1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.client.console.wizards.any;
20
21 import java.util.List;
22 import java.util.stream.Collectors;
23 import org.apache.commons.collections4.CollectionUtils;
24 import org.apache.commons.lang3.StringUtils;
25 import org.apache.syncope.client.console.SyncopeWebApplication;
26 import org.apache.syncope.client.console.rest.RoleRestClient;
27 import org.apache.syncope.client.ui.commons.Constants;
28 import org.apache.syncope.client.ui.commons.ajax.markup.html.LabelInfo;
29 import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel;
30 import org.apache.syncope.client.ui.commons.wizards.any.UserWrapper;
31 import org.apache.syncope.common.lib.to.AnyTO;
32 import org.apache.syncope.common.lib.to.RoleTO;
33 import org.apache.syncope.common.lib.to.UserTO;
34 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
35 import org.apache.wicket.Component;
36 import org.apache.wicket.authroles.authorization.strategies.role.metadata.ActionPermissions;
37 import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
38 import org.apache.wicket.extensions.wizard.WizardModel.ICondition;
39 import org.apache.wicket.extensions.wizard.WizardStep;
40 import org.apache.wicket.markup.html.WebMarkupContainer;
41 import org.apache.wicket.markup.html.basic.Label;
42 import org.apache.wicket.model.PropertyModel;
43 import org.apache.wicket.model.util.ListModel;
44 import org.apache.wicket.spring.injection.annot.SpringBean;
45
46 public class Roles extends WizardStep implements ICondition {
47
48 private static final long serialVersionUID = 552437609667518888L;
49
50 @SpringBean
51 protected RoleRestClient roleRestClient;
52
53 protected final List<String> allRoles;
54
55 protected final UserTO userTO;
56
57 protected WebMarkupContainer dynrolesContainer;
58
59 public <T extends AnyTO> Roles(final UserWrapper modelObject) {
60 if (modelObject.getPreviousUserTO() != null
61 && !modelObject.getInnerObject().getRoles().equals(modelObject.getPreviousUserTO().getRoles())) {
62
63 add(new LabelInfo("changed", StringUtils.EMPTY));
64 } else {
65 add(new Label("changed", StringUtils.EMPTY));
66 }
67
68 userTO = modelObject.getInnerObject();
69
70
71
72
73 ActionPermissions permissions = new ActionPermissions();
74 setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, permissions);
75 permissions.authorize(RENDER,
76 new org.apache.wicket.authroles.authorization.strategies.role.Roles(IdRepoEntitlement.ROLE_LIST));
77
78
79 this.setOutputMarkupId(true);
80
81 allRoles = getManagedRoles();
82
83 add(buildRolesSelector(modelObject));
84
85 dynrolesContainer = new WebMarkupContainer("dynrolesContainer");
86 dynrolesContainer.setOutputMarkupId(true);
87 dynrolesContainer.setOutputMarkupPlaceholderTag(true);
88 add(dynrolesContainer);
89
90 dynrolesContainer.add(new AjaxPalettePanel.Builder<String>().build("dynroles",
91 new PropertyModel<>(userTO, "dynRoles"),
92 new ListModel<>(allRoles)).hideLabel().setEnabled(false).setOutputMarkupId(true));
93 }
94
95 protected List<String> getManagedRoles() {
96 return SyncopeWebApplication.get().getSecuritySettings().getAuthorizationStrategy().
97 isActionAuthorized(this, RENDER)
98 ? roleRestClient.list().stream().map(RoleTO::getKey).sorted().collect(Collectors.toList())
99 : List.of();
100 }
101
102 protected Component buildRolesSelector(final UserWrapper modelObject) {
103 return new AjaxPalettePanel.Builder<String>().
104 withFilter().
105 setAllowOrder(true).
106 build("roles",
107 new PropertyModel<>(modelObject.getInnerObject(), "roles"),
108 new AjaxPalettePanel.Builder.Query<>() {
109
110 private static final long serialVersionUID = 3900199363626636719L;
111
112 @Override
113 public List<String> execute(final String filter) {
114 if (StringUtils.isEmpty(filter) || "*".equals(filter)) {
115 return allRoles.size() > Constants.MAX_ROLE_LIST_SIZE
116 ? allRoles.subList(0, Constants.MAX_ROLE_LIST_SIZE)
117 : allRoles;
118
119 }
120 return allRoles.stream().
121 filter(role -> StringUtils.containsIgnoreCase(role, filter)).
122 collect(Collectors.toList());
123 }
124 }).
125 hideLabel().
126 setOutputMarkupId(true);
127 }
128
129 @Override
130 public final boolean evaluate() {
131 return CollectionUtils.isNotEmpty(allRoles)
132 && SyncopeWebApplication.get().getSecuritySettings().getAuthorizationStrategy().
133 isActionAuthorized(this, RENDER);
134 }
135 }