From 164894c76719cd32761b0379e65adb8c657aa5a3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 12 Jun 2020 00:03:00 +0700 Subject: [PATCH 01/71] #1533 --- wfe-app/pom.xml | 4 +- .../wfe/security/SecurityCheckProperties.java | 47 +++++++++++++++++++ .../main/resources/security.check.properties | 9 ++++ wfe-web/src/main/resources/settingsList.xml | 39 +++++++++++++++ .../classes/settingsDescriptions.properties | 11 +++++ .../settingsDescriptions_ru.properties | 12 +++++ 6 files changed, 120 insertions(+), 2 deletions(-) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java create mode 100644 wfe-core/src/main/resources/security.check.properties diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 4d673eb16c..0cebaf38ca 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/ExampleDS - org.hibernate.dialect.H2Dialect + java:jboss/datasources/WfeMasterDS + org.hibernate.dialect.PostgreSQLDialect java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java new file mode 100644 index 0000000000..ddd3c34521 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java @@ -0,0 +1,47 @@ +package ru.runa.wfe.security; + +import ru.runa.wfe.commons.PropertyResources; + +public class SecurityCheckProperties { + private static final PropertyResources RESOURCES = new PropertyResources("security.check.properties"); + + public static PropertyResources getResources() { + return RESOURCES; + } + + public static boolean getCheckActor() { + return RESOURCES.getBooleanProperty("security.check.object.actor", false); + } + + public static boolean getCheckProcessDefinition() { + return RESOURCES.getBooleanProperty("security.check.object.process.definition", false); + } + + public static boolean getCheckProcessInstance() { + return RESOURCES.getBooleanProperty("security.check.object.process.instance", false); + } + + public static boolean getCheckReport() { + return RESOURCES.getBooleanProperty("security.check.object.report", false); + } + + public static boolean getCheckRelation() { + return RESOURCES.getBooleanProperty("security.check.object.relation", false); + } + + public static boolean getCheckBotStation() { + return RESOURCES.getBooleanProperty("security.check.object.botstation", false); + } + + public static boolean getCheckBot() { + return RESOURCES.getBooleanProperty("security.check.object.bot", false); + } + + public static boolean getCheckDataSource() { + return RESOURCES.getBooleanProperty("security.check.object.datasource", false); + } + + public static boolean getCheckSystem() { + return RESOURCES.getBooleanProperty("security.check.object.system", false); + } +} diff --git a/wfe-core/src/main/resources/security.check.properties b/wfe-core/src/main/resources/security.check.properties new file mode 100644 index 0000000000..86dfda4c03 --- /dev/null +++ b/wfe-core/src/main/resources/security.check.properties @@ -0,0 +1,9 @@ +security.check.object.actor=false +security.check.object.process.definition=false +security.check.object.process.instance=false +security.check.object.report=false +security.check.object.relation=false +security.check.object.botstation=false +security.check.object.bot=false +security.check.object.datasource=false +security.check.object.system=false \ No newline at end of file diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index cae69e4ee0..19347364d9 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -264,4 +264,43 @@ + + + + true + false + + + true + false + + + true + false + + + true + false + + + true + false + + + true + false + + + true + false + + + true + false + + + true + false + + diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index 172abe25f1..755941dba4 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -109,3 +109,14 @@ botstation.properties_botstations.autostart.enabled = start all bot stations on botstation.properties_botstation.invocation.handler.timeout.milliseconds = delay before task creation and bot station invocation botstation.properties_botstation.failedExecutionInitialDelaySeconds = initial value of delay after failed execution of bot's task (next will be 2*n) (in seconds) botstation.properties_botstation.failedExecutionMaxDelaySeconds = limit of delay after failed execution of bot's task (in seconds) + +security.check.properties= Permission check settings +security.check.object.actor=Check actors +security.check.object.process.definition=Check process definitions +security.check.object.process.instance=Check process instances +security.check.object.report=Check reports +security.check.object.relation=Check relations +security.check.object.botstation=Check bot stations +security.check.object.bot=Check bots +security.check.object.datasource=Check data sources +security.check.object.system=Check system \ No newline at end of file diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index e0a156cb95..0f840c0622 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -109,3 +109,15 @@ botstation.properties_botstations.autostart.enabled = \u0430\u0432\u0442\u043e\u botstation.properties_botstation.invocation.handler.timeout.milliseconds = \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0435\u0440\u0435\u0434 \u0432\u044b\u0437\u043e\u0432\u043e\u043c \u0431\u043e\u0442-\u0441\u0442\u0430\u043d\u0446\u0438\u0438 \u043f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0437\u0430\u0434\u0430\u043d\u0438\u044f, \u043d\u0430\u0437\u043d\u0430\u0447\u0430\u0435\u043c\u043e\u0433\u043e \u0431\u043e\u0442\u0443, \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0444\u0438\u043a\u0441\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u043d\u0437\u0430\u043a\u0446\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u0432\u0448\u0435\u0439 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 botstation.properties_botstation.failedExecutionInitialDelaySeconds = \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438 \u0431\u043e\u0442\u0430 (\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435 \u0443\u0434\u0432\u043e\u0438\u0442\u0441\u044f) (\u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445) botstation.properties_botstation.failedExecutionMaxDelaySeconds = \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438 \u0431\u043e\u0442\u0430 (\u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445) + +security.check.properties=\u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u043F\u0440\u0430\u0432 \u0434\u043E\u0441\u0442\u0443\u043F\u0430 + +security.check.object.actor=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C +security.check.object.process.definition=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +security.check.object.process.instance=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +security.check.object.report=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C +security.check.object.relation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C +security.check.object.botstation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C +security.check.object.bot=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442\u0430\u043C +security.check.object.datasource=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u0430\u043C \u0434\u0430\u043D\u043D\u044B\u0445 +security.check.object.system=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file From f23991b5bf68163e0171cfb378fcd56230d404f8 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 12 Jun 2020 23:04:52 +0700 Subject: [PATCH 02/71] #1533 --- .../ru/runa/wfe/audit/logic/AuditLogic.java | 11 +++--- .../wfe/security/SecurityCheckProperties.java | 12 +----- .../runa/wfe/security/SecurityCheckUtil.java | 37 +++++++++++++++++++ .../runa/wfe/security/dao/PermissionDao.java | 31 +++++++++++++++- .../security/logic/AuthorizationLogic.java | 28 ++++++++++---- ...ck.properties => securitycheck.properties} | 2 - .../impl/AuthorizationServiceBean.java | 9 +++-- wfe-web/src/main/resources/settingsList.xml | 10 +---- .../classes/settingsDescriptions.properties | 18 ++++----- .../settingsDescriptions_ru.properties | 18 ++++----- 10 files changed, 117 insertions(+), 59 deletions(-) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java rename wfe-core/src/main/resources/{security.check.properties => securitycheck.properties} (79%) diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java index 71aaa9768d..8139a879b8 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java @@ -34,6 +34,7 @@ import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecuredSingleton; +import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.user.User; /** @@ -51,13 +52,13 @@ public class AuditLogic extends CommonLogic { private NodeProcessDao nodeProcessDao; public void login(User user) { - permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.SYSTEM); } public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) { Preconditions.checkNotNull(filter.getProcessId(), "filter.processId"); ru.runa.wfe.execution.Process process = processDao.getNotNull(filter.getProcessId()); - permissionDao.checkAllowed(user, Permission.READ, process); + permissionDao.checkAllowed(user, Permission.READ, process); ProcessLogs result = new ProcessLogs(filter.getProcessId()); List logs = processLogDao.getAll(filter); result.addLogs(logs, filter.isIncludeSubprocessLogs()); @@ -75,7 +76,7 @@ public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) { public Object getProcessLogValue(User user, Long logId) { Preconditions.checkNotNull(logId, "logId"); ProcessLog processLog = processLogDao.getNotNull(logId); - permissionDao.checkAllowed(user, Permission.READ, SecuredObjectType.PROCESS, processLog.getProcessId()); + permissionDao.checkAllowed(user, Permission.READ, SecuredObjectType.PROCESS, processLog.getProcessId()); return processLog.getBytesObject(); } @@ -89,7 +90,7 @@ public Object getProcessLogValue(User user, Long logId) { * @return Loaded system logs. */ public List getSystemLogs(User user, BatchPresentation batchPresentation) { - permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation); return compiler.getBatch(); } @@ -104,7 +105,7 @@ public List getSystemLogs(User user, BatchPresentation batchPresentat * @return System logs count. */ public int getSystemLogsCount(User user, BatchPresentation batchPresentation) { - permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation); return compiler.getCount(); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java index ddd3c34521..b5dd071552 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java @@ -3,7 +3,7 @@ import ru.runa.wfe.commons.PropertyResources; public class SecurityCheckProperties { - private static final PropertyResources RESOURCES = new PropertyResources("security.check.properties"); + private static final PropertyResources RESOURCES = new PropertyResources("securitycheck.properties"); public static PropertyResources getResources() { return RESOURCES; @@ -32,15 +32,7 @@ public static boolean getCheckRelation() { public static boolean getCheckBotStation() { return RESOURCES.getBooleanProperty("security.check.object.botstation", false); } - - public static boolean getCheckBot() { - return RESOURCES.getBooleanProperty("security.check.object.bot", false); - } - - public static boolean getCheckDataSource() { - return RESOURCES.getBooleanProperty("security.check.object.datasource", false); - } - + public static boolean getCheckSystem() { return RESOURCES.getBooleanProperty("security.check.object.system", false); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java new file mode 100644 index 0000000000..57b45f1f51 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java @@ -0,0 +1,37 @@ +package ru.runa.wfe.security; + +public class SecurityCheckUtil { + + public static boolean needCheckPermission(SecuredObjectType secObjectType) { + if (SecuredObjectType.EXECUTOR.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckActor(); + } + if (SecuredObjectType.DEFINITION.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckProcessDefinition(); + } + if (SecuredObjectType.PROCESS.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckProcessInstance(); + } + if (SecuredObjectType.REPORT.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckReport(); + } + if (SecuredObjectType.REPORTS.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckReport(); + } + if (SecuredObjectType.RELATION.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckRelation(); + } + if (SecuredObjectType.RELATIONS.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckRelation(); + } + if (SecuredObjectType.BOTSTATIONS.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckBotStation(); + } + // TODO bot, datasource + if (SecuredObjectType.SYSTEM.equals(secObjectType) ) { + return SecurityCheckProperties.getCheckSystem(); + } + return true; + } + +} diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index a997a77d9d..33f1f8d7e1 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -50,6 +50,7 @@ import ru.runa.wfe.security.PermissionSubstitutions; import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.user.Executor; import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; @@ -148,6 +149,9 @@ public void setPermissions(Executor executor, Collection permissions * Throws if user has no permission to object. */ public void checkAllowed(User user, Permission permission, SecuredObject object) { + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return; + } if (!isAllowed(user, permission, object)) { throw new AuthorizationException(user + " does not have " + permission + " to " + object); } @@ -157,6 +161,9 @@ public void checkAllowed(User user, Permission permission, SecuredObject object) * Throws if user has no permission to {type, id}. */ public void checkAllowed(User user, Permission permission, SecuredObjectType type, Long id) { + if (!SecurityCheckUtil.needCheckPermission(type)) { + return; + } if (!isAllowed(user, permission, type, id)) { throw new AuthorizationException(user + " does not have " + permission + " to (" + type + ", " + id + ")"); } @@ -166,6 +173,9 @@ public void checkAllowed(User user, Permission permission, SecuredObjectType typ * Throws if user has no permission to {type, all given ids}. */ public void checkAllowedForAll(User user, Permission permission, SecuredObjectType type, List ids) { + if (!SecurityCheckUtil.needCheckPermission(type)) { + return; + } Assert.notNull(ids); List notAllowed = CollectionUtil.diffList(ids, filterAllowedIds(user.getActor(), permission, type, ids)); if (!notAllowed.isEmpty()) { @@ -178,19 +188,31 @@ public void checkAllowedForAll(User user, Permission permission, SecuredObjectTy * Returns true if user have permission to object. */ public boolean isAllowed(User user, Permission permission, SecuredObject object) { + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return true; + } return isAllowed(user.getActor(), permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType type, Long id) { + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } return isAllowed(user.getActor(), permission, type, id); } public boolean isAllowed(Executor executor, Permission permission, SecuredObjectType type, Long id) { + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } Assert.notNull(id); return !filterAllowedIds(executor, permission, type, Collections.singletonList(id)).isEmpty(); } public boolean isAllowed(Executor executor, Permission permission, SecuredObject object, boolean checkPrivileged) { + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return true; + } Long id = object.getIdentifiableId(); SecuredObjectType type = object.getSecuredObjectType(); Assert.notNull(id); @@ -201,6 +223,9 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject * Returns true if user have permission to {type, any id}. */ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType type) { + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); } @@ -328,7 +353,11 @@ public boolean[] isAllowed(User user, Permission permi .fetch()); } for (int i = 0; i < securedObjects.size(); i++) { - result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); + if (!SecurityCheckUtil.needCheckPermission(securedObjects.get(i).getSecuredObjectType())) { + result[i] = true; + } else { + result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); + } } return result; } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index e157120c99..a7914cddae 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -49,6 +49,8 @@ import ru.runa.wfe.security.SecuredObjectFactory; import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecuredSingleton; +import ru.runa.wfe.security.SecurityCheckProperties; +import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.security.dao.PermissionMapping; import ru.runa.wfe.security.dao.QPermissionMapping; import ru.runa.wfe.user.Executor; @@ -96,24 +98,32 @@ public int hashCode() { } public boolean isAllowed(User user, Permission permission, SecuredObject object) { - return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId()); + return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType securedObjectType, Long identifiableId) { - return permissionDao.isAllowed(user, permission, securedObjectType, identifiableId); + return permissionDao.isAllowed(user, permission, securedObjectType, identifiableId); } public boolean[] isAllowed(User user, Permission permission, List securedObjects) { - return permissionDao.isAllowed(user, permission, securedObjects); + boolean[] resAllowed = permissionDao.isAllowed(user, permission, securedObjects); + int i = 0; + for (T securedObject: securedObjects) { + if (!SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { + resAllowed[i] = true; + } + i++; + } + return resAllowed; } public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType securedObjectType) { - return permissionDao.isAllowedForAny(user, permission, securedObjectType); + return permissionDao.isAllowedForAny(user, permission, securedObjectType); } public List getIssuedPermissions(User user, Executor performer, SecuredObject securedObject) { checkPermissionsOnExecutor(user, performer, Permission.READ); - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); return permissionDao.getIssuedPermissions(performer, securedObject); } @@ -434,7 +444,9 @@ public void setPermissions(User user, Long executorId, Collection pe public void setPermissions(User user, Executor executor, Collection permissions, SecuredObject securedObject) { checkPermissionsOnExecutor(user, executor, Permission.READ); - permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); + if (SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { + permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); + } permissionDao.setPermissions(executor, permissions, securedObject); } @@ -453,7 +465,7 @@ public void setPermissions(User user, Executor executor, Collection */ public List getExecutorsWithPermission(User user, SecuredObject securedObject, BatchPresentation batchPresentation, boolean hasPermission) { - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createExecutorWithPermissionCompiler(user, securedObject, batchPresentation, hasPermission); List executors = compiler.getBatch(); @@ -483,7 +495,7 @@ public List getExecutorsWithPermission(User user, SecuredObj * @return Count of executors with or without permission on {@linkplain SecuredObject}. */ public int getExecutorsWithPermissionCount(User user, SecuredObject securedObject, BatchPresentation batchPresentation, boolean hasPermission) { - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createExecutorWithPermissionCompiler(user, securedObject, batchPresentation, hasPermission); return compiler.getCount(); diff --git a/wfe-core/src/main/resources/security.check.properties b/wfe-core/src/main/resources/securitycheck.properties similarity index 79% rename from wfe-core/src/main/resources/security.check.properties rename to wfe-core/src/main/resources/securitycheck.properties index 86dfda4c03..63ec3b41c3 100644 --- a/wfe-core/src/main/resources/security.check.properties +++ b/wfe-core/src/main/resources/securitycheck.properties @@ -4,6 +4,4 @@ security.check.object.process.instance=false security.check.object.report=false security.check.object.relation=false security.check.object.botstation=false -security.check.object.bot=false -security.check.object.datasource=false security.check.object.system=false \ No newline at end of file diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java index 4fe14a497a..93027b1d57 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java @@ -40,6 +40,7 @@ import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.security.dao.PermissionDao; import ru.runa.wfe.security.logic.AuthorizationLogic; import ru.runa.wfe.service.decl.AuthorizationServiceLocal; @@ -68,20 +69,20 @@ public class AuthorizationServiceBean implements AuthorizationServiceLocal, Auth @Override @WebMethod(exclude = true) public void checkAllowed(@NonNull User user, @NonNull Permission permission, @NonNull SecuredObject securedObject) { - permissionDao.checkAllowed(user, permission, securedObject); + permissionDao.checkAllowed(user, permission, securedObject); } @Override @WebMethod(exclude = true) public void checkAllowed(@NonNull User user, @NonNull Permission permission, @NonNull SecuredObjectType type, @NonNull Long id) { - permissionDao.checkAllowed(user, permission, type, id); + permissionDao.checkAllowed(user, permission, type, id); } @Override @WebResult(name = "result") public boolean isAllowed(@WebParam(name = "user") @NonNull User user, @WebParam(name = "permission") @NonNull Permission permission, @WebParam(name = "identifiable") @NonNull SecuredObject securedObject) { - return permissionDao.isAllowed(user, permission, securedObject); + return permissionDao.isAllowed(user, permission, securedObject); } @WebMethod(exclude = true) @@ -212,4 +213,4 @@ public boolean isAllowedWS(@WebParam(name = "user") @NonNull User user, @WebPara @WebParam(name = "identifiableId") @NonNull Long identifiableId) { return authorizationLogic.isAllowed(user, permission, securedObjectType, identifiableId); } -} +} \ No newline at end of file diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index 19347364d9..f03c1a78ca 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -264,7 +264,7 @@ - + true @@ -290,14 +290,6 @@ true false - - true - false - - - true - false - true false diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index 755941dba4..8c554ae677 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -110,13 +110,11 @@ botstation.properties_botstation.invocation.handler.timeout.milliseconds = delay botstation.properties_botstation.failedExecutionInitialDelaySeconds = initial value of delay after failed execution of bot's task (next will be 2*n) (in seconds) botstation.properties_botstation.failedExecutionMaxDelaySeconds = limit of delay after failed execution of bot's task (in seconds) -security.check.properties= Permission check settings -security.check.object.actor=Check actors -security.check.object.process.definition=Check process definitions -security.check.object.process.instance=Check process instances -security.check.object.report=Check reports -security.check.object.relation=Check relations -security.check.object.botstation=Check bot stations -security.check.object.bot=Check bots -security.check.object.datasource=Check data sources -security.check.object.system=Check system \ No newline at end of file +securitycheck.properties = Permission check settings +securitycheck.properties_security.check.object.actor = Check actors +securitycheck.properties_security.check.object.process.definition = Check process definitions +securitycheck.properties_security.check.object.process.instance = Check process instances +securitycheck.properties_security.check.object.report = Check reports +securitycheck.properties_security.check.object.relation = Check relations +securitycheck.properties_security.check.object.botstation = Check bot stations +securitycheck.properties_security.check.object.system = Check system \ No newline at end of file diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 0f840c0622..2a2bc5cbcd 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -110,14 +110,12 @@ botstation.properties_botstation.invocation.handler.timeout.milliseconds = \u043 botstation.properties_botstation.failedExecutionInitialDelaySeconds = \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438 \u0431\u043e\u0442\u0430 (\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435 \u0443\u0434\u0432\u043e\u0438\u0442\u0441\u044f) (\u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445) botstation.properties_botstation.failedExecutionMaxDelaySeconds = \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438 \u0431\u043e\u0442\u0430 (\u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445) -security.check.properties=\u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u043F\u0440\u0430\u0432 \u0434\u043E\u0441\u0442\u0443\u043F\u0430 +securitycheck.properties=\u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u043F\u0440\u0430\u0432 \u0434\u043E\u0441\u0442\u0443\u043F\u0430 -security.check.object.actor=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C -security.check.object.process.definition=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 -security.check.object.process.instance=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 -security.check.object.report=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C -security.check.object.relation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C -security.check.object.botstation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C -security.check.object.bot=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442\u0430\u043C -security.check.object.datasource=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u0430\u043C \u0434\u0430\u043D\u043D\u044B\u0445 -security.check.object.system=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file +securitycheck.properties_security.check.object.actor=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C +securitycheck.properties_security.check.object.process.definition=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +securitycheck.properties_security.check.object.process.instance=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +securitycheck.properties_security.check.object.report=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C +securitycheck.properties_security.check.object.relation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C +securitycheck.properties_security.check.object.botstation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C +securitycheck.properties_security.check.object.system=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file From fbf4f96f09e7a2f60d329355f9caa4d4d69dadc3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 12 Jun 2020 23:13:42 +0700 Subject: [PATCH 03/71] #1533 --- wfe-app/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 0cebaf38ca..4d673eb16c 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/WfeMasterDS - org.hibernate.dialect.PostgreSQLDialect + java:jboss/datasources/ExampleDS + org.hibernate.dialect.H2Dialect java:jboss/UserTransaction false dd.MM.yyyy From d88006e061e68662be032b471a164434d4dc34ab Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 12 Jun 2020 23:19:03 +0700 Subject: [PATCH 04/71] #1533 --- .../java/ru/runa/wfe/audit/logic/AuditLogic.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java index 8139a879b8..22a5ec9f10 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java @@ -52,13 +52,13 @@ public class AuditLogic extends CommonLogic { private NodeProcessDao nodeProcessDao; public void login(User user) { - permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.SYSTEM); } public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) { Preconditions.checkNotNull(filter.getProcessId(), "filter.processId"); ru.runa.wfe.execution.Process process = processDao.getNotNull(filter.getProcessId()); - permissionDao.checkAllowed(user, Permission.READ, process); + permissionDao.checkAllowed(user, Permission.READ, process); ProcessLogs result = new ProcessLogs(filter.getProcessId()); List logs = processLogDao.getAll(filter); result.addLogs(logs, filter.isIncludeSubprocessLogs()); @@ -76,7 +76,7 @@ public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) { public Object getProcessLogValue(User user, Long logId) { Preconditions.checkNotNull(logId, "logId"); ProcessLog processLog = processLogDao.getNotNull(logId); - permissionDao.checkAllowed(user, Permission.READ, SecuredObjectType.PROCESS, processLog.getProcessId()); + permissionDao.checkAllowed(user, Permission.READ, SecuredObjectType.PROCESS, processLog.getProcessId()); return processLog.getBytesObject(); } @@ -90,7 +90,7 @@ public Object getProcessLogValue(User user, Long logId) { * @return Loaded system logs. */ public List getSystemLogs(User user, BatchPresentation batchPresentation) { - permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation); return compiler.getBatch(); } @@ -105,8 +105,8 @@ public List getSystemLogs(User user, BatchPresentation batchPresentat * @return System logs count. */ public int getSystemLogsCount(User user, BatchPresentation batchPresentation) { - permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); + permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation); return compiler.getCount(); } -} +} \ No newline at end of file From 950b95a73236fd358957b10734dfff5f17c369b2 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 12 Jun 2020 23:23:10 +0700 Subject: [PATCH 05/71] #1533 --- .../wfe/security/logic/AuthorizationLogic.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index a7914cddae..a48f0a5c89 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -98,32 +98,32 @@ public int hashCode() { } public boolean isAllowed(User user, Permission permission, SecuredObject object) { - return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId()); + return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType securedObjectType, Long identifiableId) { - return permissionDao.isAllowed(user, permission, securedObjectType, identifiableId); + return permissionDao.isAllowed(user, permission, securedObjectType, identifiableId); } public boolean[] isAllowed(User user, Permission permission, List securedObjects) { boolean[] resAllowed = permissionDao.isAllowed(user, permission, securedObjects); int i = 0; for (T securedObject: securedObjects) { - if (!SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { - resAllowed[i] = true; - } + if (!SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { + resAllowed[i] = true; + } i++; } return resAllowed; } public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType securedObjectType) { - return permissionDao.isAllowedForAny(user, permission, securedObjectType); + return permissionDao.isAllowedForAny(user, permission, securedObjectType); } public List getIssuedPermissions(User user, Executor performer, SecuredObject securedObject) { checkPermissionsOnExecutor(user, performer, Permission.READ); - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); return permissionDao.getIssuedPermissions(performer, securedObject); } From 1d03800f7a8590c60bad873ffbb4d87e339515d1 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Sun, 14 Jun 2020 23:20:35 +0700 Subject: [PATCH 06/71] #1533 --- .../ru/runa/wfe/audit/logic/AuditLogic.java | 12 +- .../wfe/security/SecurityCheckProperties.java | 30 +-- .../runa/wfe/security/SecurityCheckUtil.java | 64 +++---- .../runa/wfe/security/dao/PermissionDao.java | 181 +++++++----------- .../security/logic/AuthorizationLogic.java | 96 ++++------ .../impl/AuthorizationServiceBean.java | 9 +- 6 files changed, 166 insertions(+), 226 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java index 22a5ec9f10..c530d5c93b 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java @@ -83,10 +83,8 @@ public Object getProcessLogValue(User user, Long logId) { /** * Load system logs according to {@link BatchPresentation}. * - * @param user - * Requester user. - * @param batchPresentation - * {@link BatchPresentation} to load logs. + * @param user Requester user. + * @param batchPresentation {@link BatchPresentation} to load logs. * @return Loaded system logs. */ public List getSystemLogs(User user, BatchPresentation batchPresentation) { @@ -98,10 +96,8 @@ public List getSystemLogs(User user, BatchPresentation batchPresentat /** * Load system logs count according to {@link BatchPresentation}. * - * @param user - * Requester user. - * @param batchPresentation - * {@link BatchPresentation} to load logs count. + * @param user Requester user. + * @param batchPresentation {@link BatchPresentation} to load logs count. * @return System logs count. */ public int getSystemLogsCount(User user, BatchPresentation batchPresentation) { diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java index b5dd071552..3002fa8d68 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java @@ -3,37 +3,37 @@ import ru.runa.wfe.commons.PropertyResources; public class SecurityCheckProperties { - private static final PropertyResources RESOURCES = new PropertyResources("securitycheck.properties"); + private static final PropertyResources RESOURCES = new PropertyResources("securitycheck.properties"); public static PropertyResources getResources() { return RESOURCES; } - + public static boolean getCheckActor() { - return RESOURCES.getBooleanProperty("security.check.object.actor", false); + return RESOURCES.getBooleanProperty("security.check.object.actor", false); } - + public static boolean getCheckProcessDefinition() { - return RESOURCES.getBooleanProperty("security.check.object.process.definition", false); + return RESOURCES.getBooleanProperty("security.check.object.process.definition", false); } - + public static boolean getCheckProcessInstance() { - return RESOURCES.getBooleanProperty("security.check.object.process.instance", false); + return RESOURCES.getBooleanProperty("security.check.object.process.instance", false); } - + public static boolean getCheckReport() { - return RESOURCES.getBooleanProperty("security.check.object.report", false); + return RESOURCES.getBooleanProperty("security.check.object.report", false); } - + public static boolean getCheckRelation() { - return RESOURCES.getBooleanProperty("security.check.object.relation", false); + return RESOURCES.getBooleanProperty("security.check.object.relation", false); } - + public static boolean getCheckBotStation() { - return RESOURCES.getBooleanProperty("security.check.object.botstation", false); + return RESOURCES.getBooleanProperty("security.check.object.botstation", false); } - + public static boolean getCheckSystem() { - return RESOURCES.getBooleanProperty("security.check.object.system", false); + return RESOURCES.getBooleanProperty("security.check.object.system", false); } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java index 57b45f1f51..03eb14e135 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java @@ -1,37 +1,37 @@ package ru.runa.wfe.security; public class SecurityCheckUtil { - - public static boolean needCheckPermission(SecuredObjectType secObjectType) { - if (SecuredObjectType.EXECUTOR.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckActor(); - } - if (SecuredObjectType.DEFINITION.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckProcessDefinition(); - } - if (SecuredObjectType.PROCESS.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckProcessInstance(); - } - if (SecuredObjectType.REPORT.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckReport(); - } - if (SecuredObjectType.REPORTS.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckReport(); - } - if (SecuredObjectType.RELATION.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckRelation(); - } - if (SecuredObjectType.RELATIONS.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckRelation(); - } - if (SecuredObjectType.BOTSTATIONS.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckBotStation(); - } - // TODO bot, datasource - if (SecuredObjectType.SYSTEM.equals(secObjectType) ) { - return SecurityCheckProperties.getCheckSystem(); - } - return true; + + public static boolean needCheckPermission(SecuredObjectType secObjectType) { + if (SecuredObjectType.EXECUTOR.equals(secObjectType)) { + return SecurityCheckProperties.getCheckActor(); + } + if (SecuredObjectType.DEFINITION.equals(secObjectType)) { + return SecurityCheckProperties.getCheckProcessDefinition(); + } + if (SecuredObjectType.PROCESS.equals(secObjectType)) { + return SecurityCheckProperties.getCheckProcessInstance(); + } + if (SecuredObjectType.REPORT.equals(secObjectType)) { + return SecurityCheckProperties.getCheckReport(); + } + if (SecuredObjectType.REPORTS.equals(secObjectType)) { + return SecurityCheckProperties.getCheckReport(); + } + if (SecuredObjectType.RELATION.equals(secObjectType)) { + return SecurityCheckProperties.getCheckRelation(); + } + if (SecuredObjectType.RELATIONS.equals(secObjectType)) { + return SecurityCheckProperties.getCheckRelation(); + } + if (SecuredObjectType.BOTSTATIONS.equals(secObjectType)) { + return SecurityCheckProperties.getCheckBotStation(); + } + // TODO bot, datasource + if (SecuredObjectType.SYSTEM.equals(secObjectType)) { + return SecurityCheckProperties.getCheckSystem(); + } + return true; } - + } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 33f1f8d7e1..724f5723eb 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -55,7 +55,6 @@ import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; - /** * Permission DAO level implementation via Hibernate. * @@ -99,21 +98,16 @@ public void init() { public List getIssuedPermissions(Executor executor, SecuredObject object) { QPermissionMapping pm = QPermissionMapping.permissionMapping; return queryFactory.select(pm.permission).from(pm) - .where(pm.objectType.eq(object.getSecuredObjectType()) - .and(pm.objectId.eq(object.getIdentifiableId())) - .and(pm.executor.eq(executor))) + .where(pm.objectType.eq(object.getSecuredObjectType()).and(pm.objectId.eq(object.getIdentifiableId())).and(pm.executor.eq(executor))) .fetch(); } /** * Sets permissions for executor on securedObject. * - * @param executor - * Executor, which got permissions. - * @param permissions - * Permissions for executor. - * @param object - * Secured object to set permission on. + * @param executor Executor, which got permissions. + * @param permissions Permissions for executor. + * @param object Secured object to set permission on. */ public void setPermissions(Executor executor, Collection permissions, SecuredObject object) { ApplicablePermissions.check(object, permissions); @@ -136,12 +130,8 @@ public void setPermissions(Executor executor, Collection permissions } if (!toDelete.isEmpty()) { QPermissionMapping pm = QPermissionMapping.permissionMapping; - queryFactory.delete(pm) - .where(pm.objectType.eq(object.getSecuredObjectType()) - .and(pm.objectId.eq(object.getIdentifiableId())) - .and(pm.executor.eq(executor)) - .and(pm.permission.in(toDelete))) - .execute(); + queryFactory.delete(pm).where(pm.objectType.eq(object.getSecuredObjectType()).and(pm.objectId.eq(object.getIdentifiableId())) + .and(pm.executor.eq(executor)).and(pm.permission.in(toDelete))).execute(); } } @@ -149,9 +139,9 @@ public void setPermissions(Executor executor, Collection permissions * Throws if user has no permission to object. */ public void checkAllowed(User user, Permission permission, SecuredObject object) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { - return; - } + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return; + } if (!isAllowed(user, permission, object)) { throw new AuthorizationException(user + " does not have " + permission + " to " + object); } @@ -161,9 +151,9 @@ public void checkAllowed(User user, Permission permission, SecuredObject object) * Throws if user has no permission to {type, id}. */ public void checkAllowed(User user, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { - return; - } + if (!SecurityCheckUtil.needCheckPermission(type)) { + return; + } if (!isAllowed(user, permission, type, id)) { throw new AuthorizationException(user + " does not have " + permission + " to (" + type + ", " + id + ")"); } @@ -173,9 +163,9 @@ public void checkAllowed(User user, Permission permission, SecuredObjectType typ * Throws if user has no permission to {type, all given ids}. */ public void checkAllowedForAll(User user, Permission permission, SecuredObjectType type, List ids) { - if (!SecurityCheckUtil.needCheckPermission(type)) { - return; - } + if (!SecurityCheckUtil.needCheckPermission(type)) { + return; + } Assert.notNull(ids); List notAllowed = CollectionUtil.diffList(ids, filterAllowedIds(user.getActor(), permission, type, ids)); if (!notAllowed.isEmpty()) { @@ -188,31 +178,31 @@ public void checkAllowedForAll(User user, Permission permission, SecuredObjectTy * Returns true if user have permission to object. */ public boolean isAllowed(User user, Permission permission, SecuredObject object) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { - return true; - } + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return true; + } return isAllowed(user.getActor(), permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { - return true; - } + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } return isAllowed(user.getActor(), permission, type, id); } public boolean isAllowed(Executor executor, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { - return true; - } + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } Assert.notNull(id); return !filterAllowedIds(executor, permission, type, Collections.singletonList(id)).isEmpty(); } public boolean isAllowed(Executor executor, Permission permission, SecuredObject object, boolean checkPrivileged) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { - return true; - } + if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + return true; + } Long id = object.getIdentifiableId(); SecuredObjectType type = object.getSecuredObjectType(); Assert.notNull(id); @@ -223,9 +213,9 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject * Returns true if user have permission to {type, any id}. */ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType type) { - if (!SecurityCheckUtil.needCheckPermission(type)) { - return true; - } + if (!SecurityCheckUtil.needCheckPermission(type)) { + return true; + } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); } @@ -234,12 +224,13 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu } /** - * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), - * non-empty set (containing arbitrary value) means positive check result. + * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), non-empty + * set (containing arbitrary value) means positive check result. * * @param checkPrivileged If false, only permission_mapping table is checked, but not privileged_mapping. */ - public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, boolean checkPrivileged) { + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, + boolean checkPrivileged) { ApplicablePermissions.check(type, permission); boolean haveIds = idsOrNull != null; @@ -258,22 +249,17 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu // Same type for all objects, thus same listType. I believe it would be faster to perform separate query here. // ATTENTION!!! Also, HQL query with two conditions (on both type and listType) always returns empty rowset. :( - // (Both here with QueryDSL and in HibernateCompilerHQLBuilder.addSecureCheck() with raw HQL.) - if (!subst.listPermissions.isEmpty() && queryFactory.select(pm.id).from(pm) - .where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type.getListType())) - .and(pm.objectId.eq(0L)) - .and(pm.permission.in(subst.listPermissions))) - .fetchFirst() != null) { + // (Both here with QueryDSL and in HibernateCompilerHQLBuilder.addSecureCheck() with raw HQL.) + if (!subst.listPermissions.isEmpty() + && queryFactory.select(pm.id).from(pm).where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type.getListType())) + .and(pm.objectId.eq(0L)).and(pm.permission.in(subst.listPermissions))).fetchFirst() != null) { return haveIds ? new HashSet<>(idsOrNull) : nonEmptySet; } Set result = new HashSet<>(); for (List idsPart : haveIds ? Lists.partition(idsOrNull, SystemProperties.getDatabaseParametersCount()) : nonEmptyListList) { JPQLQuery q = queryFactory.select(pm.id).from(pm) - .where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type)) - .and(pm.permission.in(subst.selfPermissions))); + .where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type)).and(pm.permission.in(subst.selfPermissions))); if (haveIds) { result.addAll(q.where(pm.objectId.in(idsPart)).fetch()); } else if (q.fetchFirst() != null) { @@ -286,12 +272,9 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu /** * Checks whether executor has permission on securedObject's. Create result array in same order, as securedObject's. * - * @param user - * Executor, which permission must be check. - * @param permission - * Checking permission. - * @param securedObjects - * Secured objects to check permission on. + * @param user Executor, which permission must be check. + * @param permission Checking permission. + * @param securedObjects Secured objects to check permission on. * @return Array of: true if executor has requested permission on securedObject; false otherwise. * @deprecated Use filterAllowedIds() which takes list of IDs, not of whole entities. */ @@ -318,12 +301,9 @@ public boolean[] isAllowed(User user, Permission permi PermissionSubstitutions.ForCheck subst = PermissionSubstitutions.getForCheck(type, permission); QPermissionMapping pm = QPermissionMapping.permissionMapping; // Same type for all objects, thus same listType. I believe it would be faster to perform separate query here. - if (!subst.listPermissions.isEmpty() && queryFactory.select(pm.id).from(pm) - .where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type.getListType())) - .and(pm.objectId.eq(0L)) - .and(pm.permission.in(subst.listPermissions))) - .fetchFirst() != null) { + if (!subst.listPermissions.isEmpty() + && queryFactory.select(pm.id).from(pm).where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type.getListType())) + .and(pm.objectId.eq(0L)).and(pm.permission.in(subst.listPermissions))).fetchFirst() != null) { Arrays.fill(result, true); return result; } @@ -345,19 +325,15 @@ public boolean[] isAllowed(User user, Permission permi if (identifiableIds.isEmpty()) { break; } - allowedIdentifiableIds.addAll(queryFactory.selectDistinct(pm.objectId).from(pm) - .where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type)) - .and(pm.objectId.in(identifiableIds)) - .and(pm.permission.in(subst.selfPermissions))) - .fetch()); + allowedIdentifiableIds.addAll(queryFactory.selectDistinct(pm.objectId).from(pm).where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type)).and(pm.objectId.in(identifiableIds)).and(pm.permission.in(subst.selfPermissions))).fetch()); } for (int i = 0; i < securedObjects.size(); i++) { - if (!SecurityCheckUtil.needCheckPermission(securedObjects.get(i).getSecuredObjectType())) { - result[i] = true; - } else { - result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); - } + if (!SecurityCheckUtil.needCheckPermission(securedObjects.get(i).getSecuredObjectType())) { + result[i] = true; + } else { + result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); + } } return result; } @@ -390,8 +366,7 @@ public void deleteAllPermissions(SecuredObject obj) { public Set getExecutorsWithPermission(SecuredObject obj) { QPermissionMapping pm = QPermissionMapping.permissionMapping; List list = queryFactory.selectDistinct(pm.executor).from(pm) - .where(pm.objectType.eq(obj.getSecuredObjectType()).and(pm.objectId.eq(obj.getIdentifiableId()))) - .fetch(); + .where(pm.objectType.eq(obj.getSecuredObjectType()).and(pm.objectId.eq(obj.getIdentifiableId()))).fetch(); Set result = new HashSet<>(list); result.addAll(getPrivilegedExecutors(obj.getSecuredObjectType())); return result; @@ -434,10 +409,8 @@ public boolean hasPrivilegedExecutor(List executorIds) { /** * Check if executor is privileged executor for given object. * - * @param executor - * {@linkplain Executor}, to check if privileged. - * @param object - * {@linkplain SecuredObject} object, to check if executor is privileged to it. + * @param executor {@linkplain Executor}, to check if privileged. + * @param object {@linkplain SecuredObject} object, to check if executor is privileged to it. * @return true if executor is privileged for given object and false otherwise. */ private boolean isPrivilegedExecutor(SecuredObject object, Executor executor) { @@ -457,10 +430,8 @@ private boolean isPrivilegedExecutor(SecuredObjectType type, Collectiondictionary tables describing new SecuredObject type. * - * @param type - * Type of SecuredObject. - * @param executors - * Privileged executors for target class. + * @param type Type of SecuredObject. + * @param executors Privileged executors for target class. */ public void addType(SecuredObjectType type, List executors) { for (Executor executor : executors) { @@ -474,16 +445,11 @@ public void addType(SecuredObjectType type, List executors) /** * Load list of {@linkplain SecuredObject} for which executors have permission on. * - * @param user - * User which must have permission on loaded {@linkplain SecuredObject} (at least one). - * @param batchPresentation - * {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. - * @param permission - * {@linkplain Permission}, which executors must has on {@linkplain SecuredObject}. - * @param securedObjectTypes - * {@linkplain SecuredObjectType} types, used to check permissions. - * @param enablePaging - * Flag, equals true, if paging must be enabled and false otherwise. + * @param user User which must have permission on loaded {@linkplain SecuredObject} (at least one). + * @param batchPresentation {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. + * @param permission {@linkplain Permission}, which executors must has on {@linkplain SecuredObject}. + * @param securedObjectTypes {@linkplain SecuredObjectType} types, used to check permissions. + * @param enablePaging Flag, equals true, if paging must be enabled and false otherwise. * @return List of {@link SecuredObject}'s for which executors have permission on. */ public List getPersistentObjects(User user, BatchPresentation batchPresentation, Permission permission, @@ -505,17 +471,14 @@ public List getPersistentObjects(User user, BatchPresen /** * Load count of {@linkplain SecuredObject} for which executors have permission on. * - * @param user - * User which must have permission on loaded {@linkplain SecuredObject} (at least one). - * @param batchPresentation - * {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. - * @param permission - * {@linkplain Permission}, which executors must have on {@linkplain SecuredObject}. - * @param securedObjectTypes - * {@linkplain SecuredObjectType} types, used to check permissions. + * @param user User which must have permission on loaded {@linkplain SecuredObject} (at least one). + * @param batchPresentation {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. + * @param permission {@linkplain Permission}, which executors must have on {@linkplain SecuredObject}. + * @param securedObjectTypes {@linkplain SecuredObjectType} types, used to check permissions. * @return Count of {@link SecuredObject}'s for which executors have permission on. */ - public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, SecuredObjectType[] securedObjectTypes) { + public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, + SecuredObjectType[] securedObjectTypes) { TimeMeasurer timeMeasurer = new TimeMeasurer(logger, 1000); timeMeasurer.jobStarted(); RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, permission, securedObjectTypes); @@ -527,11 +490,7 @@ public int getPersistentObjectCount(User user, BatchPresentation batchPresentati public boolean permissionExists(final Executor executor, final Permission permission, final SecuredObject object) { QPermissionMapping pm = QPermissionMapping.permissionMapping; - return queryFactory.select(pm.id).from(pm) - .where(pm.executor.eq(executor) - .and(pm.objectType.eq(object.getSecuredObjectType())) - .and(pm.objectId.eq(object.getIdentifiableId())) - .and(pm.permission.eq(permission))) - .fetchFirst() != null; + return queryFactory.select(pm.id).from(pm).where(pm.executor.eq(executor).and(pm.objectType.eq(object.getSecuredObjectType())) + .and(pm.objectId.eq(object.getIdentifiableId())).and(pm.permission.eq(permission))).fetchFirst() != null; } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index a48f0a5c89..3386e4f63c 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -66,6 +66,7 @@ public class AuthorizationLogic extends CommonLogic { @Autowired private SecuredObjectFactory securedObjectFactory; + /** * Used by addPermissions() and setPermissions(), to avoid duplicated rows in table "permission_mapping". */ @@ -87,8 +88,7 @@ public boolean equals(Object o) { return false; } IdAndPermission that = (IdAndPermission) o; - return Objects.equals(id, that.id) && - Objects.equals(permission, that.permission); + return Objects.equals(id, that.id) && Objects.equals(permission, that.permission); } @Override @@ -108,17 +108,17 @@ public boolean isAllowed(User user, Permission permission, SecuredObjectType sec public boolean[] isAllowed(User user, Permission permission, List securedObjects) { boolean[] resAllowed = permissionDao.isAllowed(user, permission, securedObjects); int i = 0; - for (T securedObject: securedObjects) { + for (T securedObject : securedObjects) { if (!SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { resAllowed[i] = true; } - i++; + i++; } return resAllowed; } public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType securedObjectType) { - return permissionDao.isAllowedForAny(user, permission, securedObjectType); + return permissionDao.isAllowedForAny(user, permission, securedObjectType); } public List getIssuedPermissions(User user, Executor performer, SecuredObject securedObject) { @@ -127,7 +127,6 @@ public List getIssuedPermissions(User user, Executor performer, Secu return permissionDao.getIssuedPermissions(performer, securedObject); } - /** * Exports permissions to xml, see: ExportDataFileAction. *

@@ -149,19 +148,19 @@ public void exportDataFile(User user, Document script) { singletonTypes.add(t); } } - exportDataFilePermissions(parentElement, queryFactory.select(pm.permission, e.name, pm.objectType) - .from(pm, e) - .where(pm.objectType.in(singletonTypes).and(pm.objectId.eq(0L)).and(pm.executor.eq(e))) - .orderBy(pm.objectType.asc(), e.name.asc(), pm.permission.asc())); + exportDataFilePermissions(parentElement, + queryFactory.select(pm.permission, e.name, pm.objectType).from(pm, e) + .where(pm.objectType.in(singletonTypes).and(pm.objectId.eq(0L)).and(pm.executor.eq(e))) + .orderBy(pm.objectType.asc(), e.name.asc(), pm.permission.asc())); } // Export ACTOR and GROUP permissions. { - QExecutor e2 = new QExecutor("e2"); // same table as `e`, but different alias - exportDataFilePermissions(parentElement, queryFactory.select(pm.permission, e.name, pm.objectType, e2.name) - .from(pm, e, e2) - .where(pm.objectType.eq(EXECUTOR).and(pm.objectId.eq(e2.id)).and(pm.executor.eq(e))) - .orderBy(pm.objectType.asc(), e2.name.asc(), e.name.asc(), pm.permission.asc())); + QExecutor e2 = new QExecutor("e2"); // same table as `e`, but different alias + exportDataFilePermissions(parentElement, + queryFactory.select(pm.permission, e.name, pm.objectType, e2.name).from(pm, e, e2) + .where(pm.objectType.eq(EXECUTOR).and(pm.objectId.eq(e2.id)).and(pm.executor.eq(e))) + .orderBy(pm.objectType.asc(), e2.name.asc(), e.name.asc(), pm.permission.asc())); } // Export DEFINITION permissions. @@ -178,12 +177,10 @@ public void exportDataFile(User user, Document script) { definitionNamesByIdentifiableIds.put((long) name.hashCode(), name); } - val tuples = queryFactory.select(pm.permission, e.name, pm.objectType, pm.objectId) - .from(pm, e) + val tuples = queryFactory.select(pm.permission, e.name, pm.objectType, pm.objectId).from(pm, e) .where(pm.objectType.eq(DEFINITION).and(pm.executor.eq(e))) // exportDataFilePermissions() requires that rows are ordered by (object, executor) first, permission last. - .orderBy(pm.objectId.asc(), e.name.asc(), pm.permission.asc()) - .fetch(); + .orderBy(pm.objectId.asc(), e.name.asc(), pm.permission.asc()).fetch(); val rows = new ArrayList(tuples.size()); for (val t : tuples) { val objectName = definitionNamesByIdentifiableIds.get(t.get(3, Long.class)); @@ -215,8 +212,8 @@ private static class ExportDataFilePermissionRow { } /** - * @param parentElement Parent for "addPermissions" elements. - * @param query Must return fields in order: permission, executorName, objectType, [objectName]. + * @param parentElement Parent for "addPermissions" elements. + * @param query Must return fields in order: permission, executorName, objectType, [objectName]. */ private void exportDataFilePermissions(Element parentElement, JPQLQuery query) { try (final CloseableIterator it = query.iterate()) { @@ -268,14 +265,14 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera val row = it.next(); // Manually group by objectType, objectName, executorName. - if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) || !Objects.equals(row.executorName, - lastExecutorName)) { + if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) + || !Objects.equals(row.executorName, lastExecutorName)) { lastObjectType = row.objectType; lastObjectName = row.objectName; lastExecutorName = row.executorName; addPermissionsElement = parentElement.addElement("addPermissions", XmlUtils.RUNA_NAMESPACE); - //noinspection ConstantConditions + // noinspection ConstantConditions addPermissionsElement.addAttribute("type", row.objectType.getName()); if (row.objectName != null) { addPermissionsElement.addAttribute("name", row.objectName); @@ -283,7 +280,7 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera addPermissionsElement.addAttribute("executor", row.executorName); } - //noinspection ConstantConditions + // noinspection ConstantConditions addPermissionsElement.addElement("permission", XmlUtils.RUNA_NAMESPACE).addAttribute("name", row.permission.getName()); } } @@ -304,7 +301,7 @@ public void setPermissions(User user, String executorName, Map> objectNames, Set permissions, boolean deleteExisting) { - Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. + Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. permissionDao.checkAllowed(user, Permission.READ, executor); QPermissionMapping pm = QPermissionMapping.permissionMapping; @@ -332,13 +329,8 @@ private void setPermissionsImpl(User user, String executorName, Map existing = new HashSet<>(); - try (CloseableIterator i = queryFactory.select(pm.objectId, pm.permission) - .from(pm) - .where(pm.executor.eq(executor) - .and(pm.objectType.eq(type)) - .and(pm.objectId.in(objectIds))) - .iterate() - ) { + try (CloseableIterator i = queryFactory.select(pm.objectId, pm.permission).from(pm) + .where(pm.executor.eq(executor).and(pm.objectType.eq(type)).and(pm.objectId.in(objectIds))).iterate()) { while (i.hasNext()) { Tuple t = i.next(); existing.add(new IdAndPermission(t.get(0, Long.class), t.get(1, Permission.class))); @@ -388,7 +380,7 @@ public void removeAllPermissions(User user, String executorName, Map> objectNames, Set permissions) { - Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. + Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. permissionDao.checkAllowed(user, Permission.READ, executor); QPermissionMapping pm = QPermissionMapping.permissionMapping; @@ -445,7 +437,7 @@ public void setPermissions(User user, Long executorId, Collection pe public void setPermissions(User user, Executor executor, Collection permissions, SecuredObject securedObject) { checkPermissionsOnExecutor(user, executor, Permission.READ); if (SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { - permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); } permissionDao.setPermissions(executor, permissions, securedObject); } @@ -453,19 +445,16 @@ public void setPermissions(User user, Executor executor, Collection /** * Load executor's which already has (or not has) some permission on specified securedObject. This query using paging. * - * @param user - * Current actor {@linkplain User}. - * @param securedObject - * {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. - * @param batchPresentation - * {@linkplain BatchPresentation} for loading executors. - * @param hasPermission - * Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without permissions. + * @param user Current actor {@linkplain User}. + * @param securedObject {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. + * @param batchPresentation {@linkplain BatchPresentation} for loading executors. + * @param hasPermission Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without + * permissions. * @return Executors with or without permission on {@linkplain SecuredObject} . */ public List getExecutorsWithPermission(User user, SecuredObject securedObject, BatchPresentation batchPresentation, boolean hasPermission) { - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createExecutorWithPermissionCompiler(user, securedObject, batchPresentation, hasPermission); List executors = compiler.getBatch(); @@ -473,9 +462,9 @@ public List getExecutorsWithPermission(User user, SecuredObj if (batchPresentation.getType().getPresentationClass().isInstance(privelegedExecutor) && permissionDao.isAllowed(user, Permission.READ, privelegedExecutor)) { if (hasPermission) - executors.add(0, privelegedExecutor); + executors.add(0, privelegedExecutor); else - executors.remove(privelegedExecutor); + executors.remove(privelegedExecutor); } } return executors; @@ -484,18 +473,15 @@ public List getExecutorsWithPermission(User user, SecuredObj /** * Load executor's count which already has (or not has) some permission on specified securedObject. * - * @param user - * Current actor {@linkplain User}. - * @param securedObject - * {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. - * @param batchPresentation - * {@linkplain BatchPresentation} for loading executors. - * @param hasPermission - * Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without permissions. + * @param user Current actor {@linkplain User}. + * @param securedObject {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. + * @param batchPresentation {@linkplain BatchPresentation} for loading executors. + * @param hasPermission Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without + * permissions. * @return Count of executors with or without permission on {@linkplain SecuredObject}. */ public int getExecutorsWithPermissionCount(User user, SecuredObject securedObject, BatchPresentation batchPresentation, boolean hasPermission) { - permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); + permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject); PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createExecutorWithPermissionCompiler(user, securedObject, batchPresentation, hasPermission); return compiler.getCount(); diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java index 93027b1d57..1ebf791c0d 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java @@ -69,20 +69,20 @@ public class AuthorizationServiceBean implements AuthorizationServiceLocal, Auth @Override @WebMethod(exclude = true) public void checkAllowed(@NonNull User user, @NonNull Permission permission, @NonNull SecuredObject securedObject) { - permissionDao.checkAllowed(user, permission, securedObject); + permissionDao.checkAllowed(user, permission, securedObject); } @Override @WebMethod(exclude = true) public void checkAllowed(@NonNull User user, @NonNull Permission permission, @NonNull SecuredObjectType type, @NonNull Long id) { - permissionDao.checkAllowed(user, permission, type, id); + permissionDao.checkAllowed(user, permission, type, id); } @Override @WebResult(name = "result") public boolean isAllowed(@WebParam(name = "user") @NonNull User user, @WebParam(name = "permission") @NonNull Permission permission, @WebParam(name = "identifiable") @NonNull SecuredObject securedObject) { - return permissionDao.isAllowed(user, permission, securedObject); + return permissionDao.isAllowed(user, permission, securedObject); } @WebMethod(exclude = true) @@ -193,8 +193,7 @@ public int getExecutorsWithPermissionCount(@WebParam(name = "user") @NonNull Use @WebResult(name = "result") public List getPersistentObjects(@WebParam(name = "user") @NonNull User user, @WebParam(name = "batchPresentation") @NonNull BatchPresentation batchPresentation, - @WebParam(name = "persistentClass") @NonNull Class persistentClass, - @WebParam(name = "permission") @NonNull Permission permission, + @WebParam(name = "persistentClass") @NonNull Class persistentClass, @WebParam(name = "permission") @NonNull Permission permission, @WebParam(name = "securedObjectTypes") @NonNull SecuredObjectType[] securedObjectTypes, @WebParam(name = "enablePaging") boolean enablePaging) { return (List) authorizationLogic.getPersistentObjects(user, batchPresentation, permission, securedObjectTypes, enablePaging); From c6e22e16346137a9e76bcbbba21793c0a2c4b0b5 Mon Sep 17 00:00:00 2001 From: dataobject Date: Mon, 22 Jun 2020 14:47:16 +0300 Subject: [PATCH 07/71] RM1710 --- .../runa/wfe/datasource/DataSourceStuff.java | 2 + .../ru/runa/common/web/MessagesCommon.java | 2 + .../web/action/ViewInternalStorageAction.java | 139 ++++++++++++++++++ .../web/form/ViewInternalStorageForm.java | 41 ++++++ .../ru/runa/common/web/tag/TabHeaderTag.java | 11 ++ .../ru/runa/common/web/tag/ViewSheetsTag.java | 74 ++++++++++ .../webapp/WEB-INF/classes/struts.properties | 4 +- .../WEB-INF/classes/struts_ru.properties | 2 + .../WEB-INF/common/internal_storage.jsp | 54 +++++++ .../src/main/webapp/WEB-INF/struts-config.xml | 10 ++ 10 files changed, 338 insertions(+), 1 deletion(-) create mode 100644 wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java create mode 100644 wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java create mode 100644 wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java create mode 100644 wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java index 6c59eebdab..ea1096ea06 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java @@ -29,6 +29,8 @@ public interface DataSourceStuff { String JNDI_NAME_SAMPLE = "jboss/datasources/"; + String INTERNAL_STORAGE_DATA_SOURCE_NAME = "InternalStorage"; + static String adjustUrl(JdbcDataSource jds) { String url = jds.getUrl(); String dbName = Strings.isNullOrEmpty(jds.getDbName()) ? "__DB_UNDEFINED__" : jds.getDbName(); diff --git a/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java b/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java index fc822b6286..9848125a20 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java +++ b/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java @@ -27,6 +27,8 @@ public final class MessagesCommon { public static final StrutsMessage MAIN_MENU_ITEM_SETTINGS = new StrutsMessage("manage_settings"); // Forward menu (left main menu items) -> Logs. public static final StrutsMessage MAIN_MENU_ITEM_LOGS = new StrutsMessage("view_logs"); + // Forward menu (left main menu items) -> Internal storage. + public static final StrutsMessage MAIN_MENU_ITEM_INTERNAL_STORAGE = new StrutsMessage("view_internal_storage"); // Common buttons diff --git a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java new file mode 100644 index 0000000000..659bb9a774 --- /dev/null +++ b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java @@ -0,0 +1,139 @@ +package ru.runa.common.web.action; + +import com.google.common.base.Strings; +import com.google.common.io.Files; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.ArrayList; +import java.util.List; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.poi.hssf.usermodel.HSSFWorkbook; +import org.apache.poi.ss.usermodel.Cell; +import org.apache.poi.ss.usermodel.DateUtil; +import org.apache.poi.ss.usermodel.Row; +import org.apache.poi.ss.usermodel.Sheet; +import org.apache.poi.ss.usermodel.Workbook; +import org.apache.poi.xssf.usermodel.XSSFWorkbook; +import org.apache.struts.action.ActionForm; +import org.apache.struts.action.ActionForward; +import org.apache.struts.action.ActionMapping; +import ru.runa.common.web.HTMLUtils; +import ru.runa.common.web.Resources; +import ru.runa.common.web.form.ViewInternalStorageForm; +import ru.runa.wfe.datasource.DataSource; +import ru.runa.wfe.datasource.DataSourceStorage; +import ru.runa.wfe.datasource.DataSourceStuff; +import ru.runa.wfe.datasource.ExcelDataSource; + +/** + * @struts:action path="/viewInternalStorage" name="viewInternalStorageForm" validate="false" + * @struts.action-forward name="success" path="/displayInternalStorage.do" redirect = "false" + */ +public class ViewInternalStorageAction extends ActionBase { + + public static final String ACTION_PATH = "/viewInternalStorage"; + + @Override + public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpServletRequest request, HttpServletResponse response) { + try { + ViewInternalStorageForm form = (ViewInternalStorageForm) actionForm; + String workbookPath = null; + DataSource ds = DataSourceStorage.getDataSource(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME); + if (ds instanceof ExcelDataSource) { + ExcelDataSource eds = (ExcelDataSource) ds; + workbookPath = eds.getFilePath() + "/" + eds.getFileName(); + request.setAttribute("workbookPath", workbookPath); + if (form.getMode() == ViewInternalStorageForm.MODE_DOWNLOAD) { + String encodedFileName = HTMLUtils.encodeFileName(request, eds.getFileName()); + response.setHeader("Content-disposition", "attachment; filename=\"" + encodedFileName + "\""); + OutputStream os = response.getOutputStream(); + Files.copy(new File(form.getWorkbookPath()), os); + os.flush(); + return null; + } + } + form.setWorkbookPath(workbookPath); + if (!Strings.isNullOrEmpty(workbookPath) && !Strings.isNullOrEmpty(form.getSheetName())) { + try (InputStream is = new FileInputStream(workbookPath)) { + Workbook wb = null; + if (workbookPath.endsWith(".xls")) { + wb = new HSSFWorkbook(is); + } else if (workbookPath.endsWith(".xlsx")) { + wb = new XSSFWorkbook(is); + } else { + throw new IllegalArgumentException("excel file extension is incorrect"); + } + Sheet sheet = wb.getSheet(form.getSheetName()); + List> data = new ArrayList<>(); + int columnNumber = getSheetContent(sheet, data); + StringBuffer sheetContent = new StringBuffer(); + if (columnNumber > 0 && data.size() > 0) { + sheetContent.append(""); + for (List row : data) { + sheetContent.append(""); + for (Cell cell : row) { + sheetContent.append(""); + } + sheetContent.append(""); + } + sheetContent.append("
"); + sheetContent.append(cellValue(cell)); + sheetContent.append("
"); + } else { + sheetContent.append("Empty sheet"); + + } + request.setAttribute("sheetContent", sheetContent.toString()); + wb.close(); + } + } + return mapping.findForward(Resources.FORWARD_SUCCESS); + } catch (Exception e) { + addError(request, e); + return mapping.findForward(Resources.FORWARD_FAILURE); + } + } + + private Object cellValue(Cell cell) { + Object value; + switch (cell.getCellTypeEnum()) { + case STRING: + value = cell.getRichStringCellValue().getString(); + break; + case NUMERIC: + if (DateUtil.isCellDateFormatted(cell)) { + value = cell.getDateCellValue(); + } else { + value = cell.getNumericCellValue(); + } + break; + case BOOLEAN: + value = cell.getBooleanCellValue(); + break; + case FORMULA: + value = cell.getCellFormula(); + break; + default: + value = cell.getStringCellValue(); + } + return value; + } + + private int getSheetContent(Sheet sheet, List> data) { + int columnNumber = 0; + for (int r = 0; r <= sheet.getLastRowNum(); r++) { + List cells = new ArrayList<>(); + Row row = sheet.getRow(r); + for (int c = 0; c < row.getLastCellNum(); c++) { + cells.add(row.getCell(c)); + } + data.add(cells); + columnNumber = Math.max(columnNumber, cells.size()); + } + return columnNumber; + } + +} diff --git a/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java b/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java new file mode 100644 index 0000000000..262ab6670f --- /dev/null +++ b/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java @@ -0,0 +1,41 @@ +package ru.runa.common.web.form; + +import org.apache.struts.action.ActionForm; + +/** + * @struts:form name = "viewInternalStorageForm" + */ +public class ViewInternalStorageForm extends ActionForm { + private static final long serialVersionUID = 1L; + + public static final int MODE_DOWNLOAD = 5; + + private int mode; + private String workbookPath; + private String sheetName; + + public String getWorkbookPath() { + return workbookPath; + } + + public void setWorkbookPath(String workbookPath) { + this.workbookPath = workbookPath; + } + + public String getSheetName() { + return sheetName; + } + + public void setSheetName(String sheetName) { + this.sheetName = sheetName; + } + + public int getMode() { + return mode; + } + + public void setMode(int mode) { + this.mode = mode; + } + +} diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java index 9ee1904cbf..9e0235061c 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java @@ -33,6 +33,9 @@ import ru.runa.common.web.StrutsMessage; import ru.runa.common.web.TabHttpSessionHelper; import ru.runa.wfe.commons.web.PortletUrlType; +import ru.runa.wfe.datasource.DataSourceStorage; +import ru.runa.wfe.datasource.DataSourceStuff; +import ru.runa.wfe.datasource.ExcelDataSource; import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; @@ -62,6 +65,7 @@ public class TabHeaderTag extends TagSupport { FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_RELATIONS, SecuredSingleton.RELATIONS)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_BOT_STATION, SecuredSingleton.BOTSTATIONS)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATA_SOURCES, null, true)); + FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_INTERNAL_STORAGE, null, true)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SYSTEM, SecuredSingleton.SYSTEM)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SETTINGS, null, true)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_LOGS)); @@ -133,6 +137,13 @@ private User getUser() { private boolean isMenuForwardVisible(MenuForward menuForward) { try { if (menuForward.forAdministratorOnly) { + if (menuForward.menuMessage.getKey().equals(MessagesCommon.MAIN_MENU_ITEM_INTERNAL_STORAGE.getKey())) { + if (DataSourceStorage.getNames().contains(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME)) { + if (!(DataSourceStorage.getDataSource(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME) instanceof ExcelDataSource)) { + return false; + } + } + } return Delegates.getExecutorService().isAdministrator(getUser()); } if (menuForward.menuMessage.getKey().equals("view_logs")) { diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java new file mode 100644 index 0000000000..a2ef9f5f56 --- /dev/null +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java @@ -0,0 +1,74 @@ +package ru.runa.common.web.tag; + +import com.google.common.base.Throwables; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; +import javax.servlet.jsp.tagext.Tag; +import javax.servlet.jsp.tagext.TagSupport; +import org.apache.poi.hssf.usermodel.HSSFWorkbook; +import org.apache.poi.ss.usermodel.Sheet; +import org.apache.poi.ss.usermodel.Workbook; +import org.apache.poi.xssf.usermodel.XSSFWorkbook; +import org.tldgen.annotations.Attribute; +import org.tldgen.annotations.BodyContent; +import ru.runa.common.web.Commons; +import ru.runa.common.web.action.ViewInternalStorageAction; +import ru.runa.wfe.commons.web.PortletUrlType; +import ru.runa.wfe.security.AuthorizationException; +import ru.runa.wfe.service.delegate.Delegates; +import ru.runa.wfe.user.User; + +@org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "viewSheets") +public class ViewSheetsTag extends TagSupport { + private static final long serialVersionUID = 1L; + private String workbookPath; + + public String getworkbookPath() { + return workbookPath; + } + + @Attribute(required = true) + public void setworkbookPath(String workbookPath) { + this.workbookPath = workbookPath; + } + + @Override + public int doStartTag() { + if (!Delegates.getExecutorService().isAdministrator(getUser())) { + throw new AuthorizationException("No permission on this page"); + } + try { + StringBuilder html = new StringBuilder(); + try (InputStream is = new FileInputStream(workbookPath)) { + Workbook wb = null; + if (workbookPath.endsWith(".xls")) { + wb = new HSSFWorkbook(is); + } else if (workbookPath.endsWith(".xlsx")) { + wb = new XSSFWorkbook(is); + } else { + throw new IllegalArgumentException("excel file extension is incorrect"); + } + for (int i = 0; i < wb.getNumberOfSheets(); i++) { + Sheet sheet = wb.getSheetAt(i); + Map params = new HashMap<>(); + params.put("sheetName", sheet.getSheetName()); + String href = Commons.getActionUrl(ViewInternalStorageAction.ACTION_PATH, params, pageContext, PortletUrlType.Action); + html.append("").append(sheet.getSheetName()).append("   "); + } + wb.close(); + } + pageContext.getOut().write(html.toString()); + return Tag.SKIP_BODY; + } catch (IOException e) { + throw Throwables.propagate(e); + } + } + + private User getUser() { + return Commons.getUser(pageContext.getSession()); + } + +} diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties index 09c839a0f5..28b9b6c62a 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties @@ -705,4 +705,6 @@ label.routing_parameter_name = Route parameter name label.routing_parameter_value = Route parameter value label.payload_parameter_name = Payload parameter name label.payload_parameter_value = Payload parameter value -signal.message_is_sent = Signal has been sent \ No newline at end of file +signal.message_is_sent = Signal has been sent + +view_internal_storage = Internal storage diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties index 0a2dabda8e..f3dbbde0b7 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties @@ -702,3 +702,5 @@ label.routing_parameter_value = \u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 label.payload_parameter_name = \u0418\u043c\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 label.payload_parameter_value = \u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 signal.message_is_sent = \u0421\u0438\u0433\u043d\u0430\u043b \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d + +view_internal_storage = \u0412\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 diff --git a/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp b/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp new file mode 100644 index 0000000000..628b7875c0 --- /dev/null +++ b/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp @@ -0,0 +1,54 @@ +<%@ page language="java" pageEncoding="UTF-8" %> +<%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%> +<%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %> +<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%> +<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%> + + + +<% + String workbookPath = (String) request.getAttribute("workbookPath"); + String sheetContent = (String) request.getAttribute("sheetContent"); +%> + + + + + + + <%= workbookPath %>
+ + <% if (sheetContent != null) { %> + + + +
+ +
+ + <%= sheetContent %> + <% } %> + + + + + diff --git a/wfe-web/src/main/webapp/WEB-INF/struts-config.xml b/wfe-web/src/main/webapp/WEB-INF/struts-config.xml index 35c057b30b..882c411097 100644 --- a/wfe-web/src/main/webapp/WEB-INF/struts-config.xml +++ b/wfe-web/src/main/webapp/WEB-INF/struts-config.xml @@ -46,6 +46,7 @@ + @@ -95,6 +96,7 @@ + @@ -369,6 +371,11 @@ + + + + @@ -799,6 +806,9 @@ + + Date: Mon, 22 Jun 2020 22:18:47 +0700 Subject: [PATCH 08/71] #1565 --- wfe-app/pom.xml | 4 +- .../ru/runa/wfe/audit/logic/AuditLogic.java | 1 - .../wfe/security/SecurityCheckProperties.java | 39 +++---------------- .../runa/wfe/security/SecurityCheckUtil.java | 37 ------------------ .../runa/wfe/security/dao/PermissionDao.java | 20 +++++----- .../security/logic/AuthorizationLogic.java | 16 +------- .../main/resources/securitycheck.properties | 15 +++---- wfe-core/src/main/resources/system.properties | 2 +- .../impl/AuthorizationServiceBean.java | 1 - wfe-web/src/main/resources/settingsList.xml | 14 +++---- .../classes/settingsDescriptions.properties | 14 +++---- .../settingsDescriptions_ru.properties | 14 +++---- 12 files changed, 50 insertions(+), 127 deletions(-) delete mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 4d673eb16c..0cebaf38ca 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/ExampleDS - org.hibernate.dialect.H2Dialect + java:jboss/datasources/WfeMasterDS + org.hibernate.dialect.PostgreSQLDialect java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java index c530d5c93b..980b4a9d19 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java @@ -34,7 +34,6 @@ import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecuredSingleton; -import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.user.User; /** diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java index 3002fa8d68..2fae1ab38d 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckProperties.java @@ -3,37 +3,10 @@ import ru.runa.wfe.commons.PropertyResources; public class SecurityCheckProperties { - private static final PropertyResources RESOURCES = new PropertyResources("securitycheck.properties"); - - public static PropertyResources getResources() { - return RESOURCES; - } - - public static boolean getCheckActor() { - return RESOURCES.getBooleanProperty("security.check.object.actor", false); - } - - public static boolean getCheckProcessDefinition() { - return RESOURCES.getBooleanProperty("security.check.object.process.definition", false); - } - - public static boolean getCheckProcessInstance() { - return RESOURCES.getBooleanProperty("security.check.object.process.instance", false); - } - - public static boolean getCheckReport() { - return RESOURCES.getBooleanProperty("security.check.object.report", false); - } - - public static boolean getCheckRelation() { - return RESOURCES.getBooleanProperty("security.check.object.relation", false); - } - - public static boolean getCheckBotStation() { - return RESOURCES.getBooleanProperty("security.check.object.botstation", false); - } - - public static boolean getCheckSystem() { - return RESOURCES.getBooleanProperty("security.check.object.system", false); - } + public static final String CONFIG_FILE_NAME = "securitycheck.properties"; + private static final PropertyResources RESOURCES = new PropertyResources(CONFIG_FILE_NAME); + + public static boolean isPermissionCheckRequired(SecuredObjectType securedObjectType) { + return RESOURCES.getBooleanProperty("permission.check.required." + securedObjectType.getName(), false); + } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java deleted file mode 100644 index 03eb14e135..0000000000 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecurityCheckUtil.java +++ /dev/null @@ -1,37 +0,0 @@ -package ru.runa.wfe.security; - -public class SecurityCheckUtil { - - public static boolean needCheckPermission(SecuredObjectType secObjectType) { - if (SecuredObjectType.EXECUTOR.equals(secObjectType)) { - return SecurityCheckProperties.getCheckActor(); - } - if (SecuredObjectType.DEFINITION.equals(secObjectType)) { - return SecurityCheckProperties.getCheckProcessDefinition(); - } - if (SecuredObjectType.PROCESS.equals(secObjectType)) { - return SecurityCheckProperties.getCheckProcessInstance(); - } - if (SecuredObjectType.REPORT.equals(secObjectType)) { - return SecurityCheckProperties.getCheckReport(); - } - if (SecuredObjectType.REPORTS.equals(secObjectType)) { - return SecurityCheckProperties.getCheckReport(); - } - if (SecuredObjectType.RELATION.equals(secObjectType)) { - return SecurityCheckProperties.getCheckRelation(); - } - if (SecuredObjectType.RELATIONS.equals(secObjectType)) { - return SecurityCheckProperties.getCheckRelation(); - } - if (SecuredObjectType.BOTSTATIONS.equals(secObjectType)) { - return SecurityCheckProperties.getCheckBotStation(); - } - // TODO bot, datasource - if (SecuredObjectType.SYSTEM.equals(secObjectType)) { - return SecurityCheckProperties.getCheckSystem(); - } - return true; - } - -} diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 724f5723eb..e1e3450da7 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -50,7 +50,7 @@ import ru.runa.wfe.security.PermissionSubstitutions; import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; -import ru.runa.wfe.security.SecurityCheckUtil; +import ru.runa.wfe.security.SecurityCheckProperties; import ru.runa.wfe.user.Executor; import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; @@ -139,7 +139,7 @@ public void setPermissions(Executor executor, Collection permissions * Throws if user has no permission to object. */ public void checkAllowed(User user, Permission permission, SecuredObject object) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { return; } if (!isAllowed(user, permission, object)) { @@ -151,7 +151,7 @@ public void checkAllowed(User user, Permission permission, SecuredObject object) * Throws if user has no permission to {type, id}. */ public void checkAllowed(User user, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return; } if (!isAllowed(user, permission, type, id)) { @@ -163,7 +163,7 @@ public void checkAllowed(User user, Permission permission, SecuredObjectType typ * Throws if user has no permission to {type, all given ids}. */ public void checkAllowedForAll(User user, Permission permission, SecuredObjectType type, List ids) { - if (!SecurityCheckUtil.needCheckPermission(type)) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return; } Assert.notNull(ids); @@ -178,21 +178,21 @@ public void checkAllowedForAll(User user, Permission permission, SecuredObjectTy * Returns true if user have permission to object. */ public boolean isAllowed(User user, Permission permission, SecuredObject object) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { return true; } return isAllowed(user.getActor(), permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return true; } return isAllowed(user.getActor(), permission, type, id); } public boolean isAllowed(Executor executor, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckUtil.needCheckPermission(type)) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return true; } Assert.notNull(id); @@ -200,7 +200,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject } public boolean isAllowed(Executor executor, Permission permission, SecuredObject object, boolean checkPrivileged) { - if (!SecurityCheckUtil.needCheckPermission(object.getSecuredObjectType())) { + if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { return true; } Long id = object.getIdentifiableId(); @@ -213,7 +213,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject * Returns true if user have permission to {type, any id}. */ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType type) { - if (!SecurityCheckUtil.needCheckPermission(type)) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return true; } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); @@ -329,7 +329,7 @@ public boolean[] isAllowed(User user, Permission permi .and(pm.objectType.eq(type)).and(pm.objectId.in(identifiableIds)).and(pm.permission.in(subst.selfPermissions))).fetch()); } for (int i = 0; i < securedObjects.size(); i++) { - if (!SecurityCheckUtil.needCheckPermission(securedObjects.get(i).getSecuredObjectType())) { + if (!SecurityCheckProperties.isPermissionCheckRequired(securedObjects.get(i).getSecuredObjectType())) { result[i] = true; } else { result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index 3386e4f63c..a3f0107011 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -49,8 +49,6 @@ import ru.runa.wfe.security.SecuredObjectFactory; import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecuredSingleton; -import ru.runa.wfe.security.SecurityCheckProperties; -import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.security.dao.PermissionMapping; import ru.runa.wfe.security.dao.QPermissionMapping; import ru.runa.wfe.user.Executor; @@ -106,15 +104,7 @@ public boolean isAllowed(User user, Permission permission, SecuredObjectType sec } public boolean[] isAllowed(User user, Permission permission, List securedObjects) { - boolean[] resAllowed = permissionDao.isAllowed(user, permission, securedObjects); - int i = 0; - for (T securedObject : securedObjects) { - if (!SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { - resAllowed[i] = true; - } - i++; - } - return resAllowed; + return permissionDao.isAllowed(user, permission, securedObjects); } public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType securedObjectType) { @@ -436,9 +426,7 @@ public void setPermissions(User user, Long executorId, Collection pe public void setPermissions(User user, Executor executor, Collection permissions, SecuredObject securedObject) { checkPermissionsOnExecutor(user, executor, Permission.READ); - if (SecurityCheckUtil.needCheckPermission(securedObject.getSecuredObjectType())) { - permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); - } + permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject); permissionDao.setPermissions(executor, permissions, securedObject); } diff --git a/wfe-core/src/main/resources/securitycheck.properties b/wfe-core/src/main/resources/securitycheck.properties index 63ec3b41c3..4bb38dda8d 100644 --- a/wfe-core/src/main/resources/securitycheck.properties +++ b/wfe-core/src/main/resources/securitycheck.properties @@ -1,7 +1,8 @@ -security.check.object.actor=false -security.check.object.process.definition=false -security.check.object.process.instance=false -security.check.object.report=false -security.check.object.relation=false -security.check.object.botstation=false -security.check.object.system=false \ No newline at end of file +# Enable security check +permission.check.required.EXECUTOR=false +permission.check.required.DEFINITION=false +permission.check.required.PROCESS=false +permission.check.required.REPORT=false +permission.check.required.RELATION=false +permission.check.required.BOTSTATIONS=false +permission.check.required.SYSTEM=false \ No newline at end of file diff --git a/wfe-core/src/main/resources/system.properties b/wfe-core/src/main/resources/system.properties index 0662a72967..114e5cdd63 100644 --- a/wfe-core/src/main/resources/system.properties +++ b/wfe-core/src/main/resources/system.properties @@ -72,4 +72,4 @@ variables.invalid.default.values.allowed.before = 01.01.1970 datasource.password.export = true javamelody.disabled = ${maven.profile.javamelody.disabled} -javamelody.datasources = ${maven.profile.hibernate.datasource} +javamelody.datasources = ${maven.profile.hibernate.datasource} \ No newline at end of file diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java index 1ebf791c0d..1d15c4aef5 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java @@ -40,7 +40,6 @@ import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; -import ru.runa.wfe.security.SecurityCheckUtil; import ru.runa.wfe.security.dao.PermissionDao; import ru.runa.wfe.security.logic.AuthorizationLogic; import ru.runa.wfe.service.decl.AuthorizationServiceLocal; diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index f03c1a78ca..93b439e2fc 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -266,31 +266,31 @@ - + true false - + true false - + true false - + true false - + true false - + true false - + true false diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index 8c554ae677..727bd79b46 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -111,10 +111,10 @@ botstation.properties_botstation.failedExecutionInitialDelaySeconds = initial va botstation.properties_botstation.failedExecutionMaxDelaySeconds = limit of delay after failed execution of bot's task (in seconds) securitycheck.properties = Permission check settings -securitycheck.properties_security.check.object.actor = Check actors -securitycheck.properties_security.check.object.process.definition = Check process definitions -securitycheck.properties_security.check.object.process.instance = Check process instances -securitycheck.properties_security.check.object.report = Check reports -securitycheck.properties_security.check.object.relation = Check relations -securitycheck.properties_security.check.object.botstation = Check bot stations -securitycheck.properties_security.check.object.system = Check system \ No newline at end of file +securitycheck.properties_permission.check.required.EXECUTOR = Check actors +securitycheck.properties_permission.check.required.DEFINITION = Check process definitions +securitycheck.properties_permission.check.required.PROCESS = Check process instances +securitycheck.properties_permission.check.required.REPORT = Check reports +securitycheck.properties_permission.check.required.RELATION = Check relations +securitycheck.properties_permission.check.required.BOTSTATIONS = Check bot stations +securitycheck.properties_permission.check.required.SYSTEM = Check system \ No newline at end of file diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 2a2bc5cbcd..4b88df4ead 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -112,10 +112,10 @@ botstation.properties_botstation.failedExecutionMaxDelaySeconds = \u043c\u0430\u securitycheck.properties=\u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u043F\u0440\u0430\u0432 \u0434\u043E\u0441\u0442\u0443\u043F\u0430 -securitycheck.properties_security.check.object.actor=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C -securitycheck.properties_security.check.object.process.definition=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 -securitycheck.properties_security.check.object.process.instance=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 -securitycheck.properties_security.check.object.report=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C -securitycheck.properties_security.check.object.relation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C -securitycheck.properties_security.check.object.botstation=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C -securitycheck.properties_security.check.object.system=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file +securitycheck.properties_permission.check.required.EXECUTOR=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C +securitycheck.properties_permission.check.required.DEFINITION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +securitycheck.properties_permission.check.required.PROCESS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 +securitycheck.properties_permission.check.required.REPORT=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C +securitycheck.properties_permission.check.required.RELATION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C +securitycheck.properties_permission.check.required.BOTSTATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C +securitycheck.properties_permission.check.required.SYSTEM=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file From f69747a21f3954d1f339fc2960c99f0334c08b77 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 22:24:00 +0700 Subject: [PATCH 09/71] #1565 --- wfe-app/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 0cebaf38ca..4d673eb16c 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/WfeMasterDS - org.hibernate.dialect.PostgreSQLDialect + java:jboss/datasources/ExampleDS + org.hibernate.dialect.H2Dialect java:jboss/UserTransaction false dd.MM.yyyy From 301fc546366c2d32bba680cbb92eeabc13b4a0db Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 22:32:00 +0700 Subject: [PATCH 10/71] #1565 --- .../java/ru/runa/wfe/audit/logic/AuditLogic.java | 14 +++++++++----- wfe-core/src/main/resources/system.properties | 2 +- .../wfe/service/impl/AuthorizationServiceBean.java | 5 +++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java index 980b4a9d19..71aaa9768d 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java @@ -82,8 +82,10 @@ public Object getProcessLogValue(User user, Long logId) { /** * Load system logs according to {@link BatchPresentation}. * - * @param user Requester user. - * @param batchPresentation {@link BatchPresentation} to load logs. + * @param user + * Requester user. + * @param batchPresentation + * {@link BatchPresentation} to load logs. * @return Loaded system logs. */ public List getSystemLogs(User user, BatchPresentation batchPresentation) { @@ -95,8 +97,10 @@ public List getSystemLogs(User user, BatchPresentation batchPresentat /** * Load system logs count according to {@link BatchPresentation}. * - * @param user Requester user. - * @param batchPresentation {@link BatchPresentation} to load logs count. + * @param user + * Requester user. + * @param batchPresentation + * {@link BatchPresentation} to load logs count. * @return System logs count. */ public int getSystemLogsCount(User user, BatchPresentation batchPresentation) { @@ -104,4 +108,4 @@ public int getSystemLogsCount(User user, BatchPresentation batchPresentation) { PresentationConfiguredCompiler compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation); return compiler.getCount(); } -} \ No newline at end of file +} diff --git a/wfe-core/src/main/resources/system.properties b/wfe-core/src/main/resources/system.properties index 114e5cdd63..0662a72967 100644 --- a/wfe-core/src/main/resources/system.properties +++ b/wfe-core/src/main/resources/system.properties @@ -72,4 +72,4 @@ variables.invalid.default.values.allowed.before = 01.01.1970 datasource.password.export = true javamelody.disabled = ${maven.profile.javamelody.disabled} -javamelody.datasources = ${maven.profile.hibernate.datasource} \ No newline at end of file +javamelody.datasources = ${maven.profile.hibernate.datasource} diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java index 1d15c4aef5..4fe14a497a 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java @@ -192,7 +192,8 @@ public int getExecutorsWithPermissionCount(@WebParam(name = "user") @NonNull Use @WebResult(name = "result") public List getPersistentObjects(@WebParam(name = "user") @NonNull User user, @WebParam(name = "batchPresentation") @NonNull BatchPresentation batchPresentation, - @WebParam(name = "persistentClass") @NonNull Class persistentClass, @WebParam(name = "permission") @NonNull Permission permission, + @WebParam(name = "persistentClass") @NonNull Class persistentClass, + @WebParam(name = "permission") @NonNull Permission permission, @WebParam(name = "securedObjectTypes") @NonNull SecuredObjectType[] securedObjectTypes, @WebParam(name = "enablePaging") boolean enablePaging) { return (List) authorizationLogic.getPersistentObjects(user, batchPresentation, permission, securedObjectTypes, enablePaging); @@ -211,4 +212,4 @@ public boolean isAllowedWS(@WebParam(name = "user") @NonNull User user, @WebPara @WebParam(name = "identifiableId") @NonNull Long identifiableId) { return authorizationLogic.isAllowed(user, permission, securedObjectType, identifiableId); } -} \ No newline at end of file +} From 945fc35bf8a173dcb59c54ff0186bcf0025d549a Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:00:52 +0700 Subject: [PATCH 11/71] #1565 --- .../runa/wfe/security/dao/PermissionDao.java | 64 +++++++++++++------ 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index e1e3450da7..371cc9d947 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -98,16 +98,21 @@ public void init() { public List getIssuedPermissions(Executor executor, SecuredObject object) { QPermissionMapping pm = QPermissionMapping.permissionMapping; return queryFactory.select(pm.permission).from(pm) - .where(pm.objectType.eq(object.getSecuredObjectType()).and(pm.objectId.eq(object.getIdentifiableId())).and(pm.executor.eq(executor))) + .where(pm.objectType.eq(object.getSecuredObjectType()) + .and(pm.objectId.eq(object.getIdentifiableId())) + .and(pm.executor.eq(executor))) .fetch(); } /** * Sets permissions for executor on securedObject. * - * @param executor Executor, which got permissions. - * @param permissions Permissions for executor. - * @param object Secured object to set permission on. + * @param executor + * Executor, which got permissions. + * @param permissions + * Permissions for executor. + * @param object + * Secured object to set permission on. */ public void setPermissions(Executor executor, Collection permissions, SecuredObject object) { ApplicablePermissions.check(object, permissions); @@ -227,7 +232,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), non-empty * set (containing arbitrary value) means positive check result. * - * @param checkPrivileged If false, only permission_mapping table is checked, but not privileged_mapping. + * @param checkPrivileged + * If false, only permission_mapping table is checked, but not privileged_mapping. */ public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, boolean checkPrivileged) { @@ -272,9 +278,12 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu /** * Checks whether executor has permission on securedObject's. Create result array in same order, as securedObject's. * - * @param user Executor, which permission must be check. - * @param permission Checking permission. - * @param securedObjects Secured objects to check permission on. + * @param user + * Executor, which permission must be check. + * @param permission + * Checking permission. + * @param securedObjects + * Secured objects to check permission on. * @return Array of: true if executor has requested permission on securedObject; false otherwise. * @deprecated Use filterAllowedIds() which takes list of IDs, not of whole entities. */ @@ -409,8 +418,10 @@ public boolean hasPrivilegedExecutor(List executorIds) { /** * Check if executor is privileged executor for given object. * - * @param executor {@linkplain Executor}, to check if privileged. - * @param object {@linkplain SecuredObject} object, to check if executor is privileged to it. + * @param executor + * {@linkplain Executor}, to check if privileged. + * @param object + * {@linkplain SecuredObject} object, to check if executor is privileged to it. * @return true if executor is privileged for given object and false otherwise. */ private boolean isPrivilegedExecutor(SecuredObject object, Executor executor) { @@ -430,8 +441,10 @@ private boolean isPrivilegedExecutor(SecuredObjectType type, Collectiondictionary tables describing new SecuredObject type. * - * @param type Type of SecuredObject. - * @param executors Privileged executors for target class. + * @param type + * Type of SecuredObject. + * @param executors + * Privileged executors for target class. */ public void addType(SecuredObjectType type, List executors) { for (Executor executor : executors) { @@ -445,11 +458,16 @@ public void addType(SecuredObjectType type, List executors) /** * Load list of {@linkplain SecuredObject} for which executors have permission on. * - * @param user User which must have permission on loaded {@linkplain SecuredObject} (at least one). - * @param batchPresentation {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. - * @param permission {@linkplain Permission}, which executors must has on {@linkplain SecuredObject}. - * @param securedObjectTypes {@linkplain SecuredObjectType} types, used to check permissions. - * @param enablePaging Flag, equals true, if paging must be enabled and false otherwise. + * @param user + * User which must have permission on loaded {@linkplain SecuredObject} (at least one). + * @param batchPresentation + * {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. + * @param permission + * {@linkplain Permission}, which executors must has on {@linkplain SecuredObject}. + * @param securedObjectTypes + * {@linkplain SecuredObjectType} types, used to check permissions. + * @param enablePaging + * Flag, equals true, if paging must be enabled and false otherwise. * @return List of {@link SecuredObject}'s for which executors have permission on. */ public List getPersistentObjects(User user, BatchPresentation batchPresentation, Permission permission, @@ -471,10 +489,14 @@ public List getPersistentObjects(User user, BatchPresen /** * Load count of {@linkplain SecuredObject} for which executors have permission on. * - * @param user User which must have permission on loaded {@linkplain SecuredObject} (at least one). - * @param batchPresentation {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. - * @param permission {@linkplain Permission}, which executors must have on {@linkplain SecuredObject}. - * @param securedObjectTypes {@linkplain SecuredObjectType} types, used to check permissions. + * @param user + * User which must have permission on loaded {@linkplain SecuredObject} (at least one). + * @param batchPresentation + * {@linkplain BatchPresentation} with parameters for loading {@linkplain SecuredObject}'s. + * @param permission + * {@linkplain Permission}, which executors must have on {@linkplain SecuredObject}. + * @param securedObjectTypes + * {@linkplain SecuredObjectType} types, used to check permissions. * @return Count of {@link SecuredObject}'s for which executors have permission on. */ public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, From ecd298252c5d4262ee995cbe0f697d313d0d7691 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:06:36 +0700 Subject: [PATCH 12/71] #1565 --- .../runa/wfe/security/dao/PermissionDao.java | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 371cc9d947..86a55cd0ed 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -54,7 +54,6 @@ import ru.runa.wfe.user.Executor; import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; - /** * Permission DAO level implementation via Hibernate. * @@ -135,8 +134,12 @@ public void setPermissions(Executor executor, Collection permissions } if (!toDelete.isEmpty()) { QPermissionMapping pm = QPermissionMapping.permissionMapping; - queryFactory.delete(pm).where(pm.objectType.eq(object.getSecuredObjectType()).and(pm.objectId.eq(object.getIdentifiableId())) - .and(pm.executor.eq(executor)).and(pm.permission.in(toDelete))).execute(); + queryFactory.delete(pm) + .where(pm.objectType.eq(object.getSecuredObjectType()) + .and(pm.objectId.eq(object.getIdentifiableId())) + .and(pm.executor.eq(executor)) + .and(pm.permission.in(toDelete))) + .execute(); } } @@ -229,14 +232,12 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu } /** - * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), non-empty - * set (containing arbitrary value) means positive check result. + * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), + * non-empty set (containing arbitrary value) means positive check result. * - * @param checkPrivileged - * If false, only permission_mapping table is checked, but not privileged_mapping. + * @param checkPrivileged If false, only permission_mapping table is checked, but not privileged_mapping. */ - public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, - boolean checkPrivileged) { + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, boolean checkPrivileged) { ApplicablePermissions.check(type, permission); boolean haveIds = idsOrNull != null; From 29ee32a42e168d83e4bfa981683be40582e2fb80 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:13:38 +0700 Subject: [PATCH 13/71] #1565 --- .../runa/wfe/security/dao/PermissionDao.java | 29 ++++++++++++------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 86a55cd0ed..fe51ab0130 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -54,6 +54,8 @@ import ru.runa.wfe.user.Executor; import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; + + /** * Permission DAO level implementation via Hibernate. * @@ -135,11 +137,11 @@ public void setPermissions(Executor executor, Collection permissions if (!toDelete.isEmpty()) { QPermissionMapping pm = QPermissionMapping.permissionMapping; queryFactory.delete(pm) - .where(pm.objectType.eq(object.getSecuredObjectType()) - .and(pm.objectId.eq(object.getIdentifiableId())) - .and(pm.executor.eq(executor)) - .and(pm.permission.in(toDelete))) - .execute(); + .where(pm.objectType.eq(object.getSecuredObjectType()) + .and(pm.objectId.eq(object.getIdentifiableId())) + .and(pm.executor.eq(executor)) + .and(pm.permission.in(toDelete))) + .execute(); } } @@ -232,7 +234,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu } /** - * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), + * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), * non-empty set (containing arbitrary value) means positive check result. * * @param checkPrivileged If false, only permission_mapping table is checked, but not privileged_mapping. @@ -256,17 +258,22 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu // Same type for all objects, thus same listType. I believe it would be faster to perform separate query here. // ATTENTION!!! Also, HQL query with two conditions (on both type and listType) always returns empty rowset. :( - // (Both here with QueryDSL and in HibernateCompilerHQLBuilder.addSecureCheck() with raw HQL.) - if (!subst.listPermissions.isEmpty() - && queryFactory.select(pm.id).from(pm).where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type.getListType())) - .and(pm.objectId.eq(0L)).and(pm.permission.in(subst.listPermissions))).fetchFirst() != null) { + // (Both here with QueryDSL and in HibernateCompilerHQLBuilder.addSecureCheck() with raw HQL.) + if (!subst.listPermissions.isEmpty() && queryFactory.select(pm.id).from(pm) + .where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type.getListType())) + .and(pm.objectId.eq(0L)) + .and(pm.permission.in(subst.listPermissions))) + .fetchFirst() != null) { return haveIds ? new HashSet<>(idsOrNull) : nonEmptySet; } Set result = new HashSet<>(); for (List idsPart : haveIds ? Lists.partition(idsOrNull, SystemProperties.getDatabaseParametersCount()) : nonEmptyListList) { JPQLQuery q = queryFactory.select(pm.id).from(pm) - .where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type)).and(pm.permission.in(subst.selfPermissions))); + .where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type)) + .and(pm.permission.in(subst.selfPermissions))); if (haveIds) { result.addAll(q.where(pm.objectId.in(idsPart)).fetch()); } else if (q.fetchFirst() != null) { From 7dffa2e78154691983b882acd31b979b88c7ba6e Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:17:08 +0700 Subject: [PATCH 14/71] #1565 --- .../java/ru/runa/wfe/security/dao/PermissionDao.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index fe51ab0130..fa55084a1e 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -260,11 +260,12 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu // ATTENTION!!! Also, HQL query with two conditions (on both type and listType) always returns empty rowset. :( // (Both here with QueryDSL and in HibernateCompilerHQLBuilder.addSecureCheck() with raw HQL.) if (!subst.listPermissions.isEmpty() && queryFactory.select(pm.id).from(pm) - .where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type.getListType())) - .and(pm.objectId.eq(0L)) - .and(pm.permission.in(subst.listPermissions))) - .fetchFirst() != null) { + .where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type.getListType())) + .and(pm.objectId.eq(0L)) + .and(pm.permission.in(subst.listPermissions))) + .fetchFirst() != null) { + return haveIds ? new HashSet<>(idsOrNull) : nonEmptySet; } From 451a45ddf3749270f30e87b8a1d91eee3cbf6c33 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:18:50 +0700 Subject: [PATCH 15/71] #1565 --- .../java/ru/runa/wfe/security/dao/PermissionDao.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index fa55084a1e..122f2c6f4e 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -319,9 +319,12 @@ public boolean[] isAllowed(User user, Permission permi PermissionSubstitutions.ForCheck subst = PermissionSubstitutions.getForCheck(type, permission); QPermissionMapping pm = QPermissionMapping.permissionMapping; // Same type for all objects, thus same listType. I believe it would be faster to perform separate query here. - if (!subst.listPermissions.isEmpty() - && queryFactory.select(pm.id).from(pm).where(pm.executor.in(executorWithGroups).and(pm.objectType.eq(type.getListType())) - .and(pm.objectId.eq(0L)).and(pm.permission.in(subst.listPermissions))).fetchFirst() != null) { + if (!subst.listPermissions.isEmpty() && queryFactory.select(pm.id).from(pm) + .where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type.getListType())) + .and(pm.objectId.eq(0L)) + .and(pm.permission.in(subst.listPermissions))) + .fetchFirst() != null) { Arrays.fill(result, true); return result; } From 7b95e2c9ad1e8004a146c26cdadd0564e7db2c3f Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:22:38 +0700 Subject: [PATCH 16/71] #1565 --- .../main/java/ru/runa/wfe/security/dao/PermissionDao.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 122f2c6f4e..0b60b8bf62 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -346,8 +346,12 @@ public boolean[] isAllowed(User user, Permission permi if (identifiableIds.isEmpty()) { break; } - allowedIdentifiableIds.addAll(queryFactory.selectDistinct(pm.objectId).from(pm).where(pm.executor.in(executorWithGroups) - .and(pm.objectType.eq(type)).and(pm.objectId.in(identifiableIds)).and(pm.permission.in(subst.selfPermissions))).fetch()); + allowedIdentifiableIds.addAll(queryFactory.selectDistinct(pm.objectId).from(pm) + .where(pm.executor.in(executorWithGroups) + .and(pm.objectType.eq(type)) + .and(pm.objectId.in(identifiableIds)) + .and(pm.permission.in(subst.selfPermissions))) + .fetch()); } for (int i = 0; i < securedObjects.size(); i++) { if (!SecurityCheckProperties.isPermissionCheckRequired(securedObjects.get(i).getSecuredObjectType())) { From 4236287ab34c8c84994260651feba092268ed9a4 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:24:51 +0700 Subject: [PATCH 17/71] #1565 --- .../ru/runa/wfe/security/dao/PermissionDao.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 0b60b8bf62..7e16ee9fec 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -391,7 +391,8 @@ public void deleteAllPermissions(SecuredObject obj) { public Set getExecutorsWithPermission(SecuredObject obj) { QPermissionMapping pm = QPermissionMapping.permissionMapping; List list = queryFactory.selectDistinct(pm.executor).from(pm) - .where(pm.objectType.eq(obj.getSecuredObjectType()).and(pm.objectId.eq(obj.getIdentifiableId()))).fetch(); + .where(pm.objectType.eq(obj.getSecuredObjectType()).and(pm.objectId.eq(obj.getIdentifiableId()))) + .fetch(); Set result = new HashSet<>(list); result.addAll(getPrivilegedExecutors(obj.getSecuredObjectType())); return result; @@ -515,8 +516,7 @@ public List getPersistentObjects(User user, BatchPresen * {@linkplain SecuredObjectType} types, used to check permissions. * @return Count of {@link SecuredObject}'s for which executors have permission on. */ - public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, - SecuredObjectType[] securedObjectTypes) { + public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, SecuredObjectType[] securedObjectTypes) { TimeMeasurer timeMeasurer = new TimeMeasurer(logger, 1000); timeMeasurer.jobStarted(); RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, permission, securedObjectTypes); @@ -528,7 +528,11 @@ public int getPersistentObjectCount(User user, BatchPresentation batchPresentati public boolean permissionExists(final Executor executor, final Permission permission, final SecuredObject object) { QPermissionMapping pm = QPermissionMapping.permissionMapping; - return queryFactory.select(pm.id).from(pm).where(pm.executor.eq(executor).and(pm.objectType.eq(object.getSecuredObjectType())) - .and(pm.objectId.eq(object.getIdentifiableId())).and(pm.permission.eq(permission))).fetchFirst() != null; + return queryFactory.select(pm.id).from(pm) + .where(pm.executor.eq(executor) + .and(pm.objectType.eq(object.getSecuredObjectType())) + .and(pm.objectId.eq(object.getIdentifiableId())) + .and(pm.permission.eq(permission))) + .fetchFirst() != null; } } From bf906fd172db40ecdff24f358c40500e4f41f11a Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:29:36 +0700 Subject: [PATCH 18/71] #1565 --- .../runa/wfe/security/logic/AuthorizationLogic.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index a3f0107011..d9e593f8bc 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -86,7 +86,8 @@ public boolean equals(Object o) { return false; } IdAndPermission that = (IdAndPermission) o; - return Objects.equals(id, that.id) && Objects.equals(permission, that.permission); + return Objects.equals(id, that.id) && + Objects.equals(permission, that.permission); } @Override @@ -117,6 +118,7 @@ public List getIssuedPermissions(User user, Executor performer, Secu return permissionDao.getIssuedPermissions(performer, securedObject); } + /** * Exports permissions to xml, see: ExportDataFileAction. *

@@ -138,10 +140,10 @@ public void exportDataFile(User user, Document script) { singletonTypes.add(t); } } - exportDataFilePermissions(parentElement, - queryFactory.select(pm.permission, e.name, pm.objectType).from(pm, e) - .where(pm.objectType.in(singletonTypes).and(pm.objectId.eq(0L)).and(pm.executor.eq(e))) - .orderBy(pm.objectType.asc(), e.name.asc(), pm.permission.asc())); + exportDataFilePermissions(parentElement, queryFactory.select(pm.permission, e.name, pm.objectType) + .from(pm, e) + .where(pm.objectType.in(singletonTypes).and(pm.objectId.eq(0L)).and(pm.executor.eq(e))) + .orderBy(pm.objectType.asc(), e.name.asc(), pm.permission.asc())); } // Export ACTOR and GROUP permissions. From 514c363f6029c92833b4501f6f31a1fba9b3334f Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:32:12 +0700 Subject: [PATCH 19/71] #1565 --- .../wfe/security/logic/AuthorizationLogic.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index d9e593f8bc..e20834f07c 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -118,7 +118,6 @@ public List getIssuedPermissions(User user, Executor performer, Secu return permissionDao.getIssuedPermissions(performer, securedObject); } - /** * Exports permissions to xml, see: ExportDataFileAction. *

@@ -148,11 +147,11 @@ public void exportDataFile(User user, Document script) { // Export ACTOR and GROUP permissions. { - QExecutor e2 = new QExecutor("e2"); // same table as `e`, but different alias - exportDataFilePermissions(parentElement, - queryFactory.select(pm.permission, e.name, pm.objectType, e2.name).from(pm, e, e2) - .where(pm.objectType.eq(EXECUTOR).and(pm.objectId.eq(e2.id)).and(pm.executor.eq(e))) - .orderBy(pm.objectType.asc(), e2.name.asc(), e.name.asc(), pm.permission.asc())); + QExecutor e2 = new QExecutor("e2"); // same table as `e`, but different alias + exportDataFilePermissions(parentElement, queryFactory.select(pm.permission, e.name, pm.objectType, e2.name) + .from(pm, e, e2) + .where(pm.objectType.eq(EXECUTOR).and(pm.objectId.eq(e2.id)).and(pm.executor.eq(e))) + .orderBy(pm.objectType.asc(), e2.name.asc(), e.name.asc(), pm.permission.asc())); } // Export DEFINITION permissions. @@ -169,7 +168,8 @@ public void exportDataFile(User user, Document script) { definitionNamesByIdentifiableIds.put((long) name.hashCode(), name); } - val tuples = queryFactory.select(pm.permission, e.name, pm.objectType, pm.objectId).from(pm, e) + val tuples = queryFactory.select(pm.permission, e.name, pm.objectType, pm.objectId) + .from(pm, e) .where(pm.objectType.eq(DEFINITION).and(pm.executor.eq(e))) // exportDataFilePermissions() requires that rows are ordered by (object, executor) first, permission last. .orderBy(pm.objectId.asc(), e.name.asc(), pm.permission.asc()).fetch(); From 1162189c93198e4bbadb9320dbdde8209ea568f3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:35:57 +0700 Subject: [PATCH 20/71] #1565 --- .../ru/runa/wfe/security/logic/AuthorizationLogic.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index e20834f07c..14b65bfdff 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -172,7 +172,8 @@ public void exportDataFile(User user, Document script) { .from(pm, e) .where(pm.objectType.eq(DEFINITION).and(pm.executor.eq(e))) // exportDataFilePermissions() requires that rows are ordered by (object, executor) first, permission last. - .orderBy(pm.objectId.asc(), e.name.asc(), pm.permission.asc()).fetch(); + .orderBy(pm.objectId.asc(), e.name.asc(), pm.permission.asc()) + .fetch(); val rows = new ArrayList(tuples.size()); for (val t : tuples) { val objectName = definitionNamesByIdentifiableIds.get(t.get(3, Long.class)); @@ -204,8 +205,8 @@ private static class ExportDataFilePermissionRow { } /** - * @param parentElement Parent for "addPermissions" elements. - * @param query Must return fields in order: permission, executorName, objectType, [objectName]. + * @param parentElement Parent for "addPermissions" elements. + * @param query Must return fields in order: permission, executorName, objectType, [objectName]. */ private void exportDataFilePermissions(Element parentElement, JPQLQuery query) { try (final CloseableIterator it = query.iterate()) { @@ -257,7 +258,8 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera val row = it.next(); // Manually group by objectType, objectName, executorName. - if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) + if (row.objectType != lastObjectType + || !Objects.equals(row.objectName, lastObjectName) || !Objects.equals(row.executorName, lastExecutorName)) { lastObjectType = row.objectType; lastObjectName = row.objectName; From a9909fc52042524dfe9c3d76ba65a3f34b478a25 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:39:43 +0700 Subject: [PATCH 21/71] #1565 --- .../runa/wfe/security/logic/AuthorizationLogic.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index 14b65bfdff..2dfa002ec9 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -258,15 +258,14 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera val row = it.next(); // Manually group by objectType, objectName, executorName. - if (row.objectType != lastObjectType - || !Objects.equals(row.objectName, lastObjectName) - || !Objects.equals(row.executorName, lastExecutorName)) { + if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) || !Objects.equals(row.executorName, + lastExecutorName)) { lastObjectType = row.objectType; lastObjectName = row.objectName; lastExecutorName = row.executorName; addPermissionsElement = parentElement.addElement("addPermissions", XmlUtils.RUNA_NAMESPACE); - // noinspection ConstantConditions + //noinspection ConstantConditions addPermissionsElement.addAttribute("type", row.objectType.getName()); if (row.objectName != null) { addPermissionsElement.addAttribute("name", row.objectName); @@ -274,7 +273,7 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera addPermissionsElement.addAttribute("executor", row.executorName); } - // noinspection ConstantConditions + //noinspection ConstantConditions addPermissionsElement.addElement("permission", XmlUtils.RUNA_NAMESPACE).addAttribute("name", row.permission.getName()); } } @@ -295,7 +294,7 @@ public void setPermissions(User user, String executorName, Map> objectNames, Set permissions, boolean deleteExisting) { - Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. + Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. permissionDao.checkAllowed(user, Permission.READ, executor); QPermissionMapping pm = QPermissionMapping.permissionMapping; From c0007e2e3818b185cca2c47d74b4626b64bcd107 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:43:22 +0700 Subject: [PATCH 22/71] #1565 --- .../runa/wfe/security/logic/AuthorizationLogic.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index 2dfa002ec9..1705de1cc0 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -258,7 +258,7 @@ private void exportDataFilePermissionsImpl(Element parentElement, CloseableItera val row = it.next(); // Manually group by objectType, objectName, executorName. - if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) || !Objects.equals(row.executorName, + if (row.objectType != lastObjectType || !Objects.equals(row.objectName, lastObjectName) || !Objects.equals(row.executorName, lastExecutorName)) { lastObjectType = row.objectType; lastObjectName = row.objectName; @@ -322,8 +322,13 @@ private void setPermissionsImpl(User user, String executorName, Map existing = new HashSet<>(); - try (CloseableIterator i = queryFactory.select(pm.objectId, pm.permission).from(pm) - .where(pm.executor.eq(executor).and(pm.objectType.eq(type)).and(pm.objectId.in(objectIds))).iterate()) { + try (CloseableIterator i = queryFactory.select(pm.objectId, pm.permission) + .from(pm) + .where(pm.executor.eq(executor) + .and(pm.objectType.eq(type)) + .and(pm.objectId.in(objectIds))) + .iterate() + ) { while (i.hasNext()) { Tuple t = i.next(); existing.add(new IdAndPermission(t.get(0, Long.class), t.get(1, Permission.class))); @@ -373,7 +378,7 @@ public void removeAllPermissions(User user, String executorName, Map> objectNames, Set permissions) { - Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. + Executor executor = executorDao.getExecutor(executorName); // [QSL] Only id is needed, or maybe even join would be enough. permissionDao.checkAllowed(user, Permission.READ, executor); QPermissionMapping pm = QPermissionMapping.permissionMapping; From 8db770a1c800a12363c9314e0bd79f287bb5c64a Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:46:16 +0700 Subject: [PATCH 23/71] #1565 --- .../security/logic/AuthorizationLogic.java | 30 +++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index 1705de1cc0..e64af10533 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -441,11 +441,14 @@ public void setPermissions(User user, Executor executor, Collection /** * Load executor's which already has (or not has) some permission on specified securedObject. This query using paging. * - * @param user Current actor {@linkplain User}. - * @param securedObject {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. - * @param batchPresentation {@linkplain BatchPresentation} for loading executors. - * @param hasPermission Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without - * permissions. + * @param user + * Current actor {@linkplain User}. + * @param securedObject + * {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. + * @param batchPresentation + * {@linkplain BatchPresentation} for loading executors. + * @param hasPermission + * Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without permissions. * @return Executors with or without permission on {@linkplain SecuredObject} . */ public List getExecutorsWithPermission(User user, SecuredObject securedObject, BatchPresentation batchPresentation, @@ -458,9 +461,9 @@ public List getExecutorsWithPermission(User user, SecuredObj if (batchPresentation.getType().getPresentationClass().isInstance(privelegedExecutor) && permissionDao.isAllowed(user, Permission.READ, privelegedExecutor)) { if (hasPermission) - executors.add(0, privelegedExecutor); + executors.add(0, privelegedExecutor); else - executors.remove(privelegedExecutor); + executors.remove(privelegedExecutor); } } return executors; @@ -469,11 +472,14 @@ public List getExecutorsWithPermission(User user, SecuredObj /** * Load executor's count which already has (or not has) some permission on specified securedObject. * - * @param user Current actor {@linkplain User}. - * @param securedObject {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. - * @param batchPresentation {@linkplain BatchPresentation} for loading executors. - * @param hasPermission Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without - * permissions. + * @param user + * Current actor {@linkplain User}. + * @param securedObject + * {@linkplain SecuredObject} to load executors, which has (or not) permission on this securedObject. + * @param batchPresentation + * {@linkplain BatchPresentation} for loading executors. + * @param hasPermission + * Flag equals true to load executors with permissions on {@linkplain SecuredObject}; false to load executors without permissions. * @return Count of executors with or without permission on {@linkplain SecuredObject}. */ public int getExecutorsWithPermissionCount(User user, SecuredObject securedObject, BatchPresentation batchPresentation, boolean hasPermission) { From 7ca1d8fb8f5b6afc013121613d2fb1f6fdaafd0c Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:47:24 +0700 Subject: [PATCH 24/71] #1565 --- .../main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java | 1 + 1 file changed, 1 insertion(+) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index e64af10533..8f6cd05341 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -118,6 +118,7 @@ public List getIssuedPermissions(User user, Executor performer, Secu return permissionDao.getIssuedPermissions(performer, securedObject); } + /** * Exports permissions to xml, see: ExportDataFileAction. *

From d90f8bbe8e766d5faff30d2c1b989ec09ea337e1 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 22 Jun 2020 23:48:27 +0700 Subject: [PATCH 25/71] #1565 --- .../main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java | 1 - 1 file changed, 1 deletion(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index 8f6cd05341..e157120c99 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -64,7 +64,6 @@ public class AuthorizationLogic extends CommonLogic { @Autowired private SecuredObjectFactory securedObjectFactory; - /** * Used by addPermissions() and setPermissions(), to avoid duplicated rows in table "permission_mapping". */ From 0e422c7facd5874389fc725e0e3ab62f174c69e8 Mon Sep 17 00:00:00 2001 From: dataobject Date: Thu, 25 Jun 2020 14:54:31 +0300 Subject: [PATCH 26/71] Bug fixing --- .../web/action/ViewInternalStorageAction.java | 30 ++++++------- .../web/form/ViewInternalStorageForm.java | 10 ++--- ...ewSheetsTag.java => ViewWorkbooksTag.java} | 42 +++++++++---------- .../WEB-INF/classes/struts_ru.properties | 2 +- .../WEB-INF/common/internal_storage.jsp | 12 +++--- 5 files changed, 49 insertions(+), 47 deletions(-) rename wfe-web/src/main/java/ru/runa/common/web/tag/{ViewSheetsTag.java => ViewWorkbooksTag.java} (63%) diff --git a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java index 659bb9a774..c374bbd0f2 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java +++ b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java @@ -44,29 +44,30 @@ public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpS DataSource ds = DataSourceStorage.getDataSource(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME); if (ds instanceof ExcelDataSource) { ExcelDataSource eds = (ExcelDataSource) ds; - workbookPath = eds.getFilePath() + "/" + eds.getFileName(); + workbookPath = eds.getFilePath(); request.setAttribute("workbookPath", workbookPath); if (form.getMode() == ViewInternalStorageForm.MODE_DOWNLOAD) { - String encodedFileName = HTMLUtils.encodeFileName(request, eds.getFileName()); + String encodedFileName = HTMLUtils.encodeFileName(request, form.getWorkbookName()); response.setHeader("Content-disposition", "attachment; filename=\"" + encodedFileName + "\""); OutputStream os = response.getOutputStream(); - Files.copy(new File(form.getWorkbookPath()), os); + Files.copy(new File(form.getWorkbookPath() + "/" + form.getWorkbookName()), os); os.flush(); return null; } } form.setWorkbookPath(workbookPath); - if (!Strings.isNullOrEmpty(workbookPath) && !Strings.isNullOrEmpty(form.getSheetName())) { - try (InputStream is = new FileInputStream(workbookPath)) { + String workbookName = form.getWorkbookName(); + if (!Strings.isNullOrEmpty(workbookPath) && !Strings.isNullOrEmpty(workbookName)) { + try (InputStream is = new FileInputStream(workbookPath + "/" + workbookName)) { Workbook wb = null; - if (workbookPath.endsWith(".xls")) { + if (workbookName.endsWith(".xls")) { wb = new HSSFWorkbook(is); - } else if (workbookPath.endsWith(".xlsx")) { + } else if (workbookName.endsWith(".xlsx")) { wb = new XSSFWorkbook(is); } else { throw new IllegalArgumentException("excel file extension is incorrect"); } - Sheet sheet = wb.getSheet(form.getSheetName()); + Sheet sheet = wb.getSheetAt(0); List> data = new ArrayList<>(); int columnNumber = getSheetContent(sheet, data); StringBuffer sheetContent = new StringBuffer(); @@ -82,11 +83,8 @@ public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpS sheetContent.append(""); } sheetContent.append(""); - } else { - sheetContent.append("Empty sheet"); - } - request.setAttribute("sheetContent", sheetContent.toString()); + request.setAttribute("workbookContent", sheetContent.toString()); wb.close(); } } @@ -127,8 +125,12 @@ private int getSheetContent(Sheet sheet, List> data) { for (int r = 0; r <= sheet.getLastRowNum(); r++) { List cells = new ArrayList<>(); Row row = sheet.getRow(r); - for (int c = 0; c < row.getLastCellNum(); c++) { - cells.add(row.getCell(c)); + if (row == null) { + break; + } else { + for (int c = 0; c < row.getLastCellNum(); c++) { + cells.add(row.getCell(c)); + } } data.add(cells); columnNumber = Math.max(columnNumber, cells.size()); diff --git a/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java b/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java index 262ab6670f..6eb722e2da 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java +++ b/wfe-web/src/main/java/ru/runa/common/web/form/ViewInternalStorageForm.java @@ -12,7 +12,7 @@ public class ViewInternalStorageForm extends ActionForm { private int mode; private String workbookPath; - private String sheetName; + private String workbookName; public String getWorkbookPath() { return workbookPath; @@ -22,12 +22,12 @@ public void setWorkbookPath(String workbookPath) { this.workbookPath = workbookPath; } - public String getSheetName() { - return sheetName; + public String getWorkbookName() { + return workbookName; } - public void setSheetName(String sheetName) { - this.sheetName = sheetName; + public void setWorkbookName(String workbookName) { + this.workbookName = workbookName; } public int getMode() { diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java similarity index 63% rename from wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java rename to wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java index a2ef9f5f56..11babeed7f 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewSheetsTag.java +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java @@ -1,17 +1,12 @@ package ru.runa.common.web.tag; import com.google.common.base.Throwables; -import java.io.FileInputStream; +import java.io.File; import java.io.IOException; -import java.io.InputStream; import java.util.HashMap; import java.util.Map; import javax.servlet.jsp.tagext.Tag; import javax.servlet.jsp.tagext.TagSupport; -import org.apache.poi.hssf.usermodel.HSSFWorkbook; -import org.apache.poi.ss.usermodel.Sheet; -import org.apache.poi.ss.usermodel.Workbook; -import org.apache.poi.xssf.usermodel.XSSFWorkbook; import org.tldgen.annotations.Attribute; import org.tldgen.annotations.BodyContent; import ru.runa.common.web.Commons; @@ -21,8 +16,8 @@ import ru.runa.wfe.service.delegate.Delegates; import ru.runa.wfe.user.User; -@org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "viewSheets") -public class ViewSheetsTag extends TagSupport { +@org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "viewWorkbooks") +public class ViewWorkbooksTag extends TagSupport { private static final long serialVersionUID = 1L; private String workbookPath; @@ -42,23 +37,18 @@ public int doStartTag() { } try { StringBuilder html = new StringBuilder(); - try (InputStream is = new FileInputStream(workbookPath)) { - Workbook wb = null; - if (workbookPath.endsWith(".xls")) { - wb = new HSSFWorkbook(is); - } else if (workbookPath.endsWith(".xlsx")) { - wb = new XSSFWorkbook(is); - } else { - throw new IllegalArgumentException("excel file extension is incorrect"); - } - for (int i = 0; i < wb.getNumberOfSheets(); i++) { - Sheet sheet = wb.getSheetAt(i); + File internalStorage = new File(workbookPath); + if (internalStorage.exists() && internalStorage.isDirectory()) { + String[] workbookNameList = internalStorage.list((dir, name) -> { + return name.endsWith(".xls") || name.endsWith(".xlsx"); + }); + for (int i = 0; i < workbookNameList.length; i++) { Map params = new HashMap<>(); - params.put("sheetName", sheet.getSheetName()); + params.put("workbookName", workbookNameList[i]); String href = Commons.getActionUrl(ViewInternalStorageAction.ACTION_PATH, params, pageContext, PortletUrlType.Action); - html.append("").append(sheet.getSheetName()).append("   "); + html.append("").append(withoutExtension(workbookNameList[i])) + .append("   "); } - wb.close(); } pageContext.getOut().write(html.toString()); return Tag.SKIP_BODY; @@ -67,6 +57,14 @@ public int doStartTag() { } } + private String withoutExtension(String fileName) { + int lastDotIndex = fileName.indexOf("."); + if (lastDotIndex > 0) { + return fileName.substring(0, lastDotIndex); + } + return fileName; + } + private User getUser() { return Commons.getUser(pageContext.getSession()); } diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties index f3dbbde0b7..d09c913426 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties @@ -703,4 +703,4 @@ label.payload_parameter_name = \u0418\u043c\u044f \u043f\u0435\u0440\u0435\u043c label.payload_parameter_value = \u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 signal.message_is_sent = \u0421\u0438\u0433\u043d\u0430\u043b \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d -view_internal_storage = \u0412\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 +view_internal_storage = \u0412\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 diff --git a/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp b/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp index 628b7875c0..1e3a6e5c44 100644 --- a/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp +++ b/wfe-web/src/main/webapp/WEB-INF/common/internal_storage.jsp @@ -8,7 +8,8 @@ <% String workbookPath = (String) request.getAttribute("workbookPath"); - String sheetContent = (String) request.getAttribute("sheetContent"); + String workbookName = (String) request.getAttribute("workbookName"); + String workbookContent = (String) request.getAttribute("workbookContent"); %> @@ -36,16 +37,17 @@ <%= workbookPath %>
- - <% if (sheetContent != null) { %> + + <% if (workbookContent != null) { %> +
- +
- <%= sheetContent %> + <%= workbookContent %> <% } %> From 9b70196b78e266e94f8333c4545be468e9c9f13c Mon Sep 17 00:00:00 2001 From: ibaldina Date: Thu, 9 Jul 2020 17:01:56 +0700 Subject: [PATCH 27/71] 1533 --- wfe-app/pom.xml | 4 +- .../hibernate/HibernateCompilerHqlBuider.java | 2 +- .../hibernate/RestrictionsToPermissions.java | 25 +++++++++ .../java/ru/runa/wfe/security/Permission.java | 2 + .../runa/wfe/security/dao/PermissionDao.java | 7 +++ .../runa/wfe/security/dao/PermissionRule.java | 55 +++++++++++++++++++ 6 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionRule.java diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 4d673eb16c..0cebaf38ca 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/ExampleDS - org.hibernate.dialect.H2Dialect + java:jboss/datasources/WfeMasterDS + org.hibernate.dialect.PostgreSQLDialect java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java index 699300b0a5..5c3c1ed8a7 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java +++ b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java @@ -318,7 +318,7 @@ private List addFilters() { // TODO Largely duplicates PermissionDAO logic. After (if ever) BatchPresentation uses QueryDSL, try to merge duplicates. private List addSecureCheck() { List result = new LinkedList<>(); - RestrictionsToPermissions pp = parameters.getPermissionRestrictions(); + RestrictionsToPermissions pp = parameters.getPermissionRestrictions().cloneCheckRequired(); if (pp == null) { return result; } diff --git a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java index 4975ed601e..d6083479cd 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java @@ -1,14 +1,39 @@ package ru.runa.wfe.presentation.hibernate; +import java.util.Arrays; + import org.springframework.util.Assert; import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.security.SecurityCheckProperties; import ru.runa.wfe.user.User; /** * Restrictions to load only objects with specified permission granted for user. */ public class RestrictionsToPermissions { + + protected RestrictionsToPermissions cloneCheckRequired() { + SecuredObjectType[] resTypes = null; + if (this.types != null) { + resTypes = new SecuredObjectType[types.length]; + int n = 0; + for (int i = 0; i < types.length; i++) { + if (types[i] != null && SecurityCheckProperties.isPermissionCheckRequired(types[i])) { + resTypes[n] = types[i]; + n++; + } + } + if (n == 0) { + return null; + } else { + resTypes = Arrays.copyOf(resTypes, n); + } + } + RestrictionsToPermissions res = new RestrictionsToPermissions(this.user, this.permission, resTypes); + return res; + } + /** * User which must has permission on queried objects. Queries only objects with condition: at least one executor from (user + its groups) * must have 'permission' with 'securedObjectTypes'. Can be null. diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java index 744e64455d..2b68107230 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java @@ -203,4 +203,6 @@ public boolean equals(Object obj) { public static final Permission UPDATE_PERMISSIONS = new Permission("UPDATE_PERMISSIONS"); public static final Permission VIEW_TASKS = new Permission("VIEW_TASKS"); + + public static final Permission ADD_ACTOR_TO_GROUP = new Permission("ADD_ACTOR_TO_GROUP"); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 7e16ee9fec..686397e992 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -232,6 +232,13 @@ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectTy public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull) { return filterAllowedIds(executor, permission, type, idsOrNull, true); } + + private static List requiredRules = new ArrayList(10); + + static { + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.CREATE_EXECUTOR, true)); + } /** * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionRule.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionRule.java new file mode 100644 index 0000000000..bd0f5c249c --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionRule.java @@ -0,0 +1,55 @@ +package ru.runa.wfe.security.dao; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import ru.runa.wfe.security.Permission; +import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.user.Executor; + +@Getter +@Setter +@NoArgsConstructor +public class PermissionRule { + + private Permission permission; + private SecuredObjectType objectType; + private Long objectId; + private Boolean isAdministrator; + private Executor executor; + + public PermissionRule(SecuredObjectType type, Permission perm, Boolean isAdmin) { + this.objectType = type; + this.permission = perm; + this.isAdministrator = isAdmin; + } + + public boolean isAllowed(SecuredObjectType type, Long id, Boolean isAdmin, Permission perm) { + if (permission != null) { + if (! permission.equals(perm) ) { + return false; + } + } + + if (objectType != null) { + if ( !objectType.equals(type)) { + return false; + } + } + + if (objectId != null) { + if (!objectId.equals(id)) { + return false; + } + } + + if (isAdministrator != null) { + if (!isAdministrator.equals(isAdmin)) { + return false; + } + } + + return true; + } +} From 03cdb41b5f76bf19f396ea3e54b9725a279be0de Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 15 Jul 2020 12:38:36 +0700 Subject: [PATCH 28/71] #1533 --- wfe-app/pom.xml | 4 +- .../hibernate/HibernateCompilerHqlBuider.java | 2 +- .../runa/wfe/security/dao/PermissionDao.java | 46 +++++++++++++------ .../src/main/java/ru/runa/wfe/user/Actor.java | 1 + .../main/resources/securitycheck.properties | 2 + wfe-web/src/main/resources/settingsList.xml | 8 ++++ .../classes/settingsDescriptions.properties | 6 ++- .../settingsDescriptions_ru.properties | 6 ++- 8 files changed, 55 insertions(+), 20 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 0cebaf38ca..4d673eb16c 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/WfeMasterDS - org.hibernate.dialect.PostgreSQLDialect + java:jboss/datasources/ExampleDS + org.hibernate.dialect.H2Dialect java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java index 5c3c1ed8a7..535c58fcc7 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java +++ b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java @@ -318,7 +318,7 @@ private List addFilters() { // TODO Largely duplicates PermissionDAO logic. After (if ever) BatchPresentation uses QueryDSL, try to merge duplicates. private List addSecureCheck() { List result = new LinkedList<>(); - RestrictionsToPermissions pp = parameters.getPermissionRestrictions().cloneCheckRequired(); + RestrictionsToPermissions pp = (parameters.getPermissionRestrictions()==null)?null:parameters.getPermissionRestrictions().cloneCheckRequired(); if (pp == null) { return result; } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 686397e992..fea01183d9 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -51,6 +51,7 @@ import ru.runa.wfe.security.SecuredObject; import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecurityCheckProperties; +import ru.runa.wfe.user.Actor; import ru.runa.wfe.user.Executor; import ru.runa.wfe.user.User; import ru.runa.wfe.user.dao.ExecutorDao; @@ -149,9 +150,6 @@ public void setPermissions(Executor executor, Collection permissions * Throws if user has no permission to object. */ public void checkAllowed(User user, Permission permission, SecuredObject object) { - if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { - return; - } if (!isAllowed(user, permission, object)) { throw new AuthorizationException(user + " does not have " + permission + " to " + object); } @@ -161,9 +159,6 @@ public void checkAllowed(User user, Permission permission, SecuredObject object) * Throws if user has no permission to {type, id}. */ public void checkAllowed(User user, Permission permission, SecuredObjectType type, Long id) { - if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { - return; - } if (!isAllowed(user, permission, type, id)) { throw new AuthorizationException(user + " does not have " + permission + " to (" + type + ", " + id + ")"); } @@ -174,6 +169,11 @@ public void checkAllowed(User user, Permission permission, SecuredObjectType typ */ public void checkAllowedForAll(User user, Permission permission, SecuredObjectType type, List ids) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { + for (Long id: ids) { + if (!checkRequiredRules(user.getActor(), permission, type, id) ) { + throw new AuthorizationException("User " + user + " does not have " + permission + " on all of (" + type + ", " + id + ")"); + } + } return; } Assert.notNull(ids); @@ -189,21 +189,21 @@ public void checkAllowedForAll(User user, Permission permission, SecuredObjectTy */ public boolean isAllowed(User user, Permission permission, SecuredObject object) { if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { - return true; + return checkRequiredRules(user.getActor(), permission, object.getSecuredObjectType(), object.getIdentifiableId()); } return isAllowed(user.getActor(), permission, object.getSecuredObjectType(), object.getIdentifiableId()); } public boolean isAllowed(User user, Permission permission, SecuredObjectType type, Long id) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { - return true; + return checkRequiredRules(user.getActor(), permission, type, id); } return isAllowed(user.getActor(), permission, type, id); } public boolean isAllowed(Executor executor, Permission permission, SecuredObjectType type, Long id) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { - return true; + return checkRequiredRules(executor, permission, type, id); } Assert.notNull(id); return !filterAllowedIds(executor, permission, type, Collections.singletonList(id)).isEmpty(); @@ -211,7 +211,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject public boolean isAllowed(Executor executor, Permission permission, SecuredObject object, boolean checkPrivileged) { if (!SecurityCheckProperties.isPermissionCheckRequired(object.getSecuredObjectType())) { - return true; + return checkRequiredRules(executor, permission, object.getSecuredObjectType(), object.getIdentifiableId()); } Long id = object.getIdentifiableId(); SecuredObjectType type = object.getSecuredObjectType(); @@ -224,7 +224,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject */ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType type) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { - return true; + return checkRequiredRules(user.getActor(), permission, type, null); } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); } @@ -237,7 +237,27 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu static { requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.CREATE_EXECUTOR, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); + } + + private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { + boolean isAdmin = false; + if (executor instanceof Actor) { + isAdmin =executorDao.isAdministrator((Actor) executor); + } + for (PermissionRule r: requiredRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + return false; + } + } + } + return true; } /** @@ -362,7 +382,7 @@ public boolean[] isAllowed(User user, Permission permi } for (int i = 0; i < securedObjects.size(); i++) { if (!SecurityCheckProperties.isPermissionCheckRequired(securedObjects.get(i).getSecuredObjectType())) { - result[i] = true; + result[i] = checkRequiredRules(user.getActor(), permission, securedObjects.get(i).getSecuredObjectType(), securedObjects.get(i).getIdentifiableId()); } else { result[i] = allowedIdentifiableIds.contains(securedObjects.get(i).getIdentifiableId()); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java b/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java index 35419be73e..4384ef7942 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java +++ b/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java @@ -23,6 +23,7 @@ import javax.persistence.Transient; import org.hibernate.annotations.Index; +import org.hibernate.annotations.Type; import com.google.common.base.MoreObjects; import com.google.common.base.Strings; diff --git a/wfe-core/src/main/resources/securitycheck.properties b/wfe-core/src/main/resources/securitycheck.properties index 4bb38dda8d..c6e098aca5 100644 --- a/wfe-core/src/main/resources/securitycheck.properties +++ b/wfe-core/src/main/resources/securitycheck.properties @@ -3,6 +3,8 @@ permission.check.required.EXECUTOR=false permission.check.required.DEFINITION=false permission.check.required.PROCESS=false permission.check.required.REPORT=false +permission.check.required.REPORTS=false +permission.check.required.RELATIONS=false permission.check.required.RELATION=false permission.check.required.BOTSTATIONS=false permission.check.required.SYSTEM=false \ No newline at end of file diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index 93b439e2fc..73edaf1213 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -278,10 +278,18 @@ true false + + true + false + true false + + true + false + true false diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index 727bd79b46..e124b2faea 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -114,7 +114,9 @@ securitycheck.properties = Permission check settings securitycheck.properties_permission.check.required.EXECUTOR = Check actors securitycheck.properties_permission.check.required.DEFINITION = Check process definitions securitycheck.properties_permission.check.required.PROCESS = Check process instances -securitycheck.properties_permission.check.required.REPORT = Check reports -securitycheck.properties_permission.check.required.RELATION = Check relations +securitycheck.properties_permission.check.required.REPORTS = Check reports +securitycheck.properties_permission.check.required.REPORT = Check report +securitycheck.properties_permission.check.required.RELATIONS = Check relations +securitycheck.properties_permission.check.required.RELATION = Check relation securitycheck.properties_permission.check.required.BOTSTATIONS = Check bot stations securitycheck.properties_permission.check.required.SYSTEM = Check system \ No newline at end of file diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 4b88df4ead..513219ecb8 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -115,7 +115,9 @@ securitycheck.properties=\u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 securitycheck.properties_permission.check.required.EXECUTOR=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0438\u0441\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044F\u043C securitycheck.properties_permission.check.required.DEFINITION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u043F\u0440\u0435\u0434\u0435\u043B\u0435\u043D\u0438\u044F\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 securitycheck.properties_permission.check.required.PROCESS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u044D\u043A\u0437\u0435\u043C\u043F\u043B\u044F\u0440\u0430\u043C \u043F\u0440\u043E\u0446\u0435\u0441\u0441\u0430 -securitycheck.properties_permission.check.required.REPORT=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C -securitycheck.properties_permission.check.required.RELATION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C +securitycheck.properties_permission.check.required.REPORT=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0443 +securitycheck.properties_permission.check.required.REPORTS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u0447\u0451\u0442\u0430\u043C +securitycheck.properties_permission.check.required.RELATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C +securitycheck.properties_permission.check.required.RELATION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044E securitycheck.properties_permission.check.required.BOTSTATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C securitycheck.properties_permission.check.required.SYSTEM=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file From b9fe4497b4b3d08705651d7c6baf4a259280736b Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 15 Jul 2020 18:06:22 +0700 Subject: [PATCH 29/71] #1533 --- wfe-app/pom.xml | 4 ++++ .../src/main/java/ru/runa/wfe/security/dao/PermissionDao.java | 3 +++ 2 files changed, 7 insertions(+) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 4d673eb16c..4aef4a0bb6 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,8 +27,12 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} + java:jboss/datasources/WfeMasterDS + org.hibernate.dialect.PostgreSQLDialect + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index fea01183d9..17b63d207c 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -237,6 +237,9 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu static { requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_ACTOR_STATUS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); From 5ec9ece7abc5ad932d23e3eaac0e471e9ec84775 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 15 Jul 2020 18:13:34 +0700 Subject: [PATCH 30/71] #1533 --- .../ru/runa/wfe/security/dao/PermissionDao.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 17b63d207c..2283c4e17f 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -241,11 +241,22 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.CANCEL_PROCESS, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + } private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { From 54dd58c4da28d383d463e07499ee3b3bd9b7f442 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 15 Jul 2020 19:25:22 +0700 Subject: [PATCH 31/71] #1533 --- wfe-app/pom.xml | 5 +++-- .../main/java/ru/runa/wfe/security/SecuredObjectType.java | 2 ++ .../src/main/java/ru/runa/wfe/security/SecuredSingleton.java | 1 + .../main/java/ru/runa/wfe/security/dao/PermissionDao.java | 4 ++++ wfe-core/src/main/resources/securitycheck.properties | 3 ++- .../main/java/ru/runa/af/web/tag/DeployDataSourceTag.java | 4 +++- .../src/main/java/ru/runa/common/web/tag/TabHeaderTag.java | 2 +- wfe-web/src/main/resources/settingsList.xml | 4 ++++ .../webapp/WEB-INF/classes/settingsDescriptions.properties | 3 ++- .../WEB-INF/classes/settingsDescriptions_ru.properties | 3 ++- 10 files changed, 24 insertions(+), 7 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 4aef4a0bb6..6790205769 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,12 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect ---> + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java index 864e305d28..561b63e55c 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java @@ -134,4 +134,6 @@ public boolean equals(Object obj) { public static final SecuredObjectType REPORT = new SecuredObjectType("REPORT", REPORTS); public static final SecuredObjectType SYSTEM = new SecuredObjectType("SYSTEM", true); + + public static final SecuredObjectType DATASOURCES = new SecuredObjectType("DATASOURCES", true); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java index 86cdd886e2..f7bbff62a6 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java @@ -60,4 +60,5 @@ public final SecuredObjectType getSecuredObjectType() { public static final SecuredSingleton RELATIONS = new SecuredSingleton(SecuredObjectType.RELATIONS); public static final SecuredSingleton REPORTS = new SecuredSingleton(SecuredObjectType.REPORTS); public static final SecuredSingleton SYSTEM = new SecuredSingleton(SecuredObjectType.SYSTEM); + public static final SecuredSingleton DATASOURCES = new SecuredSingleton(SecuredObjectType.DATASOURCES); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 2283c4e17f..2bad657a62 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -242,6 +242,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); @@ -257,6 +259,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + } private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { diff --git a/wfe-core/src/main/resources/securitycheck.properties b/wfe-core/src/main/resources/securitycheck.properties index c6e098aca5..0a88533e59 100644 --- a/wfe-core/src/main/resources/securitycheck.properties +++ b/wfe-core/src/main/resources/securitycheck.properties @@ -7,4 +7,5 @@ permission.check.required.REPORTS=false permission.check.required.RELATIONS=false permission.check.required.RELATION=false permission.check.required.BOTSTATIONS=false -permission.check.required.SYSTEM=false \ No newline at end of file +permission.check.required.SYSTEM=false +permission.check.required.DATASOURCES=false \ No newline at end of file diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployDataSourceTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployDataSourceTag.java index 1e6bb98e49..34d449c712 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployDataSourceTag.java +++ b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployDataSourceTag.java @@ -28,6 +28,8 @@ import ru.runa.common.web.tag.TitledFormTag; import ru.runa.wf.web.MessagesDataSource; import ru.runa.wfe.security.AuthorizationException; +import ru.runa.wfe.security.Permission; +import ru.runa.wfe.security.SecuredSingleton; import ru.runa.wfe.service.delegate.Delegates; @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "deployDataSource") @@ -37,7 +39,7 @@ public class DeployDataSourceTag extends TitledFormTag { @Override protected boolean isSubmitButtonEnabled() { - return Delegates.getExecutorService().isAdministrator(getUser()); + return Delegates.getExecutorService().isAdministrator(getUser()) && Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.DATASOURCES); } @Override diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java index 9ee1904cbf..896008bc42 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java @@ -61,7 +61,7 @@ public class TabHeaderTag extends TagSupport { FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_REPORTS, SecuredSingleton.REPORTS)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_RELATIONS, SecuredSingleton.RELATIONS)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_BOT_STATION, SecuredSingleton.BOTSTATIONS)); - FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATA_SOURCES, null, true)); + FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATA_SOURCES, SecuredSingleton.DATASOURCES)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SYSTEM, SecuredSingleton.SYSTEM)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SETTINGS, null, true)); FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_LOGS)); diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index 73edaf1213..1aaffac556 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -298,6 +298,10 @@ true false + + true + false + true false diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index e124b2faea..6151050115 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -119,4 +119,5 @@ securitycheck.properties_permission.check.required.REPORT = Check report securitycheck.properties_permission.check.required.RELATIONS = Check relations securitycheck.properties_permission.check.required.RELATION = Check relation securitycheck.properties_permission.check.required.BOTSTATIONS = Check bot stations -securitycheck.properties_permission.check.required.SYSTEM = Check system \ No newline at end of file +securitycheck.properties_permission.check.required.SYSTEM = Check system +securitycheck.properties_permission.check.required.DATASOURCES = Check datasources \ No newline at end of file diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 513219ecb8..b479105dd8 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -120,4 +120,5 @@ securitycheck.properties_permission.check.required.REPORTS=\u041F\u0440\u0438\u0 securitycheck.properties_permission.check.required.RELATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044F\u043C securitycheck.properties_permission.check.required.RELATION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044E securitycheck.properties_permission.check.required.BOTSTATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C -securitycheck.properties_permission.check.required.SYSTEM=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 \ No newline at end of file +securitycheck.properties_permission.check.required.SYSTEM=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 +securitycheck.properties_permission.check.required.DATASOURCES=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u0434\u043B\u044F \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u043E\u0432 \u0436\u0430\u043D\u043D\u044B\u0445 \ No newline at end of file From 4844fa7f74d0c39ee691ff96bfd128274514a2c0 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 22 Jul 2020 19:34:19 +0700 Subject: [PATCH 32/71] #1533 --- wfe-app/pom.xml | 6 +++--- .../java/ru/runa/wfe/security/dao/PermissionDao.java | 11 ++++++++++- .../classes/settingsDescriptions_ru.properties | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 6790205769..1d0ec55ed0 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 2bad657a62..05c6cf0c2e 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -244,11 +244,20 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.DELETE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); @@ -310,7 +319,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu .and(pm.objectId.eq(0L)) .and(pm.permission.in(subst.listPermissions))) .fetchFirst() != null) { - + return haveIds ? new HashSet<>(idsOrNull) : nonEmptySet; } diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index b479105dd8..43813122ad 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -121,4 +121,4 @@ securitycheck.properties_permission.check.required.RELATIONS=\u041F\u0440\u0438\ securitycheck.properties_permission.check.required.RELATION=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u043E\u0442\u043D\u043E\u0448\u0435\u043D\u0438\u044E securitycheck.properties_permission.check.required.BOTSTATIONS=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0431\u043E\u0442-\u0441\u0442\u0430\u043D\u0446\u0438\u044F\u043C securitycheck.properties_permission.check.required.SYSTEM=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044F\u043C \u0441 \u0441\u0438\u0441\u0442\u0435\u043C\u043E\u0439 -securitycheck.properties_permission.check.required.DATASOURCES=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u0434\u043B\u044F \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u043E\u0432 \u0436\u0430\u043D\u043D\u044B\u0445 \ No newline at end of file +securitycheck.properties_permission.check.required.DATASOURCES=\u041F\u0440\u0438\u043C\u0435\u043D\u044F\u0442\u044C \u0434\u043B\u044F \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u043E\u0432 \u0434\u0430\u043D\u043D\u044B\u0445 \ No newline at end of file From f57215031f99e1c2e0bbf43d75c70206f93586fe Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 22 Jul 2020 22:03:09 +0700 Subject: [PATCH 33/71] #1533 --- .../java/ru/runa/wfe/security/ApplicablePermissions.java | 3 ++- .../src/main/java/ru/runa/wfe/security/Permission.java | 2 ++ .../main/java/ru/runa/wfe/security/dao/PermissionDao.java | 4 ++++ .../java/ru/runa/wf/web/tag/TaskFormDelegationTag.java | 7 +++++++ wfe-web/src/main/webapp/WEB-INF/classes/struts.properties | 1 + .../src/main/webapp/WEB-INF/classes/struts_ru.properties | 1 + 6 files changed, 17 insertions(+), 1 deletion(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java index 5fa3ec6939..feb8e00feb 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java @@ -44,6 +44,7 @@ import static ru.runa.wfe.security.Permission.UPDATE_ACTOR_STATUS; import static ru.runa.wfe.security.Permission.VIEW_LOGS; import static ru.runa.wfe.security.Permission.VIEW_TASKS; +import static ru.runa.wfe.security.Permission.DELEGATE_TASKS; /** * Extracted from class Permission because permission-to-securedObjectType applicability is separate piece of logic, @@ -216,7 +217,7 @@ public static void check(SecuredObject obj, Collection permissions) .defaults(READ) .hidden(READ_PERMISSIONS); - add(SecuredObjectType.EXECUTOR, READ, UPDATE_PERMISSIONS, UPDATE, UPDATE_ACTOR_STATUS, VIEW_TASKS) + add(SecuredObjectType.EXECUTOR, READ, UPDATE_PERMISSIONS, UPDATE, UPDATE_ACTOR_STATUS, VIEW_TASKS, DELEGATE_TASKS) .defaults(READ) .hidden(READ_PERMISSIONS); diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java index 2b68107230..e2358752a8 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java @@ -204,5 +204,7 @@ public boolean equals(Object obj) { public static final Permission VIEW_TASKS = new Permission("VIEW_TASKS"); + public static final Permission DELEGATE_TASKS = new Permission("DELEGATE_TASKS"); + public static final Permission ADD_ACTOR_TO_GROUP = new Permission("ADD_ACTOR_TO_GROUP"); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 05c6cf0c2e..90f67257cf 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -238,8 +238,10 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu static { requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_ACTOR_STATUS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); @@ -252,6 +254,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.DELETE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java index 806794ebf6..3c456fa249 100644 --- a/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java +++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java @@ -14,6 +14,8 @@ import ru.runa.common.web.Commons; import ru.runa.common.web.tag.VisibleTag; import ru.runa.wf.web.MessagesProcesses; +import ru.runa.wfe.security.Permission; +import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.service.ExecutorService; import ru.runa.wfe.service.delegate.Delegates; import ru.runa.wfe.service.delegate.ExecutorServiceDelegate; @@ -25,6 +27,11 @@ */ @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "taskFormDelegationButton") public class TaskFormDelegationTag extends VisibleTag { + @Override + protected boolean isVisible() { + return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.DELEGATE_TASKS, SecuredObjectType.EXECUTOR, null); + } + private static final long serialVersionUID = 1L; private Long taskId; diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties index 09c839a0f5..4e2ab2cd52 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties @@ -468,6 +468,7 @@ permission.UPDATE = Update permission.UPDATE_ACTOR_STATUS = Update status permission.UPDATE_PERMISSIONS = Update permissions permission.VIEW_TASKS = View tasks +permission.DELEGATE_TASKS = Delegate tasks process.canceled = Process has been stopped process.does.not.exist.error = Process "{0}" does not exist diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties index 0a2dabda8e..402b436546 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties @@ -466,6 +466,7 @@ permission.UPDATE = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c permission.UPDATE_ACTOR_STATUS = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0441\u0442\u0430\u0442\u0443\u0441 permission.UPDATE_PERMISSIONS = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u043c\u043e\u0447\u0438\u044f permission.VIEW_TASKS = \u0412\u0438\u0434\u0435\u0442\u044c \u0437\u0430\u0434\u0430\u0447\u0438 +permission.DELEGATE_TASKS = \u0414\u0435\u043B\u0435\u0433\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0437\u0430\u0434\u0430\u0447\u0438 process.canceled = \u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d process.does.not.exist.error = \u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 "{0}" \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 From 2faf8fd627944bb5acc939ed7a72a95036f23791 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Thu, 23 Jul 2020 01:45:28 +0700 Subject: [PATCH 34/71] #1533 --- wfe-app/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 1d0ec55ed0..1c98d64b6f 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect ---> + java:jboss/UserTransaction false dd.MM.yyyy From 291f17eeac9d485d6e9b653dcd189e9e56604f48 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Thu, 23 Jul 2020 13:31:17 +0700 Subject: [PATCH 35/71] #1533 --- wfe-app/pom.xml | 6 +- .../wfe/security/ApplicablePermissions.java | 4 + .../wfe/security/SecuredObjectFactory.java | 4 +- .../runa/wfe/security/SecuredObjectType.java | 3 +- .../runa/wfe/security/dao/PermissionDao.java | 77 ++++++++++++++++++- .../webapp/WEB-INF/wf/manage_data_sources.jsp | 4 +- 6 files changed, 87 insertions(+), 11 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 1c98d64b6f..1d0ec55ed0 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java index feb8e00feb..34704cfc69 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java @@ -244,5 +244,9 @@ public static void check(SecuredObject obj, Collection permissions) add(SecuredObjectType.SYSTEM, READ, UPDATE_PERMISSIONS, LOGIN, CHANGE_SELF_PASSWORD, CREATE_EXECUTOR, CREATE_DEFINITION, VIEW_LOGS) .defaults(LOGIN) .hidden(READ_PERMISSIONS); + + add(SecuredObjectType.DATASOURCES, READ, UPDATE_PERMISSIONS, UPDATE) + .defaults(READ) + .hidden(READ_PERMISSIONS); } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java index 8fd7b9ba47..a9767ce1fc 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java @@ -232,8 +232,10 @@ public SecuredObject findById(Long id) { QReportDefinition rd = QReportDefinition.reportDefinition; return new WfReport(getQueryFactory().selectFrom(rd).where(rd.id.eq(id)).fetchFirst()); } - }); + }); add(SecuredSingleton.SYSTEM); + + add(SecuredSingleton.DATASOURCES); } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java index 561b63e55c..6c6b845c4f 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java @@ -132,8 +132,9 @@ public boolean equals(Object obj) { public static final SecuredObjectType REPORTS = new SecuredObjectType("REPORTS", true); public static final SecuredObjectType REPORT = new SecuredObjectType("REPORT", REPORTS); - + public static final SecuredObjectType SYSTEM = new SecuredObjectType("SYSTEM", true); public static final SecuredObjectType DATASOURCES = new SecuredObjectType("DATASOURCES", true); + } diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 90f67257cf..acdf587fe9 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -216,7 +216,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject Long id = object.getIdentifiableId(); SecuredObjectType type = object.getSecuredObjectType(); Assert.notNull(id); - return !filterAllowedIds(executor, permission, type, Collections.singletonList(id), checkPrivileged).isEmpty(); + return !(filterAllowedIds(executor, permission, type, Collections.singletonList(id), checkPrivileged)).isEmpty(); } /** @@ -233,7 +233,9 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu return filterAllowedIds(executor, permission, type, idsOrNull, true); } - private static List requiredRules = new ArrayList(10); + private static List requiredRules = new ArrayList(20); + + private static List implicitRules = new ArrayList(20); static { requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); @@ -265,15 +267,23 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, null)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.CANCEL_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); } private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { @@ -290,6 +300,64 @@ private boolean checkRequiredRules(Executor executor, Permission permission, Sec } return true; } + + private Set checkImplicitRules(Executor executor, Permission permission, SecuredObjectType type, Collection idsOrNull) { + boolean isAdmin = false; + if (executor instanceof Actor) { + isAdmin =executorDao.isAdministrator((Actor) executor); + } + if (idsOrNull == null) { + for (PermissionRule r: implicitRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, null, isAdmin, permission)) { + return Collections.emptySet(); + } + } + } + return Collections.emptySet(); + } + Set res = new HashSet(idsOrNull.size()); + for (Long idOrNull: idsOrNull) { + boolean bOk = true; + for (PermissionRule r: implicitRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + bOk = false; + break; + } + } + } + if (bOk) { + res.add(idOrNull); + } + } + return res; + } + + private Set checkImplicitRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { + boolean isAdmin = false; + if (executor instanceof Actor) { + isAdmin =executorDao.isAdministrator((Actor) executor); + } + + Set res = new HashSet(1); + + boolean bOk = true; + for (PermissionRule r: implicitRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + bOk = false; + break; + } + } + } + if (bOk) { + res.add(idOrNull); + } + + return res; + } + /** * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), @@ -303,7 +371,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu if (permission == Permission.NONE) { // Optimization; see comments at NONE definition. - return Collections.emptySet(); + return checkImplicitRules(executor, permission, type, idsOrNull); } final Set executorWithGroups = getExecutorWithAllHisGroups(executor); @@ -339,6 +407,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu return nonEmptySet; } } + result.addAll(checkImplicitRules(executor, permission, type, idsOrNull)); return result; } diff --git a/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp b/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp index 01192d8082..21b5998d2e 100644 --- a/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp +++ b/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp @@ -14,8 +14,8 @@ - - + + From 1b30ef65a22aca7ab228ab6e059ea875373a4e64 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Fri, 24 Jul 2020 12:12:10 +0700 Subject: [PATCH 36/71] #1533 reports --- .../java/ru/runa/common/web/html/BaseTdBuilder.java | 12 ++++++++---- .../report/web/html/ReportPropertiesTdBuilder.java | 6 ++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java index 621fc979f2..d75d384eef 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java +++ b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java @@ -47,14 +47,18 @@ public void setSecuredObjectExtractor(SecuredObjectExtractor securedObjectExtrac } protected boolean isEnabled(Object object, Env env) { - if (permission == null) { + return isEnabledFor(object, env, permission); + } + + protected boolean isEnabledFor(Object object, Env env, Permission perm) { + if (perm == null) { return false; } - if (permission == Permission.START_PROCESS) { + if (perm == Permission.START_PROCESS) { return ((WfDefinition) object).isCanBeStarted(); } - return env.isAllowed(permission, securedObjectExtractor); - } + return env.isAllowed(perm, securedObjectExtractor); + } protected String readProperty(Object object, String propertyName, boolean isExceptionOnAbsent) { try { diff --git a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java index f4dcbacbe6..769caf6786 100644 --- a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java +++ b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java @@ -27,7 +27,9 @@ import ru.runa.common.web.MessagesCommon; import ru.runa.common.web.form.IdForm; import ru.runa.common.web.html.BaseTdBuilder; +import ru.runa.common.web.html.TdBuilder.Env; import ru.runa.wfe.commons.web.PortletUrlType; +import ru.runa.wfe.definition.dto.WfDefinition; import ru.runa.wfe.report.dto.WfReport; import ru.runa.wfe.security.Permission; @@ -45,7 +47,7 @@ public TD build(Object object, Env env) { WfReport report = (WfReport) object; ConcreteElement startLink; - if (isEnabled(object, env)) { + if (isEnabledFor(object, env, Permission.UPDATE)) { String url = Commons.getActionUrl(WebResources.ACTION_MAPPING_MANAGE_REPORT, IdForm.ID_INPUT_NAME, report.getId(), env.getPageContext(), PortletUrlType.Render); startLink = new A(url, MessagesCommon.LABEL_PROPERTIES.message(env.getPageContext())); @@ -55,7 +57,7 @@ public TD build(Object object, Env env) { TD td = new TD(startLink); td.setClass(ru.runa.common.web.Resources.CLASS_LIST_TABLE_TD); return td; - } + } @Override public String getValue(Object object, Env env) { From 7e995ddebef83c1ec86268adee2ba61537ba68af Mon Sep 17 00:00:00 2001 From: ibaldina Date: Sat, 25 Jul 2020 18:34:09 +0700 Subject: [PATCH 37/71] system --- wfe-app/pom.xml | 6 +- .../wfe/relation/logic/RelationLogic.java | 5 +- .../runa/wfe/security/dao/PermissionDao.java | 64 +++++++++++++++++-- .../security/logic/AuthorizationLogic.java | 4 ++ .../wfe/service/AuthorizationService.java | 1 + .../AuthorizationServiceDelegate.java | 9 +++ .../impl/AuthorizationServiceBean.java | 6 ++ .../af/web/tag/ListRelationPairsFormTag.java | 6 ++ .../runa/af/web/tag/ListRelationsFormTag.java | 23 ++++++- .../runa/common/web/html/BaseTdBuilder.java | 11 +++- 10 files changed, 120 insertions(+), 15 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 1d0ec55ed0..1c98d64b6f 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect ---> + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java index 0bebfdf749..5013505a70 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java @@ -18,6 +18,9 @@ package ru.runa.wfe.relation.logic; import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + import org.springframework.beans.factory.annotation.Autowired; import ru.runa.wfe.commons.logic.CommonLogic; import ru.runa.wfe.presentation.BatchPresentation; @@ -96,7 +99,7 @@ public Relation updateRelation(User user, Relation relation) { */ @SuppressWarnings("unchecked") public List getRelations(User user, BatchPresentation batchPresentation) { - return new PresentationCompiler(batchPresentation).getBatch(CompilerParameters.create(false)); + return new PresentationCompiler(batchPresentation).getBatch(CompilerParameters.create(false)); } /** diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index acdf587fe9..484c3db1fa 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -224,7 +224,7 @@ public boolean isAllowed(Executor executor, Permission permission, SecuredObject */ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectType type) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { - return checkRequiredRules(user.getActor(), permission, type, null); + return checkRequiredRules(user.getActor(), permission, type, (Long)null); } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); } @@ -247,6 +247,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.READ, true)); requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.READ_PERMISSIONS, true)); @@ -258,7 +259,10 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); +// requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); @@ -280,6 +284,12 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); @@ -301,6 +311,40 @@ private boolean checkRequiredRules(Executor executor, Permission permission, Sec return true; } + private Set checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Collection idsOrNull) { + boolean isAdmin = false; + if (executor instanceof Actor) { + isAdmin =executorDao.isAdministrator((Actor) executor); + } + if (idsOrNull == null) { + for (PermissionRule r: requiredRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, null, isAdmin, permission)) { + return Collections.emptySet(); + } + } + } + return Collections.emptySet(); + } + + Set res = new HashSet(idsOrNull.size()); + for (Long idOrNull: idsOrNull) { + boolean bOk = true; + for (PermissionRule r: requiredRules) { + if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { + if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + bOk = false; + break; + } + } + } + if (bOk) { + res.add(idOrNull); + } + } + return res; + } + private Set checkImplicitRules(Executor executor, Permission permission, SecuredObjectType type, Collection idsOrNull) { boolean isAdmin = false; if (executor instanceof Actor) { @@ -345,7 +389,7 @@ private Set checkImplicitRules(Executor executor, Permission permission, S boolean bOk = true; for (PermissionRule r: implicitRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + if ( !r.isAllowed(type, idOrNull, isAdmin, permission) ) { bOk = false; break; } @@ -356,7 +400,14 @@ private Set checkImplicitRules(Executor executor, Permission permission, S } return res; - } + } + + public Set selectAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, boolean checkPrivileged) { + if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { + return checkRequiredRules(executor, permission, type, idsOrNull); + } + return filterAllowedIds(executor, permission, type, idsOrNull, checkPrivileged); + } /** @@ -397,7 +448,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu Set result = new HashSet<>(); for (List idsPart : haveIds ? Lists.partition(idsOrNull, SystemProperties.getDatabaseParametersCount()) : nonEmptyListList) { - JPQLQuery q = queryFactory.select(pm.id).from(pm) + JPQLQuery q = queryFactory.select(pm.objectId).from(pm) .where(pm.executor.in(executorWithGroups) .and(pm.objectType.eq(type)) .and(pm.permission.in(subst.selfPermissions))); @@ -407,8 +458,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu return nonEmptySet; } } - result.addAll(checkImplicitRules(executor, permission, type, idsOrNull)); - return result; + return checkImplicitRules(executor, permission, type, result); } /** diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java index e157120c99..255f9fe682 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java @@ -94,6 +94,10 @@ public int hashCode() { return Objects.hash(id, permission); } } + + public Set selectAllowedIds(Executor executor, Permission permission, SecuredObjectType securedObjectType, List idsOrNull) { + return permissionDao.selectAllowedIds(executor, permission, securedObjectType, idsOrNull, true); + } public boolean isAllowed(User user, Permission permission, SecuredObject object) { return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId()); diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java b/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java index 6176d4b7ea..eae7415a57 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java @@ -35,6 +35,7 @@ * @since 2.0 */ public interface AuthorizationService { + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType securedObjectType, List idsOrNull); void checkAllowed(User user, Permission permission, SecuredObject securedObject); diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java index b044fa7a7e..5563e2a125 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java @@ -216,4 +216,13 @@ public SecuredObject findSecuredObject(SecuredObjectType type, Long id) { throw handleException(e); } } + + @Override + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType securedObjectType, List idsOrNull) { + try{ + return getAuthorizationService().filterAllowedIds(executor, permission, securedObjectType, idsOrNull); + } catch (Exception e) { + throw handleException(e); + } + } } diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java index 4fe14a497a..73816399d6 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java @@ -98,6 +98,12 @@ public boolean[] isAllowed(@NonNull User user, @NonNul Preconditions.checkArgument(!securedObjects.contains(null), "identifiables element"); return authorizationLogic.isAllowed(user, permission, securedObjects); } + + @WebMethod(exclude = true) + @Override + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType securedObjectType, List idsOrNull) { + return authorizationLogic.selectAllowedIds(executor, permission, securedObjectType, idsOrNull); + } @WebMethod(exclude = true) @Override diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java index 79a91e8d99..0e9a5e5b4f 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java +++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java @@ -28,6 +28,7 @@ import ru.runa.common.WebResources; import ru.runa.common.web.MessagesCommon; import ru.runa.common.web.form.IdForm; +import ru.runa.common.web.html.BaseTdBuilder; import ru.runa.common.web.html.CheckboxTdBuilder; import ru.runa.common.web.html.HeaderBuilder; import ru.runa.common.web.html.ReflectionRowBuilder; @@ -78,6 +79,11 @@ protected boolean isEnabled(Object object, Env env) { } }; TdBuilder[] builders = BatchPresentationUtils.getBuilders(new TdBuilder[] { checkboxBuilder }, batchPresentation, null); + for (TdBuilder td: builders) { + if (td instanceof BaseTdBuilder) { + ((BaseTdBuilder) td).setPermission(Permission.READ); + } + } RowBuilder rowBuilder = new ReflectionRowBuilder(relationPairs, batchPresentation, pageContext, WebResources.ACTION_MAPPING_UPDATE_EXECUTOR, getReturnAction(), IdForm.ID_INPUT_NAME, builders); HeaderBuilder headerBuilder = new SortingHeaderBuilder(batchPresentation, 1, 0, getReturnAction(), pageContext); diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java index 8f9513c066..42f2c7d362 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java +++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java @@ -18,6 +18,9 @@ package ru.runa.af.web.tag; import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + import org.apache.ecs.html.TD; import org.tldgen.annotations.BodyContent; import ru.runa.af.web.BatchPresentationUtils; @@ -27,18 +30,23 @@ import ru.runa.common.WebResources; import ru.runa.common.web.Commons; import ru.runa.common.web.MessagesCommon; +import ru.runa.common.web.html.BaseTdBuilder; import ru.runa.common.web.html.CheckboxTdBuilder; import ru.runa.common.web.html.HeaderBuilder; import ru.runa.common.web.html.ItemUrlStrategy; +import ru.runa.common.web.html.PropertyTdBuilder; import ru.runa.common.web.html.ReflectionRowBuilder; import ru.runa.common.web.html.RowBuilder; import ru.runa.common.web.html.SortingHeaderBuilder; import ru.runa.common.web.html.TdBuilder; +import ru.runa.common.web.html.TdBuilder.Env; import ru.runa.common.web.html.TableBuilder; import ru.runa.common.web.tag.BatchReturningTitledFormTag; import ru.runa.wfe.commons.web.PortletUrlType; +import ru.runa.wfe.presentation.BatchPresentation; import ru.runa.wfe.relation.Relation; import ru.runa.wfe.security.Permission; +import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.security.SecuredSingleton; import ru.runa.wfe.service.delegate.Delegates; @@ -50,6 +58,9 @@ public class ListRelationsFormTag extends BatchReturningTitledFormTag { protected void fillFormElement(TD tdFormElement) { Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.READ, SecuredSingleton.RELATIONS); List relations = Delegates.getRelationService().getRelations(getUser(), getBatchPresentation()); + Set allowedIds = Delegates.getAuthorizationService().filterAllowedIds(getUser().getActor(), Permission.READ, SecuredObjectType.RELATION, relations.stream().map( (r)-> r.getId() ).collect(Collectors.toList())); + relations.removeIf( (r) -> !allowedIds.contains(r.getId())); + TableBuilder tableBuilder = new TableBuilder(); TdBuilder checkboxBuilder = new CheckboxTdBuilder(null, null) { @@ -63,10 +74,16 @@ protected boolean isEnabled(Object object, Env env) { return true; } }; - TdBuilder[] builders = BatchPresentationUtils.getBuilders(new TdBuilder[] { checkboxBuilder }, getBatchPresentation(), null); - RowBuilder rowBuilder = new ReflectionRowBuilder(relations, getBatchPresentation(), pageContext, WebResources.ACTION_MAPPING_MANAGE_RELATION, + BatchPresentation batchPresentation = getBatchPresentation(); + TdBuilder[] builders = BatchPresentationUtils.getBuilders(new TdBuilder[] { checkboxBuilder }, batchPresentation, null); + for (TdBuilder td: builders) { + if (td instanceof BaseTdBuilder) { + ((BaseTdBuilder) td).setPermission(Permission.READ); + } + } + RowBuilder rowBuilder = new ReflectionRowBuilder(relations, batchPresentation, pageContext, WebResources.ACTION_MAPPING_MANAGE_RELATION, getReturnAction(), new RelationURLStrategy(), builders); - HeaderBuilder headerBuilder = new SortingHeaderBuilder(getBatchPresentation(), 1, 0, getReturnAction(), pageContext); + HeaderBuilder headerBuilder = new SortingHeaderBuilder(batchPresentation, 1, 0, getReturnAction(), pageContext); tdFormElement.addElement(tableBuilder.build(headerBuilder, rowBuilder)); } diff --git a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java index d75d384eef..be9f0a78f7 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java +++ b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java @@ -30,7 +30,7 @@ * @author Vitaliy S aka Yilativs */ public abstract class BaseTdBuilder implements TdBuilder { - private final Permission permission; + private Permission permission; private SecuredObjectExtractor securedObjectExtractor; public BaseTdBuilder(Permission permission) { @@ -86,4 +86,13 @@ public String[] getSeparatedValues(Object object, Env env) { public int getSeparatedValuesCount(Object object, Env env) { return 1; } + + public Permission getPermission() { + return permission; + } + + public void setPermission(Permission permission) { + this.permission = permission; + } + } From 3418149d8fa8cad0b36236786d382be442858e70 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Sat, 25 Jul 2020 20:00:02 +0700 Subject: [PATCH 38/71] system --- .../src/main/java/ru/runa/wfe/security/dao/PermissionDao.java | 1 + wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp | 1 + 2 files changed, 2 insertions(+) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 484c3db1fa..613f1fcd34 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -283,6 +283,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); diff --git a/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp b/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp index 21b5998d2e..13f66dc193 100644 --- a/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp +++ b/wfe-web/src/main/webapp/WEB-INF/wf/manage_data_sources.jsp @@ -15,6 +15,7 @@ + From c55f3556003b9fc67ced8edad75cb5e6611847c3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 29 Jul 2020 12:05:25 +0700 Subject: [PATCH 39/71] #1533 --- wfe-app/pom.xml | 6 +++--- .../main/java/ru/runa/wfe/security/dao/PermissionDao.java | 2 ++ .../main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 1c98d64b6f..d713a715db 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 613f1fcd34..6e82e4b4fe 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -285,6 +285,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java index 3c456fa249..4bbf970f20 100644 --- a/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java +++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/TaskFormDelegationTag.java @@ -29,7 +29,7 @@ public class TaskFormDelegationTag extends VisibleTag { @Override protected boolean isVisible() { - return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.DELEGATE_TASKS, SecuredObjectType.EXECUTOR, null); + return Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.DELEGATE_TASKS, SecuredObjectType.EXECUTOR); } private static final long serialVersionUID = 1L; From 3fb28082ed98846fdc542982af0e760deae60a02 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 3 Aug 2020 11:04:48 +0700 Subject: [PATCH 40/71] #1533 --- .../dao/DelegateTaskPermissionRule.java | 26 +++++++++++++++++++ .../runa/wfe/security/dao/PermissionDao.java | 5 ++-- .../java/ru/runa/wfe/task/TaskProperties.java | 12 +++++++++ wfe-core/src/main/resources/task.porperties | 1 + .../java/ru/runa/wfe/service/TaskService.java | 2 ++ .../service/delegate/TaskServiceDelegate.java | 9 +++++++ .../wfe/service/impl/TaskServiceBean.java | 6 +++++ .../java/ru/runa/common/WebResources.java | 3 ++- .../runa/wf/web/tag/ProcessInfoFormTag.java | 4 +++ wfe-web/src/main/resources/web.properties | 2 +- 10 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java create mode 100644 wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java create mode 100644 wfe-core/src/main/resources/task.porperties diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java new file mode 100644 index 0000000000..337ab49042 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java @@ -0,0 +1,26 @@ +package ru.runa.wfe.security.dao; + +import ru.runa.wfe.security.Permission; +import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.task.TaskProperties; + +public class DelegateTaskPermissionRule extends PermissionRule { + + public DelegateTaskPermissionRule() { + super(); + } + + public DelegateTaskPermissionRule(SecuredObjectType type, Permission perm, Boolean isAdmin) { + super(type, perm, isAdmin); + } + + @Override + public boolean isAllowed(SecuredObjectType type, Long id, Boolean isAdmin, Permission perm) { + if (TaskProperties.isTaskDelegationEnabled()) { + return super.isAllowed(type, id, isAdmin, perm); + } else { + return false; + } + } + +} diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 6e82e4b4fe..b4dfadd951 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -243,7 +243,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); + requiredRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); @@ -271,6 +271,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.DELETE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, null)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.CANCEL_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.READ_PERMISSIONS, true)); @@ -285,7 +286,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); + implicitRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java b/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java new file mode 100644 index 0000000000..9a925ab442 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java @@ -0,0 +1,12 @@ +package ru.runa.wfe.task; + +import ru.runa.wfe.commons.PropertyResources; + +public class TaskProperties { + public static final String CONFIG_FILE_NAME = "task.properties"; + private static final PropertyResources RESOURCES = new PropertyResources(CONFIG_FILE_NAME); + + public static boolean isTaskDelegationEnabled() { + return RESOURCES.getBooleanProperty("task.delegation.enabled", true); + } +} diff --git a/wfe-core/src/main/resources/task.porperties b/wfe-core/src/main/resources/task.porperties new file mode 100644 index 0000000000..d99c97e0d9 --- /dev/null +++ b/wfe-core/src/main/resources/task.porperties @@ -0,0 +1 @@ +task.delegation.enabled=true \ No newline at end of file diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java b/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java index 19b1a219cc..371cd35a4b 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java @@ -169,4 +169,6 @@ void completeTask(User user, Long taskId, Map variables, Long sw */ List getUnassignedTasks(User user); + boolean isTaskDelegationEnabled(); + } \ No newline at end of file diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/TaskServiceDelegate.java b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/TaskServiceDelegate.java index 95d3babb71..6c4c984611 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/TaskServiceDelegate.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/TaskServiceDelegate.java @@ -132,4 +132,13 @@ public List getUnassignedTasks(User user) { } } + @Override + public boolean isTaskDelegationEnabled() { + try { + return getTaskService().isTaskDelegationEnabled(); + } catch (Exception e) { + throw handleException(e); + } + } + } diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java index c2ead24db3..f18a1e2302 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java @@ -28,6 +28,7 @@ import ru.runa.wfe.service.jaxb.Variable; import ru.runa.wfe.service.jaxb.VariableConverter; import ru.runa.wfe.service.utils.FileVariablesUtil; +import ru.runa.wfe.task.TaskProperties; import ru.runa.wfe.task.dto.WfTask; import ru.runa.wfe.task.logic.TaskLogic; import ru.runa.wfe.user.Executor; @@ -150,4 +151,9 @@ public void delegateTasks(@NonNull User user, @NonNull Set taskIds, boolea public List getUnassignedTasks(@WebParam(name = "user") @NonNull User user) { return taskLogic.getUnassignedTasks(user); } + + @Override + public boolean isTaskDelegationEnabled() { + return TaskProperties.isTaskDelegationEnabled(); + } } \ No newline at end of file diff --git a/wfe-web/src/main/java/ru/runa/common/WebResources.java b/wfe-web/src/main/java/ru/runa/common/WebResources.java index 65ca8ed85c..f5dad8ba9a 100644 --- a/wfe-web/src/main/java/ru/runa/common/WebResources.java +++ b/wfe-web/src/main/java/ru/runa/common/WebResources.java @@ -26,6 +26,7 @@ import ru.runa.wfe.commons.ClassLoaderUtil; import ru.runa.wfe.commons.PropertyResources; import ru.runa.wfe.commons.SystemProperties; +import ru.runa.wfe.service.delegate.Delegates; /** * Created on 30.09.2004 @@ -85,7 +86,7 @@ public static boolean useImagesForValidationErrors() { * Used from JSP page */ public static boolean isTaskDelegationEnabled() { - return RESOURCES.getBooleanProperty("task.delegation.enabled", true); + return Delegates.getTaskService().isTaskDelegationEnabled(); } /** diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java index 76ba069b70..57b394211b 100644 --- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java +++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java @@ -59,6 +59,7 @@ import ru.runa.wfe.execution.dto.WfProcess; import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObject; +import ru.runa.wfe.security.SecuredObjectType; import ru.runa.wfe.service.delegate.Delegates; @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "processInfoForm") @@ -246,6 +247,9 @@ private Element addUpgradeLinkIfRequired(WfProcess process, Element versionEleme if (!SystemProperties.isUpgradeProcessToDefinitionVersionEnabled()) { return versionElement; } + if (! Delegates.getAuthorizationService().isAllowed(this.getUser(), Permission.UPDATE, SecuredObjectType.DEFINITION, process.getDefinitionId())) { + return versionElement; + } Div div = new Div(); div.addElement(versionElement); div.addElement(Entities.NBSP); diff --git a/wfe-web/src/main/resources/web.properties b/wfe-web/src/main/resources/web.properties index 3531becc1f..026b4d930d 100644 --- a/wfe-web/src/main/resources/web.properties +++ b/wfe-web/src/main/resources/web.properties @@ -10,7 +10,7 @@ task.form.builder.ftl=ru.runa.wf.web.ftl.FtlFormBuilder task.form.builder.html=ru.runa.wf.web.customtag.HtmlFormBuilder task.form.builder.quick=ru.runa.wf.web.quick.QuickFormBuilder task.form.ajaxFileInputEnabled=true -task.delegation.enabled=true +# task.delegation.enabled=true # Settings for log viewer view.logs.limit.lines.count=10000 view.logs.timeout.autoreload.seconds=15 From c90a5a7eb915b7dbea76cefef317ca3b7a31dbf1 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 3 Aug 2020 11:31:37 +0700 Subject: [PATCH 41/71] #1533 --- .../java/ru/runa/wfe/security/dao/PermissionDao.java | 2 +- .../ru/runa/af/web/tag/ListRelationPairsFormTag.java | 10 ++++++++++ .../java/ru/runa/af/web/tag/ListRelationsFormTag.java | 11 +++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index b4dfadd951..98854c21bc 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -259,7 +259,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); -// requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ, null)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java index 0e9a5e5b4f..c648379218 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java +++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java @@ -47,6 +47,16 @@ @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "listRelationPairsForm") public class ListRelationPairsFormTag extends BatchReturningTitledFormTag { + @Override + protected boolean isSubmitButtonEnabled() { + return Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.DELETE, SecuredObjectType.RELATION); + } + + @Override + protected boolean isSubmitButtonVisible() { + return Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.DELETE, SecuredObjectType.RELATION); + } + private static final long serialVersionUID = 1L; private Long relationId; diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java index 42f2c7d362..054729d8e0 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java +++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java @@ -52,6 +52,17 @@ @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "listRelationsForm") public class ListRelationsFormTag extends BatchReturningTitledFormTag { + + @Override + protected boolean isSubmitButtonEnabled() { + return Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.DELETE, SecuredObjectType.RELATION); + } + + @Override + protected boolean isSubmitButtonVisible() { + return Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.DELETE, SecuredObjectType.RELATION); + } + private static final long serialVersionUID = 1L; @Override From 2397b5fc0e692b38d7de5e0566f9b4ae6b3ac402 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 3 Aug 2020 12:23:49 +0700 Subject: [PATCH 42/71] #1533 --- .../auth/InternalDbNameLoginModule.java | 51 +++++++++++++++++++ .../security/logic/AuthenticationLogic.java | 25 +++++++++ .../src/main/resources/system.context.xml | 2 +- .../web/tag/ManagePermissionsLinkTag.java | 6 +++ 4 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java b/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java new file mode 100644 index 0000000000..f28474eba7 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java @@ -0,0 +1,51 @@ +/* + * This file is part of the RUNA WFE project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + */ +package ru.runa.wfe.security.auth; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.LoginException; + +import ru.runa.wfe.user.Actor; + +/** + * LoginModule for based on actor name and password information provided by + * ExecutorService. + * + */ +public class InternalDbNameLoginModule extends LoginModuleBase { + + @Override + protected Actor login(CallbackHandler callbackHandler) throws Exception { + Callback[] callbacks = new Callback[1]; + callbacks[0] = new NameCallback("actor name: "); + callbackHandler.handle(callbacks); + String actorName = ((NameCallback) callbacks[0]).getName(); + if (actorName == null) { + return null; + } + Actor actor = executorDao.getActor(actorName); + if (actor != null) { + return actor; + } + throw new LoginException("Invalid login or password"); + } + +} diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java index b2deb6dc94..c658e8a185 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java @@ -19,6 +19,7 @@ package ru.runa.wfe.security.logic; import java.security.Principal; +import java.util.Collections; import java.util.List; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; @@ -27,6 +28,9 @@ import org.springframework.beans.factory.annotation.Required; import ru.runa.wfe.commons.logic.CommonLogic; import ru.runa.wfe.security.AuthenticationException; +import ru.runa.wfe.security.SecuredObjectType; +import ru.runa.wfe.security.SecurityCheckProperties; +import ru.runa.wfe.security.auth.InternalDbNameLoginModule; import ru.runa.wfe.security.auth.KerberosCallbackHandler; import ru.runa.wfe.security.auth.LoginModuleConfiguration; import ru.runa.wfe.security.auth.PasswordLoginModuleCallbackHandler; @@ -56,6 +60,9 @@ public User authenticate(byte[] kerberosToken) throws AuthenticationException { } public User authenticate(String name, String password) throws AuthenticationException { + if (!SecurityCheckProperties.isPermissionCheckRequired(SecuredObjectType.SYSTEM)) { + return authenticateByName(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); + } return authenticate(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); } @@ -77,6 +84,24 @@ private User authenticate(CallbackHandler callbackHandler, AuthType authType) th throw new AuthenticationException(e); } } + + private User authenticateByName(CallbackHandler callbackHandler, AuthType authType) throws AuthenticationException { + try { + ru.runa.wfe.security.auth.LoginModuleConfiguration config = new ru.runa.wfe.security.auth.LoginModuleConfiguration(); + config.setLoginModuleClassNames(Collections.singletonList(InternalDbNameLoginModule.class.getName())); + + LoginContext loginContext = new LoginContext(LoginModuleConfiguration.APP_NAME, null, callbackHandler, config); + loginContext.login(); + Subject subject = loginContext.getSubject(); + User user = SubjectPrincipalsHelper.getUser(subject); + SubjectPrincipalsHelper.validateUser(user); + callHandlers(user.getActor(), authType); + log.debug(user.getName() + " successfully authenticated"); + return user; + } catch (Exception e) { + throw new AuthenticationException(e); + } + } private void callHandlers(Actor actor, AuthType type) { for (LoginHandler handler : loginHandlers) { diff --git a/wfe-core/src/main/resources/system.context.xml b/wfe-core/src/main/resources/system.context.xml index 672ebb831f..11cbb981df 100644 --- a/wfe-core/src/main/resources/system.context.xml +++ b/wfe-core/src/main/resources/system.context.xml @@ -236,7 +236,7 @@ - + diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java index 3e981e5f0a..b3d539f0bd 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java @@ -13,6 +13,7 @@ @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "managePermissionsLink") public class ManagePermissionsLinkTag extends BaseLinkTag { + private static final long serialVersionUID = 1L; private SecuredObjectType securedObjectType; @@ -43,6 +44,11 @@ protected boolean isLinkEnabled() { getUser(), Permission.READ_PERMISSIONS, securedObjectType, identifiableId != null ? identifiableId : 0 ); } + + @Override + protected boolean isVisible() { + return isLinkEnabled(); + } @Override protected String getLinkText() { From dbb347fe42084442aaf79766838fd654d7d8efd9 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 3 Aug 2020 12:54:44 +0700 Subject: [PATCH 43/71] #1533 --- .../src/main/java/ru/runa/wfe/security/dao/PermissionDao.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 98854c21bc..fdbc47aed3 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -298,6 +298,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); + + implicitRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); } private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { From 097567859b42988f139147f7b039a980fd5a74a3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 5 Aug 2020 18:23:23 +0700 Subject: [PATCH 44/71] #1533 --- .../ru/runa/wfe/security/ApplicablePermissions.java | 2 +- .../main/java/ru/runa/wfe/task/logic/TaskLogic.java | 5 +++++ .../resources/{task.porperties => task.properties} | 0 .../ru/runa/wfe/service/impl/TaskServiceBean.java | 2 +- wfe-web/src/main/resources/settingsList.xml | 13 ++++++++----- .../WEB-INF/classes/settingsDescriptions.properties | 5 ++++- .../classes/settingsDescriptions_ru.properties | 5 ++++- 7 files changed, 23 insertions(+), 9 deletions(-) rename wfe-core/src/main/resources/{task.porperties => task.properties} (100%) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java index 34704cfc69..664ae5eaad 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java @@ -225,7 +225,7 @@ public static void check(SecuredObject obj, Collection permissions) .defaults(READ) .hidden(READ_PERMISSIONS); - add(SecuredObjectType.RELATION, READ, UPDATE_PERMISSIONS, UPDATE) + add(SecuredObjectType.RELATION, READ, UPDATE_PERMISSIONS, UPDATE, DELETE) .defaults(READ) .hidden(READ_PERMISSIONS); diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java index 6c2043328a..af19cb04b0 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java @@ -44,6 +44,7 @@ import ru.runa.wfe.task.TaskCompletionBy; import ru.runa.wfe.task.TaskCompletionInfo; import ru.runa.wfe.task.TaskDoesNotExistException; +import ru.runa.wfe.task.TaskProperties; import ru.runa.wfe.task.dto.WfTask; import ru.runa.wfe.task.dto.WfTaskFactory; import ru.runa.wfe.user.Actor; @@ -77,6 +78,10 @@ public class TaskLogic extends WfCommonLogic { private TaskAssigner taskAssigner; @Autowired private ExecutorLogic executorLogic; + + public boolean isTaskDelegationEnabled() { + return TaskProperties.isTaskDelegationEnabled(); + } public WfTask completeTask(User user, Long taskId, Map variables) throws TaskDoesNotExistException { Task task = taskDao.getNotNull(taskId); diff --git a/wfe-core/src/main/resources/task.porperties b/wfe-core/src/main/resources/task.properties similarity index 100% rename from wfe-core/src/main/resources/task.porperties rename to wfe-core/src/main/resources/task.properties diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java index f18a1e2302..4404d3ca6f 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java @@ -154,6 +154,6 @@ public List getUnassignedTasks(@WebParam(name = "user") @NonNull User us @Override public boolean isTaskDelegationEnabled() { - return TaskProperties.isTaskDelegationEnabled(); + return taskLogic.isTaskDelegationEnabled(); } } \ No newline at end of file diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index 1aaffac556..6bcac2db15 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -69,6 +69,13 @@ DISABLED + + + true + false + + + true @@ -175,11 +182,7 @@ true false - - - true - false - + true false diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index 6151050115..d9c53b3bdc 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -53,13 +53,16 @@ web.properties_confirmation.execute.task = web.properties_confirmation.start.process = web.properties_confirmation.start.process.noform = web.properties_confirmation.use.default.properties = Require confirmation to load default settings -web.properties_task.delegation.enabled = Task delegation enabled web.properties_process.swimlane.assignment.enabled = Allow swimlanes update web.properties_process.variable.assignment.enabled = Allow variables update web.properties_process.task.filters.enabled = Started processes view contains task filters web.properties_import.export.enabled = Import/Export enabled web.properties_html.blockElements = List of html block elements devided by ';' +task.properties = Task settings + +task.properties_task.delegation.enabled = Task delegation enabled + office.properties = Office connectors settings office.properties_docx.placeholder.start = Control sequence begin diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 43813122ad..6cd2ff7bf0 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -53,13 +53,16 @@ web.properties_confirmation.execute.task = \u0417\u0430\u043f\u0440\u0430\u0448\ web.properties_confirmation.start.process = \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 web.properties_confirmation.start.process.noform = \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0431\u0435\u0437 \u0441\u0442\u0430\u0440\u0442\u043e\u0432\u043e\u0439 \u0444\u043e\u0440\u043c\u044b web.properties_confirmation.use.default.properties = \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u0438 \u0441\u0431\u0440\u043e\u0441\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043d\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e -web.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 web.properties_process.swimlane.assignment.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044f \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 web.properties_process.variable.assignment.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 web.properties_process.task.filters.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432 \u043f\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u043c \u0437\u0430\u0434\u0430\u0447 \u0432 \u0441\u043f\u0438\u0441\u043a\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 web.properties_import.export.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043c\u043f\u043e\u0440\u0442/\u044d\u043a\u0441\u043f\u043e\u0440\u0442 web.properties_html.blockElements = \u0421\u043f\u0438\u0441\u043e\u043a \u0431\u043b\u043e\u0447\u043d\u044b\u0445 html-\u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 ';' +task.properties = \u041D\u0410\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u0437\u0430\u0434\u0430\u0447 + +task.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 + office.properties = \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Office office.properties_docx.placeholder.start = \u041d\u0430\u0447\u0430\u043b\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 From 80988e33e998c0362c165f6b75220fb2cde079f5 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Wed, 5 Aug 2020 19:26:26 +0700 Subject: [PATCH 45/71] #1533 --- .../security/logic/AuthenticationLogic.java | 9 +++++++ .../ru/runa/wfe/user/dao/ExecutorDao.java | 27 +++++++++++++++---- .../runa/af/web/form/UpdatePasswordForm.java | 8 ++++-- .../af/web/html/PasswordTableBuilder.java | 4 +-- .../runa/wf/web/tag/ProcessInfoFormTag.java | 2 +- 5 files changed, 40 insertions(+), 10 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java index c658e8a185..84850cbfef 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthenticationLogic.java @@ -44,6 +44,7 @@ * Created on 14.03.2005 */ public class AuthenticationLogic extends CommonLogic { + private List loginHandlers; @Required @@ -61,6 +62,14 @@ public User authenticate(byte[] kerberosToken) throws AuthenticationException { public User authenticate(String name, String password) throws AuthenticationException { if (!SecurityCheckProperties.isPermissionCheckRequired(SecuredObjectType.SYSTEM)) { + Actor curActor = this.executorDao.getActor(name); + if (curActor != null) { + if (this.executorDao.hasPassword(curActor)) { + return authenticate(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); + } else { + return authenticateByName(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); + } + } return authenticateByName(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); } return authenticate(new PasswordLoginModuleCallbackHandler(name, password), AuthType.DB); diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java b/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java index 66f68319fc..7d439b932b 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java @@ -309,14 +309,20 @@ public T create(T executor) { * New actor password. */ public void setPassword(Actor actor, String password) { - Preconditions.checkNotNull(password, "Password must be specified."); +// Preconditions.checkNotNull(password, "Password must be specified."); ActorPassword actorPassword = getActorPassword(actor); if (actorPassword == null) { - actorPassword = new ActorPassword(actor, password); - sessionFactory.getCurrentSession().save(actorPassword); + if (password.length() > 0) { + actorPassword = new ActorPassword(actor, password); + sessionFactory.getCurrentSession().save(actorPassword); + } } else { - actorPassword.setPassword(password); - sessionFactory.getCurrentSession().merge(actorPassword); + if (password.length() > 0) { + actorPassword.setPassword(password); + sessionFactory.getCurrentSession().merge(actorPassword); + } else { + sessionFactory.getCurrentSession().delete(actorPassword); + } } } @@ -621,6 +627,17 @@ public void remove(Executor executor) { executor = (Executor) sessionFactory.getCurrentSession().get(Executor.class, executor.getId()); sessionFactory.getCurrentSession().delete(executor); } + + public boolean hasPassword(Actor actor) { + ActorPassword actorPassword = this.getActorPassword(actor); + if (actorPassword == null) { + return false; + } + if (actorPassword.getPassword() == null) { + return false; + } + return (actorPassword.getPassword().length > 0); + } /** * Generates code for actor, if code not set (equals 0). If code is already set, when throws {@linkplain ExecutorAlreadyExistsException} if diff --git a/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java b/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java index a8cc824284..78dbc82e39 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java +++ b/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java @@ -50,7 +50,7 @@ public class UpdatePasswordForm extends IdForm { public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) { ActionErrors errors = super.validate(mapping, request); if (Strings.isNullOrEmpty(password)) { - errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(MessagesException.ERROR_FILL_REQUIRED_VALUES.getKey())); +// errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(MessagesException.ERROR_FILL_REQUIRED_VALUES.getKey())); } else if (password.length() > WebResources.VALIDATOR_STRING_255) { errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(MessagesException.ERROR_VALIDATION.getKey())); } else if (passwordConfirm == null || passwordConfirm.length() < 1) { @@ -70,7 +70,11 @@ public String getPasswordConfirm() { } public void setPassword(String string) { - password = string; + if (string == null) { + password = null; + } else { + password = string.trim(); + } } public void setPasswordConfirm(String string) { diff --git a/wfe-web/src/main/java/ru/runa/af/web/html/PasswordTableBuilder.java b/wfe-web/src/main/java/ru/runa/af/web/html/PasswordTableBuilder.java index 3a80f65ec1..b424e93988 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/html/PasswordTableBuilder.java +++ b/wfe-web/src/main/java/ru/runa/af/web/html/PasswordTableBuilder.java @@ -38,9 +38,9 @@ public PasswordTableBuilder(boolean disabled, PageContext pageContext) { public Table build() { Table table = new Table(); table.setClass(ru.runa.common.web.Resources.CLASS_LIST_TABLE); - Input passwordInput = HTMLUtils.createInput(Input.PASSWORD, UpdatePasswordForm.PASSWORD_INPUT_NAME, "", enabled, true); + Input passwordInput = HTMLUtils.createInput(Input.PASSWORD, UpdatePasswordForm.PASSWORD_INPUT_NAME, "", enabled, false); table.addElement(HTMLUtils.createRow(MessagesCommon.PASSWORD.message(pageContext), passwordInput)); - Input passwordConfirmInput = HTMLUtils.createInput(Input.PASSWORD, UpdatePasswordForm.PASSWORD_CONFIRM_INPUT_NAME, "", enabled, true); + Input passwordConfirmInput = HTMLUtils.createInput(Input.PASSWORD, UpdatePasswordForm.PASSWORD_CONFIRM_INPUT_NAME, "", enabled, false); table.addElement(HTMLUtils.createRow(MessagesCommon.PASSWORD_CONFIRM.message(pageContext), passwordConfirmInput)); return table; } diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java index 57b394211b..6198343244 100644 --- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java +++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java @@ -247,7 +247,7 @@ private Element addUpgradeLinkIfRequired(WfProcess process, Element versionEleme if (!SystemProperties.isUpgradeProcessToDefinitionVersionEnabled()) { return versionElement; } - if (! Delegates.getAuthorizationService().isAllowed(this.getUser(), Permission.UPDATE, SecuredObjectType.DEFINITION, process.getDefinitionId())) { + if (! Delegates.getAuthorizationService().isAllowed(this.getUser(), Permission.UPDATE, SecuredObjectType.PROCESS, process.getDefinitionId())) { return versionElement; } Div div = new Div(); From 3ad655fad2fbaf3974366031268155f6bd5d948b Mon Sep 17 00:00:00 2001 From: ibaldina Date: Thu, 6 Aug 2020 11:43:20 +0700 Subject: [PATCH 46/71] #1533 --- .../src/main/java/ru/runa/wfe/security/dao/PermissionDao.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index fdbc47aed3..9a368ffa41 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -263,6 +263,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ, null)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); @@ -280,6 +282,8 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); From fb66e245bcf3e309b8323ae9e0b6903064224a58 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Thu, 6 Aug 2020 18:09:34 +0700 Subject: [PATCH 47/71] #1533 --- .../main/java/ru/runa/wfe/security/ApplicablePermissions.java | 2 +- .../webapp/WEB-INF/classes/settingsDescriptions_ru.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java index 664ae5eaad..b14250232e 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java @@ -221,7 +221,7 @@ public static void check(SecuredObject obj, Collection permissions) .defaults(READ) .hidden(READ_PERMISSIONS); - add(SecuredObjectType.PROCESS, READ, UPDATE_PERMISSIONS, CANCEL) + add(SecuredObjectType.PROCESS, READ, UPDATE_PERMISSIONS, CANCEL, UPDATE, DELETE, START_PROCESS, CANCEL_PROCESS) .defaults(READ) .hidden(READ_PERMISSIONS); diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 6cd2ff7bf0..26719f3ed6 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -59,7 +59,7 @@ web.properties_process.task.filters.enabled = \u0412\u043a\u043b\u044e\u0447\u04 web.properties_import.export.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043c\u043f\u043e\u0440\u0442/\u044d\u043a\u0441\u043f\u043e\u0440\u0442 web.properties_html.blockElements = \u0421\u043f\u0438\u0441\u043e\u043a \u0431\u043b\u043e\u0447\u043d\u044b\u0445 html-\u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 ';' -task.properties = \u041D\u0410\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u0437\u0430\u0434\u0430\u0447 +task.properties = \u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u0437\u0430\u0434\u0430\u0447 task.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 From de0c5abdb2c029e219133cb3e51dd29d31526dcd Mon Sep 17 00:00:00 2001 From: ibaldina Date: Sat, 8 Aug 2020 20:09:49 +0700 Subject: [PATCH 48/71] #1533 --- .../java/ru/runa/wfe/commons/SystemProperties.java | 4 ++++ .../wfe/security/dao/DelegateTaskPermissionRule.java | 4 ++-- .../main/java/ru/runa/wfe/task/TaskProperties.java | 12 ------------ .../main/java/ru/runa/wfe/task/logic/TaskLogic.java | 3 +-- wfe-core/src/main/resources/system.properties | 1 + wfe-core/src/main/resources/task.properties | 1 - .../ru/runa/wfe/service/impl/TaskServiceBean.java | 1 - wfe-web/src/main/resources/settingsList.xml | 11 ++++------- .../WEB-INF/classes/settingsDescriptions.properties | 5 +---- .../classes/settingsDescriptions_ru.properties | 5 +---- 10 files changed, 14 insertions(+), 33 deletions(-) delete mode 100644 wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java delete mode 100644 wfe-core/src/main/resources/task.properties diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java b/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java index 8211ea480b..64b3440e35 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java +++ b/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java @@ -32,6 +32,10 @@ public class SystemProperties { public static PropertyResources getResources() { return RESOURCES; } + + public static boolean isTaskDelegationEnabled() { + return RESOURCES.getBooleanProperty("task.delegation.enabled", true); + } /** * Production or development mode? diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java index 337ab49042..dc3357f9e7 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/DelegateTaskPermissionRule.java @@ -1,8 +1,8 @@ package ru.runa.wfe.security.dao; +import ru.runa.wfe.commons.SystemProperties; import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObjectType; -import ru.runa.wfe.task.TaskProperties; public class DelegateTaskPermissionRule extends PermissionRule { @@ -16,7 +16,7 @@ public DelegateTaskPermissionRule(SecuredObjectType type, Permission perm, Boole @Override public boolean isAllowed(SecuredObjectType type, Long id, Boolean isAdmin, Permission perm) { - if (TaskProperties.isTaskDelegationEnabled()) { + if (SystemProperties.isTaskDelegationEnabled()) { return super.isAllowed(type, id, isAdmin, perm); } else { return false; diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java b/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java deleted file mode 100644 index 9a925ab442..0000000000 --- a/wfe-core/src/main/java/ru/runa/wfe/task/TaskProperties.java +++ /dev/null @@ -1,12 +0,0 @@ -package ru.runa.wfe.task; - -import ru.runa.wfe.commons.PropertyResources; - -public class TaskProperties { - public static final String CONFIG_FILE_NAME = "task.properties"; - private static final PropertyResources RESOURCES = new PropertyResources(CONFIG_FILE_NAME); - - public static boolean isTaskDelegationEnabled() { - return RESOURCES.getBooleanProperty("task.delegation.enabled", true); - } -} diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java index af19cb04b0..79cae15d95 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java @@ -44,7 +44,6 @@ import ru.runa.wfe.task.TaskCompletionBy; import ru.runa.wfe.task.TaskCompletionInfo; import ru.runa.wfe.task.TaskDoesNotExistException; -import ru.runa.wfe.task.TaskProperties; import ru.runa.wfe.task.dto.WfTask; import ru.runa.wfe.task.dto.WfTaskFactory; import ru.runa.wfe.user.Actor; @@ -80,7 +79,7 @@ public class TaskLogic extends WfCommonLogic { private ExecutorLogic executorLogic; public boolean isTaskDelegationEnabled() { - return TaskProperties.isTaskDelegationEnabled(); + return SystemProperties.isTaskDelegationEnabled(); } public WfTask completeTask(User user, Long taskId, Map variables) throws TaskDoesNotExistException { diff --git a/wfe-core/src/main/resources/system.properties b/wfe-core/src/main/resources/system.properties index 0662a72967..d7dd41ec7e 100644 --- a/wfe-core/src/main/resources/system.properties +++ b/wfe-core/src/main/resources/system.properties @@ -21,6 +21,7 @@ escalation.default.hierarchy.loader=ru.runa.wfe.extension.orgfunction.TestOrgFun task.default.deadline=2 hours task.almostDeadlinePercents=90 task.assignment.strict.rules.enabled = true +task.delegation.enabled=true token.maximum.depth = 100 file.variable.local.storage.enabled = true diff --git a/wfe-core/src/main/resources/task.properties b/wfe-core/src/main/resources/task.properties deleted file mode 100644 index d99c97e0d9..0000000000 --- a/wfe-core/src/main/resources/task.properties +++ /dev/null @@ -1 +0,0 @@ -task.delegation.enabled=true \ No newline at end of file diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java index 4404d3ca6f..683a3126fb 100644 --- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java +++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/TaskServiceBean.java @@ -28,7 +28,6 @@ import ru.runa.wfe.service.jaxb.Variable; import ru.runa.wfe.service.jaxb.VariableConverter; import ru.runa.wfe.service.utils.FileVariablesUtil; -import ru.runa.wfe.task.TaskProperties; import ru.runa.wfe.task.dto.WfTask; import ru.runa.wfe.task.logic.TaskLogic; import ru.runa.wfe.user.Executor; diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml index 6bcac2db15..5e3078c234 100644 --- a/wfe-web/src/main/resources/settingsList.xml +++ b/wfe-web/src/main/resources/settingsList.xml @@ -9,6 +9,10 @@ + + true + false + true @@ -69,13 +73,6 @@ DISABLED - - - true - false - - - true diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties index d9c53b3bdc..40b8ea4b00 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties @@ -6,6 +6,7 @@ system.properties_escalation.default.hierarchy.loader = Organization function or system.properties_escalation.default.orgFunction = system.properties_task.default.deadline = If task deadline is not set in process definition (in Developer Studio) then this value is used system.properties_task.almostDeadlinePercents = For task highlighting tasks in tasklist only +system.properties_task.delegation.enabled = Task delegation enabled system.properties_authentication.domain.name = system.properties_date.format.pattern = system.properties_scriptingServiceAPI.executeGroovyScript.enabled = Whether execution of ru.runa.wfe.service.ScriptingService.executeGroovyScript(User, String) enabled @@ -59,10 +60,6 @@ web.properties_process.task.filters.enabled = Started processes view contains ta web.properties_import.export.enabled = Import/Export enabled web.properties_html.blockElements = List of html block elements devided by ';' -task.properties = Task settings - -task.properties_task.delegation.enabled = Task delegation enabled - office.properties = Office connectors settings office.properties_docx.placeholder.start = Control sequence begin diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties index 26719f3ed6..92510b89e6 100644 --- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties +++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties @@ -6,6 +6,7 @@ system.properties_escalation.default.hierarchy.loader = \u041e\u0440\u0433. \u04 system.properties_escalation.default.orgFunction = system.properties_task.default.deadline = \u0412\u0440\u0435\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e (\u0435\u0441\u043b\u0438 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u044f\u0432\u043d\u043e \u0432 \u0421\u0440\u0435\u0434\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438) system.properties_task.almostDeadlinePercents = \u041f\u0440\u043e\u0446\u0435\u043d\u0442 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0446\u0432\u0435\u0442 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u0432 \u0441\u043f\u0438\u0441\u043a\u0435 \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0439 +system.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 system.properties_authentication.domain.name = \u0418\u043c\u044f \u0434\u043e\u043c\u0435\u043d\u0430 system.properties_date.format.pattern = \u0424\u043e\u0440\u043c\u0430\u0442 \u0434\u0430\u0442\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0430\u0442\u044b \u0441\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c) system.properties_scriptingServiceAPI.executeGroovyScript.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u0430 ru.runa.wfe.service.ScriptingService.executeGroovyScript(User, String @@ -59,10 +60,6 @@ web.properties_process.task.filters.enabled = \u0412\u043a\u043b\u044e\u0447\u04 web.properties_import.export.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043c\u043f\u043e\u0440\u0442/\u044d\u043a\u0441\u043f\u043e\u0440\u0442 web.properties_html.blockElements = \u0421\u043f\u0438\u0441\u043e\u043a \u0431\u043b\u043e\u0447\u043d\u044b\u0445 html-\u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 ';' -task.properties = \u041D\u0430\u0441\u0442\u0440\u043E\u0439\u043A\u0438 \u0437\u0430\u0434\u0430\u0447 - -task.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 - office.properties = \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Office office.properties_docx.placeholder.start = \u041d\u0430\u0447\u0430\u043b\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 From aeedff33ceb66158de0ef01931f511cc4047fa51 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Sun, 9 Aug 2020 17:50:39 +0700 Subject: [PATCH 49/71] #1533 --- wfe-app/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index d713a715db..cb861e8b0b 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect ---> + java:jboss/UserTransaction false dd.MM.yyyy From 8031830adfeb2b0bf1783ce921e2b066fcda78bb Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Fri, 31 Jan 2020 10:50:11 +0300 Subject: [PATCH 50/71] =?UTF-8?q?#1505=20=D0=9F=D0=B0=D1=80=D1=81=D0=B8?= =?UTF-8?q?=D0=BD=D0=B3=20dataStore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../runa/wfe/definition/bpmn/BpmnXmlReader.java | 13 +++++++++++++ .../java/ru/runa/wfe/lang/bpmn2/DataStore.java | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/DataStore.java diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java index c743b23f7f..c5fc771328 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java +++ b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java @@ -4,6 +4,7 @@ import com.google.common.base.Throwables; import com.google.common.collect.Lists; import com.google.common.collect.Maps; +import java.util.Collections; import java.util.List; import java.util.Map; import org.dom4j.Document; @@ -45,6 +46,7 @@ import ru.runa.wfe.lang.Transition; import ru.runa.wfe.lang.VariableContainerNode; import ru.runa.wfe.lang.bpmn2.CatchEventNode; +import ru.runa.wfe.lang.bpmn2.DataStore; import ru.runa.wfe.lang.bpmn2.EndToken; import ru.runa.wfe.lang.bpmn2.ExclusiveGateway; import ru.runa.wfe.lang.bpmn2.MessageEventType; @@ -56,6 +58,7 @@ public class BpmnXmlReader { private static final String RUNA_NAMESPACE = "http://runa.ru/wfe/xml"; private static final String PROCESS = "process"; + private static final String DATA_STORE = "dataStore"; private static final String EXTENSION_ELEMENTS = "extensionElements"; private static final String IS_EXECUTABLE = "isExecutable"; private static final String PROPERTY = "property"; @@ -130,6 +133,7 @@ public class BpmnXmlReader { private final Document document; private static Map> nodeTypes = Maps.newHashMap(); + static { nodeTypes.put(USER_TASK, TaskNode.class); nodeTypes.put(MULTI_TASK, MultiTaskNode.class); @@ -138,6 +142,7 @@ public class BpmnXmlReader { nodeTypes.put(EXCLUSIVE_GATEWAY, ExclusiveGateway.class); nodeTypes.put(PARALLEL_GATEWAY, ParallelGateway.class); nodeTypes.put(TEXT_ANNOTATION, TextAnnotation.class); + nodeTypes.put(DATA_STORE, DataStore.class); // back compatibility v < 4.3.0 nodeTypes.put(SEND_TASK, SendMessageNode.class); nodeTypes.put(RECEIVE_TASK, CatchEventNode.class); @@ -154,6 +159,7 @@ public BpmnXmlReader(Document document) { public ProcessDefinition readProcessDefinition(ProcessDefinition processDefinition) { try { Element definitionsElement = document.getRootElement(); + readDataStores(parsedProcessDefinition, definitionsElement.elements(DATA_STORE)); Element process = definitionsElement.element(PROCESS); processDefinition.setName(process.attributeValue(NAME)); Map processProperties = parseExtensionProperties(process); @@ -521,4 +527,11 @@ private void readActionHandlers(ProcessDefinition processDefinition, GraphElemen } } + private void readDataStores(ParsedProcessDefinition parsedProcessDefinition, List dataStoreElements) { + for (Element dataStoreElement : dataStoreElements) { + final Node node = ApplicationContextFactory.createAutowiredBean(nodeTypes.get(DATA_STORE)); + node.setParsedProcessDefinition(parsedProcessDefinition); + readNode(parsedProcessDefinition, dataStoreElement, Collections.emptyMap(), node); + } + } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/DataStore.java b/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/DataStore.java new file mode 100644 index 0000000000..594965d070 --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/DataStore.java @@ -0,0 +1,17 @@ +package ru.runa.wfe.lang.bpmn2; + +import ru.runa.wfe.execution.ExecutionContext; +import ru.runa.wfe.lang.Node; +import ru.runa.wfe.lang.NodeType; + +public class DataStore extends Node { + @Override + public NodeType getNodeType() { + return NodeType.TEXT_ANNOTATION; + } + + @Override + protected void execute(ExecutionContext executionContext) throws Exception { + throw new UnsupportedOperationException(); + } +} From 5644046a279cd5362828cbf8f7c74ce5730dd9ad Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Sun, 9 Aug 2020 17:46:18 +0300 Subject: [PATCH 51/71] rm1766: fix compile errors --- .../java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java index c5fc771328..7787e99189 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java +++ b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java @@ -159,7 +159,7 @@ public BpmnXmlReader(Document document) { public ProcessDefinition readProcessDefinition(ProcessDefinition processDefinition) { try { Element definitionsElement = document.getRootElement(); - readDataStores(parsedProcessDefinition, definitionsElement.elements(DATA_STORE)); + readDataStores(processDefinition, definitionsElement.elements(DATA_STORE)); Element process = definitionsElement.element(PROCESS); processDefinition.setName(process.attributeValue(NAME)); Map processProperties = parseExtensionProperties(process); @@ -527,11 +527,11 @@ private void readActionHandlers(ProcessDefinition processDefinition, GraphElemen } } - private void readDataStores(ParsedProcessDefinition parsedProcessDefinition, List dataStoreElements) { + private void readDataStores(ProcessDefinition processDefinition, List dataStoreElements) { for (Element dataStoreElement : dataStoreElements) { final Node node = ApplicationContextFactory.createAutowiredBean(nodeTypes.get(DATA_STORE)); - node.setParsedProcessDefinition(parsedProcessDefinition); - readNode(parsedProcessDefinition, dataStoreElement, Collections.emptyMap(), node); + node.setProcessDefinition(processDefinition); + readNode(processDefinition, dataStoreElement, Collections.emptyMap(), node); } } } From dd34928f0c7734bc5d0077483d6a76284ed58198 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Wed, 26 Feb 2020 23:31:46 +0300 Subject: [PATCH 52/71] =?UTF-8?q?#1589=20InternalStorage=20=D1=81=D0=BA?= =?UTF-8?q?=D1=80=D1=8B=D1=82=20=D0=B2=20=D0=B8=D0=BD=D1=82=D0=B5=D1=80?= =?UTF-8?q?=D1=84=D0=B5=D0=B9=D1=81=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/ru/runa/wfe/datasource/DataSourceStuff.java | 2 ++ .../java/ru/runa/af/web/html/DataSourceTableBuilder.java | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java index 811481e89c..349def3916 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java @@ -28,6 +28,8 @@ public interface DataSourceStuff { String JNDI_NAME_SAMPLE = "jboss/datasources/"; + String INTERNAL_STORAGE_DATA_SOURCE_NAME = "InternalStorage"; + static String adjustUrl(JdbcDataSource jds) { String url = jds.getUrl(); String dbName = Strings.isNullOrEmpty(jds.getDbName()) ? "__DB_UNDEFINED__" : jds.getDbName(); diff --git a/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java b/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java index 1a6f2bfbf7..28082d0f11 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java +++ b/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java @@ -36,6 +36,7 @@ import ru.runa.wfe.commons.web.PortletUrlType; import ru.runa.wfe.datasource.DataSource; import ru.runa.wfe.datasource.DataSourceStorage; +import ru.runa.wfe.datasource.DataSourceStuff; import ru.runa.wfe.datasource.DataSourceType; import ru.runa.wfe.datasource.ExcelDataSource; import ru.runa.wfe.datasource.JdbcDataSource; @@ -55,7 +56,9 @@ public Table build() { table.setWidth("100%"); table.addElement(createTableHeaderTR()); for (DataSource ds : DataSourceStorage.getAllDataSources()) { - table.addElement(createTR(ds)); + if (!DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME.equals(ds.getName())) { + table.addElement(createTR(ds)); + } } return table; } From da5efeda7058a738018b1924ed6770f0651f3a7e Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Mon, 4 May 2020 15:31:22 +0300 Subject: [PATCH 53/71] =?UTF-8?q?rm1507:=20=D0=A0=D0=B0=D0=B7=D0=B4=D0=B5?= =?UTF-8?q?=D0=BB=D0=B5=D0=BD=D0=B8=D0=B5=20=D0=BD=D0=B0=20=D0=BE=D0=B1?= =?UTF-8?q?=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=87=D0=B8=D0=BA=20=D0=B2=D0=BD?= =?UTF-8?q?=D0=B5=D1=88=D0=BD=D0=B5=D0=B3=D0=BE=20=D0=B8=20=D0=B2=D0=BD?= =?UTF-8?q?=D1=83=D1=82=D1=80=D0=B5=D0=BD=D0=BD=D0=B5=D0=B3=D0=BE=20=D1=85?= =?UTF-8?q?=D1=80=D0=B0=D0=BD=D0=B8=D0=BB=D0=B8=D1=89=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../office/storage/handler/InternalStorageHandler.java | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java new file mode 100644 index 0000000000..4eeecc7214 --- /dev/null +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java @@ -0,0 +1,8 @@ +package ru.runa.wfe.office.storage.handler; + +/** + * @author Alekseev Mikhail + * @since #1507 + */ +public class InternalStorageHandler extends ExternalStorageHandler { +} From 608975db001305f1da54dc82ef2d751a545b36d8 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Sun, 9 Aug 2020 18:04:50 +0300 Subject: [PATCH 54/71] rm1766: cherry-pick 1e39ead16b5eb1dd14458982ee950b2865627316 --- .../wfe/datasource/DataSourceStorage.java | 24 ++++-- .../office/shared/FilesSupplierConfig.java | 4 + .../wfe/office/storage/JdbcStoreService.java | 85 +++++++------------ .../runa/wfe/office/storage/StoreHelper.java | 6 +- .../runa/wfe/office/storage/StoreService.java | 5 +- .../wfe/office/storage/StoreServiceImpl.java | 55 +++--------- .../handler/ExternalStorageHandler.java | 79 +++++++---------- .../handler/InternalStorageHandler.java | 27 ++++++ .../handler/StorageBindingsParser.java | 8 +- .../storage/handler/StoreServiceFactory.java | 45 ++++++++++ .../storage/services/StoreHelperImpl.java | 35 +++++--- 11 files changed, 203 insertions(+), 170 deletions(-) create mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java index f5f089658b..707272bd17 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java @@ -26,6 +26,7 @@ import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.commons.IoCommons; import ru.runa.wfe.commons.xml.XmlUtils; +import ru.runa.wfe.var.VariableProvider; public class DataSourceStorage implements DataSourceStuff { @@ -60,7 +61,7 @@ private static synchronized void registerDrivers() { if (urls.isEmpty()) { return; } - URLClassLoader urlClassLoader = new URLClassLoader(urls.toArray(new URL[] {})); + URLClassLoader urlClassLoader = new URLClassLoader(urls.toArray(new URL[]{})); JdbcDataSourceType[] dsTypes = JdbcDataSourceType.values(); for (JdbcDataSourceType dsType : dsTypes) { if (!registeredDsTypes.contains(dsType)) { @@ -137,6 +138,16 @@ public static DataSource getDataSource(String dsName) { return dataSource; } + public static DataSource parseDataSource(String s, VariableProvider variableProvider) { + if (!s.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) && !s.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE)) { + return null; + } + final String dsName = s.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) ? + s.substring(s.indexOf(':') + 1) : + (String) variableProvider.getValue(s.substring(s.indexOf(':') + 1)); + return DataSourceStorage.getDataSource(dsName); + } + public static List getAllDataSources() { List all = Lists.newArrayList(); for (String dsName : getNames()) { @@ -166,13 +177,10 @@ public static void save(byte[] content) { /** * Saves the data source properties to the local storage. - * - * @param content - * - the data source properties content. - * @param force - * - force to overwrite if the data source already exists. - * @param preservePassword - * - if true is passed then the old data source password won't be changed. + * + * @param content - the data source properties content. + * @param force - force to overwrite if the data source already exists. + * @param preservePassword - if true is passed then the old data source password won't be changed. * @return true if the method succeed, false if the data source with the given name has existed and the force argument is false. */ public static boolean save(byte[] content, boolean force, boolean preservePassword) { diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/shared/FilesSupplierConfig.java b/wfe-office/src/main/java/ru/runa/wfe/office/shared/FilesSupplierConfig.java index be800426db..47d52cde22 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/shared/FilesSupplierConfig.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/shared/FilesSupplierConfig.java @@ -47,6 +47,10 @@ public void setOutputFileVariableName(String outputFileVariableName) { this.outputFileVariableName = outputFileVariableName; } + public String getOutputFileVariableName() { + return outputFileVariableName; + } + protected abstract MediaType getContentType(); public abstract String getDefaultOutputFileName(); diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java index eb31f52e75..ec771fd44e 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java @@ -10,15 +10,12 @@ import java.text.SimpleDateFormat; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Properties; import java.util.StringTokenizer; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import ru.runa.wfe.datasource.DataSourceStorage; -import ru.runa.wfe.datasource.DataSourceStuff; import ru.runa.wfe.datasource.JdbcDataSource; -import ru.runa.wfe.extension.handler.ParamDef; import ru.runa.wfe.extension.handler.ParamsDef; import ru.runa.wfe.office.excel.ExcelConstraints; import ru.runa.wfe.office.excel.OnSheetConstraints; @@ -99,26 +96,7 @@ protected String tableName() { return adjustIdentifier(tableName); } - protected boolean existOutputParamByVariableName(WfVariable variable) { - Preconditions.checkNotNull(variable); - if (variableProvider instanceof ParamBasedVariableProvider) { - ParamsDef paramsDef = ((ParamBasedVariableProvider) variableProvider).getParamsDef(); - if (paramsDef != null) { - Map outputParams = paramsDef.getOutputParams(); - if (outputParams != null) { - for (Entry entry : outputParams.entrySet()) { - String variableName = entry.getValue().getVariableName(); - if (variable.getDefinition().getName().equals(variableName)) { - return true; - } - } - } - } - } - return false; - } - - protected boolean executeSql(String sql) throws Exception { + protected boolean executeSql(String sql) throws JdbcStoreException { log.info(sql); try (Connection conn = ds.getConnection(); PreparedStatement ps = conn.prepareStatement(sql)) { return ps.execute() && ps.getResultSet().next() || ps.getUpdateCount() > 0; @@ -160,30 +138,22 @@ protected boolean checkVariableType(WfVariable variable) { return vd.isUserType() || vd.getFormatNotNull() instanceof ListFormat && components != null && components.length > 0; } - protected void initParams(Properties properties, WfVariable variable) throws Exception { + protected void initParams(Properties properties, UserType userType) throws Exception { Preconditions.checkNotNull(properties); - Preconditions.checkNotNull(variable); - Preconditions.checkArgument(checkVariableType(variable), - "Variable '" + variable.getDefinition().getName() + "' must be user type or list of user types."); + Preconditions.checkNotNull(userType); constraints = (ExcelConstraints) properties.get(PROP_CONSTRAINTS); fullPath = properties.getProperty(PROP_PATH); - if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) || fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE)) { - String dsName = null; - if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE)) { - dsName = fullPath.substring(DataSourceStuff.PATH_PREFIX_DATA_SOURCE.length()); - } else { - dsName = (String) variableProvider.getValueNotNull(fullPath.substring(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE.length())); - } - ds = (JdbcDataSource) DataSourceStorage.getDataSource(dsName); - createTableIfNotExist(variable); + ds = (JdbcDataSource) DataSourceStorage.parseDataSource(fullPath, variableProvider); + if (ds != null) { + createTableIfNotExist(userType); } } - protected void createTableIfNotExist(WfVariable variable) throws Exception { + protected void createTableIfNotExist(UserType userType) throws Exception { String tableName = tableName(); if (!executeSql(MessageFormat.format(tableExistsSql(), tableName))) { String columnDefinitions = ""; - for (VariableDefinition vd : userType(variable).getAttributes()) { + for (VariableDefinition vd : userType.getAttributes()) { columnDefinitions += (columnDefinitions.length() > 0 ? SQL_LIST_SEPARATOR : "") + MessageFormat.format(SQL_COLUMN_DEFINITION, adjustIdentifier(vd.getName()), typeMap().get(vd.getFormatNotNull().getClass())); } @@ -204,14 +174,10 @@ protected Object adjustValue(Object value) { abstract protected Map, String> typeMap(); @Override - public ExecutionResult findByFilter(Properties properties, WfVariable variable, String condition) throws Exception { - if (!existOutputParamByVariableName(variable)) { - throw new WrongParameterException(variable.getDefinition().getName()); - } - initParams(properties, variable); + public ExecutionResult findByFilter(Properties properties, UserType userType, String condition) throws Exception { + initParams(properties, userType); String columns = ""; - UserType ut = variable.getDefinition().getFormatComponentUserTypes()[0]; - for (VariableDefinition vd : ut.getAttributes()) { + for (VariableDefinition vd : userType.getAttributes()) { String variableName = adjustIdentifier(vd.getName()); columns += (columns.length() > 0 ? SQL_LIST_SEPARATOR : "") + MessageFormat.format(SQL_COLUMN, variableName); } @@ -220,8 +186,8 @@ public ExecutionResult findByFilter(Properties properties, WfVariable variable, try (ResultSet rs = ps.executeQuery()) { List utmList = Lists.newArrayList(); while (rs.next()) { - UserTypeMap utm = new UserTypeMap(ut); - for (VariableDefinition vd : ut.getAttributes()) { + UserTypeMap utm = new UserTypeMap(userType); + for (VariableDefinition vd : userType.getAttributes()) { String variableName = vd.getName(); utm.put(variableName, adjustValue(rs.getObject(adjustIdentifier(variableName)))); } @@ -235,7 +201,10 @@ public ExecutionResult findByFilter(Properties properties, WfVariable variable, @Override public void update(Properties properties, WfVariable variable, String condition) throws Exception { - initParams(properties, variable); + Preconditions.checkArgument(checkVariableType(variable), + "Variable '" + variable.getDefinition().getName() + "' must be user type or list of user types."); + initParams(properties, variable.getDefinition().getUserType()); + String columns = ""; for (VariableDefinition vd : variable.getDefinition().getUserType().getAttributes()) { String variableName = vd.getName(); @@ -259,7 +228,7 @@ private String condition(String condition) { String token = st.nextToken(); if (token.startsWith("[") && token.endsWith("]")) { sb.append(SPACE); - sb.append('"').append(token.replace(ConditionProcessor.UNICODE_CHARACTER_OVERLINE, ' ').substring(1, token.length() - 1)).append('"'); + sb.append('"').append(token.replace(ConditionProcessor.UNICODE_CHARACTER_OVERLINE, ' '), 1, token.length() - 1).append('"'); } else if (token.equalsIgnoreCase(LIKE_LITERAL)) { sb.append(SPACE); sb.append(LIKE_LITERAL); @@ -279,9 +248,12 @@ private String condition(String condition) { toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); } } - sb.append(SPACE); - sb.append(toAppend); + } else { + WfVariable wfVariable = variableProvider.getVariableNotNull(variableName); + toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); } + sb.append(SPACE); + sb.append(toAppend); } else if (token.equals(DOUBLE_EQUALS)) { sb.append(SPACE); sb.append(EQUALS); @@ -294,14 +266,18 @@ private String condition(String condition) { } @Override - public void delete(Properties properties, WfVariable variable, String condition) throws Exception { - initParams(properties, variable); + public void delete(Properties properties, UserType userType, String condition) throws Exception { + initParams(properties, userType); executeSql(MessageFormat.format(SQL_DELETE, tableName(), condition(condition))); } + @SuppressWarnings("unchecked") @Override public void save(Properties properties, WfVariable variable, boolean appendTo) throws Exception { - initParams(properties, variable); + Preconditions.checkArgument(checkVariableType(variable), + "Variable '" + variable.getDefinition().getName() + "' must be user type or list of user types."); + initParams(properties, variable.getDefinition().getUserType()); + List data = Lists.newArrayList(); if (variable.getDefinition().isUserType()) { data.add((UserTypeMap) variable.getValue()); @@ -319,5 +295,4 @@ public void save(Properties properties, WfVariable variable, boolean appendTo) t executeSql(MessageFormat.format(SQL_INSERT, tableName(), columns, values)); } } - } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java index e9fa1a160c..97ebc2b807 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java @@ -1,7 +1,9 @@ package ru.runa.wfe.office.storage; +import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.office.storage.binding.DataBinding; import ru.runa.wfe.office.storage.binding.ExecutionResult; +import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.dto.WfVariable; import ru.runa.wfe.var.format.VariableFormat; @@ -9,6 +11,8 @@ public interface StoreHelper { void setVariableFormat(VariableFormat format); - ExecutionResult execute(DataBinding binding, WfVariable variable); + ExecutionResult execute(DataBinding binding, WfVariable variable) throws InternalApplicationException; + + ExecutionResult execute(DataBinding binding, UserType userType) throws InternalApplicationException; } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreService.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreService.java index d473ba776a..e934a655eb 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreService.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreService.java @@ -7,6 +7,7 @@ import java.util.Properties; import java.util.Set; import ru.runa.wfe.office.storage.binding.ExecutionResult; +import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.dto.WfVariable; public interface StoreService { @@ -17,11 +18,11 @@ public interface StoreService { void createFileIfNotExist(String path) throws Exception; - ExecutionResult findByFilter(Properties properties, WfVariable variable, String condition) throws Exception; + ExecutionResult findByFilter(Properties properties, UserType userType, String condition) throws Exception; void update(Properties properties, WfVariable variable, String condition) throws Exception; - void delete(Properties properties, WfVariable variable, String condition) throws Exception; + void delete(Properties properties, UserType userType, String condition) throws Exception; void save(Properties properties, WfVariable variable, boolean appendTo) throws Exception; diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java index e4b658f94c..a84c2683b9 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java @@ -25,7 +25,6 @@ import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.datasource.DataSource; import ru.runa.wfe.datasource.DataSourceStorage; -import ru.runa.wfe.datasource.DataSourceStuff; import ru.runa.wfe.datasource.ExcelDataSource; import ru.runa.wfe.extension.handler.ParamDef; import ru.runa.wfe.extension.handler.ParamsDef; @@ -90,10 +89,7 @@ public void createFileIfNotExist(String path) throws InternalApplicationExceptio } @Override - public ExecutionResult findByFilter(Properties properties, WfVariable variable, String condition) throws Exception { - if (!existOutputParamByVariableName(variable)) { - throw new WrongParameterException(variable.getDefinition().getName()); - } + public ExecutionResult findByFilter(Properties properties, UserType userType, String condition) throws Exception { if (!isConditionValid(condition)) { throw new WrongOperatorException(condition); } @@ -107,34 +103,24 @@ public void update(Properties properties, WfVariable variable, String condition) initParams(properties); Workbook wb = getWorkbook(fullPath); update(wb, constraints, variable.getValue(), format, condition, false); - OutputStream os = null; - try { - os = new FileOutputStream(fullPath); + try (OutputStream os = new FileOutputStream(fullPath)) { wb.write(os); } catch (IOException e) { log.error("", e); throw new BlockedFileException(fullPath); - } finally { - os.close(); } } @Override - public void delete(Properties properties, WfVariable variable, String condition) throws Exception { + public void delete(Properties properties, UserType userType, String condition) throws Exception { initParams(properties); Workbook wb = getWorkbook(fullPath); - update(wb, constraints, variable.getValue(), format, condition, true); - OutputStream os = null; - try { - os = new FileOutputStream(fullPath); + update(wb, constraints, null, format, condition, true); + try (OutputStream os = new FileOutputStream(fullPath)) { wb.write(os); } catch (IOException e) { log.error("", e); throw new BlockedFileException(fullPath); - } finally { - if (os != null) { - os.close(); - } } } @@ -143,17 +129,11 @@ public void save(Properties properties, WfVariable variable, boolean appendTo) t initParams(properties); Workbook wb = getWorkbook(fullPath); save(wb, constraints, format, variable, appendTo); - OutputStream os = null; - try { - os = new FileOutputStream(fullPath); + try (OutputStream os = new FileOutputStream(fullPath)) { wb.write(os); } catch (IOException e) { log.error("", e); throw new BlockedFileException(fullPath); - } finally { - if (os != null) { - os.close(); - } } } @@ -162,18 +142,10 @@ private void initParams(Properties properties) throws InternalApplicationExcepti constraints = (ExcelConstraints) properties.get(PROP_CONSTRAINTS); format = (VariableFormat) properties.get(PROP_FORMAT); fullPath = properties.getProperty(PROP_PATH); - if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) || fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE)) { - String dsName; - if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE)) { - dsName = fullPath.substring(DataSourceStuff.PATH_PREFIX_DATA_SOURCE.length()); - } else { - dsName = (String) variableProvider.getValueNotNull(fullPath.substring(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE.length())); - } - DataSource ds = DataSourceStorage.getDataSource(dsName); - if (ds instanceof ExcelDataSource) { - ExcelDataSource eds = (ExcelDataSource) ds; - fullPath = eds.getFilePath() + "/" + tableName() + XLSX_SUFFIX; - } + final DataSource dataSource = DataSourceStorage.parseDataSource(fullPath, variableProvider); + if (dataSource instanceof ExcelDataSource) { + final ExcelDataSource eds = (ExcelDataSource) dataSource; + fullPath = eds.getFilePath() + "/" + tableName() + XLSX_SUFFIX; } createFileIfNotExist(fullPath); } @@ -181,17 +153,16 @@ private void initParams(Properties properties) throws InternalApplicationExcepti @SuppressWarnings("unchecked") private void update(Workbook workbook, ExcelConstraints constraints, Object variable, VariableFormat variableFormat, String condition, boolean clear) { - List list = findAll(workbook, constraints, variableFormat); + List list = findAll(workbook, constraints, variableFormat); boolean changed = false; + int i = 0; if (Strings.isNullOrEmpty(condition)) { - int i = 0; for (Object object : list) { changeVariable(constraints, variable, clear, list, i, object); i++; } changed = true; } else { - int i = 0; for (Object object : list) { if (variableFormat instanceof UserTypeFormat) { if (ConditionProcessor.filter(condition, (Map) object, variableProvider)) { @@ -207,7 +178,7 @@ private void update(Workbook workbook, ExcelConstraints constraints, Object vari } } - @SuppressWarnings("unchecked") + @SuppressWarnings({ "unchecked", "rawtypes" }) private void changeVariable(ExcelConstraints constraints, Object variable, boolean clear, List list, int i, Object object) { if (clear) { list.set(i, null); diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java index a7feb942e8..66ceafcde7 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java @@ -2,27 +2,21 @@ import java.util.HashMap; import java.util.Map; -import ru.runa.wfe.InternalApplicationException; -import ru.runa.wfe.datasource.DataSource; import ru.runa.wfe.datasource.DataSourceStorage; -import ru.runa.wfe.datasource.DataSourceStuff; -import ru.runa.wfe.datasource.ExcelDataSource; -import ru.runa.wfe.datasource.JdbcDataSource; import ru.runa.wfe.definition.FileDataProvider; +import ru.runa.wfe.office.excel.OnSheetConstraints; import ru.runa.wfe.office.shared.FilesSupplierConfigParser; import ru.runa.wfe.office.shared.OfficeFilesSupplierHandler; -import ru.runa.wfe.office.storage.OracleStoreService; -import ru.runa.wfe.office.storage.PostgreSqlStoreService; -import ru.runa.wfe.office.storage.SqlServerStoreService; import ru.runa.wfe.office.storage.StoreHelper; import ru.runa.wfe.office.storage.StoreService; -import ru.runa.wfe.office.storage.StoreServiceImpl; import ru.runa.wfe.office.storage.binding.DataBinding; import ru.runa.wfe.office.storage.binding.DataBindings; import ru.runa.wfe.office.storage.binding.ExecutionResult; import ru.runa.wfe.office.storage.services.StoreHelperImpl; +import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.VariableProvider; import ru.runa.wfe.var.dto.WfVariable; +import ru.runa.wfe.var.format.UserTypeFormat; public class ExternalStorageHandler extends OfficeFilesSupplierHandler { @@ -32,45 +26,16 @@ protected FilesSupplierConfigParser createParser() { } @Override - protected Map executeAction(VariableProvider variableProvider, FileDataProvider fileDataProvider) throws Exception { - Map result = new HashMap(); - StoreService storeService = null; - String dsName = config.getInputFilePath(); - if (dsName.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) || dsName.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE)) { - if (dsName.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE)) { - dsName = dsName.substring(dsName.indexOf(':') + 1); - } else { - dsName = (String) variableProvider.getValue(dsName.substring(dsName.indexOf(':') + 1)); - } - DataSource ds = DataSourceStorage.getDataSource(dsName); - if (ds instanceof JdbcDataSource) { - switch (((JdbcDataSource) ds).getDbType()) { - case SqlServer: - storeService = new SqlServerStoreService(variableProvider); - break; - case Oracle: - storeService = new OracleStoreService(variableProvider); - break; - case PostgreSql: - storeService = new PostgreSqlStoreService(variableProvider); - break; - default: - throw new InternalApplicationException("Database type " + ((JdbcDataSource) ds).getDbType().name() + " not supported."); - } - } else if (ds instanceof ExcelDataSource) { - storeService = new StoreServiceImpl(variableProvider); - } else { - throw new InternalApplicationException("Data source type " + ds.getClass().getSimpleName() + " not supported."); - } - } else { - storeService = new StoreServiceImpl(variableProvider); - } - StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); + protected Map executeAction(VariableProvider variableProvider, FileDataProvider fileDataProvider) { + final Map result = new HashMap<>(); + final StoreService storeService = StoreServiceFactory.create( + DataSourceStorage.parseDataSource(config.getInputFilePath(), variableProvider), + variableProvider + ); + final StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); + for (DataBinding binding : config.getBindings()) { - WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); - binding.getConstraints().applyPlaceholders(variableProvider); - storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); - ExecutionResult executionResult = storeHelper.execute(binding, variable); + final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); if (executionResult.isNeedReturn()) { result.put(binding.getVariableName(), executionResult.getValue()); } @@ -78,4 +43,24 @@ protected Map executeAction(VariableProvider variableProvider, F return result; } + protected ExecutionResult execute(VariableProvider variableProvider, DataBinding binding, StoreHelper storeHelper) { + binding.getConstraints().applyPlaceholders(variableProvider); + switch (config.getQueryType()) { + case INSERT: + case UPDATE: { + final WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.execute(binding, variable); + } + case SELECT: { + final WfVariable variable = variableProvider.getVariableNotNull(config.getOutputFileVariableName()); + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.execute(binding, variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName())); + } + default: + final UserType userType = variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName()); + storeHelper.setVariableFormat(new UserTypeFormat(userType)); + return storeHelper.execute(binding, userType); + } + } } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java index 4eeecc7214..de13e896fc 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java @@ -1,8 +1,35 @@ package ru.runa.wfe.office.storage.handler; +import com.google.common.collect.Iterables; +import java.util.HashMap; +import java.util.Map; +import ru.runa.wfe.datasource.DataSourceStorage; +import ru.runa.wfe.definition.FileDataProvider; +import ru.runa.wfe.office.storage.StoreHelper; +import ru.runa.wfe.office.storage.StoreService; +import ru.runa.wfe.office.storage.binding.ExecutionResult; +import ru.runa.wfe.office.storage.services.StoreHelperImpl; +import ru.runa.wfe.var.VariableProvider; + /** * @author Alekseev Mikhail * @since #1507 */ public class InternalStorageHandler extends ExternalStorageHandler { + @Override + protected Map executeAction(VariableProvider variableProvider, FileDataProvider fileDataProvider) { + final Map result = new HashMap<>(); + final StoreService storeService = StoreServiceFactory.create( + DataSourceStorage.parseDataSource(config.getInputFilePath(), variableProvider), + variableProvider + ); + final StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); + + final ExecutionResult executionResult = execute(variableProvider, Iterables.getOnlyElement(config.getBindings()), storeHelper); + + if (executionResult.isNeedReturn()) { + result.put(config.getOutputFileVariableName(), executionResult.getValue()); + } + return result; + } } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StorageBindingsParser.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StorageBindingsParser.java index 5e121d56d6..d8b7b921d9 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StorageBindingsParser.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StorageBindingsParser.java @@ -27,9 +27,6 @@ protected void parseCustom(Element root, DataBindings bindings) throws Exception String className = bindingElement.attributeValue("class"); Preconditions.checkNotNull(className, "Missed 'class' attribute in binding element"); - String variableName = bindingElement.attributeValue("variable"); - Preconditions.checkNotNull(variableName, "Missed 'variable' attribute in binding element"); - ExcelConstraints constraints = ClassLoaderUtil.instantiate(className); Element configElement = bindingElement.element("config"); Preconditions.checkNotNull(configElement, "Missed 'config' element in binding element"); @@ -46,6 +43,11 @@ protected void parseCustom(Element root, DataBindings bindings) throws Exception bindings.setQueryType(QueryType.valueOf(conditionsElement.attributeValue("type"))); } + String variableName = bindingElement.attributeValue("variable"); + if (variableName == null && (bindings.getQueryType() == QueryType.INSERT || bindings.getQueryType() == QueryType.UPDATE)) { + throw new IllegalArgumentException("Missed 'variable' attribute in binding element"); + } + DataBinding binding = new DataBinding(); binding.setConstraints(constraints); binding.setVariableName(variableName); diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java new file mode 100644 index 0000000000..aca34acd32 --- /dev/null +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java @@ -0,0 +1,45 @@ +package ru.runa.wfe.office.storage.handler; + +import com.google.common.base.Preconditions; +import ru.runa.wfe.InternalApplicationException; +import ru.runa.wfe.datasource.DataSource; +import ru.runa.wfe.datasource.ExcelDataSource; +import ru.runa.wfe.datasource.JdbcDataSource; +import ru.runa.wfe.office.storage.H2SqlStoreService; +import ru.runa.wfe.office.storage.OracleStoreService; +import ru.runa.wfe.office.storage.PostgreSqlStoreService; +import ru.runa.wfe.office.storage.SqlServerStoreService; +import ru.runa.wfe.office.storage.StoreService; +import ru.runa.wfe.office.storage.StoreServiceImpl; +import ru.runa.wfe.var.VariableProvider; + +/** + * @author Alekseev Mikhail + * @since #1394 + */ +public class StoreServiceFactory { + private StoreServiceFactory() { + } + + public static StoreService create(DataSource dataSource, VariableProvider variableProvider) { + Preconditions.checkNotNull(dataSource, "Can't obtain StoreService: dataSource must not be null"); + if (dataSource instanceof JdbcDataSource) { + switch (((JdbcDataSource) dataSource).getDbType()) { + case SqlServer: + return new SqlServerStoreService(variableProvider); + case Oracle: + return new OracleStoreService(variableProvider); + case PostgreSql: + return new PostgreSqlStoreService(variableProvider); + case H2: + return new H2SqlStoreService(variableProvider); + default: + throw new InternalApplicationException("Database type " + ((JdbcDataSource) dataSource).getDbType().name() + " not supported."); + } + } else if (dataSource instanceof ExcelDataSource) { + return new StoreServiceImpl(variableProvider); + } else { + throw new InternalApplicationException("Data source type " + dataSource.getClass().getSimpleName() + " not supported."); + } + } +} diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java index d0318c5a7a..d13f808a87 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java @@ -1,12 +1,11 @@ package ru.runa.wfe.office.storage.services; -import com.google.common.base.Throwables; import com.google.common.collect.Maps; import java.lang.reflect.Method; import java.util.Map; import java.util.Properties; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import lombok.extern.apachecommons.CommonsLog; +import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.extension.handler.ParamDef; import ru.runa.wfe.office.storage.StoreHelper; import ru.runa.wfe.office.storage.StoreOperation; @@ -15,16 +14,16 @@ import ru.runa.wfe.office.storage.binding.DataBindings; import ru.runa.wfe.office.storage.binding.ExecutionResult; import ru.runa.wfe.office.storage.binding.QueryType; +import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.VariableDefinition; import ru.runa.wfe.var.VariableProvider; import ru.runa.wfe.var.dto.WfVariable; import ru.runa.wfe.var.format.ListFormat; import ru.runa.wfe.var.format.VariableFormat; +@CommonsLog public class StoreHelperImpl implements StoreHelper { - private static final Log log = LogFactory.getLog(StoreHelperImpl.class); - private Map invocationMap = Maps.newHashMap(); StoreService storeService; @@ -54,7 +53,7 @@ public void setVariableFormat(VariableFormat format) { } @Override - public ExecutionResult execute(DataBinding binding, WfVariable variable) { + public ExecutionResult execute(DataBinding binding, WfVariable variable) throws InternalApplicationException { VariableDefinition vd = variable.getDefinition(); if (!vd.isUserType() && (!vd.getFormatClassName().equals(ListFormat.class.getName()) || vd.getFormatComponentUserTypes() == null || vd.getFormatComponentUserTypes().length == 0)) { @@ -65,7 +64,19 @@ public ExecutionResult execute(DataBinding binding, WfVariable variable) { Method method = invocationMap.get(config.getQueryType()); return (ExecutionResult) method.invoke(this, binding, variable, config.getCondition()); } catch (Exception e) { - throw Throwables.propagate(Throwables.getRootCause(e)); + log.error("Error while executing operation with DataStore", e); + throw new InternalApplicationException(e); + } + } + + @Override + public ExecutionResult execute(DataBinding binding, UserType userType) throws InternalApplicationException { + try { + Method method = invocationMap.get(config.getQueryType()); + return (ExecutionResult) method.invoke(this, binding, userType, config.getCondition()); + } catch (Exception e) { + log.error("Error while executing operation with DataStore", e); + throw new InternalApplicationException(e); } } @@ -76,8 +87,8 @@ public ExecutionResult save(DataBinding binding, WfVariable variable, String con } @StoreOperation(QueryType.SELECT) - public ExecutionResult findByFilter(DataBinding binding, WfVariable variable, String condition) throws Exception { - return storeService.findByFilter(extractProperties(binding), variable, condition); + public ExecutionResult findByFilter(DataBinding binding, UserType userType, String condition) throws Exception { + return storeService.findByFilter(extractProperties(binding), userType, condition); } @StoreOperation(QueryType.UPDATE) @@ -87,8 +98,8 @@ public ExecutionResult update(DataBinding binding, WfVariable variable, String c } @StoreOperation(QueryType.DELETE) - public ExecutionResult delete(DataBinding binding, WfVariable variable, String condition) throws Exception { - storeService.delete(extractProperties(binding), variable, condition); + public ExecutionResult delete(DataBinding binding, UserType userType, String condition) throws Exception { + storeService.delete(extractProperties(binding), userType, condition); return ExecutionResult.EMPTY; } @@ -98,7 +109,7 @@ private void registerHandlers() { StoreOperation annotation = method.getAnnotation(StoreOperation.class); if (annotation != null) { Class[] parameters = method.getParameterTypes(); - if (parameters == null || parameters.length < 1) { + if (parameters.length < 1) { log.warn("wrong parameters"); continue; } From da8a8f84e452b4b56d0f6bb08391f4cc3b25da36 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Wed, 20 May 2020 13:47:48 +0300 Subject: [PATCH 55/71] =?UTF-8?q?rm1507:=20=D0=98=D1=81=D0=BF=D0=BE=D0=BB?= =?UTF-8?q?=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=20=D0=B7=D0=BD?= =?UTF-8?q?=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D1=8F=20=D0=BF=D0=B5=D1=80=D0=B5?= =?UTF-8?q?=D0=BC=D0=B5=D0=BD=D0=BD=D0=BE=D0=B9=20=D0=B2=20like=20=D0=B2?= =?UTF-8?q?=D1=8B=D1=80=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../wfe/office/storage/JdbcStoreService.java | 48 +++++++++++-------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java index ec771fd44e..dd8f93543e 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java @@ -233,27 +233,16 @@ private String condition(String condition) { sb.append(SPACE); sb.append(LIKE_LITERAL); sb.append(SPACE); - sb.append(st.nextToken()); - } else if (token.startsWith("@")) { - String variableName = token.substring(1); - String toAppend = ""; - if (variableProvider instanceof ParamBasedVariableProvider) { - ParamsDef paramsDef = ((ParamBasedVariableProvider) variableProvider).getParamsDef(); - if (paramsDef != null) { - if (paramsDef.getInputParam(variableName) != null) { - Object inputParamValue = paramsDef.getInputParamValue(variableName, variableProvider); - toAppend = sqlValue(inputParamValue, variableProvider.getVariable(variableName).getDefinition().getFormatNotNull()); - } else { - WfVariable wfVariable = variableProvider.getVariableNotNull(variableName); - toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); - } + if (st.hasMoreTokens()) { + final String nextToken = st.nextToken(); + if (nextToken.startsWith("@")) { + sb.append(extractVariableValue(nextToken)); + } else { + sb.append(nextToken); } - } else { - WfVariable wfVariable = variableProvider.getVariableNotNull(variableName); - toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); } - sb.append(SPACE); - sb.append(toAppend); + } else if (token.startsWith("@")) { + sb.append(SPACE).append(extractVariableValue(token)); } else if (token.equals(DOUBLE_EQUALS)) { sb.append(SPACE); sb.append(EQUALS); @@ -295,4 +284,25 @@ public void save(Properties properties, WfVariable variable, boolean appendTo) t executeSql(MessageFormat.format(SQL_INSERT, tableName(), columns, values)); } } + + private String extractVariableValue(String token) { + final String variableName = token.substring(1); + String toAppend = ""; + if (variableProvider instanceof ParamBasedVariableProvider) { + ParamsDef paramsDef = ((ParamBasedVariableProvider) variableProvider).getParamsDef(); + if (paramsDef != null) { + if (paramsDef.getInputParam(variableName) != null) { + Object inputParamValue = paramsDef.getInputParamValue(variableName, variableProvider); + toAppend = sqlValue(inputParamValue, variableProvider.getVariable(variableName).getDefinition().getFormatNotNull()); + } else { + WfVariable wfVariable = variableProvider.getVariableNotNull(variableName); + toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); + } + } + } else { + WfVariable wfVariable = variableProvider.getVariableNotNull(variableName); + toAppend = sqlValue(wfVariable.getValue(), wfVariable.getDefinition().getFormatNotNull()); + } + return toAppend; + } } From 1d5feb0ca56187ae94131666c1f597a96f99ec43 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Wed, 20 May 2020 13:48:18 +0300 Subject: [PATCH 56/71] =?UTF-8?q?rm1507:=20=D0=9F=D0=BE=D0=B4=D0=B4=D0=B5?= =?UTF-8?q?=D1=80=D0=B6=D0=BA=D0=B0=20like=20=D0=B2=D1=8B=D1=80=D0=B0?= =?UTF-8?q?=D0=B6=D0=B5=D0=BD=D0=B8=D0=B9=20=D0=B4=D0=BB=D1=8F=20Excel=20?= =?UTF-8?q?=D0=B8=D1=81=D1=82=D0=BE=D1=87=D0=BD=D0=B8=D0=BA=D0=B0=20=D0=B4?= =?UTF-8?q?=D0=B0=D0=BD=D0=BD=D1=8B=D1=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../office/storage/ConditionProcessor.java | 35 ++++++++++++------- .../wfe/office/storage/StoreServiceImpl.java | 2 +- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/ConditionProcessor.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/ConditionProcessor.java index 872920d8ea..b30768482c 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/ConditionProcessor.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/ConditionProcessor.java @@ -19,9 +19,9 @@ public class ConditionProcessor { public static final char UNICODE_CHARACTER_OVERLINE = '\u203E'; - private static final String LIKE_EXPR_END = ".toLowerCase()) >= 0"; + private static final String LIKE_EXPR_END = ") != null"; - private static final String LIKE_EXPR_START = ".toLowerCase().indexOf("; + private static final String LIKE_EXPR_START = ".match("; private static final String LIKE_LITERAL = "like"; @@ -43,6 +43,7 @@ public class ConditionProcessor { private static String previousOperator = ""; private static ScriptEngine engine; + static { ScriptEngineManager engineManager = new ScriptEngineManager(); engine = engineManager.getEngineByName("JavaScript"); @@ -83,16 +84,16 @@ private static String parse(String condition, Map attributes, Va sb = appendAttribute(sb, attributes, token.replace(UNICODE_CHARACTER_OVERLINE, ' ')); } else if (token.equalsIgnoreCase(LIKE_LITERAL)) { previousOperator = LIKE_LITERAL; - sb.append(LIKE_EXPR_START); + sb.append(LIKE_EXPR_START).append("/"); token = st.nextToken(); - sb.append(token); - sb.append(LIKE_EXPR_END); + if (token.startsWith("@")) { + sb.append(extractVariableValue(token, variableProvider, false).replace("%", ".*")); + } else { + sb.append(token.replace("%", ".*")); + } + sb.append("/g").append(LIKE_EXPR_END); } else if (token.startsWith("@")) { - String variableName = token.substring(1); - Object value = variableProvider.getValue(variableName); - String toAppend = formatParameterValue(value); - sb.append(SPACE); - sb.append(toAppend); + sb.append(SPACE).append(extractVariableValue(token, variableProvider, true)); } else { sb.append(SPACE); if (previousAttributeValue != null && previousAttributeValue instanceof Date && operators.contains(previousOperator)) { @@ -109,6 +110,12 @@ private static String parse(String condition, Map attributes, Va return sb.toString(); } + private static String extractVariableValue(String token, VariableProvider variableProvider, boolean adjustValue) { + final String variableName = token.substring(1); + final Object value = variableProvider.getValue(variableName); + return formatParameterValue(value, adjustValue); + } + private static long getTime(String source) { source = source.replaceAll("'", ""); try { @@ -131,14 +138,18 @@ private static StringBuilder appendAttribute(StringBuilder sb, Map Date: Mon, 29 Jun 2020 18:31:34 +0300 Subject: [PATCH 57/71] =?UTF-8?q?rm1729:=20=D0=9F=D1=80=D0=B0=D0=B2=D0=BA?= =?UTF-8?q?=D0=B8=20=D0=BF=D0=BE=20=D1=80=D0=B5=D0=B7=D1=83=D0=BB=D1=8C?= =?UTF-8?q?=D1=82=D0=B0=D1=82=D0=B0=D0=BC=20=D1=82=D0=B5=D1=81=D1=82=D0=B8?= =?UTF-8?q?=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D1=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ru/runa/wfe/office/storage/JdbcStoreService.java | 9 +++++++-- .../office/storage/handler/InternalStorageHandler.java | 7 +++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java index dd8f93543e..bfa92649af 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java @@ -203,7 +203,7 @@ public ExecutionResult findByFilter(Properties properties, UserType userType, St public void update(Properties properties, WfVariable variable, String condition) throws Exception { Preconditions.checkArgument(checkVariableType(variable), "Variable '" + variable.getDefinition().getName() + "' must be user type or list of user types."); - initParams(properties, variable.getDefinition().getUserType()); + initParams(properties, userType(variable)); String columns = ""; for (VariableDefinition vd : variable.getDefinition().getUserType().getAttributes()) { @@ -265,7 +265,7 @@ public void delete(Properties properties, UserType userType, String condition) t public void save(Properties properties, WfVariable variable, boolean appendTo) throws Exception { Preconditions.checkArgument(checkVariableType(variable), "Variable '" + variable.getDefinition().getName() + "' must be user type or list of user types."); - initParams(properties, variable.getDefinition().getUserType()); + initParams(properties, userType(variable)); List data = Lists.newArrayList(); if (variable.getDefinition().isUserType()) { @@ -305,4 +305,9 @@ private String extractVariableValue(String token) { } return toAppend; } + + protected UserType userType(WfVariable variable) { + return variable.getDefinition().isUserType() ? variable.getDefinition().getUserType() + : variable.getDefinition().getFormatComponentUserTypes()[0]; + } } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java index de13e896fc..556813490e 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java @@ -7,6 +7,7 @@ import ru.runa.wfe.definition.FileDataProvider; import ru.runa.wfe.office.storage.StoreHelper; import ru.runa.wfe.office.storage.StoreService; +import ru.runa.wfe.office.storage.binding.DataBinding; import ru.runa.wfe.office.storage.binding.ExecutionResult; import ru.runa.wfe.office.storage.services.StoreHelperImpl; import ru.runa.wfe.var.VariableProvider; @@ -25,10 +26,12 @@ protected Map executeAction(VariableProvider variableProvider, F ); final StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); - final ExecutionResult executionResult = execute(variableProvider, Iterables.getOnlyElement(config.getBindings()), storeHelper); + final DataBinding binding = Iterables.getOnlyElement(config.getBindings()); + final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); if (executionResult.isNeedReturn()) { - result.put(config.getOutputFileVariableName(), executionResult.getValue()); + result.put(config.getOutputFileVariableName() != null ? + config.getOutputFileVariableName() : binding.getVariableName(), executionResult.getValue()); } return result; } From b27540a0d11e1cd63a9b5090cd3aa0d6bd40655d Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Sun, 9 Aug 2020 18:11:01 +0300 Subject: [PATCH 58/71] rm1766: fix compile error --- .../java/ru/runa/wfe/office/storage/JdbcStoreService.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java index bfa92649af..8c65f1c756 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/JdbcStoreService.java @@ -82,11 +82,6 @@ public void createFileIfNotExist(String path) throws Exception { // Do nothing } - protected UserType userType(WfVariable variable) { - return variable.getDefinition().isUserType() ? variable.getDefinition().getUserType() - : variable.getDefinition().getFormatComponentUserTypes()[0]; - } - protected String tableName() { OnSheetConstraints osc = (OnSheetConstraints) constraints; String tableName = osc.getSheetName(); From 7faa329a9ab0ae50a2525b5f04684c8223e4e9c7 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Sun, 9 Aug 2020 18:29:30 +0300 Subject: [PATCH 59/71] =?UTF-8?q?rm1766:=20=D0=A3=D0=B1=D1=80=D0=B0=D0=BB?= =?UTF-8?q?=20=D0=BB=D0=B8=D1=88=D0=BD=D0=B5=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../runa/wfe/office/storage/handler/StoreServiceFactory.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java index aca34acd32..e422e54afa 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/StoreServiceFactory.java @@ -5,7 +5,6 @@ import ru.runa.wfe.datasource.DataSource; import ru.runa.wfe.datasource.ExcelDataSource; import ru.runa.wfe.datasource.JdbcDataSource; -import ru.runa.wfe.office.storage.H2SqlStoreService; import ru.runa.wfe.office.storage.OracleStoreService; import ru.runa.wfe.office.storage.PostgreSqlStoreService; import ru.runa.wfe.office.storage.SqlServerStoreService; @@ -31,8 +30,6 @@ public static StoreService create(DataSource dataSource, VariableProvider variab return new OracleStoreService(variableProvider); case PostgreSql: return new PostgreSqlStoreService(variableProvider); - case H2: - return new H2SqlStoreService(variableProvider); default: throw new InternalApplicationException("Database type " + ((JdbcDataSource) dataSource).getDbType().name() + " not supported."); } From 970a6b859ee9d118256f9758c18019ece48da2f7 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 10 Aug 2020 18:57:48 +0700 Subject: [PATCH 60/71] #1533 --- wfe-app/pom.xml | 6 +++--- .../main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index cb861e8b0b..31fe040c04 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java index 6198343244..e1570c06b6 100644 --- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java +++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java @@ -247,7 +247,7 @@ private Element addUpgradeLinkIfRequired(WfProcess process, Element versionEleme if (!SystemProperties.isUpgradeProcessToDefinitionVersionEnabled()) { return versionElement; } - if (! Delegates.getAuthorizationService().isAllowed(this.getUser(), Permission.UPDATE, SecuredObjectType.PROCESS, process.getDefinitionId())) { + if (! Delegates.getAuthorizationService().isAllowed(this.getUser(), Permission.UPDATE, SecuredObjectType.PROCESS, process.getId() )) { return versionElement; } Div div = new Div(); From 57c689739a5679d98d62718a9f2b4c8b9ecb362e Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 10 Aug 2020 20:30:40 +0700 Subject: [PATCH 61/71] #1533 --- wfe-app/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 31fe040c04..cb861e8b0b 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,13 +27,13 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect ---> + java:jboss/UserTransaction false dd.MM.yyyy From a05ee5106bbcef0fe063669a25309c72b63c81f3 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Mon, 10 Aug 2020 21:08:52 +0700 Subject: [PATCH 62/71] #1533 --- wfe-app/pom.xml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index cb861e8b0b..ffbb4d1310 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,10 +27,7 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - + java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect From c819228453455020736593bd5d1fc154392c29e0 Mon Sep 17 00:00:00 2001 From: ibaldina Date: Tue, 11 Aug 2020 13:34:29 +0700 Subject: [PATCH 63/71] #1533 --- .../src/main/java/ru/runa/wfe/security/dao/PermissionDao.java | 1 + 1 file changed, 1 insertion(+) diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index 9a368ffa41..eb4be0d1a1 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -282,6 +282,7 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.READ_PERMISSIONS, true)); requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE_PERMISSIONS, true)); From 3325d98bf30a4de3cf8f0cca9ae92184b2564432 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Wed, 12 Aug 2020 15:07:48 +0300 Subject: [PATCH 64/71] =?UTF-8?q?rm1766=20#note-24:=20=D0=A3=D0=B4=D0=B0?= =?UTF-8?q?=D0=BB=D0=B5=D0=BD=D0=B0=20=D1=80=D0=B5=D0=B3=D0=B8=D1=81=D1=82?= =?UTF-8?q?=D1=80=D0=B0=D1=86=D0=B8=D1=8F=20StoreOperation.=20=D0=9F=D0=B5?= =?UTF-8?q?=D1=80=D0=B5=D0=B4=D0=B0=D1=87=D0=B0=20=D0=BF=D0=B0=D1=80=D0=B0?= =?UTF-8?q?=D0=BC=D0=B5=D1=82=D1=80=D0=BE=D0=B2=20=D1=81=D0=BA=D0=BE=D1=80?= =?UTF-8?q?=D1=80=D0=B5=D0=BA=D1=82=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?q?=D0=B0=20=D0=B4=D0=BB=D1=8F=20=D1=80=D0=B0=D0=B7=D0=BD=D1=8B?= =?UTF-8?q?=D1=85=20=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D0=BB=D0=B8=D1=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../runa/wfe/office/storage/StoreHelper.java | 18 --- .../wfe/office/storage/StoreOperation.java | 14 -- .../handler/ExternalStorageHandler.java | 40 +++--- .../handler/InternalStorageHandler.java | 66 +++++++-- .../office/storage/services/StoreHelper.java | 88 ++++++++++++ .../storage/services/StoreHelperImpl.java | 130 ------------------ 6 files changed, 169 insertions(+), 187 deletions(-) delete mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java delete mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreOperation.java create mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelper.java delete mode 100644 wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java deleted file mode 100644 index 97ebc2b807..0000000000 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreHelper.java +++ /dev/null @@ -1,18 +0,0 @@ -package ru.runa.wfe.office.storage; - -import ru.runa.wfe.InternalApplicationException; -import ru.runa.wfe.office.storage.binding.DataBinding; -import ru.runa.wfe.office.storage.binding.ExecutionResult; -import ru.runa.wfe.var.UserType; -import ru.runa.wfe.var.dto.WfVariable; -import ru.runa.wfe.var.format.VariableFormat; - -public interface StoreHelper { - - void setVariableFormat(VariableFormat format); - - ExecutionResult execute(DataBinding binding, WfVariable variable) throws InternalApplicationException; - - ExecutionResult execute(DataBinding binding, UserType userType) throws InternalApplicationException; - -} diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreOperation.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreOperation.java deleted file mode 100644 index 8cb7be1054..0000000000 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreOperation.java +++ /dev/null @@ -1,14 +0,0 @@ -package ru.runa.wfe.office.storage; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; -import ru.runa.wfe.office.storage.binding.QueryType; - -@Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.METHOD) -public @interface StoreOperation { - - QueryType value(); -} diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java index 66ceafcde7..ac5094c2f5 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/ExternalStorageHandler.java @@ -2,17 +2,16 @@ import java.util.HashMap; import java.util.Map; +import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.datasource.DataSourceStorage; import ru.runa.wfe.definition.FileDataProvider; -import ru.runa.wfe.office.excel.OnSheetConstraints; import ru.runa.wfe.office.shared.FilesSupplierConfigParser; import ru.runa.wfe.office.shared.OfficeFilesSupplierHandler; -import ru.runa.wfe.office.storage.StoreHelper; import ru.runa.wfe.office.storage.StoreService; import ru.runa.wfe.office.storage.binding.DataBinding; import ru.runa.wfe.office.storage.binding.DataBindings; import ru.runa.wfe.office.storage.binding.ExecutionResult; -import ru.runa.wfe.office.storage.services.StoreHelperImpl; +import ru.runa.wfe.office.storage.services.StoreHelper; import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.VariableProvider; import ru.runa.wfe.var.dto.WfVariable; @@ -32,35 +31,44 @@ protected Map executeAction(VariableProvider variableProvider, F DataSourceStorage.parseDataSource(config.getInputFilePath(), variableProvider), variableProvider ); - final StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); + final StoreHelper storeHelper = new StoreHelper(config, variableProvider, storeService); for (DataBinding binding : config.getBindings()) { - final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); - if (executionResult.isNeedReturn()) { - result.put(binding.getVariableName(), executionResult.getValue()); + try { + final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); + if (executionResult.isNeedReturn()) { + result.put(binding.getVariableName(), executionResult.getValue()); + } + } catch (Exception e) { + log.error("Error while executing operation with DataStore", e); + throw new InternalApplicationException(e); } } return result; } - protected ExecutionResult execute(VariableProvider variableProvider, DataBinding binding, StoreHelper storeHelper) { + protected ExecutionResult execute(VariableProvider variableProvider, DataBinding binding, StoreHelper storeHelper) throws Exception { binding.getConstraints().applyPlaceholders(variableProvider); + final WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); switch (config.getQueryType()) { - case INSERT: + case INSERT: { + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.save(binding, variable); + } case UPDATE: { - final WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); - return storeHelper.execute(binding, variable); + return storeHelper.update(binding, variable, config.getCondition()); } case SELECT: { - final WfVariable variable = variableProvider.getVariableNotNull(config.getOutputFileVariableName()); storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); - return storeHelper.execute(binding, variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName())); + return storeHelper.findByFilter(binding, storeHelper.userType(variable), config.getCondition()); } - default: - final UserType userType = variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName()); + case DELETE: + final UserType userType = storeHelper.userType(variable); storeHelper.setVariableFormat(new UserTypeFormat(userType)); - return storeHelper.execute(binding, userType); + return storeHelper.delete(binding, userType, config.getCondition()); + default: + throw new IllegalStateException("Unexpected value: " + config.getQueryType()); } } } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java index 556813490e..3170e1eeb6 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/handler/InternalStorageHandler.java @@ -3,20 +3,32 @@ import com.google.common.collect.Iterables; import java.util.HashMap; import java.util.Map; +import ru.runa.wfe.InternalApplicationException; import ru.runa.wfe.datasource.DataSourceStorage; import ru.runa.wfe.definition.FileDataProvider; -import ru.runa.wfe.office.storage.StoreHelper; +import ru.runa.wfe.office.excel.OnSheetConstraints; +import ru.runa.wfe.office.shared.FilesSupplierConfigParser; +import ru.runa.wfe.office.shared.OfficeFilesSupplierHandler; import ru.runa.wfe.office.storage.StoreService; import ru.runa.wfe.office.storage.binding.DataBinding; +import ru.runa.wfe.office.storage.binding.DataBindings; import ru.runa.wfe.office.storage.binding.ExecutionResult; -import ru.runa.wfe.office.storage.services.StoreHelperImpl; +import ru.runa.wfe.office.storage.services.StoreHelper; +import ru.runa.wfe.var.UserType; import ru.runa.wfe.var.VariableProvider; +import ru.runa.wfe.var.dto.WfVariable; +import ru.runa.wfe.var.format.UserTypeFormat; /** * @author Alekseev Mikhail * @since #1507 */ -public class InternalStorageHandler extends ExternalStorageHandler { +public class InternalStorageHandler extends OfficeFilesSupplierHandler { + @Override + protected FilesSupplierConfigParser createParser() { + return new StorageBindingsParser(); + } + @Override protected Map executeAction(VariableProvider variableProvider, FileDataProvider fileDataProvider) { final Map result = new HashMap<>(); @@ -24,15 +36,51 @@ protected Map executeAction(VariableProvider variableProvider, F DataSourceStorage.parseDataSource(config.getInputFilePath(), variableProvider), variableProvider ); - final StoreHelper storeHelper = new StoreHelperImpl(config, variableProvider, storeService); + final StoreHelper storeHelper = new StoreHelper(config, variableProvider, storeService); final DataBinding binding = Iterables.getOnlyElement(config.getBindings()); - final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); + try { + final ExecutionResult executionResult = execute(variableProvider, binding, storeHelper); + + if (executionResult.isNeedReturn()) { + result.put(config.getOutputFileVariableName() != null ? + config.getOutputFileVariableName() : binding.getVariableName(), executionResult.getValue()); + } + return result; + } catch (Exception e) { + log.error("Error while executing operation with DataStore", e); + throw new InternalApplicationException(e); + } + } - if (executionResult.isNeedReturn()) { - result.put(config.getOutputFileVariableName() != null ? - config.getOutputFileVariableName() : binding.getVariableName(), executionResult.getValue()); + protected ExecutionResult execute(VariableProvider variableProvider, DataBinding binding, StoreHelper storeHelper) throws Exception { + binding.getConstraints().applyPlaceholders(variableProvider); + switch (config.getQueryType()) { + case INSERT: { + final WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.save(binding, variable); + } + case UPDATE: { + final WfVariable variable = variableProvider.getVariableNotNull(binding.getVariableName()); + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.update(binding, variable, config.getCondition()); + } + case SELECT: { + final WfVariable variable = variableProvider.getVariableNotNull(config.getOutputFileVariableName()); + storeHelper.setVariableFormat(variable.getDefinition().getFormatNotNull()); + return storeHelper.findByFilter( + binding, + variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName()), + config.getCondition() + ); + } + case DELETE: + final UserType userType = variableProvider.getUserType(((OnSheetConstraints) binding.getConstraints()).getSheetName()); + storeHelper.setVariableFormat(new UserTypeFormat(userType)); + return storeHelper.delete(binding, userType, config.getCondition()); + default: + throw new IllegalStateException("Unexpected value: " + config.getQueryType()); } - return result; } } diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelper.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelper.java new file mode 100644 index 0000000000..d507e7ae67 --- /dev/null +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelper.java @@ -0,0 +1,88 @@ +package ru.runa.wfe.office.storage.services; + +import com.google.common.collect.Maps; +import java.lang.reflect.Method; +import java.util.Map; +import java.util.Properties; +import lombok.extern.apachecommons.CommonsLog; +import ru.runa.wfe.InternalApplicationException; +import ru.runa.wfe.office.storage.StoreService; +import ru.runa.wfe.office.storage.binding.DataBinding; +import ru.runa.wfe.office.storage.binding.DataBindings; +import ru.runa.wfe.office.storage.binding.ExecutionResult; +import ru.runa.wfe.office.storage.binding.QueryType; +import ru.runa.wfe.var.UserType; +import ru.runa.wfe.var.VariableDefinition; +import ru.runa.wfe.var.VariableProvider; +import ru.runa.wfe.var.dto.WfVariable; +import ru.runa.wfe.var.format.ListFormat; +import ru.runa.wfe.var.format.VariableFormat; + +@CommonsLog +public class StoreHelper { + + private Map invocationMap = Maps.newHashMap(); + + StoreService storeService; + + DataBindings config; + + VariableFormat format; + + VariableProvider variableProvider; + + public StoreHelper(DataBindings config, VariableProvider variableProvider, StoreService storeService) { + setConfig(config); + this.variableProvider = variableProvider; + this.storeService = storeService; + } + + public UserType userType(WfVariable variable) throws InternalApplicationException { + final VariableDefinition definition = variable.getDefinition(); + if (definition.isUserType()) { + return definition.getUserType(); + } + + if (ListFormat.class.getName().equals(definition.getFormatClassName()) && definition.getFormatComponentUserTypes() != null + && definition.getFormatComponentUserTypes().length != 0) { + return definition.getFormatComponentUserTypes()[0]; + } + + throw new InternalApplicationException("Variable type" + definition.getFormat() + " not supported"); + } + + public void setVariableFormat(VariableFormat format) { + this.format = format; + } + + public ExecutionResult save(DataBinding binding, WfVariable variable) throws Exception { + storeService.save(extractProperties(binding), variable, true); + return ExecutionResult.EMPTY; + } + + public ExecutionResult findByFilter(DataBinding binding, UserType userType, String condition) throws Exception { + return storeService.findByFilter(extractProperties(binding), userType, condition); + } + + public ExecutionResult update(DataBinding binding, WfVariable variable, String condition) throws Exception { + storeService.update(extractProperties(binding), variable, condition); + return ExecutionResult.EMPTY; + } + + public ExecutionResult delete(DataBinding binding, UserType userType, String condition) throws Exception { + storeService.delete(extractProperties(binding), userType, condition); + return ExecutionResult.EMPTY; + } + + private Properties extractProperties(DataBinding binding) { + Properties properties = new Properties(); + properties.setProperty(StoreService.PROP_PATH, config.getInputFilePath()); + properties.put(StoreService.PROP_CONSTRAINTS, binding.getConstraints()); + properties.put(StoreService.PROP_FORMAT, format); + return properties; + } + + private void setConfig(DataBindings config) { + this.config = config; + } +} diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java deleted file mode 100644 index d13f808a87..0000000000 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/services/StoreHelperImpl.java +++ /dev/null @@ -1,130 +0,0 @@ -package ru.runa.wfe.office.storage.services; - -import com.google.common.collect.Maps; -import java.lang.reflect.Method; -import java.util.Map; -import java.util.Properties; -import lombok.extern.apachecommons.CommonsLog; -import ru.runa.wfe.InternalApplicationException; -import ru.runa.wfe.extension.handler.ParamDef; -import ru.runa.wfe.office.storage.StoreHelper; -import ru.runa.wfe.office.storage.StoreOperation; -import ru.runa.wfe.office.storage.StoreService; -import ru.runa.wfe.office.storage.binding.DataBinding; -import ru.runa.wfe.office.storage.binding.DataBindings; -import ru.runa.wfe.office.storage.binding.ExecutionResult; -import ru.runa.wfe.office.storage.binding.QueryType; -import ru.runa.wfe.var.UserType; -import ru.runa.wfe.var.VariableDefinition; -import ru.runa.wfe.var.VariableProvider; -import ru.runa.wfe.var.dto.WfVariable; -import ru.runa.wfe.var.format.ListFormat; -import ru.runa.wfe.var.format.VariableFormat; - -@CommonsLog -public class StoreHelperImpl implements StoreHelper { - - private Map invocationMap = Maps.newHashMap(); - - StoreService storeService; - - DataBindings config; - - VariableFormat format; - - VariableProvider variableProvider; - - Map inputParams; - - public StoreHelperImpl(DataBindings config, VariableProvider variableProvider, StoreService storeService) { - setConfig(config); - registerHandlers(); - this.variableProvider = variableProvider; - this.storeService = storeService; - } - - private void setConfig(DataBindings config) { - this.config = config; - } - - @Override - public void setVariableFormat(VariableFormat format) { - this.format = format; - } - - @Override - public ExecutionResult execute(DataBinding binding, WfVariable variable) throws InternalApplicationException { - VariableDefinition vd = variable.getDefinition(); - if (!vd.isUserType() && (!vd.getFormatClassName().equals(ListFormat.class.getName()) || vd.getFormatComponentUserTypes() == null - || vd.getFormatComponentUserTypes().length == 0)) { - log.error("Variable type" + vd.getFormat() + " not supported."); - return ExecutionResult.EMPTY; - } - try { - Method method = invocationMap.get(config.getQueryType()); - return (ExecutionResult) method.invoke(this, binding, variable, config.getCondition()); - } catch (Exception e) { - log.error("Error while executing operation with DataStore", e); - throw new InternalApplicationException(e); - } - } - - @Override - public ExecutionResult execute(DataBinding binding, UserType userType) throws InternalApplicationException { - try { - Method method = invocationMap.get(config.getQueryType()); - return (ExecutionResult) method.invoke(this, binding, userType, config.getCondition()); - } catch (Exception e) { - log.error("Error while executing operation with DataStore", e); - throw new InternalApplicationException(e); - } - } - - @StoreOperation(QueryType.INSERT) - public ExecutionResult save(DataBinding binding, WfVariable variable, String condition) throws Exception { - storeService.save(extractProperties(binding), variable, true); - return ExecutionResult.EMPTY; - } - - @StoreOperation(QueryType.SELECT) - public ExecutionResult findByFilter(DataBinding binding, UserType userType, String condition) throws Exception { - return storeService.findByFilter(extractProperties(binding), userType, condition); - } - - @StoreOperation(QueryType.UPDATE) - public ExecutionResult update(DataBinding binding, WfVariable variable, String condition) throws Exception { - storeService.update(extractProperties(binding), variable, condition); - return ExecutionResult.EMPTY; - } - - @StoreOperation(QueryType.DELETE) - public ExecutionResult delete(DataBinding binding, UserType userType, String condition) throws Exception { - storeService.delete(extractProperties(binding), userType, condition); - return ExecutionResult.EMPTY; - } - - private void registerHandlers() { - Method[] methods = this.getClass().getDeclaredMethods(); - for (Method method : methods) { - StoreOperation annotation = method.getAnnotation(StoreOperation.class); - if (annotation != null) { - Class[] parameters = method.getParameterTypes(); - if (parameters.length < 1) { - log.warn("wrong parameters"); - continue; - } - if (!invocationMap.containsKey(annotation.value())) { - invocationMap.put(annotation.value(), method); - } - } - } - } - - private Properties extractProperties(DataBinding binding) { - Properties properties = new Properties(); - properties.setProperty(StoreService.PROP_PATH, config.getInputFilePath()); - properties.put(StoreService.PROP_CONSTRAINTS, binding.getConstraints()); - properties.put(StoreService.PROP_FORMAT, format); - return properties; - } -} From c11df8c00974d1622599f8a78d233f427005489d Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Fri, 14 Aug 2020 12:33:01 +0300 Subject: [PATCH 65/71] =?UTF-8?q?rm1766:=20=D0=A0=D0=B5=D0=B0=D0=BB=D0=B8?= =?UTF-8?q?=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B0=20=D0=B8=D0=BD=D0=B8=D1=86?= =?UTF-8?q?=D0=B8=D0=B0=D0=BB=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F=20=D0=B2?= =?UTF-8?q?=D0=BD=D1=83=D1=82=D1=80=D0=B5=D0=BD=D0=BD=D0=B5=D0=B3=D0=BE=20?= =?UTF-8?q?excel=20=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D0=BB=D0=B8=D1=89=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/ru/runa/wfe/commons/IoCommons.java | 10 +++++ .../wfe/datasource/DataSourceStorage.java | 5 +++ .../wfe/datasource/ExcelStorageInitiator.java | 38 +++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelStorageInitiator.java diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/IoCommons.java b/wfe-core/src/main/java/ru/runa/wfe/commons/IoCommons.java index 62502a237c..f06e5f34a1 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/commons/IoCommons.java +++ b/wfe-core/src/main/java/ru/runa/wfe/commons/IoCommons.java @@ -134,6 +134,16 @@ public static String getExtensionDirPath() { return path + "wfe.custom"; } + public static String getExcelStorageDirPath() { + String path = IoCommons.getAppServerDirPath(); + if (path != null) { + path += "/"; + } else { + path = ""; + } + return path + "wfe.excelstorage"; + } + public static File[] getJarFiles(File directory) { return directory.listFiles(new PatternFilenameFilter(".*\\.jar")); } diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java index 707272bd17..52661eae21 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java @@ -4,6 +4,7 @@ import com.google.common.collect.Sets; import java.io.File; import java.io.FileFilter; +import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.net.URL; @@ -226,6 +227,10 @@ public static byte[] restore(String dsName) { try { return FileCopyUtils.copyToByteArray(new File(getStorageDir(), dsName + DATA_SOURCE_FILE_SUFFIX)); } catch (IOException e) { + if (e instanceof FileNotFoundException && DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME.equals(dsName)) { + log.warn(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME + " does not exist. Creating one", e); + return ExcelStorageInitiator.init(); + } throw new InternalApplicationException(e); } } diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelStorageInitiator.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelStorageInitiator.java new file mode 100644 index 0000000000..de8c89900b --- /dev/null +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelStorageInitiator.java @@ -0,0 +1,38 @@ +package ru.runa.wfe.datasource; + +import java.io.File; +import lombok.extern.apachecommons.CommonsLog; +import org.dom4j.Document; +import org.dom4j.DocumentHelper; +import org.dom4j.io.OutputFormat; +import ru.runa.wfe.commons.IoCommons; +import ru.runa.wfe.commons.xml.XmlUtils; + +/** + * @author Alekseev Mikhail + * @since #1766 + */ +@CommonsLog +public class ExcelStorageInitiator { + @SuppressWarnings("ResultOfMethodCallIgnored") + public static synchronized byte[] init() { + if (DataSourceStorage.getNames().contains(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME)) { + return DataSourceStorage.restore(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME); + } + + final String excelStorageDirPath = IoCommons.getExcelStorageDirPath(); + new File(excelStorageDirPath).mkdir(); + log.info("Created " + excelStorageDirPath); + + final Document document = DocumentHelper.createDocument(); + document.addElement(DataSourceStuff.ELEMENT_DATA_SOURCE) + .addAttribute(DataSourceStuff.ATTR_NAME, DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME) + .addAttribute(DataSourceStuff.ATTR_TYPE, DataSourceType.Excel.name()) + .addElement(DataSourceStuff.ELEMENT_FILE_PATH).addText(excelStorageDirPath); + final byte[] internalStorageDs = XmlUtils.save(document, OutputFormat.createPrettyPrint()); + DataSourceStorage.save(internalStorageDs, true, false); + log.info(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME + " is saved"); + + return internalStorageDs; + } +} From 606b24a93ee0a9c7fbdc560196128a4cec4cb20e Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Fri, 14 Aug 2020 12:47:24 +0300 Subject: [PATCH 66/71] =?UTF-8?q?rm1766:=20=D0=A0=D0=B5=D1=84=D0=B0=D0=BA?= =?UTF-8?q?=D1=82=D0=BE=D1=80=D0=B8=D0=BD=D0=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/ru/runa/wfe/datasource/DataSourceStorage.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java index 52661eae21..c8f4891e4a 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java +++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStorage.java @@ -226,12 +226,14 @@ public static boolean save(byte[] content, boolean force, boolean preservePasswo public static byte[] restore(String dsName) { try { return FileCopyUtils.copyToByteArray(new File(getStorageDir(), dsName + DATA_SOURCE_FILE_SUFFIX)); - } catch (IOException e) { - if (e instanceof FileNotFoundException && DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME.equals(dsName)) { + } catch (FileNotFoundException e) { + if (DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME.equals(dsName)) { log.warn(DataSourceStuff.INTERNAL_STORAGE_DATA_SOURCE_NAME + " does not exist. Creating one", e); return ExcelStorageInitiator.init(); } throw new InternalApplicationException(e); + } catch (IOException e) { + throw new InternalApplicationException(e); } } From 5e6a6a3156301274815d739772adfbc9e0bb4324 Mon Sep 17 00:00:00 2001 From: Dofs Date: Tue, 18 Aug 2020 11:43:34 +0300 Subject: [PATCH 67/71] rm1533: clean and format --- wfe-app/pom.xml | 2 - .../hibernate/RestrictionsToPermissions.java | 41 ++-- .../wfe/relation/logic/RelationLogic.java | 5 +- .../wfe/security/SecuredObjectFactory.java | 7 +- .../auth/InternalDbNameLoginModule.java | 19 -- .../runa/wfe/security/dao/PermissionDao.java | 214 ++++++++---------- .../src/main/java/ru/runa/wfe/user/Actor.java | 1 - .../ru/runa/wfe/user/dao/ExecutorDao.java | 15 +- .../src/main/resources/system.context.xml | 2 +- .../runa/af/web/form/UpdatePasswordForm.java | 13 +- .../runa/common/web/html/BaseTdBuilder.java | 2 +- .../web/html/ReportPropertiesTdBuilder.java | 5 +- wfe-web/src/main/resources/web.properties | 2 +- 13 files changed, 127 insertions(+), 201 deletions(-) diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml index 850374c4e2..25391afa4a 100644 --- a/wfe-app/pom.xml +++ b/wfe-app/pom.xml @@ -27,10 +27,8 @@ 4.2.1 false java:global/runawfe/${jar.name}-${project.version}/${bean.name}!${interface.class.name} - java:jboss/datasources/ExampleDS org.hibernate.dialect.H2Dialect - java:jboss/UserTransaction false dd.MM.yyyy diff --git a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java index d6083479cd..cb00200097 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java +++ b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/RestrictionsToPermissions.java @@ -1,7 +1,6 @@ package ru.runa.wfe.presentation.hibernate; import java.util.Arrays; - import org.springframework.util.Assert; import ru.runa.wfe.security.Permission; import ru.runa.wfe.security.SecuredObjectType; @@ -13,27 +12,6 @@ */ public class RestrictionsToPermissions { - protected RestrictionsToPermissions cloneCheckRequired() { - SecuredObjectType[] resTypes = null; - if (this.types != null) { - resTypes = new SecuredObjectType[types.length]; - int n = 0; - for (int i = 0; i < types.length; i++) { - if (types[i] != null && SecurityCheckProperties.isPermissionCheckRequired(types[i])) { - resTypes[n] = types[i]; - n++; - } - } - if (n == 0) { - return null; - } else { - resTypes = Arrays.copyOf(resTypes, n); - } - } - RestrictionsToPermissions res = new RestrictionsToPermissions(this.user, this.permission, resTypes); - return res; - } - /** * User which must has permission on queried objects. Queries only objects with condition: at least one executor from (user + its groups) * must have 'permission' with 'securedObjectTypes'. Can be null. @@ -60,4 +38,23 @@ public RestrictionsToPermissions(User user, Permission permission, SecuredObject this.permission = permission; this.types = types; } + + protected RestrictionsToPermissions cloneCheckRequired() { + SecuredObjectType[] resTypes = new SecuredObjectType[types.length]; + int n = 0; + for (int i = 0; i < types.length; i++) { + if (types[i] != null && SecurityCheckProperties.isPermissionCheckRequired(types[i])) { + resTypes[n] = types[i]; + n++; + } + } + if (n == 0) { + return null; + } else { + resTypes = Arrays.copyOf(resTypes, n); + } + RestrictionsToPermissions res = new RestrictionsToPermissions(this.user, this.permission, resTypes); + return res; + } + } diff --git a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java index 5013505a70..0bebfdf749 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java +++ b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java @@ -18,9 +18,6 @@ package ru.runa.wfe.relation.logic; import java.util.List; -import java.util.Set; -import java.util.stream.Collectors; - import org.springframework.beans.factory.annotation.Autowired; import ru.runa.wfe.commons.logic.CommonLogic; import ru.runa.wfe.presentation.BatchPresentation; @@ -99,7 +96,7 @@ public Relation updateRelation(User user, Relation relation) { */ @SuppressWarnings("unchecked") public List getRelations(User user, BatchPresentation batchPresentation) { - return new PresentationCompiler(batchPresentation).getBatch(CompilerParameters.create(false)); + return new PresentationCompiler(batchPresentation).getBatch(CompilerParameters.create(false)); } /** diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java index a9767ce1fc..8b8067a387 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java @@ -140,10 +140,11 @@ public List getIdsByNames(SecuredObjectType type, Set names) { Set missingNames = new HashSet<>(names); boolean isDef = type.equals(SecuredObjectType.DEFINITION); for (Tuple t : tt) { - if(isDef) + if(isDef) { foundIds.add(ApplicationContextFactory.getDeploymentDAO().getNotNull(t.get(0, Long.class)).getIdentifiableId()); - else + } else { foundIds.add(t.get(0, Long.class)); + } missingNames.remove(t.get(1, String.class)); } if (!missingNames.isEmpty()) { @@ -232,7 +233,7 @@ public SecuredObject findById(Long id) { QReportDefinition rd = QReportDefinition.reportDefinition; return new WfReport(getQueryFactory().selectFrom(rd).where(rd.id.eq(id)).fetchFirst()); } - }); + }); add(SecuredSingleton.SYSTEM); diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java b/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java index f28474eba7..a98b41d9db 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/auth/InternalDbNameLoginModule.java @@ -1,28 +1,9 @@ -/* - * This file is part of the RUNA WFE project. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; version 2.1 - * of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - */ package ru.runa.wfe.security.auth; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.LoginException; - import ru.runa.wfe.user.Actor; /** diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java index eb4be0d1a1..4407d0fed5 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/security/dao/PermissionDao.java @@ -76,7 +76,78 @@ public class PermissionDao extends CommonDao { private final Map> privelegedExecutors = new HashMap<>(); private final Set privelegedExecutorIds = new HashSet<>(); + private static final List requiredRules = new ArrayList<>(); + private static final List implicitRules = new ArrayList<>(); + static { + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_ACTOR_STATUS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); + requiredRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.READ, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.DELETE, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE_PERMISSIONS, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ_PERMISSIONS, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.DELETE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, null)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.CANCEL_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE_PERMISSIONS, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE_PERMISSIONS, true)); + + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); + + implicitRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); + + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); + + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); + implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); + + implicitRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); + } public PermissionDao() { for (SecuredObjectType type : SecuredObjectType.values()) { privelegedExecutors.put(type, new HashSet<>()); @@ -228,122 +299,47 @@ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectTy } return !filterAllowedIds(user.getActor(), permission, type, null).isEmpty(); } - + public Set filterAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull) { return filterAllowedIds(executor, permission, type, idsOrNull, true); } - - private static List requiredRules = new ArrayList(20); - - private static List implicitRules = new ArrayList(20); - - static { - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_ACTOR_STATUS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.EXECUTOR, Permission.VIEW_TASKS, true)); - requiredRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_EXECUTOR, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); - requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.READ, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORTS, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.REPORT, Permission.DELETE, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ, null)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE_PERMISSIONS, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.BOTSTATIONS, Permission.READ_PERMISSIONS, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.CREATE_DEFINITION, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.DELETE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.START_PROCESS, null)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.CANCEL_PROCESS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DEFINITION, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.START_PROCESS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL_PROCESS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.CANCEL, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.PROCESS, Permission.UPDATE_PERMISSIONS, true)); - - requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); - requiredRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); - - implicitRules.add(new DelegateTaskPermissionRule(SecuredObjectType.EXECUTOR, Permission.DELEGATE_TASKS, true)); - - implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.READ_PERMISSIONS, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE_PERMISSIONS, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.RELATIONS, Permission.UPDATE, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.UPDATE, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.RELATION, Permission.DELETE, true)); - - implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.READ_PERMISSIONS, true)); - implicitRules.add(new PermissionRule(SecuredObjectType.DATASOURCES, Permission.UPDATE_PERMISSIONS, true)); - - implicitRules.add(new PermissionRule(SecuredObjectType.SYSTEM, Permission.LOGIN, null)); - } - private boolean checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { boolean isAdmin = false; if (executor instanceof Actor) { - isAdmin =executorDao.isAdministrator((Actor) executor); + isAdmin = executorDao.isAdministrator((Actor) executor); } - for (PermissionRule r: requiredRules) { + for (PermissionRule r : requiredRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + if (!r.isAllowed(type, idOrNull, isAdmin, permission)) { return false; } } } return true; } - + private Set checkRequiredRules(Executor executor, Permission permission, SecuredObjectType type, Collection idsOrNull) { boolean isAdmin = false; if (executor instanceof Actor) { - isAdmin =executorDao.isAdministrator((Actor) executor); + isAdmin = executorDao.isAdministrator((Actor) executor); } if (idsOrNull == null) { - for (PermissionRule r: requiredRules) { + for (PermissionRule r : requiredRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, null, isAdmin, permission)) { + if (!r.isAllowed(type, null, isAdmin, permission)) { return Collections.emptySet(); } } } return Collections.emptySet(); - } - + } Set res = new HashSet(idsOrNull.size()); - for (Long idOrNull: idsOrNull) { + for (Long idOrNull : idsOrNull) { boolean bOk = true; - for (PermissionRule r: requiredRules) { + for (PermissionRule r : requiredRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + if (!r.isAllowed(type, idOrNull, isAdmin, permission)) { bOk = false; break; } @@ -355,16 +351,16 @@ private Set checkRequiredRules(Executor executor, Permission permission, S } return res; } - + private Set checkImplicitRules(Executor executor, Permission permission, SecuredObjectType type, Collection idsOrNull) { boolean isAdmin = false; if (executor instanceof Actor) { - isAdmin =executorDao.isAdministrator((Actor) executor); + isAdmin = executorDao.isAdministrator((Actor) executor); } if (idsOrNull == null) { - for (PermissionRule r: implicitRules) { + for (PermissionRule r : implicitRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, null, isAdmin, permission)) { + if (!r.isAllowed(type, null, isAdmin, permission)) { return Collections.emptySet(); } } @@ -372,11 +368,11 @@ private Set checkImplicitRules(Executor executor, Permission permission, S return Collections.emptySet(); } Set res = new HashSet(idsOrNull.size()); - for (Long idOrNull: idsOrNull) { + for (Long idOrNull : idsOrNull) { boolean bOk = true; - for (PermissionRule r: implicitRules) { + for (PermissionRule r : implicitRules) { if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, idOrNull, isAdmin, permission)) { + if (!r.isAllowed(type, idOrNull, isAdmin, permission)) { bOk = false; break; } @@ -388,39 +384,14 @@ private Set checkImplicitRules(Executor executor, Permission permission, S } return res; } - - private Set checkImplicitRules(Executor executor, Permission permission, SecuredObjectType type, Long idOrNull) { - boolean isAdmin = false; - if (executor instanceof Actor) { - isAdmin =executorDao.isAdministrator((Actor) executor); - } - - Set res = new HashSet(1); - - boolean bOk = true; - for (PermissionRule r: implicitRules) { - if (permission.equals(r.getPermission()) && type.equals(r.getObjectType())) { - if ( !r.isAllowed(type, idOrNull, isAdmin, permission) ) { - bOk = false; - break; - } - } - } - if (bOk) { - res.add(idOrNull); - } - return res; - } - public Set selectAllowedIds(Executor executor, Permission permission, SecuredObjectType type, List idsOrNull, boolean checkPrivileged) { if (!SecurityCheckProperties.isPermissionCheckRequired(type)) { return checkRequiredRules(executor, permission, type, idsOrNull); } - return filterAllowedIds(executor, permission, type, idsOrNull, checkPrivileged); + return filterAllowedIds(executor, permission, type, idsOrNull, checkPrivileged); } - - + /** * Returns subset of `idsOrNull` for which `actor` has `permission`. If `idsOrNull` is null (e.g. when called from isAllowedForAny()), * non-empty set (containing arbitrary value) means positive check result. @@ -453,7 +424,6 @@ public Set filterAllowedIds(Executor executor, Permission permission, Secu .and(pm.objectId.eq(0L)) .and(pm.permission.in(subst.listPermissions))) .fetchFirst() != null) { - return haveIds ? new HashSet<>(idsOrNull) : nonEmptySet; } diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java b/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java index 4384ef7942..35419be73e 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java +++ b/wfe-core/src/main/java/ru/runa/wfe/user/Actor.java @@ -23,7 +23,6 @@ import javax.persistence.Transient; import org.hibernate.annotations.Index; -import org.hibernate.annotations.Type; import com.google.common.base.MoreObjects; import com.google.common.base.Strings; diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java b/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java index 7d439b932b..21d63266f3 100644 --- a/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java +++ b/wfe-core/src/main/java/ru/runa/wfe/user/dao/ExecutorDao.java @@ -309,15 +309,14 @@ public T create(T executor) { * New actor password. */ public void setPassword(Actor actor, String password) { -// Preconditions.checkNotNull(password, "Password must be specified."); ActorPassword actorPassword = getActorPassword(actor); if (actorPassword == null) { - if (password.length() > 0) { + if (!Strings.isNullOrEmpty(password)) { actorPassword = new ActorPassword(actor, password); sessionFactory.getCurrentSession().save(actorPassword); } } else { - if (password.length() > 0) { + if (!Strings.isNullOrEmpty(password)) { actorPassword.setPassword(password); sessionFactory.getCurrentSession().merge(actorPassword); } else { @@ -629,14 +628,8 @@ public void remove(Executor executor) { } public boolean hasPassword(Actor actor) { - ActorPassword actorPassword = this.getActorPassword(actor); - if (actorPassword == null) { - return false; - } - if (actorPassword.getPassword() == null) { - return false; - } - return (actorPassword.getPassword().length > 0); + ActorPassword actorPassword = getActorPassword(actor); + return actorPassword != null && actorPassword.getPassword().length > 0; } /** diff --git a/wfe-core/src/main/resources/system.context.xml b/wfe-core/src/main/resources/system.context.xml index 11cbb981df..672ebb831f 100644 --- a/wfe-core/src/main/resources/system.context.xml +++ b/wfe-core/src/main/resources/system.context.xml @@ -236,7 +236,7 @@ - + diff --git a/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java b/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java index 78dbc82e39..4609adfa81 100644 --- a/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java +++ b/wfe-web/src/main/java/ru/runa/af/web/form/UpdatePasswordForm.java @@ -17,19 +17,16 @@ */ package ru.runa.af.web.form; +import com.google.common.base.Strings; import javax.servlet.http.HttpServletRequest; - import org.apache.struts.action.ActionErrors; import org.apache.struts.action.ActionMapping; import org.apache.struts.action.ActionMessage; import org.apache.struts.action.ActionMessages; - import ru.runa.common.WebResources; import ru.runa.common.web.MessagesException; import ru.runa.common.web.form.IdForm; -import com.google.common.base.Strings; - /** * Created on 24.08.2004 * @@ -50,7 +47,7 @@ public class UpdatePasswordForm extends IdForm { public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) { ActionErrors errors = super.validate(mapping, request); if (Strings.isNullOrEmpty(password)) { -// errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(MessagesException.ERROR_FILL_REQUIRED_VALUES.getKey())); + // ok, allow empty passwords } else if (password.length() > WebResources.VALIDATOR_STRING_255) { errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(MessagesException.ERROR_VALIDATION.getKey())); } else if (passwordConfirm == null || passwordConfirm.length() < 1) { @@ -70,11 +67,7 @@ public String getPasswordConfirm() { } public void setPassword(String string) { - if (string == null) { - password = null; - } else { - password = string.trim(); - } + password = Strings.nullToEmpty(string).trim(); } public void setPasswordConfirm(String string) { diff --git a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java index be9f0a78f7..8a46f19e0a 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java +++ b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java @@ -58,7 +58,7 @@ protected boolean isEnabledFor(Object object, Env env, Permission perm) { return ((WfDefinition) object).isCanBeStarted(); } return env.isAllowed(perm, securedObjectExtractor); - } + } protected String readProperty(Object object, String propertyName, boolean isExceptionOnAbsent) { try { diff --git a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java index 769caf6786..598604f5ff 100644 --- a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java +++ b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java @@ -21,15 +21,12 @@ import org.apache.ecs.StringElement; import org.apache.ecs.html.A; import org.apache.ecs.html.TD; - import ru.runa.common.WebResources; import ru.runa.common.web.Commons; import ru.runa.common.web.MessagesCommon; import ru.runa.common.web.form.IdForm; import ru.runa.common.web.html.BaseTdBuilder; -import ru.runa.common.web.html.TdBuilder.Env; import ru.runa.wfe.commons.web.PortletUrlType; -import ru.runa.wfe.definition.dto.WfDefinition; import ru.runa.wfe.report.dto.WfReport; import ru.runa.wfe.security.Permission; @@ -57,7 +54,7 @@ public TD build(Object object, Env env) { TD td = new TD(startLink); td.setClass(ru.runa.common.web.Resources.CLASS_LIST_TABLE_TD); return td; - } + } @Override public String getValue(Object object, Env env) { diff --git a/wfe-web/src/main/resources/web.properties b/wfe-web/src/main/resources/web.properties index 026b4d930d..928225d27d 100644 --- a/wfe-web/src/main/resources/web.properties +++ b/wfe-web/src/main/resources/web.properties @@ -10,7 +10,7 @@ task.form.builder.ftl=ru.runa.wf.web.ftl.FtlFormBuilder task.form.builder.html=ru.runa.wf.web.customtag.HtmlFormBuilder task.form.builder.quick=ru.runa.wf.web.quick.QuickFormBuilder task.form.ajaxFileInputEnabled=true -# task.delegation.enabled=true + # Settings for log viewer view.logs.limit.lines.count=10000 view.logs.timeout.autoreload.seconds=15 From 24e7374d66e51a800f08a26b2e5f7dda1e47a2e0 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Tue, 18 Aug 2020 16:53:49 +0300 Subject: [PATCH 68/71] =?UTF-8?q?rm1710:=20=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0?= =?UTF-8?q?=D0=B5=D0=BC=20=D0=BB=D0=B8=D1=81=D1=82=20=D1=81=20=D0=BD=D0=B0?= =?UTF-8?q?=D0=B7=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=D0=BC=20=D1=82=D0=B8=D0=BF?= =?UTF-8?q?=D0=B0=20=D0=B4=D0=B0=D0=BD=D0=BD=D1=8B=D1=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java index e4b658f94c..8c441cb2ae 100644 --- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java +++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java @@ -81,7 +81,7 @@ public void createFileIfNotExist(String path) throws InternalApplicationExceptio } try (Workbook workbook = path.endsWith(XLSX_SUFFIX) ? new XSSFWorkbook() : new HSSFWorkbook(); OutputStream os = new FileOutputStream(path)) { - workbook.createSheet(); + workbook.createSheet(tableName()); workbook.write(os); } catch (Exception e) { log.error("", e); From 77b4ba6b258ecbea6779c98faa56dfaebda0f1e6 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Tue, 18 Aug 2020 16:54:04 +0300 Subject: [PATCH 69/71] =?UTF-8?q?rm1710:=20=D0=A0=D0=B5=D1=84=D0=B0=D0=BA?= =?UTF-8?q?=D1=82=D0=BE=D1=80=D0=B8=D0=BD=D0=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/ru/runa/common/web/tag/ViewWorkbooksTag.java | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java index 11babeed7f..2976b89a17 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java +++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewWorkbooksTag.java @@ -7,6 +7,7 @@ import java.util.Map; import javax.servlet.jsp.tagext.Tag; import javax.servlet.jsp.tagext.TagSupport; +import org.apache.commons.io.FilenameUtils; import org.tldgen.annotations.Attribute; import org.tldgen.annotations.BodyContent; import ru.runa.common.web.Commons; @@ -46,7 +47,7 @@ public int doStartTag() { Map params = new HashMap<>(); params.put("workbookName", workbookNameList[i]); String href = Commons.getActionUrl(ViewInternalStorageAction.ACTION_PATH, params, pageContext, PortletUrlType.Action); - html.append("").append(withoutExtension(workbookNameList[i])) + html.append("").append(FilenameUtils.removeExtension(workbookNameList[i])) .append("   "); } } @@ -57,14 +58,6 @@ public int doStartTag() { } } - private String withoutExtension(String fileName) { - int lastDotIndex = fileName.indexOf("."); - if (lastDotIndex > 0) { - return fileName.substring(0, lastDotIndex); - } - return fileName; - } - private User getUser() { return Commons.getUser(pageContext.getSession()); } From 2f08a594e2aca3b1f1ea47f1213350ec6870b6ec Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Tue, 18 Aug 2020 16:54:56 +0300 Subject: [PATCH 70/71] =?UTF-8?q?rm1710:=20=D0=98=D0=B7=D0=B2=D0=BB=D0=B5?= =?UTF-8?q?=D0=BA=D0=B0=D0=B5=D0=BC=20=D0=BB=D0=B8=D1=81=D1=82=20=D0=BF?= =?UTF-8?q?=D0=BE=20=D0=BD=D0=B0=D0=B7=D0=B2=D0=B0=D0=BD=D0=B8=D1=8E=20?= =?UTF-8?q?=D1=84=D0=B0=D0=B9=D0=BB=D0=B0=20(=D1=81=D0=BE=D0=B2=D0=BF?= =?UTF-8?q?=D0=B0=D0=B4=D0=B0=D0=B5=D1=82=20=D1=81=20=D0=BD=D0=B0=D0=B7?= =?UTF-8?q?=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=D0=BC=20=D1=82=D0=B8=D0=BF=D0=B0?= =?UTF-8?q?=20=D0=B4=D0=B0=D0=BD=D0=BD=D1=8B=D1=85)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ru/runa/common/web/action/ViewInternalStorageAction.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java index c374bbd0f2..e066745dcc 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java +++ b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java @@ -10,6 +10,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.io.FilenameUtils; import org.apache.poi.hssf.usermodel.HSSFWorkbook; import org.apache.poi.ss.usermodel.Cell; import org.apache.poi.ss.usermodel.DateUtil; @@ -67,7 +68,7 @@ public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpS } else { throw new IllegalArgumentException("excel file extension is incorrect"); } - Sheet sheet = wb.getSheetAt(0); + Sheet sheet = wb.getSheet(FilenameUtils.removeExtension(workbookName)); List> data = new ArrayList<>(); int columnNumber = getSheetContent(sheet, data); StringBuffer sheetContent = new StringBuffer(); From 44710a599f9b438fb41f22384dcca36425d390f9 Mon Sep 17 00:00:00 2001 From: Mikhail Alekseev Date: Tue, 18 Aug 2020 16:55:08 +0300 Subject: [PATCH 71/71] =?UTF-8?q?rm1710:=20=D0=A0=D0=B5=D1=84=D0=B0=D0=BA?= =?UTF-8?q?=D1=82=D0=BE=D1=80=D0=B8=D0=BD=D0=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/action/ViewInternalStorageAction.java | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java index e066745dcc..daaa5ed751 100644 --- a/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java +++ b/wfe-web/src/main/java/ru/runa/common/web/action/ViewInternalStorageAction.java @@ -60,7 +60,7 @@ public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpS String workbookName = form.getWorkbookName(); if (!Strings.isNullOrEmpty(workbookPath) && !Strings.isNullOrEmpty(workbookName)) { try (InputStream is = new FileInputStream(workbookPath + "/" + workbookName)) { - Workbook wb = null; + Workbook wb; if (workbookName.endsWith(".xls")) { wb = new HSSFWorkbook(is); } else if (workbookName.endsWith(".xlsx")) { @@ -99,24 +99,24 @@ public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpS private Object cellValue(Cell cell) { Object value; switch (cell.getCellTypeEnum()) { - case STRING: - value = cell.getRichStringCellValue().getString(); - break; - case NUMERIC: - if (DateUtil.isCellDateFormatted(cell)) { - value = cell.getDateCellValue(); - } else { - value = cell.getNumericCellValue(); - } - break; - case BOOLEAN: - value = cell.getBooleanCellValue(); - break; - case FORMULA: - value = cell.getCellFormula(); - break; - default: - value = cell.getStringCellValue(); + case STRING: + value = cell.getRichStringCellValue().getString(); + break; + case NUMERIC: + if (DateUtil.isCellDateFormatted(cell)) { + value = cell.getDateCellValue(); + } else { + value = cell.getNumericCellValue(); + } + break; + case BOOLEAN: + value = cell.getBooleanCellValue(); + break; + case FORMULA: + value = cell.getCellFormula(); + break; + default: + value = cell.getStringCellValue(); } return value; }