Package org.jgrapes.webconsole.rbac

Class RoleConletFilter

java.lang.Object
org.jgrapes.core.internal.ComponentVertex
org.jgrapes.core.Component
org.jgrapes.webconsole.rbac.RoleConletFilter
All Implemented Interfaces:
Iterable<ComponentType>, Channel, ComponentType, Eligible, Manager
public class RoleConletFilter extends Component
Configures the conlets available based on the user currently logged in.

  • Constructor Details

    • RoleConletFilter

      public RoleConletFilter(Channel componentChannel)
      Creates a new component with its channel set to the given channel.
      Parameters:
      componentChannel - the channel that the component’s handlers listen on by default and that Manager.fire(Event, Channel...) sends the event to

    • RoleConletFilter

      public RoleConletFilter(Channel componentChannel, Map<?,?> properties)
      Creates a new component with its channel set to the given channel.

      Supported properties are:

      Parameters:
      componentChannel - the channel that the component’s handlers listen on by default and that Manager.fire(Event, Channel...) sends the event to
      properties - the properties used to configure the component

  • Method Details

    • setConletTypesByRole

      public RoleConletFilter setConletTypesByRole(Map<String,List<String>> acl)
      Sets the allowed conlet types based on user roles.

      By default, system components (e.g., policies) can add conlets, but users cannot. This method allows changing that behavior. The parameter is a Map<String, List<String>> where each role maps to a list of conlet types that authorized users with that role can add.

      If a conlet type is prefixed with double minus (“--”), it is also excluded from adding by system components, meaning it will never be displayed. Note that this exclusion must be specified for all roles a user has, as permissions from different roles are combined.

      Instead of listing specific conlet types, users can be allowed to add any type of conlet by including “*” in the list. Specific conlet types can be excluded from the wildcard match by placing them before the “*” in the list and prefixing them with a minus (“-”), double minus (“--”), or an exclamation mark (“!”) (the use of “!” is deprecated).

      Parameters:
      acl - the acl
      Returns:
      the user role conlet filter

    • onConfigUpdate

      @Handler public void onConfigUpdate(ConfigurationUpdate event)
      The component can be configured with events that include a path (see @link ConfigurationUpdate.paths()) that matches this components path (see Manager.componentPath()).

      The following properties are recognized:

      conletTypesByRole
      Invokes setConletTypesByRole(Map) with the given values.
      Parameters:
      event - the event

    • onAddConletType

      @Handler public void onAddConletType(AddConletType event)
      Collect known types for wildcard handling
      Parameters:
      event - the event

    • onConsolePrepared

      @Handler(priority=800) public void onConsolePrepared(ConsolePrepared event, ConsoleConnection channel)
      Disable all conlets that the user is not allowed to use by firing UpdateConletType events with no render modes.

      The current user is obtained from WebConsoleUtils.userFromSession(org.jgrapes.http.Session).

      Parameters:
      event - the event
      channel - the channel

    • onAddConlet

      @Handler(priority=1000) public void onAddConlet(AddConletRequest event, ConsoleConnection channel)
      If the request originates from a client (see AddConletRequest.isFrontendRequest(), verifies that the user is allowed to create a conlet of the given type.

      As the conlets that he user is not allowed to use are disabled, it should be impossible to create such requests in the first place. However, the frontend code is open to manipulation and therefore this additional check is introduced to increase security.

      Parameters:
      event - the event
      channel - the channel

    • onRenderConletRequest

      @Handler(priority=1000) public void onRenderConletRequest(RenderConletRequest event, ConsoleConnection channel)
      If a role is withdrawn from a user, there may still be conlets in his stored layout that he is no longer allowed to use.
      Parameters:
      event - the event
      channel - the channel