Skip to content

P
PERFORMA_REPLICA
Commit 36a8de86 by chenith
Options

Updated Company Admin and User authorisation, menu visibility.

parent 62a7ea44
Showing with 126 additions and 2 deletions
cmsWebApp/src/performa/form/SendVerificationMailFP.java
......@@ -18,6 +18,7 @@ import oneit.servlets.forms.*;
import oneit.servlets.process.*;
import oneit.utils.*;
import performa.orm.*;
import performa.orm.types.RoleType;
import performa.utils.Utils;
import performa.utils.WebUtils;
......@@ -97,6 +98,9 @@ public class SendVerificationMailFP extends SaveFP
LogMgr.log(LOG, LogLevel.PROCESSING1, "New user created :: ", secUser);
}
//set default to admin
companyUser.setRole(RoleType.ADMIN);
sendVerificationMail(companyUser, request);
LogMgr.log(LOG, LogLevel.PROCESSING1, "End of sending varification email.", companyUser);
......
cmsWebApp/src/performa/orm/CompanyUser.java
......@@ -2,7 +2,11 @@ package performa.orm;
import oneit.logging.LoggingArea;
import oneit.objstore.*;
import oneit.security.SecUser;
import oneit.utils.*;
import oneit.utils.parsers.FieldException;
import performa.orm.types.RoleType;
import performa.utils.Utils;
public class CompanyUser extends BaseCompanyUser
......@@ -42,4 +46,32 @@ public class CompanyUser extends BaseCompanyUser
{
return getUser().getName();
}
@Override
protected void postRoleChange() throws FieldException
{
SecUser secUser = getUser();
if(getRole()==RoleType.ADMIN)
{
if(secUser.hasRole(Utils.ROLE_COMPANY_USER))
{
secUser.removeRole(Utils.getRole(Utils.ROLE_COMPANY_USER, getTransaction()));
}
secUser.addRole(Utils.getRole(Utils.ROLE_COMPANY_ADMIN, getTransaction()));
}
else if(getRole()==RoleType.STANDARD)
{
if(secUser.hasRole(Utils.ROLE_COMPANY_ADMIN))
{
secUser.removeRole(Utils.getRole(Utils.ROLE_COMPANY_ADMIN, getTransaction()));
}
secUser.addRole(Utils.getRole(Utils.ROLE_COMPANY_USER, getTransaction()));
}
super.postRoleChange();
}
}
\ No newline at end of file
cmsWebApp/src/performa/utils/MenuItemDisableTransformFactory.java
......@@ -26,6 +26,7 @@ public class MenuItemDisableTransformFactory implements ContentTransformFactory,
HttpServletRequest request;
ObjectTransaction transaction;
SecUser secUser;
CompanyUser companyUser;
Company company;
public MenuItemDisableTransform(Article article, HttpServletRequest request, ObjectTransaction transaction)
......@@ -34,13 +35,14 @@ public class MenuItemDisableTransformFactory implements ContentTransformFactory,
this.request = request;
this.transaction = transaction;
this.secUser = SecUser.getTXUser(transaction);
this.company = this.secUser.getExtension(CompanyUser.REFERENCE_CompanyUser).getCompany();
this.companyUser = this.secUser!=null ? this.secUser.getExtension(CompanyUser.REFERENCE_CompanyUser) : null;
this.company = this.companyUser!=null ? this.companyUser.getCompany() : null;
}
public Object transform(Object original)
{
if((Boolean)article.getAdditionalAttribute("Allow Disable", Boolean.FALSE)
&& this.company !=null
&& this.company.getHasClientSupport()!=Boolean.TRUE)
{
return String.valueOf(original);
......
cmsWebApp/src/performa/utils/Utils.java
......@@ -46,8 +46,12 @@ public class Utils
{
public static final String ROLE_APPLICANT = "TL_Applicant";
public static final String ROLE_CLIENT = "TL_Client";
public static final String ROLE_COMPANY_ADMIN = "TL_CompanyAdmin";
public static final String ROLE_COMPANY_USER = "TL_CompanyUser";
public static final String PRIV_ACCESS_ADMIN_PORTAL = "TL_AccessAdminPortal";
public static final String PRIV_ACCESS_APPLICANT_PORTAL = "TL_AccessApplicantPortal";
public static final String PRIV_ACCESS_COMPANY_ADMIN = "TL_AccessCompanyAdmin";
public static final String PRIV_ACCESS_COMPANY = "TL_AccessCompany";
public static final String LEVEL_GENERAL_PURPOSE = "General Purpose";
public static final String LEVEL_SALES = "Sales";
public static final String LEVEL_MANAGEMENT = "Management";
......
cmsWebApp/webroot/extensions/adminportal/upgrades/20170901_UpdateUserStructure.xml
<?xml version="1.0"?>
<!-- @AutoRun -->
<OBJECTS name="">
<NODE name="Script" factory="Vector">
......
cmsWebApp/webroot/extensions/adminportal/upgrades/20170902_UpdateCompanyAddedBy.sql
-- @AutoRun
update tl_company set added_by_user_id = (select object_id from oneit_sec_user_extension ext where ext.user_id = added_by_user_id);
cmsWebApp/webroot/extensions/adminportal/upgrades/20170914_UpdateCMSSecurity.xml 0 → 100644
<?xml version="1.0"?>
<!-- @AutoRun -->
<OBJECTS name="">
<NODE name="Script" factory="Vector">
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select 'cms:ViewPrivilege:' || identifier as privname from oneit_content_article WHERE template='MANAGE_USERS' fetch first 1 row only">
<tableName factory="String">oneit_sec_privilege</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="manageUserViewPrivID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='name' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="privname"/>
<value name='category' factory='String' value="CMS"/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select 'cms:ViewPrivilege:' || identifier as privname from oneit_content_article WHERE template='MY_COMPANY' fetch first 1 row only">
<tableName factory="String">oneit_sec_privilege</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="myCompanyViewPrivID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='name' factory='String'>cms:ViewPrivilege:L81G02K5MTK0TOFUS8WCGZ42NSR06P</value>
<value name='category' factory='String' value="CMS"/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select object_id as roleid from oneit_sec_role where name='TL_CompanyAdmin'">
<tableName factory="String">oneit_sec_role_priv_link</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='priv_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="manageUserViewPrivID"/>
<value name='role_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="roleid"/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select object_id as roleid from oneit_sec_role where name='TL_CompanyAdmin'">
<tableName factory="String">oneit_sec_role_priv_link</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='priv_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="myCompanyViewPrivID"/>
<value name='role_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="roleid"/>
</NODE>
</NODE>
</OBJECTS>
\ No newline at end of file
cmsWebApp/webroot/extensions/adminportal/upgrades/20170915_UpdateCMSArticleScurity.sql 0 → 100644
-- @AutoRun
UPDATE oneit_content_article
SET privilege_id = (SELECT object_id FROM oneit_sec_privilege priv WHERE priv.name = 'cms:ViewPrivilege:' || identifier)
WHERE template = 'MANAGE_USERS';
UPDATE oneit_content_article
SET privilege_id = (SELECT object_id FROM oneit_sec_privilege priv WHERE priv.name = 'cms:ViewPrivilege:' || identifier)
WHERE template = 'MY_COMPANY';
cmsWebApp/webroot/extensions/performa/upgrades/20170914_CompanyAccess_Privs_Roles.xml
......@@ -55,5 +55,25 @@
<value name='role_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="companyUserRoleID"/>
<value name='priv_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="privid"/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select user_id from oneit_sec_user_extension where object_type='CompanyUser' AND role_type='ADMIN'">
<tableName factory="String">oneit_sec_role_grant</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='role_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="companyAdminRoleID"/>
<value name='user_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="user_id"/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"
query="select user_id from oneit_sec_user_extension where object_type='CompanyUser' AND role_type!='ADMIN'">
<tableName factory="String">oneit_sec_role_grant</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='role_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="companyUserRoleID"/>
<value name='user_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="user_id"/>
</NODE>
</NODE>
</OBJECTS>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment