Skip to content

P
PERFORMA_REPLICA
Commit c7a9fa82 by Harsh Shah
Options

Admin Portal access restriction changes

parent 21c12272
Showing with 154 additions and 77 deletions
cmsWebApp/src/performa/orm/Job.java
......@@ -33,6 +33,7 @@ public class Job extends BaseJob
super.postInitNewObj();
setRandomKey(RandomStringGen.getRandomStringGen().generateAlphaNum(4));
setSecUser(SecUser.getTXUser(getTransaction()));
}
......
cmsWebApp/src/performa/utils/Utils.java
......@@ -9,8 +9,9 @@ import oneit.security.*;
*/
public class Utils
{
public static final String ROLE_APPLICANT = "TL_Applicant";
public static final String ROLE_CLIENT = "TL_Client";
public static final String ROLE_APPLICANT = "TL_Applicant";
public static final String ROLE_CLIENT = "TL_Client";
public static final String PRIV_ACCESS_ADMIN_PORTAL = "TL_AccessAdminPortal";
public static Role getRole(String role, ObjectTransaction transaction)
{
......@@ -22,8 +23,8 @@ public class Utils
return Privilege.searchNAME(transaction, priv);
}
public static boolean isValidClient(SecUser secUser)
public static boolean checkAdminPortalAccess(SecUser secUser)
{
return (secUser != null && secUser.hasRole(ROLE_CLIENT));
return (secUser != null && secUser.hasPrivilege(PRIV_ACCESS_ADMIN_PORTAL));
}
}
cmsWebApp/src/performa/utils/WebUtils.java
......@@ -18,21 +18,30 @@ public class WebUtils
public static final String APPLICANT_PORTAL = "ApplicantPortal";
public static final String ADMIN_HOME = "AdminHome";
public static final String APPLICANT_HOME = "ApplicantHome";
public static final String CREATE_JOB = "CreateJob";
public static final String ASSESSMENT_CRITERIA = "AssessmentCriteria";
public static final String WORKPLACE_CULTURE = "WorkplaceCulture";
public static final String JOB_MATCH = "JobMatchAssessment";
public static final String JOB_REVIEW = "JobReview";
public static String getArticleLink(HttpServletRequest request, ObjectTransaction objTran, String articleShortcut, String renderMode)
{
return getArticleLink(request, getArticleByShortCut(objTran, articleShortcut), "Page");
}
public static String getArticleLink(HttpServletRequest request, Article article, String renderMode)
{
return article.getLink(request, CollectionUtils.mapEntry("cms.rm", renderMode).toMap());
}
public static String getSamePageInRenderMode (HttpServletRequest request, String renderMode)
{
BaseJSP theJSP = (BaseJSP) request.getAttribute(BaseJSP.JSP_SERVLET);
BaseJSP theJSP = (BaseJSP) request.getAttribute(BaseJSP.JSP_SERVLET);
Article article = (Article)theJSP.getData(request, ContentDF.ARTICLE);
String newURI = article.getLink(request, CollectionUtils.mapEntry("cms.rm", renderMode).toMap());
return newURI;
return getArticleLink(request, article, renderMode);
}
public static String getRadioSingleAssocKey(HttpServletRequest request, BaseBusinessClass bbc, String singleAssocName)
{
DataMap dataMap = DataMap.getDataMap (request, true);
......
cmsWebApp/webroot/dynamic_content_core.jsp
......@@ -2,12 +2,14 @@
<%@ include file="inc/dynamic_content_core_top.jsp" %>
<%@ include file="/inc/stdimports50.jsp" %>
<%@ page import="performa.utils.WebUtils"%>
<%@ page import="performa.utils.*"%>
<%
ORMProcessState process = (ORMProcessState)(ProcessDecorator.getDefaultProcess(request));
ObjectTransaction objTran = (process == null ? ObjectTransaction.getTransaction () : process.getTransaction ());
String portalName = WebUtils.getPortalName(objTran, article);
ORMProcessState process = (ORMProcessState)(ProcessDecorator.getDefaultProcess(request));
ObjectTransaction objTran = (process == null ? ObjectTransaction.getTransaction () : process.getTransaction ());
String portalName = WebUtils.getPortalName(objTran, article);
SecUser loggedInUser = SecUser.getTXUser(objTran);
SecUser clientUser = Utils.checkAdminPortalAccess(loggedInUser) ? loggedInUser : null;
%>
<%@ include file="setuprequest.jsp" %>
......
cmsWebApp/webroot/dynamic_content_form_client.jsp 0 → 100644
<%! protected String getName (ServletConfig config) { return "dynamic_content_form_client"; } %>
<%@ include file="dynamic_content_core.jsp" %>
cmsWebApp/webroot/extensions/adminportal/CustomServlets_adminPortal.xml
<?xml version="1.0"?>
<OBJECTS name="AdminPortal">
<NODE name="dynamic_content_form_client" factory="Participant">
<INHERITS factory="Named" nodename="dynamic_content_form"/>
<DECORATOR id="auth" factory="MetaComponent" component="AdminPortalAuthDecorator" priv="TL_AccessAdminPortal"/>
</NODE>
<NODE name="AdminPortalAuthDecorator" factory="Participant" class="oneit.servlets.utils.decorator.AuthenticatorDecorator">
<AUTHENTICATOR factory="Participant" class="oneit.security.SecurityAuthenticator">
<PRIVILEGE factory="Parameter" param="priv"/>
<FAILED_URL factory="String" value="RestrictedAccess.jsp"/>
<NO_USER_URL factory="String" value="testsso.jsp"/>
</AUTHENTICATOR>
</NODE>
<NODE name="dynamic_content_form::ADMIN_PORTAL" factory="Participant">
</NODE>
......
cmsWebApp/webroot/extensions/adminportal/GeneralConfig_adminPortal.xml
......@@ -4,7 +4,7 @@
<NODE name="StandardCMSTemplates::PERFORMA_ADMIN_PORTAL">
<MAP value="ADMIN_PORTAL_HOME" description="Admin Portal Home" TemplatePage="dynamic_content_form.jsp">
<MAP value="ADMIN_PORTAL_HOME" description="Admin Portal Home" TemplatePage="dynamic_content_form_client.jsp">
<NODE name="Config" factory="Participant" class="oneit.business.content.ArticleConfiguration">
......@@ -16,7 +16,7 @@
</MAP>
<MAP value="CREATE_JOB" description="Create Job" TemplatePage="dynamic_content_form.jsp">
<MAP value="CREATE_JOB" description="Create Job" TemplatePage="dynamic_content_form_client.jsp">
<NODE name="Config" factory="Participant" class="oneit.business.content.ArticleConfiguration">
......
cmsWebApp/webroot/extensions/adminportal/inc/htmlheader.jsp
......@@ -9,39 +9,49 @@
</head>
<body>
<header>
<div class="container-fluid">
<div class="row">
<div class="site-logo">
<a href="#"><img src="images/logo.png"></a>
</div>
<div class="search-bar">
<img src="images/search-icon.png">
<input type="text" class="form-control" placeholder="Search for job, candidate or client">
</div>
<div class="fl-right">
<div class="notification-bar">
<div class="tack-center">
<a href="#">
<span class="notification-label">1</span>
<img src="images/notification-icon.png">
</a>
</div>
<%
if(clientUser != null)
{
%>
<header>
<div class="container-fluid">
<div class="row">
<div class="site-logo">
<a href="#"><img src="images/logo.png"></a>
</div>
<div class="search-bar">
<img src="images/search-icon.png"/>
<input type="text" class="form-control" placeholder="Search for job, candidate or client"/>
</div>
<div class="fl-right">
<div class="notification-bar">
<div class="tack-center">
<a href="#">
<span class="notification-label">1</span>
<img src="images/notification-icon.png">
</a>
</div>
</div>
<div class="user-profile-dropdown">
<a href="#" class="user-name" data-toggle="dropdown">
<oneit:toString value="<%= oneit.security.jsp.SecUserToNameTransform.INSTANCE.transform(clientUser) %>" mode="EscapeHTML"/>
<img src="images/arrow.png"/>
</a>
<ul class="profile-dropdown dropdown-menu">
<span class="arrow-up"></span>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
</ul>
</div>
<div class="create-job-btn">
<a href="<%= WebUtils.getArticleLink(request, objTran, WebUtils.CREATE_JOB, "Page") %>">Create Job</a>
</div>
</div>
</div>
</div>
<div class="user-profile-dropdown">
<a href="#" class="user-name" data-toggle="dropdown">Maria Cobb <img src="images/arrow.png"></a>
<ul class="profile-dropdown dropdown-menu">
<span class="arrow-up"></span>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
<li><a href="#">Menu item</a></li>
</ul>
</div>
<div class="create-job-btn">
<a href="#">Create Job</a>
</div>
</div>
</div>
</div>
</header>
</header>
<%
}
%>
cmsWebApp/webroot/extensions/adminportal/inc/menuinclude.jsp
<div class="container-fluid">
<div class="row content">
<div class="sidebar-menu">
<div class="main-menu">
<div class="mobile-toggle-menu">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<ul>
<li><a href="#"><span class="home-icon"></span>Home</a></li>
<li class="active"><a href="#"><span class="job-icon"></span>Jobs</a></li>
<li><a href="#"><span class="canditates-icon"></span>Canditates</a></li>
<li><a href="#"><span class="client-icon"></span>Clients</a></li>
<span class="brack-line"></span>
<li><a href="#" class="second-menu"><span class="manage-icon"></span>Manage Users</a></li>
<li><a href="#" class="second-menu"><span class="company-icon"></span>My Company</a></li>
<li><a href="#" class="second-menu"><span class="billing-icon"></span>Billing</a></li>
</ul>
</div>
</div>
<div class="main-content-area">
\ No newline at end of file
<div class="row content">
<%
if(clientUser != null)
{
%>
<div class="sidebar-menu">
<div class="main-menu">
<div class="mobile-toggle-menu">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<ul>
<li><a href="#"><span class="home-icon"></span>Home</a></li>
<li class="active"><a href="#"><span class="job-icon"></span>Jobs</a></li>
<li><a href="#"><span class="canditates-icon"></span>Canditates</a></li>
<li><a href="#"><span class="client-icon"></span>Clients</a></li>
<span class="brack-line"></span>
<li><a href="#" class="second-menu"><span class="manage-icon"></span>Manage Users</a></li>
<li><a href="#" class="second-menu"><span class="company-icon"></span>My Company</a></li>
<li><a href="#" class="second-menu"><span class="billing-icon"></span>Billing</a></li>
</ul>
</div>
</div>
<%
}
%>
<div class="main-content-area">
\ No newline at end of file
cmsWebApp/webroot/testsso.jsp
......@@ -19,7 +19,7 @@
{
SecUser secUser = SecUser.searchNAME(objTran, userName);
if(Utils.isValidClient(secUser))
if(Utils.checkAdminPortalAccess(secUser))
{
request.getSession().invalidate();
request.getSession().setAttribute (AuthorisationToken.AUTH_TOKEN_ID, secUser);
......@@ -32,10 +32,12 @@
request.getSession ().setAttribute (SecUser.SEC_USER_ID+".loggedin", ""+new Date());
request.getSession ().setAttribute (SessionSecUserDecorator.REFRESH_SECURITY, Boolean.TRUE);
String url = WebUtils.getArticleLink(request, objTran, WebUtils.ADMIN_HOME, "Page");
objTran.commit();
objTran.commitResources();
response.sendRedirect("AdminPortal-CreateJob.htm");
response.sendRedirect(url);
}
else
{
......
sql/upgrades/20170626_AdminPortalAccessPriv.xml 0 → 100644
<?xml version="1.0"?>
<!-- @AutoRun -->
<OBJECTS name="">
<NODE name="Script" factory="Vector">
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation">
<tableName factory="String">oneit_sec_privilege</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="TL_AccessAdminPortal"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='name' factory='String'>TL_AccessAdminPortal</value>
<value name='description' factory='String'>Can access admin portal</value>
<value name='category' factory='String'>Talentology</value>
<value name='grant_priv_name' factory='Null'/>
</NODE>
<NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation" query="select object_id roleid from oneit_sec_role where name='TL_Client'">
<tableName factory="String">oneit_sec_role_priv_link</tableName>
<value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
<value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
<value name='role_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="roleid"/>
<value name='priv_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID" keyName="TL_AccessAdminPortal"/>
</NODE>
</NODE>
</OBJECTS>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment