ad_nonsecureport=3268\r
ad_base_dn=DC=intra,DC=echotv,DC=hu\r
ad_admin_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS\r
-local_users=user:password;kuka:kuka\r
-local_admins=root:password:vasary@elgekko.net\r
-local_jobsubmitters=lebony:lebony
\ No newline at end of file
+ad_submitter_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS\r
+ad_editor_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS\r
+#Helyi felhasználók\r
+local_accounts=user:password,kuka:kuka,lebony:lebony,root:password:vasary@elgekko.net\r
+local_admins=root\r
+local_submitters=lebony\r
+local_editors=editor
\ No newline at end of file
"active": false,\r
"executeimmediate": false,\r
"name" : "MORPHEUS 'missing materials' importálása",\r
- "template": "import-morpheus-missing-materials.xml",\r
+ "template": "sys-import-morpheus-missing-materials.xml",\r
"cronexpression": "0 0 0/1 1/1 * ? *",\r
"parameters": [ \r
{"name": "csvFilePath", "value": "/mnt/MORPHEUS", "type": "java.lang.String"},\r
<menupopup>\r
<menuitem sclass="rozsda" label="Keresés" onClick='includeContent.src="/pages/searchitems.zul"' disabled="false" />\r
<menuitem sclass="rozsda" label="Folyamatok" onClick='includeContent.src="/pages/joblist.zul"' disabled="${not sessionScope.userPrincipal.admin or sessionScope.userPrincipal.anonymous}" />\r
- <menuitem sclass="rozsda" label="Hiányzó anyagok" onClick='includeContent.src="/pages/missingmaterials.zul"' disabled="${not sessionScope.userPrincipal.jobSubmitter or sessionScope.userPrincipal.anonymous}" />\r
+ <menuitem sclass="rozsda" label="Hiányzó anyagok" onClick='includeContent.src="/pages/missingmaterials.zul"' disabled="${not sessionScope.userPrincipal.submitter or sessionScope.userPrincipal.anonymous}" />\r
<!-- <menuitem sclass="rozsda" label="Test" onClick='includeContent.src="/pages/database.zul"' disabled="${not sessionScope.userPrincipal.jobSubmitter or sessionScope.userPrincipal.anonymous}" /> -->\r
</menupopup>\r
</menu>\r
<?xml version="1.0" encoding="UTF-8"?>\r
<?taglib uri="http://www.zkoss.org/dsp/web/core" prefix="c" ?>\r
-<?init class="user.jobengine.zk.util.AdminAuthInitiator"?>\r
+<?init class="user.jobengine.zk.util.SubmitterAuthInitiator"?>\r
<zk xmlns:w="http://www.zkoss.org/2005/zk/client" xmlns:ca="client/attribute">\r
<custom-attributes org.zkoss.zul.listbox.rod="true" />\r
<custom-attributes org.zkoss.zul.listbox.initRodSize="50" />\r
import java.lang.invoke.MethodHandles;\r
import java.net.URL;\r
import java.util.ArrayList;\r
+import java.util.Arrays;\r
import java.util.Hashtable;\r
import java.util.LinkedHashSet;\r
import java.util.List;\r
\r
import user.commons.ListUtils;\r
\r
-public class LDAPHandler {\r
+public class LDAPUserHandler {\r
private static final String OTHER_MAILBOX = "otherMailbox";\r
private static final Logger logger = LogManager.getLogger();\r
private static final String LDAP_ADDRESS = "ldap://%s:%s";\r
private static final String DISPLAY_NAME = "displayName";\r
private static final String MEMBER_OF = "memberOf";\r
private static final String AD_BASE_DN = "ad_base_dn";\r
+ private static final String AD_ADMIN_MAP = "ad_admin_map";\r
+ private static final String AD_SUBMITTER_MAP = "ad_submitter_map";\r
+ private static final String AD_EDITOR_MAP = "ad_editor_map";\r
\r
public static void main(String[] args) throws Exception {\r
// Properties cfg = new Properties();\r
\r
//LDAPHandler h = new LDAPHandler("echotest", "aA123456+", cfg);\r
//LDAPHandler h = new LDAPHandler("stibor.adm", "Qwer1234", cfg);\r
- LDAPHandler h = new LDAPHandler("nagy.ilona", "k0rianDER", cfg);\r
+ LDAPUserHandler h = new LDAPUserHandler("nagy.ilona", "k0rianDER", cfg);\r
\r
UserPrincipal user = h.getUserPrincipal();\r
System.out.println(user);\r
private String password;\r
private String domain;\r
\r
- public LDAPHandler(String account, String password, Properties cfg) {\r
+ public LDAPUserHandler(String account, String password, Properties cfg) {\r
this.account = account;\r
this.password = password;\r
this.domain = cfg.getProperty(AD_BASE_DN);\r
this.cfg = cfg;\r
}\r
\r
+ private boolean checkMembership(Properties cfg, String property, List<String> memberOf) {\r
+ String groupMap = cfg.getProperty(property);\r
+ if (groupMap == null)\r
+ return false;\r
+ List<String> remains = ListUtils.intersect(Arrays.asList(groupMap.split(",")), memberOf);\r
+ return (remains.size() > 0);\r
+\r
+ }\r
+\r
public List<String> getAllGroups() {\r
List<String> result = new ArrayList<>();\r
LdapContext ctx = null;\r
memberOf = ListUtils.distinctUnion(memberOf, parentGroups);\r
}\r
}\r
- userPrincipal.setMemberOf(memberOf, cfg);\r
+ updateMembership(userPrincipal, memberOf, cfg);\r
+ }\r
+\r
+ public void updateMembership(UserPrincipal userPrincipal, List<String> memberOf, Properties cfg) {\r
+ if (memberOf == null)\r
+ return;\r
+\r
+ if (checkMembership(cfg, AD_ADMIN_MAP, memberOf)) {\r
+ userPrincipal.setAdmin(true);\r
+ userPrincipal.setSubmitter(true);\r
+ userPrincipal.setEditor(true);\r
+ }\r
+ if (checkMembership(cfg, AD_SUBMITTER_MAP, memberOf))\r
+ userPrincipal.setSubmitter(true);\r
+ if (checkMembership(cfg, AD_EDITOR_MAP, memberOf))\r
+ userPrincipal.setEditor(true);\r
}\r
\r
}
\ No newline at end of file
--- /dev/null
+package user.jobengine.zk.util;\r
+\r
+import java.util.Arrays;\r
+import java.util.List;\r
+import java.util.Properties;\r
+\r
+import org.apache.commons.lang.StringUtils;\r
+\r
+public class LocalUserHandler {\r
+ private static final String LOCAL_ACCOUNTS = "local_accounts";\r
+ private static final String LOCAL_ADMINS = "local_admins";\r
+ private static final String LOCAL_SUBMITTERS = "local_submitters";\r
+ private static final String LOCAL_EDITORS = "local_submitters";\r
+ private String account;\r
+ private String password;\r
+ private Properties cfg;\r
+\r
+ public LocalUserHandler(String account, String password, Properties cfg) {\r
+ this.account = account;\r
+ this.password = password;\r
+ this.cfg = cfg;\r
+ }\r
+\r
+ private boolean authenticateLocal(String account, String password, String users) {\r
+ if (StringUtils.isBlank(account) || account.length() < 3)\r
+ return false;\r
+ if (StringUtils.isBlank(password) || password.length() < 3)\r
+ return false;\r
+ if (StringUtils.isBlank(users) || users.length() < 7)\r
+ return false;\r
+\r
+ return users.contains(String.format("%s:%s", account, password));\r
+ }\r
+\r
+ public UserPrincipal getUserPrincipal() {\r
+ String users = cfg.getProperty(LOCAL_ACCOUNTS);\r
+ UserPrincipal result = new UserPrincipal(account);\r
+ String[] userList = users.split(",");\r
+ for (String user : userList) {\r
+ if (!authenticateLocal(account, password, user))\r
+ continue;\r
+ String[] userInfo = user.split(":");\r
+ if (userInfo.length > 2)\r
+ result.setEmail(userInfo[2]);\r
+ }\r
+\r
+ if (result != null) {\r
+ boolean isAdmin = isMemberOf(account, cfg.getProperty(LOCAL_ADMINS));\r
+ boolean isSubmitter = isMemberOf(account, cfg.getProperty(LOCAL_SUBMITTERS));\r
+ boolean isEditor = isMemberOf(account, cfg.getProperty(LOCAL_EDITORS));\r
+ result.setAdmin(isAdmin);\r
+ if (isAdmin || isSubmitter)\r
+ result.setSubmitter(true);\r
+ if (isAdmin || isEditor)\r
+ result.setEditor(true);\r
+ }\r
+ return result;\r
+ }\r
+\r
+ private boolean isMemberOf(String account, String groupMembers) {\r
+ List<String> groupMemberList = Arrays.asList(groupMembers.split(","));\r
+ return groupMemberList.contains(account);\r
+ }\r
+\r
+}\r
\r
import javax.servlet.http.HttpSession;\r
\r
-import org.apache.commons.lang.StringUtils;\r
import org.apache.logging.log4j.LogManager;\r
import org.apache.logging.log4j.Logger;\r
import org.zkoss.zk.ui.Session;\r
import user.jobengine.server.JobEngine;\r
\r
public class SessionUtil {\r
- private static final String SELECTED_ARCHIVED_MEDIAS = "selectedArchivedMedias";\r
private static Logger logger = LogManager.getLogger();\r
private static final String AUTH_ENABLED = "auth_enabled";\r
- private static final String LOCAL_USERS = "local_users";\r
- private static final String LOCAL_ADMINS = "local_admins";\r
- private static final String LOCAL_JOBSUBMITTERS = "local_jobsubmitters";\r
private static final String USERPRINCIPAL = "userPrincipal";\r
private static final String AUTH_LOCATION = "mediacube.auth.location";\r
public static final String JOBLISTENER = "joblistener";\r
\r
public static boolean authenticate(String account, String password) {\r
Properties cfg = getConfiguration();\r
- UserPrincipal userPrincipal = null;\r
- String localUsers = cfg.getProperty(LOCAL_ADMINS);\r
- if (authenticateLocal(account, password, localUsers)) {\r
- userPrincipal = createLocalPrincipal(account, password, true, true, false, localUsers);\r
- } else {\r
- localUsers = cfg.getProperty(LOCAL_JOBSUBMITTERS);\r
- if (authenticateLocal(account, password, localUsers)) {\r
- userPrincipal = createLocalPrincipal(account, password, false, true, false, localUsers);\r
- } else {\r
- localUsers = cfg.getProperty(LOCAL_USERS);\r
- if (authenticateLocal(account, password, localUsers)) {\r
- userPrincipal = createLocalPrincipal(account, password, false, false, false, localUsers);\r
- } else {\r
- LDAPHandler h = new LDAPHandler(account, password, cfg);\r
- userPrincipal = h.getUserPrincipal();\r
- }\r
- }\r
+ LocalUserHandler localUserHandler = new LocalUserHandler(account, password, cfg);\r
+ UserPrincipal userPrincipal = localUserHandler.getUserPrincipal();\r
+ if (userPrincipal == null) {\r
+ LDAPUserHandler ldapUserHandler = new LDAPUserHandler(account, password, cfg);\r
+ userPrincipal = ldapUserHandler.getUserPrincipal();\r
}\r
\r
if (userPrincipal == null)\r
return true;\r
}\r
\r
- private static boolean authenticateLocal(String account, String password, String users) {\r
- if (StringUtils.isBlank(account) || account.length() < 3)\r
- return false;\r
- if (StringUtils.isBlank(password) || password.length() < 3)\r
- return false;\r
-\r
- if (StringUtils.isBlank(users) || users.length() < 7)\r
- return false;\r
-\r
- return users.contains(String.format("%s:%s", account, password));\r
- }\r
-\r
static public void cleanup() {\r
IJobChangedListener listener = (IJobChangedListener) getAttribute(SessionUtil.JOBLISTENER);\r
if (listener != null) {\r
//setAttribute(SessionUtil.USERPRINCIPAL, null);\r
}\r
\r
- private static UserPrincipal createLocalPrincipal(String account, String password, boolean isAdmin, boolean isJobSubmitter, boolean isAnonymous,\r
- String users) {\r
- UserPrincipal result = new UserPrincipal(account, isAdmin, isJobSubmitter, isAnonymous);\r
- String[] userList = users.split(";");\r
- for (String user : userList) {\r
- if (!authenticateLocal(account, password, user))\r
- continue;\r
- String[] userInfo = user.split(":");\r
- if (userInfo.length > 2)\r
- result.setEmail(userInfo[2]);\r
- }\r
- return result;\r
- }\r
-\r
static public Object getAttribute(String name) {\r
//HttpSession session = (HttpSession) (Executions.getCurrent()).getDesktop().getSession().getNativeSession();\r
Session zkSession = Sessions.getCurrent();\r
return result;\r
}\r
\r
+ static public boolean isEditor() {\r
+ UserPrincipal userPrincipal = getUserPrincipal();\r
+ return userPrincipal != null && userPrincipal.isEditor();\r
+ }\r
+\r
+ static public boolean isSubmitter() {\r
+ UserPrincipal userPrincipal = getUserPrincipal();\r
+ return userPrincipal != null && userPrincipal.isSubmitter();\r
+ }\r
+\r
public static void logout() {\r
setAttribute(SessionUtil.USERPRINCIPAL, null);\r
}\r
--- /dev/null
+package user.jobengine.zk.util;\r
+\r
+import java.util.Map;\r
+\r
+import org.zkoss.zk.ui.Executions;\r
+import org.zkoss.zk.ui.Page;\r
+import org.zkoss.zk.ui.util.Initiator;\r
+\r
+public class SubmitterAuthInitiator implements Initiator {\r
+\r
+ @Override\r
+ public void doInit(Page page, Map<String, Object> args) throws Exception {\r
+ if (!SessionUtil.isAuthenticated())\r
+ Executions.sendRedirect("/pages/login.jsp");\r
+\r
+ if (!SessionUtil.isSubmitter())\r
+ Executions.sendRedirect("/");\r
+ }\r
+\r
+}
\ No newline at end of file
package user.jobengine.zk.util;\r
\r
-import java.util.Arrays;\r
import java.util.List;\r
-import java.util.Properties;\r
-\r
-import user.commons.ListUtils;\r
\r
public class UserPrincipal implements java.io.Serializable {\r
-\r
- private static final String AD_ADMIN_MAP = "ad_admin_map";\r
public final static String unknownUser = "";\r
\r
public static boolean isValid(UserPrincipal userPrincipal) {\r
private List<String> memberOf;\r
private boolean admin;\r
private boolean anonymous;\r
- private boolean jobSubmitter;\r
+ private boolean submitter;\r
+ private boolean editor;\r
private String account;\r
private String displayName;\r
private String email;\r
this(account, false, false, false);\r
}\r
\r
- public UserPrincipal(String account, boolean isAdmin, boolean isJobSubmitter, boolean isAnonymous) {\r
+ public UserPrincipal(String account, boolean isAdmin, boolean isSubmitter, boolean isAnonymous) {\r
this.account = account;\r
this.displayName = account;\r
this.admin = isAdmin;\r
- this.jobSubmitter = isJobSubmitter;\r
+ this.submitter = isSubmitter;\r
this.anonymous = isAnonymous;\r
}\r
\r
return anonymous;\r
}\r
\r
- public boolean isJobSubmitter() {\r
- return jobSubmitter;\r
+ public boolean isEditor() {\r
+ return editor;\r
+ }\r
+\r
+ public boolean isSubmitter() {\r
+ return submitter;\r
}\r
\r
public void setAdmin(boolean admin) {\r
this.displayName = displayName;\r
}\r
\r
- public void setEmail(String email) {\r
- this.email = email;\r
+ public void setEditor(boolean editor) {\r
+ this.editor = editor;\r
}\r
\r
- public void setJobSubmitter(boolean jobSubmitter) {\r
- this.jobSubmitter = jobSubmitter;\r
+ public void setEmail(String email) {\r
+ this.email = email;\r
}\r
\r
- public void setMemberOf(List<String> memberOf, Properties cfg) {\r
- this.memberOf = memberOf;\r
- if (memberOf == null)\r
- return;\r
- String adminMap = cfg.getProperty(AD_ADMIN_MAP);\r
- if (adminMap == null)\r
- return;\r
- List<String> remains = ListUtils.intersect(Arrays.asList(adminMap.split(",")), memberOf);\r
- if (remains.size() > 0) {\r
- setAdmin(true);\r
- setJobSubmitter(true);\r
- }\r
+ public void setSubmitter(boolean submitter) {\r
+ this.submitter = submitter;\r
}\r
\r
@Override\r
https://git.useribm.hu / mediacube.git / commitdiff