Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
New to the framework. i have a form with 6 fields. based on the user permission it should display the form in VIEW / EDIT mode. Lets say PERMISSION1 for VIEW and PERMISSION2 for EDIT. Please advise how to handle this in the same form.
Hey,
If roles are pretty important in your application, I'm going to see you an example of mine application :
First of all, we need some class where we check our rights.
We use spring security :
/**
* Class that provides access to authentication information.
* Annotated with Component("sec").
* This class can also be used in zul pages, just add <?taglib uri="http://security/util" prefix="sec" ?>
* Tip: ZK searches the corresponding TLD file defined in the /metainfo/tld/config.xml file from the classpath (see war!).
*/
@Component("sec")
public abstract class SecurityUtil {
// static Log logger = LogFactory.getLog(SecurityUtil.class);
/**
* Method that returns true if the authenticated principal is granted NONE of the roles in the specified authorities.
* @param authorities String that contains the "comma separated roles"
* @return true if the authenticated principal is granted NONE of the roles in the specified authorities.
*/
public static boolean isNoneGranted(String authorities){
return Collections.disjoint(AuthorityUtils.commaSeparatedStringToAuthorityList(authorities), getAuthentication().getAuthorities());
}
/**
* Method that returns true if the authenticated principal is granted ALL of the roles in the specified authorities.
* @param authorities String that contains the "comma separated roles"
* @return true if the authenticated principal is granted ALL of the roles in the specified authorities.
*/
public static boolean isAllGranted(String authorities){
return getAuthentication().getAuthorities().containsAll(AuthorityUtils.commaSeparatedStringToAuthorityList(authorities));
}
/**
* Method that returns true if the authenticated principal is granted ANY of the roles in the specified authorities.
* @param authorities String that contains the "comma separated roles"
* @return true if the authenticated principal is granted ANY of the roles in the specified authorities.
*/
public static boolean isAnyGranted(String authorities){
List<GrantedAuthority> any = AuthorityUtils.commaSeparatedStringToAuthorityList(authorities);
any.retainAll(getAuthentication().getAuthorities());
return !any.isEmpty();
}
/**
* Method that returns true if the 'user' is authenticated in the application
* @return true if the 'user' is authenticated in the application
*/
public static boolean isAuthenticated(){
if(getAuthentication()==null){
return false;
}
return getAuthentication().isAuthenticated();
}
/**
* Method that returns true if the current Authentication has one of the specified permissions to the presented domain object instance.
* @param hasPermission The String representation of a permission (Role) that may grant access to the given domain (or not)
* @param domainObject The domain that will be accessible or not
* @return true if the current Authentication has one of the specified permissions to the presented domain object instance.
*/
static boolean isAccessible(String hasPermission, Object domainObject){
throw new UnsupportedOperationException();
}
/**
* Method that gives the currently logged in Authentication.
* @return currently login Authentication.
*/
public static Authentication getAuthentication(){
return SecurityContextHolder.getContext().getAuthentication();
}
/**
* Method that gives the currently logged in Authentication.
* @return currently login Authentication.
*/
public static Set<GrantedAuthority> getAuthorities(){
return new HashSet<GrantedAuthority>(SecurityContextHolder.getContext().getAuthentication().getAuthorities());
}
/**
* Method to retrieve the logged in username
* @return the name of the logged in user
*/
public static String getUsername(){
if(getAuthentication()==null){
return "unauthenticated user";
}
// return getUserFromSecurityContext().getAccount();
return getAuthentication().getName();
}
/**
* Method to retrieve the logged in username
* @return the user retrieved by the userDetails from the SecurityContext OR null when no authenication object exists.
*/
public static User getUserFromSecurityContext(){
if(getAuthentication()==null){
User u = new User();
u.setAccount("unauthenticated user");
return u;
}
return ((CustomUserDetails)getAuthentication().getPrincipal()).getUser();
}
}
You can build your own class for this, this is no problem.
Up to the next, we want to acces this class in the zul easy.
So we make now a taglib file :
<taglib>
<uri>http://security/util</uri>
<description>
</description>
<function>
<name>isAllGranted</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.lang.Boolean isAllGranted(java.lang.String authorities)
</function-signature>
<description>
</description>
</function>
<function>
<name>isNoneGranted</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.lang.Boolean isNoneGranted(java.lang.String authorities)
</function-signature>
<description>
</description>
</function>
<function>
<name>isAnyGranted</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.lang.Boolean isAnyGranted(java.lang.String authorities)
</function-signature>
<description>
</description>
</function>
<function>
<name>isAuthenticated</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.lang.Boolean isAuthenticated()
</function-signature>
<description>
</description>
</function>
<function>
<name>username</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.lang.String getUsername()
</function-signature>
<description>
</description>
</function>
<function>
<name>getAuthorities</name>
<function-class>be.chillworld.web.util.SecurityUtil</function-class>
<function-signature>
java.util.Set getAuthorities()
</function-signature>
<description>
</description>
</function>
</taglib>
As you can see, we can acces this file now in the zul by adding :
<?taglib uri="http://security/util" prefix="sec" ?>
Now I make time to make 1 more step. This isn't needed but most of the time you have some roles who concatenate multiple roles.
For this reason I made this class and for the reason of easy maintenance I created this class :
public abstract class RoleDefinitionsForScanning {
public static final String ADMIN = "ROLE_ADMIN";
public static final String CATALOG_MANAGER = "CATALOG_WRITE";
public static final String PUBLIC_INFO = "PUBLIC_INFO";
public static final String PERSON_MANAGER = "PERSON_MANAGER";
public static final String SECURITY_MANAGER = "SECURITY_MANAGER";
public static final String[] ROLES = {ADMIN, CATALOG_MANAGER, PUBLIC_INFO, PERSON_MANAGER, SECURITY_MANAGER};
public static String[] getAllRoles() {
return ROLES;
}
public static String getAdmin() {
return ADMIN;
}
public static String getSecurityManager() {
return SECURITY_MANAGER + "," + ADMIN;
}
public static String getCatalogManager() {
return CATALOG_MANAGER + "," + ADMIN;
}
public static String getPublicInfo() {
return PUBLIC_INFO;
}
public static String getPersonManager() {
return PERSON_MANAGER + "," + ADMIN;
}
}
As you can see, I define that admin role have also acces to the most roles.
Now we need to create a second tld file for accesing this in the zul :
<?xml version="1.0" encoding="UTF-8"?>
<taglib version="2.1" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd">
<tlib-version>1.0</tlib-version>
<short-name>securityroles</short-name>
<uri>/tld/securityRoles</uri>
<function>
<name>admin</name>
<function-class>be.chillworld.model.roles.RoleDefinitionsForScanning</function-class>
<function-signature>
java.lang.String getAdmin()
</function-signature>
<description>
Return the String for the admin role
</description>
</function>
<function>
<name>security</name>
<function-class>be.chillworld.model.roles.RoleDefinitionsForScanning</function-class>
<function-signature>
java.lang.String getSecurityManager()
</function-signature>
<description>
Return the String for the security manager role
</description>
</function>
<function>
<name>catalog</name>
<function-class>be.chillworld.model.roles.RoleDefinitionsForScanning</function-class>
<function-signature>
java.lang.String getCatalogManager()
</function-signature>
<description>
Return the String for the catalog manager role
</description>
</function>
<function>
<name>publicInfo</name>
<function-class>be.chillworld.model.roles.RoleDefinitionsForScanning</function-class>
<function-signature>
java.lang.String getPublicInfo()
</function-signature>
<description>
Return the String for the public info role
</description>
</function>
<function>
<name>person</name>
<function-class>be.chillworld.model.roles.RoleDefinitionsForScanning</function-class>
<function-signature>
java.lang.String getPersonManager()
</function-signature>
<description>
Return the String for the person manager role
</description>
</function>
</taglib>
Now we can acces this in the zul by declaring this :
<?taglib uri="/WEB-INF/tld/securityRoles.tld" prefix="role"?>
So the setup is done, so now let's head to the zul.
<?taglib uri="http://security/util" prefix="sec" ?>
<?taglib uri="/WEB-INF/tld/securityRoles.tld" prefix="role"?>
<textbox value="" if="${sec:isAnyGranted(role:catalog())}" />
<label value="" if="${sec:isNoneGranted(role:catalog())}" />
By the usage of the if attribute, the one who is not visible is also not in the DOM, while if you use the visible attribute that will be rendered in the DOM.
Hope this could help you.
Chill.
Hello,
Just as an add-on, once i was asked to show labels instead of textboxes in order to make it more aesthetically pleasing.
So could consider also setting on the above the visibility of each component in the same manner.
Best Regards,
Darksu
Hello;
You can use readonly and disabled like this..
<textbox value="@bind(vm.field1)" readonly="@load(not vm.hasPermission)" disabled="@load(not vm.hasPermission)"/>
PS: Not tested..
Asked: 2015-10-01 23:11:42 +0800
Seen: 28 times
Last updated: Oct 05 '15