187 or #1236.

Location:
trunk
Files:
5 added
12 edited

Legend:

Unmodified
Added
Removed

  • trunk/doc/src/docbook/userdoc/project_permission.xml

    r5319 r5370  
    315315        <listitem>
    316316          <para>
    317           When you create new items, they are automatically added to the active
    318           project so
    319           there is almost no need to share items manually. All
     317          When you create new items, they are automatically shared
     318          using the settings from the active project. There is almost no
     319          need to share items manually. All
    320320          you have to remember is to set an active project, and
    321321          this is easy accessible from the
     
    355355          You should always, with few exceptions, have a project active
    356356          when you work with BASE. The most important reason is that
    357           new items will automatically be included in the active project.
    358           This considerably reduces the time needed for managing access
    359           permissions. Without an active project you would have to manually
     357          new items will automatically be shared using the settings in
     358          the active project. This considerably reduces
     359          the time needed for managing access permissions. Without an
     360          active project you would have to manually
    360361          set the permission on all items you create. If you have hundreds
    361362          of items this is a time-consuming and boring task best to be
     
    464465          <para>
    465466            When a project is active all new items you create are automatically
    466             shared to this project. By default the permission are set to
     467            shared using the settings from the active project. If the active project
     468            has a permission template the permissions from the template are copied
     469            to the new item. If the project doesn't have a permission template, the
     470            new item is shared to the active project with the configured default
     471            level. By default, projects doesn't have a permission template
     472            and the default permissions are set to
    467473            <emphasis>read</emphasis>, <emphasis>use</emphasis>,
    468474            <emphasis>write</emphasis> and <emphasis>delete</emphasis>. It is
     
    756762   
    757763    </sect1>
    758        
     764   
     765    <sect1 id="project_permission.templates">
     766      <title>Permission templates</title>
     767   
     768      <para>
     769        A <emphasis>permission template</emphasis> is a pre-defined set of permissions
     770        for users, groups and/or projects. The template makes it easy to quickly share
     771        items to multiple users, groups and projects, possible with different permissions
     772        for everyone. There are three major use-cases were permission templates are useful:
     773      </para>
     774     
     775      <itemizedlist>
     776        <listitem>
     777          <para>
     778          A permission template can be associated with project. When the project is selected
     779          as the active project, the permissions from the template are copied to any new items
     780          that are created. Note that the new items may or may not be shared with the active
     781          project, depending on the settings in the permission template.
     782          </para>
     783        </listitem>
     784        <listitem>
     785          <para>
     786          Permission templates can be selected in the <link linkend="webclient.items.share">share dialog</link>,
     787          making it easier to manually share items to multiple users,
     788          groups and projects in just a few clicks.
     789          </para>
     790        </listitem>
     791        <listitem>
     792          <para>
     793          Permission templates can be used with some batch item importers, making it easier
     794          for administrators which only needs a single data file even if the data belong to
     795          different projects.
     796          </para>
     797        </listitem>
     798      </itemizedlist>
     799     
     800      <para>
     801        Permission templates are managed from the <menuchoice><guimenu>View</guimenu>
     802        <guisubmenu>Permission templates</guisubmenu></menuchoice> menu. The template is
     803        a very simple item that only has a name (required) and a description (optional).
     804        We recommend that the names of the templates are kept unique, but this is not
     805        enforced by BASE. To assign permissions to the template use the
     806        <guibutton>Set permissions</guibutton> button. This is the same dialog as the
     807        <link linkend="webclient.items.share">share dialog</link>.
     808      </para>
     809     
     810      <note>
     811        <title>Permissions are copied</title>
     812        <para>
     813        When a permission template is used the permissions are <emphasis>copied</emphasis>
     814        to the items. Modifications to the template that are made afterwards doesn't
     815        affect the permissions for the items on which the template was used.
     816        </para>
     817      </note>
     818    </sect1>
    759819</chapter>

  • trunk/doc/src/docbook/userdoc/webclient.xml

    r5319 r5370  
    12161216          to other users. This is because whenever you work with an active
    12171217          project each new item you create will automatically be shared
    1218           to that project. In most cases, this is all you need.
     1218          according to the settings of that project. In most cases, this
     1219          is all you need.
    12191220        </para>
    12201221       
     
    12711272                </para>
    12721273               
     1274                <para>
     1275                  The <guilabel>Permission templates</guilabel> part of the list
     1276                  is always empty to begin with.
     1277                </para>
     1278               
    12731279              </listitem>
    12741280            </varlistentry>
     
    12861292                You can select more than one user, group or project
    12871293                and change the permissions for all of them at once.
     1294                </para>
     1295                <para>
     1296                The permission boxes are disabled if a permission template
     1297                is selected. The permissions are already part of the template
     1298                and can't be changed here.
    12881299                </para>
    12891300              </listitem>
     
    13481359                projects that already have access to the items.
    13491360                </para>
     1361              </listitem>
     1362            </varlistentry>
     1363           
     1364            <varlistentry>
     1365              <term><guibutton>Templates</guibutton></term>
     1366              <listitem>
     1367                <para>
     1368                Opens a pop-up window that allows you to select
     1369                permission templates. In the pop-up window, mark
     1370                one or more templates and click on the &gbOk;
     1371                button. Unless you are an administrator, the pop-up window
     1372                will only list templates that you are allowed to use. It will
     1373                not list templates that have already been added.
     1374                </para>
     1375               
     1376                <note>
     1377                  <para>
     1378                  The permissions from the selected templates are <emphasis>copied</emphasis>
     1379                  to the items when the access permissions are saved. If you re-open the share dialog,
     1380                  the actual permissions are shown and the permission templates
     1381                  section is empty. Modifying the permission template later doesn't
     1382                  affect the permissions on existing items. See <xref linkend="project_permission.templates" />
     1383                  for more information about permission templates.
     1384                  </para>
     1385                </note>
     1386               
    13501387              </listitem>
    13511388            </varlistentry>

  • trunk/src/core/net/sf/basedb/core/MultiPermissions.java

    r5060 r5370  
    328328 
    329329  /**
     330    Merge the permissions from the given item key keeping those
     331    that has already been set.
     332
     333    @param itemKey An item key (if null, this method simply returns)
     334    @since 2.16
     335    @see UserPermissions#merge(ItemKey)
     336    @see GroupPermissions#merge(ItemKey)
     337  */
     338  public void merge(ItemKey itemKey)
     339  {
     340    if (itemKey == null) return;
     341    for (UserPermissions up : userPermissions.values())
     342    {
     343      up.merge(itemKey);
     344    }
     345    for (GroupPermissions gp : groupPermissions.values())
     346    {
     347      gp.merge(itemKey);
     348    }
     349  }
     350 
     351  /**
     352    Merge the permissions from the given project key keeping those
     353    that has already been set.
     354 
     355    @param projectKey An project key (if null, this method simply returns)
     356    @since 2.16
     357    @see ProjectPermissions#merge(ProjectKey)
     358  */
     359  public void merge(ProjectKey projectKey)
     360  {
     361    if (projectKey == null) return;
     362    for (ProjectPermissions pp : projectPermissions.values())
     363    {
     364      pp.merge(projectKey);
     365    }
     366  }
     367 
     368  /**
    330369    Get a query that returns all users appearing in at least one of
    331370    the item keys. The query will not return users that the logged in

  • trunk/www/common/share/share.jsp

    r4889 r5370  
    206206      }
    207207      %>
     208      Link.addNewSection(members, new Section('T', 'Permission templates'));
    208209    }
    209210    // Submit the form
     
    214215      frm.modifiedGroups.value = Link.exportModified(frm, 'G').join(',');
    215216      frm.modifiedProjects.value = Link.exportModified(frm, 'P').join(',');
     217      frm.permissionTemplates.value = Link.getListIds(frm.members, 'T').join(',');
    216218      frm.submit();
    217219    }
     
    261263      return s;
    262264    }
    263     function showPermissions(permissionCode, disabled)
    264     {
     265    function showPermissions(permissionCode, isEveryone, isTemplate)
     266    {
     267      var disabled = isTemplate || (isEveryone && !share_to_everyone);
    265268      var frm = document.forms['share'];
    266269      frm['read'].checked = permissionCode & <%=READ_CODE%>;
     
    276279      frm['set_owner'].disabled = disabled;
    277280      frm['set_permission'].disabled = disabled;
    278       if (disabled)
     281      if (isEveryone && !share_to_everyone)
    279282      {
    280283        Main.show('share_disabled');
     
    299302        {
    300303          var item = option.item;
    301           var disabled = item.id == everyone_id && item.type == 'G' && !share_to_everyone;
     304          var disabled = item.type == 'T' || (item.id == everyone_id && item.type == 'G' && !share_to_everyone);
    302305          if (!disabled)
    303306          {
     
    316319      if (item && item.id)
    317320      {
    318         var disabled = item.id == everyone_id && item.type == 'G' && !share_to_everyone;
    319         showPermissions(item.value, disabled);
     321        var isTemplate = item.type == 'T';
     322        var isEveryone = item.id == everyone_id && item.type == 'G';
     323        showPermissions(item.value, isEveryone, isTemplate);
    320324      }
    321325    }
     
    334338      if (!item) item = new Item('U', userId, name+' ['+permissionString+']', permissionCode, 0);
    335339      Link.addItem(document.forms['share'].members, item);
     340      membersOnChange();
    336341    }
    337342    function addGroupsOnClick()
     
    356361      if (!item) item = new Item('G', groupId, name+' ['+permissionString+']', permissionCode, 0);
    357362      Link.addItem(document.forms['share'].members, item);
     363      membersOnChange();
    358364    }
    359365    function addProjectsOnClick()
     
    370376      if (!item) item = new Item('P', projectId, name+' ['+permissionString+']', permissionCode, 0);
    371377      Link.addItem(document.forms['share'].members, item);
     378      membersOnChange();
     379    }
     380    function addPermissionTemplateOnClick()
     381    {
     382      var ids = Link.getListIds(document.forms['share'].members, 'T');
     383      var excludes = ids.join(',');
     384      Main.openPopup('../../views/permissiontemplates/index.jsp?ID=<%=ID%>&cmd=UpdateContext&mode=selectmultiple&callback=addPermissionTemplateCallback&permission=READ&exclude='+excludes, 'AddPermissionTemplates', 1000, 700);
     385    }
     386    function addPermissionTemplateCallback(templateId, name)
     387    {
     388      var item = Link.getItem('T', templateId);
     389      if (!item) item = new Item('T', templateId, name, 0, 0);
     390      Link.addItem(document.forms['share'].members, item);
     391      membersOnChange();
    372392    }
    373393    function removeOnClick()
    374394    {
    375395      Link.removeSelected(document.forms['share'].members);
     396      membersOnChange();
    376397    }
    377398    </script>
     
    395416        <input type="hidden" name="modifiedGroups" value="">
    396417        <input type="hidden" name="modifiedProjects" value="">
     418        <input type="hidden" name="permissionTemplates" value="">
    397419      </td>
    398420 
     
    429451          /></td></tr>
    430452        <tr><td><base:button
     453          onclick="addPermissionTemplateOnClick()"
     454          title="Templates&hellip;"
     455          tooltip="Add permission templates"
     456          image="add.png"
     457          disabled="<%=!writePermission %>"
     458          /></td></tr>
     459        <tr><td><base:button
    431460          onclick="removeOnClick()"
    432461          title="Remove"

  • trunk/www/common/share/submit_share.jsp

    r5136 r5370  
    4747  import="net.sf.basedb.core.Group"
    4848  import="net.sf.basedb.core.Project"
     49  import="net.sf.basedb.core.PermissionTemplate"
    4950  import="net.sf.basedb.clients.web.Base"
    5051  import="net.sf.basedb.clients.web.PermissionUtil"
     
    106107      }
    107108    }
     109   
     110    String[] permissionTemplates = Values.getString(request.getParameter("permissionTemplates")).split(",");
     111    for (int i = 0; i < permissionTemplates.length; ++i)
     112    {
     113      int permissionTemplateId = Values.getInt(permissionTemplates[i], -1);
     114      if (permissionTemplateId != -1)
     115      {
     116        PermissionTemplate template = PermissionTemplate.getById(dc, permissionTemplateId);
     117        mp.merge(template.getItemKey());
     118        mp.merge(template.getProjectKey());
     119      }
     120    }
     121 
     122   
    108123    mp.updateKeys(dc, recursive);
    109124    sc.reloadPermissions();

  • trunk/www/include/menu.jsp

    r5361 r5370  
    379379    final boolean hasProjects           = !sc.hasPermission(Permission.DENIED, Item.PROJECT);
    380380    final boolean createProjects        =  sc.hasPermission(Permission.CREATE, Item.PROJECT);
     381    final boolean hasPermissionTemplates = !sc.hasPermission(Permission.DENIED, Item.PERMISSIONTEMPLATE);
    381382
    382383    final boolean hasMessages           = !sc.hasPermission(Permission.DENIED, Item.MESSAGE);
     
    437438        tooltip="Manage projects"
    438439        enabled="<%=hasProjects%>"
     440      />
     441      <m:menuitem
     442        title="Permission templates"
     443        onclick="<%="Menu.openUrl('"+root+"views/permissiontemplates/index.jsp?ID="+ID+"')"%>"
     444        tooltip="Manage permission templates"
     445        enabled="<%=hasPermissionTemplates%>"
    439446      />
    440447      <m:menuitem

  • trunk/www/include/scripts/main.js

    r5365 r5370  
    521521    this.controllers['MESSAGE'] = { url:'my_base/messages/index.jsp', width:600, height:420, popup:true, edit:false };
    522522    this.controllers['PROJECT'] = { url:'my_base/projects/index.jsp', width:600, height:460 };
     523    this.controllers['PERMISSIONTEMPLATE'] = { url:'views/permissiontemplates/index.jsp', width:450, height:280 };
    523524    this.controllers['FILE'] = { url:'filemanager/index.jsp', width:560, height:420 };
    524525    this.controllers['FILESERVER'] = { url:'filemanager/fileservers/index.jsp', width:600, height:460 };

  • trunk/www/my_base/projects/edit_project.jsp

    r4889 r5370  
    3939  import="net.sf.basedb.core.Platform"
    4040  import="net.sf.basedb.core.PlatformVariant"
     41  import="net.sf.basedb.core.Include"
     42  import="net.sf.basedb.core.PermissionTemplate"
    4143  import="net.sf.basedb.core.User"
    4244  import="net.sf.basedb.core.Group"
     
    9395  String title = null;
    9496  Project project = null;
    95 
     97 
    9698  // Query to retrieve child groups
    9799  ItemQuery<Group> groupQuery = null;
     
    109111  PlatformVariant currentVariant = null;
    110112  RawDataType currentRawDataType = null;
    111  
     113  boolean readCurrentPermissionTemplate = true;
     114  PermissionTemplate currentPermissionTemplate = null;
     115
     116  List<PermissionTemplate> recentPermissionTemplates = (List<PermissionTemplate>)cc.getRecent(dc, Item.PERMISSIONTEMPLATE);
     117
    112118  if (itemId == 0)
    113119  {
    114120    title = "Create project";
    115121    cc.removeObject("item");
     122    currentPermissionTemplate = Base.getFirstMatching(dc, PermissionTemplate.getQuery(), "name", cc.getPropertyFilter("permissionTemplate.name"));
    116123  }
    117124  else
     
    140147    if (currentRawDataType == null && currentPlatform != null) currentRawDataType = currentPlatform.getRawDataType();
    141148    if (currentRawDataType == null) currentRawDataType = project.getDefaultRawDataType();
    142    
     149 
     150    try
     151    {
     152      currentPermissionTemplate = project.getPermissionTemplate();
     153    }
     154    catch (PermissionDeniedException ex)
     155    {
     156      readCurrentPermissionTemplate = false;
     157    }
     158 
    143159    groupQuery = project.getGroups();
    144160    groupQuery.include(Include.ALL);
     
    173189  final String requiredClazz = "class=\"text required\"";
    174190  %>
    175 
    176   <%@page import="net.sf.basedb.core.Include"%>
    177 <base:page type="popup" title="<%=title%>">
     191  <base:page type="popup" title="<%=title%>">
    178192  <base:head scripts="tabcontrol.js,linkitems.js,parameters.js,platforms.js" styles="tabcontrol.css,parameters.css">
    179193    <script language="JavaScript">
     
    223237      initDefaults();
    224238      platformOnChange();
     239      permissionTemplateOnChange();
    225240      showPermissions(frm.autoPermissions.value, 'auto_');
    226241    }
     
    441456      frm.autoPermissions.value = getPermissionCode('auto_');
    442457    }
    443    
     458
     459    function selectPermissionTemplateOnClick()
     460    {
     461      var frm = document.forms['project'];
     462      var url = '../../views/permissiontemplates/index.jsp?ID=<%=ID%>&cmd=UpdateContext&mode=selectone&callback=setPermissionTemplateCallback';
     463      if (frm.permissiontemplate_id.length > 1)
     464      {
     465        var id = Math.abs(parseInt(frm.permissiontemplate_id[1].value));
     466        url += '&item_id='+id;
     467      }
     468      Main.openPopup(url, 'SelectPermissionTemplate', 1000, 700);
     469    }
     470    function setPermissionTemplateCallback(id, name)
     471    {
     472      var frm = document.forms['project'];
     473      var list = frm.permissiontemplate_id;
     474      if (list.length < 2 || list[1].value == '0') // >
     475      {
     476        Forms.addListOption(list, 1, new Option());
     477      }
     478      list[1].value = id;
     479      list[1].text = name;
     480      list.selectedIndex = 1;
     481      permissionTemplateOnChange();
     482    }
     483    function permissionTemplateOnChange()
     484    {
     485      var frm = document.forms['project'];
     486      var hasTemplate = frm.permissiontemplate_id.selectedIndex > 0;
     487      frm.auto_read.disabled = hasTemplate;
     488      frm.auto_use.disabled = hasTemplate;
     489      frm.auto_write.disabled = hasTemplate;
     490      frm.auto_delete.disabled = hasTemplate;
     491      frm.auto_set_owner.disabled = hasTemplate;
     492      frm.auto_set_permission.disabled = hasTemplate;
     493    }
    444494    function membersOnChange()
    445495    {
     
    656706        <td class="prompt">Default permissions</td>
    657707        <td>
     708          <base:select
     709            id="permissiontemplate_id"
     710            clazz="selectionlist"
     711            required="false"
     712            current="<%=currentPermissionTemplate%>"
     713            denied="<%=!readCurrentPermissionTemplate%>"
     714            recent="<%=recentPermissionTemplates%>"
     715            newitem="<%=project == null%>"
     716            unselectedtext="- select a template or specify below -"
     717            onselect="selectPermissionTemplateOnClick()"
     718            onchange="permissionTemplateOnChange()"
     719          />
     720       
    658721          <input type="checkbox" checked name="auto_read" onClick="autoPermissionsOnClick('auto_read')">Read<br>
    659722          <input type="checkbox" checked name="auto_use" onClick="autoPermissionsOnClick('auto_use')">Use<br>
     
    723786    </t:tab>
    724787   
    725     <t:tab id="defaults" title="Defaults"  helpid="project.edit.defaults">
     788    <t:tab id="defaults" title="Default items"  helpid="project.edit.defaults">
    726789      <table class="form" cellspacing="2" border="0" cellpadding="0" width="100%">       
    727790        <tr valign="top">

  • trunk/www/my_base/projects/index.jsp

    r5060 r5370  
    3838  import="net.sf.basedb.core.ItemResultIterator"
    3939  import="net.sf.basedb.core.Permission"
     40  import="net.sf.basedb.core.PermissionTemplate"
    4041  import="net.sf.basedb.core.ItemContext"
    4142  import="net.sf.basedb.core.MultiPermissions"
     
    133134    // Update the properties on an item (will close the popup)
    134135    ItemContext cc = Base.getAndSetCurrentContext(sc, itemType, null, defaultContext);
     136    final int maxRecent = Base.getMaxRecent(sc);
    135137    dc = sc.newDbControl();
    136138    Project project = (Project)cc.getObject("item");
     
    149151    project.setAutoPermission(PermissionUtil.getPermissions(Values.getInt(request.getParameter("autoPermissions"), 31)));
    150152    project.setDescription(Values.getStringOrNull(request.getParameter("description")));
     153   
     154    int permissionTemplateId = Values.getInt(request.getParameter("permissiontemplate_id"), -1);
     155    if (permissionTemplateId >= 0)  // < 0 = denied or unchanged
     156    {
     157      PermissionTemplate pt = permissionTemplateId == 0 ? null : PermissionTemplate.getById(dc, permissionTemplateId);
     158      project.setPermissionTemplate(pt);
     159      if (pt != null) cc.setRecent(pt, maxRecent);
     160    }
    151161
    152162    // Members tab

  • trunk/www/my_base/projects/list_projects.jsp

    r4889 r5370  
    228228        datatype="string"
    229229        title="Owner"
     230        sortable="true"
     231        filterable="true"
     232        exportable="true"
     233      />
     234      <tbl:columndef
     235        id="permissionTemplate"
     236        property="permissionTemplate.name"
     237        datatype="string"
     238        title="Default permissions"
    230239        sortable="true"
    231240        filterable="true"
     
    419428                    enablePropertyLink="<%=mode.hasPropertyLink()%>"
    420429                  /></tbl:cell>
     430                <tbl:cell column="permissionTemplate"
     431                  ><base:propertyvalue
     432                    item="<%=item%>"
     433                    property="permissionTemplate"
     434                    enableEditLink="<%=mode.hasEditLink()%>"
     435                    enablePropertyLink="<%=mode.hasPropertyLink()%>"
     436                    nulltext="<%=PermissionUtil.getFullPermissionNames(item.getAutoPermission())%>"
     437                  /></tbl:cell>
    421438                <tbl:cell column="entryDate" value="<%=item.getEntryDate()%>" />
    422439                <tbl:cell column="description"><%=HTML.encodeTags(item.getDescription())%></tbl:cell>

  • trunk/www/my_base/projects/view_project.jsp

    r5045 r5370  
    268268      <tr>
    269269        <td class="prompt">Default permissions</td>
    270         <td><%=PermissionUtil.getFullPermissionNames(project.getAutoPermission())%></td>
     270        <td><base:propertyvalue item="<%=project%>" property="permissionTemplate"
     271          nulltext="<%=PermissionUtil.getFullPermissionNames(project.getAutoPermission())%>" /></td>
    271272      </tr>
    272273      <tr>
Note: See TracChangeset for help on using the changeset viewer.