File tree 3 files changed +43
-4
lines changed
java/org/kitodo/production
webapp/WEB-INF/templates/includes/roleEdit
3 files changed +43
-4
lines changed Original file line number Diff line number Diff line change @@ -956,6 +956,24 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
956956 return securityAccessService .hasAuthorityGlobalToAddOrEditRole ();
957957 }
958958
959+ /**
960+ * Checks if current user has global authority for editing roles.
961+ *
962+ * @return true if current user has global authority for editing roles
963+ */
964+ public boolean hasAuthorityGlobalToEditRole () {
965+ return securityAccessService .hasAuthorityGlobalToEditRole ();
966+ }
967+
968+ /**
969+ * Checks if current user has global authority for viewing a role.
970+ *
971+ * @return true if current user has global authority for editing a role
972+ */
973+ public boolean hasAuthorityGlobalToViewRole () {
974+ return securityAccessService .hasAuthorityGlobalToViewRole ();
975+ }
976+
959977 /**
960978 * Checks if current user has authority to configure displayed columns in list
961979 * views.
Original file line number Diff line number Diff line change @@ -889,6 +889,25 @@ public boolean hasAuthorityGlobalToAddOrEditRole() {
889889 return hasAnyAuthorityGlobal ("addRole, editRole" );
890890 }
891891
892+ /**
893+ * Checks if current user has global authority for editing a role.
894+ *
895+ * @return true if current user has global authority for editing a role
896+ */
897+ public boolean hasAuthorityGlobalToEditRole () {
898+ return hasAnyAuthorityGlobal ("editRole" );
899+ }
900+
901+ /**
902+ * Checks if current user has global authority for viewing a role.
903+ * Having the authority to edit a role also grants permission to view it inherently.
904+ *
905+ * @return true if current user has global authority for editing a role
906+ */
907+ public boolean hasAuthorityGlobalToViewRole () {
908+ return hasAnyAuthorityGlobal ("viewRole, editRole" );
909+ }
910+
892911 /**
893912 * Check if current user has global authority to view role list. It returns true
894913 * if user has "viewAllRoles" authority globally.
Original file line number Diff line number Diff line change 4242 </ p:row >
4343 < p:row rendered ="#{not SecurityAccessController.hasAuthorityGlobalToAddOrEditRole()} " />
4444 </ p:panelGrid >
45- < p:panelGrid columns ="2 " layout ="grid ">
46- < p:row >
45+ < p:panelGrid columns ="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? 2 : 1} "
46+ layout ="grid ">
47+ < p:row rendered ="#{SecurityAccessController.hasAuthorityGlobalToViewRole()} ">
4748 <!--global authorities-->
4849 < h:panelGroup >
4950 < h3 style ="margin-bottom: 20px ">
5051 < h:outputText value ="#{msgs.globalAssignable} "/>
5152 </ h3 >
53+ <!--@elvariable id="authority" type="org.kitodo.data.database.beans.Authority"-->
5254 < p:pickList id ="authoritiesGlobalPick "
5355 showSourceFilter ="true " showTargetFilter ="true "
5456 filterMatchMode ="contains "
5557 responsive ="true "
56- disabled ="#{isViewMode} "
58+ disabled ="#{not SecurityAccessController.hasAuthorityGlobalToEditRole() or isViewMode} "
5759 value ="#{RoleForm.globalAssignableAuthorities} "
5860 converter ="#{authorityConverter} "
5961 var ="authority "
7072 <!--client authorities-->
7173 < h:panelGroup >
7274 < h3 style ="margin-bottom: 20px ">
73- < h:outputText value ="#{msgs.clientAssignable} "/>
75+ < h:outputText value ="#{SecurityAccessController.hasAuthorityGlobalToViewRole() ? msgs.clientAssignable : msgs.authorities } "/>
7476 </ h3 >
7577 < p:pickList id ="authoritiesClientPick "
7678 value ="#{RoleForm.clientAssignableAuthorities} "
You can’t perform that action at this time.
0 commit comments