Skip to content

Commit

Permalink
Merge pull request #6286 from solth/edit-role-globally
Browse files Browse the repository at this point in the history
Require global role editing permission to see global authorities
  • Loading branch information
solth authored Nov 17, 2024
2 parents 11c6ba5 + 8a1bbd3 commit 8faef1c
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -956,6 +956,24 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
return securityAccessService.hasAuthorityGlobalToAddOrEditRole();
}

/**
* Checks if current user has global authority for editing roles.
*
* @return true if current user has global authority for editing roles
*/
public boolean hasAuthorityGlobalToEditRole() {
return securityAccessService.hasAuthorityGlobalToEditRole();
}

/**
* Checks if current user has global authority for viewing a role.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToViewRole() {
return securityAccessService.hasAuthorityGlobalToViewRole();
}

/**
* Checks if current user has authority to configure displayed columns in list
* views.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -889,6 +889,25 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
return hasAnyAuthorityGlobal("addRole, editRole");
}

/**
* Checks if current user has global authority for editing a role.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToEditRole() {
return hasAnyAuthorityGlobal("editRole");
}

/**
* Checks if current user has global authority for viewing a role.
* Having the authority to edit a role also grants permission to view it inherently.
*
* @return true if current user has global authority for editing a role
*/
public boolean hasAuthorityGlobalToViewRole() {
return hasAnyAuthorityGlobal("viewRole, editRole");
}

/**
* Check if current user has global authority to view role list. It returns true
* if user has "viewAllRoles" authority globally.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,20 @@
</p:row>
<p:row rendered="#{not SecurityAccessController.hasAuthorityGlobalToAddOrEditRole()}" />
</p:panelGrid>
<p:panelGrid columns="2" layout="grid">
<p:row>
<p:panelGrid columns="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? 2 : 1}"
layout="grid">
<p:row rendered="#{SecurityAccessController.hasAuthorityGlobalToViewRole()}">
<!--global authorities-->
<h:panelGroup>
<h3 style="margin-bottom: 20px">
<h:outputText value="#{msgs.globalAssignable}"/>
</h3>
<!--@elvariable id="authority" type="org.kitodo.data.database.beans.Authority"-->
<p:pickList id="authoritiesGlobalPick"
showSourceFilter="true" showTargetFilter="true"
filterMatchMode="contains"
responsive="true"
disabled="#{isViewMode}"
disabled="#{not SecurityAccessController.hasAuthorityGlobalToEditRole() or isViewMode}"
value="#{RoleForm.globalAssignableAuthorities}"
converter="#{authorityConverter}"
var="authority"
Expand All @@ -70,7 +72,7 @@
<!--client authorities-->
<h:panelGroup>
<h3 style="margin-bottom: 20px">
<h:outputText value="#{msgs.clientAssignable}"/>
<h:outputText value="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? msgs.clientAssignable : msgs.authorities}"/>
</h3>
<p:pickList id="authoritiesClientPick"
value="#{RoleForm.clientAssignableAuthorities}"
Expand Down

0 comments on commit 8faef1c

Please sign in to comment.