=== added file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/StrutsAuthorityUtils.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/StrutsAuthorityUtils.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/StrutsAuthorityUtils.java 2013-01-17 12:05:04 +0000 @@ -0,0 +1,84 @@ +package org.hisp.dhis.security; + +/* + * Copyright (c) 2004-2012, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import com.opensymphony.xwork2.config.entities.ActionConfig; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.SecurityConfig; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.StringTokenizer; + +/** + * @author Morten Olav Hansen + */ +public class StrutsAuthorityUtils +{ + public static Collection getAuthorities( ActionConfig actionConfig, String key ) + { + final Map staticParams = actionConfig.getParams(); + + if ( staticParams == null || !staticParams.containsKey( key ) ) + { + return Collections.emptySet(); + } + + final String param = staticParams.get( key ); + + HashSet keys = new HashSet(); + + StringTokenizer t = new StringTokenizer( param, "\t\n\r ," ); + + while ( t.hasMoreTokens() ) + { + keys.add( t.nextToken() ); + } + + return keys; + } + + public static Collection getConfigAttributes( ActionConfig actionConfig, String key ) + { + return getConfigAttributes( getAuthorities( actionConfig, key ) ); + } + + public static Collection getConfigAttributes( Collection authorities ) + { + Collection configAttributes = new HashSet(); + + for ( String authority : authorities ) + { + configAttributes.add( new SecurityConfig( authority ) ); + } + + return configAttributes; + } +} === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DefaultRequiredAuthoritiesProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DefaultRequiredAuthoritiesProvider.java 2013-01-17 10:28:37 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DefaultRequiredAuthoritiesProvider.java 2013-01-17 12:05:04 +0000 @@ -28,18 +28,15 @@ */ import com.opensymphony.xwork2.config.entities.ActionConfig; +import org.hisp.dhis.security.StrutsAuthorityUtils; import org.hisp.dhis.security.intercept.SingleSecurityMetadataSource; import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.SecurityMetadataSource; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashSet; -import java.util.Map; import java.util.Set; -import java.util.StringTokenizer; /** * @author Torgeir Lorange Ostby @@ -52,11 +49,11 @@ // Configuration // ------------------------------------------------------------------------- - private Set requiredAuthoritiesKeys; + private String requiredAuthoritiesKey; - public void setRequiredAuthoritiesKeys( Set requiredAuthoritiesKey ) + public void setRequiredAuthoritiesKey( String requiredAuthoritiesKey ) { - this.requiredAuthoritiesKeys = requiredAuthoritiesKey; + this.requiredAuthoritiesKey = requiredAuthoritiesKey; } private Set globalAttributes = Collections.emptySet(); @@ -77,60 +74,15 @@ public SecurityMetadataSource createSecurityMetadataSource( ActionConfig actionConfig, Object object ) { - Collection requiredAuthorities = new HashSet(); - - for ( String requiredAuthoritiesKey : requiredAuthoritiesKeys ) - { - requiredAuthorities.addAll( getRequiredAuthorities( actionConfig, requiredAuthoritiesKey ) ); - } - Collection attributes = new ArrayList(); - - for ( String requiredAuthority : requiredAuthorities ) - { - attributes.add( new SecurityConfig( requiredAuthority ) ); - } - - for ( String globalAttribute : globalAttributes ) - { - attributes.add( new SecurityConfig( globalAttribute ) ); - } + attributes.addAll( StrutsAuthorityUtils.getConfigAttributes( getRequiredAuthorities( actionConfig ) ) ); + attributes.addAll( StrutsAuthorityUtils.getConfigAttributes( globalAttributes ) ); return new SingleSecurityMetadataSource( object, attributes ); } - public Collection getAllRequiredAuthorities( ActionConfig actionConfig ) - { - Collection requiredAuthorities = new HashSet(); - - for ( String requiredAuthoritiesKey : requiredAuthoritiesKeys ) - { - requiredAuthorities.addAll( getRequiredAuthorities( actionConfig, requiredAuthoritiesKey ) ); - } - - return requiredAuthorities; - } - - public Collection getRequiredAuthorities( ActionConfig actionConfig, String requiredAuthoritiesKey ) - { - final Map staticParams = actionConfig.getParams(); - - if ( staticParams == null || !staticParams.containsKey( requiredAuthoritiesKey ) ) - { - return Collections.emptySet(); - } - - final String param = staticParams.get( requiredAuthoritiesKey ); - - HashSet requiredAuthorities = new HashSet(); - - StringTokenizer t = new StringTokenizer( param, "\t\n\r ," ); - - while ( t.hasMoreTokens() ) - { - requiredAuthorities.add( t.nextToken() ); - } - - return requiredAuthorities; + public Collection getRequiredAuthorities( ActionConfig actionConfig ) + { + return StrutsAuthorityUtils.getAuthorities( actionConfig, requiredAuthoritiesKey ); } } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DetectingSystemAuthoritiesProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DetectingSystemAuthoritiesProvider.java 2013-01-17 10:28:37 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/DetectingSystemAuthoritiesProvider.java 2013-01-17 12:05:04 +0000 @@ -27,13 +27,14 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import java.util.Collection; +import java.util.HashSet; + +import org.apache.struts2.dispatcher.Dispatcher; + import com.opensymphony.xwork2.config.Configuration; import com.opensymphony.xwork2.config.entities.ActionConfig; import com.opensymphony.xwork2.config.entities.PackageConfig; -import org.apache.struts2.dispatcher.Dispatcher; - -import java.util.Collection; -import java.util.HashSet; /** * @author Torgeir Lorange Ostby @@ -67,7 +68,7 @@ { for ( ActionConfig actionConfig : packageConfig.getActionConfigs().values() ) { - authorities.addAll( requiredAuthoritiesProvider.getAllRequiredAuthorities( actionConfig ) ); + authorities.addAll( requiredAuthoritiesProvider.getRequiredAuthorities( actionConfig ) ); } } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/RequiredAuthoritiesProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/RequiredAuthoritiesProvider.java 2013-01-17 10:28:37 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/authority/RequiredAuthoritiesProvider.java 2013-01-17 12:05:04 +0000 @@ -27,10 +27,11 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import java.util.Collection; + +import org.springframework.security.access.SecurityMetadataSource; + import com.opensymphony.xwork2.config.entities.ActionConfig; -import org.springframework.security.access.SecurityMetadataSource; - -import java.util.Collection; /** * @author Torgeir Lorange Ostby @@ -45,7 +46,7 @@ * needed. * * @param actionConfig the secure actionConfig to get required authorities - * from. + * from. */ public SecurityMetadataSource createSecurityMetadataSource( ActionConfig actionConfig ); @@ -55,17 +56,12 @@ * SecurityMetadataSource may include additional attributes if needed. * * @param actionConfig the actionConfig to get required authorities from. - * @param object the secure object. + * @param object the secure object. */ public SecurityMetadataSource createSecurityMetadataSource( ActionConfig actionConfig, Object object ); /** * Returns the required authorities of an action configuration. */ - public Collection getAllRequiredAuthorities( ActionConfig actionConfig ); - - /** - * Returns the required authorities of an action configuration and a key. - */ - public Collection getRequiredAuthorities( ActionConfig actionConfig, String requiredAuthoritiesKey ); + public Collection getRequiredAuthorities( ActionConfig actionConfig ); } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ActionAccessVoter.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ActionAccessVoter.java 2011-12-26 10:07:59 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ActionAccessVoter.java 2013-01-17 12:05:04 +0000 @@ -27,15 +27,14 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import java.util.Collection; - +import com.opensymphony.xwork2.config.entities.ActionConfig; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import com.opensymphony.xwork2.config.entities.ActionConfig; +import java.util.Collection; /** * @author Torgeir Lorange Ostby @@ -71,7 +70,7 @@ } int supported = 0; - + for ( ConfigAttribute attribute : attributes ) { if ( supports( attribute ) ) === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml' --- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2013-01-17 10:28:37 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2013-01-17 12:05:04 +0000 @@ -181,12 +181,7 @@ - - - requiredAuthorities - requiredAnyAuthorities - - + M_MODULE_ACCESS_VOTER_ENABLED === modified file 'dhis-2/dhis-web/dhis-web-reporting/src/main/resources/struts.xml' --- dhis-2/dhis-web/dhis-web-reporting/src/main/resources/struts.xml 2013-01-17 10:28:37 +0000 +++ dhis-2/dhis-web/dhis-web-reporting/src/main/resources/struts.xml 2013-01-17 12:05:04 +0000 @@ -20,7 +20,6 @@ displayViewDocumentForm.action F_DOCUMENT_ADD - F_DOCUMENT_PUBLIC_ADD,F_DOCUMENT_PRIVATE_ADD