Changeset 7294


Ignore:
Timestamp:
Feb 17, 2017, 11:15:35 AM (5 years ago)
Author:
Nicklas Nordborg
Message:

References #2043: Activating/deactivating roles on the fly in a login session

Implemented support for setting a role as inactive in the core. New public methods are in the SessionControl class.

The getRoles() method has been deprecated and replaced with other methods (since this method return ALL roles including inactive). Code that uses this method for permission checking may experience PermissionDeniedExceptions if a users has de-activated a role.

The "User" menu to the far right has been updated to include a section with roles where the user can toggle the active/inactive status.

The settings are not (yet) remebered between sessions. All roles start out in the active state after logging in.

Location:
trunk
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/clients/web/net/sf/basedb/clients/web/resources/menu.properties

    r6991 r7294  
    272272impersonate.title Impersonate
    273273impersonate.tooltip Login as another user without knowing the password
     274myroles.title   My roles
     275myroles.tooltip.0 De-activate this role
     276myroles.tooltip.1 Activate this role
    274277
    275278## Refresh menu ##

  • trunk/src/core/net/sf/basedb/core/Keyring.java

    r6444 r7294  
    141141
    142142  /**
     143    Holds the ID of the roles that are inactive.
     144    @since 3.11
     145   */
     146  private Set<Integer> inactiveRoles;
     147 
     148  /**
    143149    The active project's ID.
    144150  */
     
    240246      this.projects = parent.projects;
    241247      this.roles = parent.roles;
     248      if (parent.inactiveRoles != null)
     249      {
     250        this.inactiveRoles = new HashSet<Integer>(parent.inactiveRoles);
     251      }
    242252      this.maxProjectPermission = parent.maxProjectPermission;
    243253      this.itemKeys = parent.itemKeys;
     
    625635      for (RoleKeys rk : roleKeys)
    626636      {
     637        if (inactiveRoles != null && inactiveRoles.contains(rk.getRoleId()))
     638        {
     639          continue; // Skip inactive roles
     640        }
    627641        int keyId = rk.getKeyId();
    628642        if ((index >= 0) && (rolePermissions[0][index] == keyId))
     
    778792 
    779793  /**
     794    Set a roles as inactive (or active).
     795    @return TRUE if the status was changes, FALSE if not
     796    @since 3.11
     797  */
     798  synchronized boolean setRoleInactive(int roleId, boolean inactive)
     799  {
     800    // Ignore roles that the user is not a member of
     801    if (!roles.contains(roleId)) return false;
     802   
     803    if (inactiveRoles == null) inactiveRoles = new HashSet<Integer>();
     804
     805    boolean changed = inactive ? inactiveRoles.add(roleId) : inactiveRoles.remove(roleId);
     806    // Force permission reload if this changes the inactive roles
     807    reload |= changed;
     808    return changed;
     809  }
     810 
     811 
     812  /**
    780813    Returns the permission value for the specified key or
    781814    PERMISSION.DENIED if not found in the array of keys.
     
    909942  }
    910943 
     944  Set<Integer> getInactiveRoles()
     945  {
     946    if (getReload()) reload();
     947    return inactiveRoles == null ? Collections.emptySet() : inactiveRoles;
     948  }
     949
    911950  Set<Integer> getGroups(boolean onlyWithNonHiddenMembers)
    912951  {

  • trunk/src/core/net/sf/basedb/core/Role.java

    r7016 r7294  
    398398          if (filter != null)
    399399          {
    400             Set<Integer> roles = sc.getRoles();
     400            Set<Integer> roles = sc.getAllRoles();
    401401            if (roles == null || roles.size() == 0) roles = Collections.singleton(0);
    402402            filter.setParameterList("items", roles);

  • trunk/src/core/net/sf/basedb/core/SessionControl.java

    r7189 r7294  
    5858import java.util.Map;
    5959import java.util.HashMap;
     60import java.util.HashSet;
    6061import java.util.WeakHashMap;
    6162import java.util.Collections;
     
    10841085  }
    10851086 
    1086 
    1087  
    10881087  /**
    10891088    Create a new session control for executing a plugin.
     
    12961295  /**
    12971296    Get the id of all roles where the logged in user is a member.
     1297    For backwards compatibility reasons this method return
     1298    {@link #getAllRoles()}.
     1299   
    12981300    @return A <code>Set</code> containing role id:s
    1299   */
     1301    @deprecated In 3.11, use {@link #getAllRoles()} or {@link #getActiveRoles()} instead
     1302  */
     1303  @Deprecated
    13001304  public Set<Integer> getRoles()
    13011305  {
     1306    return getAllRoles();
     1307  }
     1308
     1309  /**
     1310    Get the id of all roles where the logged in user is a member.
     1311    @return A <code>Set</code> containing role id:s, or null
     1312    @since 3.11
     1313  */
     1314  public Set<Integer> getAllRoles()
     1315  {
    13021316    return loginInfo == null ? null : loginInfo.keyring.getRoles();
     1317  }
     1318 
     1319  /**
     1320    Get the id of all active roles where the logged in user is a member.
     1321    @return A <code>Set</code> containing role id:s or null
     1322    @since 3.11
     1323  */
     1324  public Set<Integer> getActiveRoles()
     1325  {
     1326    if (loginInfo == null) return null;
     1327    Set<Integer> roles = new HashSet<Integer>(loginInfo.keyring.getRoles());
     1328    roles.removeAll(loginInfo.keyring.getInactiveRoles());
     1329    return roles;
     1330  }
     1331 
     1332  /**
     1333    Get the id of all inactive roles where the logged in user is a member.
     1334    @return A <code>Set</code> containing role id:s or null
     1335    @since 3.11
     1336  */
     1337  public Set<Integer> getInactiveRoles()
     1338  {
     1339    return loginInfo == null ? null : Collections.unmodifiableSet(loginInfo.keyring.getInactiveRoles());
     1340  }
     1341
     1342  /**
     1343    Is the given role inactive or not? Note that
     1344    if the user is not a member of the given role
     1345    FALSE is returned.
     1346   
     1347    @param roleId The id of the role to check
     1348    @return TRUE if the role is inactive, FALSE if not (or if the user
     1349      is not a member)
     1350    @since 3.11
     1351  */
     1352  public boolean isRoleInactive(int roleId)
     1353  {
     1354    return loginInfo != null && loginInfo.keyring.getInactiveRoles().contains(roleId);
     1355  }
     1356 
     1357  /**
     1358    Set a role as active or inactive.
     1359   
     1360    @param roleId The id of the role to set
     1361    @param inactive TRUE to set the role to inactive, FALSE to set
     1362      it to active
     1363    @return TRUE if a change was made, FALSE if not (or if the user
     1364      is not a member of the role)
     1365    @since 3.11
     1366  */
     1367  public synchronized boolean setRoleInactive(int roleId, boolean inactive)
     1368  {
     1369    updateLastAccess();
     1370    boolean changed = false;
     1371    if (loginInfo != null)
     1372    {
     1373      changed = loginInfo.keyring.setRoleInactive(roleId, inactive);
     1374      if (changed) allowedClients.clear();
     1375    }
     1376    return changed;
    13031377  }
    13041378 

  • trunk/www/include/menu.jsp

    r7158 r7294  
    5353  import="net.sf.basedb.core.ItemResultList"
    5454  import="net.sf.basedb.core.Type"
     55  import="net.sf.basedb.core.Role"
    5556  import="net.sf.basedb.core.query.Orders"
    5657  import="net.sf.basedb.core.query.Order"
     
    11621163    final boolean hasImpersonate =
    11631164      !sc.isImpersonated() && sc.hasSystemPermission(Permission.ACT_AS_ANOTHER_USER);
     1165   
     1166    List<Role> roles = null;
     1167    Set<Integer> roleIds = sc.getAllRoles();
     1168    if (roleIds != null && roleIds.size() > 0)
     1169    {
     1170      ItemQuery<Role> roleQuery = Role.getQuery();
     1171      roleQuery.restrict(Restrictions.in(Hql.property("id"), Expressions.parameter("roles")));
     1172      roleQuery.setParameter("roles", roleIds, Type.INT);
     1173      roleQuery.order(Orders.asc(Hql.property("name")));
     1174      roles = roleQuery.list(dc);
     1175    }
    11641176    %>
    11651177    <m:menu
     
    11861198        tooltip="<%=menu.getString("logout.tooltip")%>"
    11871199      />
     1200      <%
     1201      if (roles != null && roles.size() > 0)
     1202      {
     1203        %>
     1204        <m:menuseparator />
     1205        <m:menuitem
     1206          title="<%=menu.getString("myroles.title")%>"
     1207          subclass="menusection"
     1208          enabled="false"
     1209        />
     1210        <m:menuseparator />
     1211        <%
     1212        for (Role r : roles)
     1213        {
     1214          boolean isInactive = sc.isRoleInactive(r.getId());
     1215          %>
     1216          <m:menuitem
     1217            title="<%=r.getName() %>"
     1218            tooltip="<%=menu.getString("myroles.tooltip", isInactive)%>"
     1219            icon="<%=isInactive ? "option_unselected.png" : "option_selected.png"%>"
     1220            url="<%=root+"my_base/toggle_active_role.jsp?ID="+ID+"&role_id="+r.getId()%>"
     1221            data-popup="ActivateRole, 300, 200"
     1222          />
     1223          <%
     1224        }
     1225      }
     1226      %>
    11881227    </m:menu>
    11891228    <%
Note: See TracChangeset for help on using the changeset viewer.