This discussion is archived
5 Replies Latest reply: Aug 28, 2013 2:01 AM by RafaLabarta RSS

How to know if user has edit privilege on a page.

879338 Newbie
Currently Being Moderated

HI All,

  Is there a way (EL or Java api) to know if user has edit privilege on a page?

I tried below code but its not working.

 

public String getPageEditableByUser(){
   
    String pageDef = ADFUtil.getBindingContainer().getName();
    System.out.println("Page print: " + pageDef);
    FacesContext fctx = FacesContext.getCurrentInstance();
      ADFContext adfCtx = ADFContext.getCurrent();
      SecurityContext sctx = adfCtx.getSecurityContext();
    System.out.println(sctx.getUserName());
    if( sctx.hasPermission(new RegionPermission(pageDef, RegionPermission.EDIT_ACTION)))
        return "Y";
    else
        return "N";
}

 

 

Any suggestion?

Thanks

  • 1. Re: How to know if user has edit privilege on a page.
    fmw2123 Explorer
    Currently Being Moderated

    Did you try available security expressions such as

     

    •   #{securityContext.taskflowViewable['target']}
    •   #{securityContext.regionViewable['target']}
    •   #{securityContext.userGrantedResource['permission']}
    •   #{securityContext.userGrantedPermission['permission']}
  • 2. Re: How to know if user has edit privilege on a page.
    879338 Newbie
    Currently Being Moderated

    I tried #{securityContext.userGrantedPermission['permission']} EL but its throwing an error.

     

    My Jazn entry is

     

    <permission>

             <class>oracle.webcenter.security.auth.HierarchicalResourcePermission</class>

              <name>serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx</name>

               <actions>create,delete,grant,personalize,update,view</actions>

    </permission>

     

    I tried following EL in outputtext.

     

     

     

    <af:outputText value="View: #{securityContext.userGrantedPermission['resourceType=oracle.webcenter.security.auth.HierarchicalResourcePermission;resourceName=serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx;action=create']}" id="ot1"/>

     

     

     

    java.lang.NullPointerException

        at oracle.adf.share.security.authorization.ADFPermission.hashCode(ADFPermission.java:138)

        at java.util.HashMap.get(HashMap.java:300)

        at oracle.security.jps.az.common.info.JpsPermissionsHash.implies(JpsPermissions.java:673)

        at oracle.security.jps.az.common.info.JpsPermissions.implies(JpsPermissions.java:185)

        at oracle.security.jps.az.common.info.DenyOverridesCombiner.decide(DenyOverridesCombiner.java:105)

        at oracle.security.jps.az.common.info.PermissionsWithEffect.decide(PermissionsWithEffect.java:267)

        at oracle.security.jps.internal.policystore.JavaPolicyProvider.impliesInternal(JavaPolicyProvider.java:790)

        at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies_NotPrivileged(JavaPolicyProvider.java:597)

        at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:567)

        at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:551)

        at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)

        at oracle.security.jps.util.JpsSubjectDomainCombiner$JpsProtectionDomain.implies(JpsSubjectDomainCombiner.java:112)

        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)

        at java.security.AccessController.checkPermission(AccessController.java:546)

        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)

        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)

        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)

        at oracle.adf.share.security.providers.jps.JpsSecurityContext.doJpsCheckPermission(JpsSecurityContext.java:330)

        at oracle.adf.share.security.providers.jps.JpsSecurityContext.internalHasPermission(JpsSecurityContext.java:253)

        at oracle.adf.share.security.SecurityContextImpl.hasPermission(SecurityContextImpl.java:185)

        at oracle.adf.share.security.PermissionEvaluator.internalGet(PermissionEvaluator.java:128)

        at oracle.adf.share.security.SecurityContextMap.get(SecurityContextMap.java:58)

        at javax.el.MapELResolver.getValue(MapELResolver.java:164)

        at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)

        at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)

        at com.sun.el.parser.AstValue.getValue(Unknown Source)

        at com.sun.el.parser.AstDeferredExpression.getValue(Unknown Source)

        at com.sun.el.parser.AstCompositeExpression.getValue(Unknown Source)

        at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)

        at org.apache.myfaces.trinidad.bean.FacesBeanImpl.getProperty(FacesBeanImpl.java:68)

        at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getValue(ValueRenderer.java:184)

        at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getConvertedString(ValueRenderer.java:145)

        at oracle.adfinternal.view.faces.renderkit.rich.OutputTextRenderer.encodeAll(OutputTextRenderer.java:148)

        at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)

     

     

    If I try using userGrantedResource as

     

    <af:outputText value="View: #{securityContext.userGrantedResource['resourceType=oracle.webcenter.security.auth.HierarchicalResourcePermission;resourceName=serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx;action=create']}" id="ot1"/>

     

     

    I get following error.

     

    java.lang.IllegalStateException

        at oracle.adf.share.security.SecurityContextImpl.createPermissionInstance(SecurityContextImpl.java:826)

        at oracle.adf.share.security.providers.jps.JpsSecurityContext.createPermissionInstance(JpsSecurityContext.java:380)

        at oracle.adf.share.security.PermissionEvaluator.internalGet(PermissionEvaluator.java:126)

        at oracle.adf.share.security.SecurityContextMap.get(SecurityContextMap.java:58)

        at javax.el.MapELResolver.getValue(MapELResolver.java:164)

        at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)

        at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)

        at com.sun.el.parser.AstValue.getValue(Unknown Source)

        at com.sun.el.parser.AstDeferredExpression.getValue(Unknown Source)

        at com.sun.el.parser.AstCompositeExpression.getValue(Unknown Source)

        at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)

        at org.apache.myfaces.trinidad.bean.FacesBeanImpl.getProperty(FacesBeanImpl.java:68)

        at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getValue(ValueRenderer.java:184)

        at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getConvertedString(ValueRenderer.java:145)

        at oracle.adfinternal.view.faces.renderkit.rich.OutputTextRenderer.encodeAll(OutputTextRenderer.java:148)

        at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)

     

     

    I believe I just need to correct resourceName, resourceType and action value so that system can create a permission object at runtime. But how to derive these values from jazn-data.xml

     

    Do I have a way to specify current page in EL instead of providing its resource-name and type? Do we have some other EL, which can return current page's resourceName and resourceType.

     

    Thanks

    Sanjeev

  • 3. Re: How to know if user has edit privilege on a page.
    fmw2123 Explorer
    Currently Being Moderated

    If you know the role/group name which has edit permission on the specific page you can use the expression as below in webcenter framework application

     

    #{WCSecurityContext.userInAppRole['AppConnectionManager']}

     

    #{WCSecurityContext.userInGroup['Administrators']}

     

  • 4. Re: How to know if user has edit privilege on a page.
    879338 Newbie
    Currently Being Moderated

    Sorry to say but I don't have that information.

    There are almost 30 admin roles and different pages use different admin roles. I need to write common EL or Java method, which can return boolean (true/false) if current login user has admin (create,update,delete) privileges on current page.

     

    I think whole problem is resourceName, resourceType and action for HierarchicalPermission. I am not able to pass correct values to EL so its always throwing error.

     

    Thanks

    Sanjeev.

  • 5. Re: How to know if user has edit privilege on a page.
    RafaLabarta Newbie
    Currently Being Moderated

    I Couldn't get the EL expression to work, I'm using WCP 1.1.1.6

     

    Maybe this can give you a clue. It worked for me but i assume it is a partial approach since I'm only evaluating HierarchicalResourcePermission

     

    public boolean isPersonalizePermission() {
        SecurityContext securityCtx = ADFContext.getCurrent().getSecurityContext();
        String viewId = FacesContext.getCurrentInstance().getViewRoot().getViewId();
      
        Permission permission;
        permission = getPermissionByViewId(viewId, HierarchicalResourcePermission.PERSONALIZE_ACTION);
      
        return (securityCtx.hasPermission(permission));
    }

       

    private Permission getHierarchicalResourcePermissionByViewId(final String viewId, final String action){
        final String permissionTarget = "serviceID=oracle.webcenter.page,scopeID=".concat(HierarchicalResourcePermission.ROOT_NODE_ID).concat(",resourceID=".concat(viewId));
        return (new HierarchicalResourcePermission(permissionTarget, action));
    }

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points