5 Replies Latest reply: Aug 28, 2013 4:01 AM by RafaLabarta RSS

    How to know if user has edit privilege on a page.

    879338

      HI All,

        Is there a way (EL or Java api) to know if user has edit privilege on a page?

      I tried below code but its not working.

       

      public String getPageEditableByUser(){
         
          String pageDef = ADFUtil.getBindingContainer().getName();
          System.out.println("Page print: " + pageDef);
          FacesContext fctx = FacesContext.getCurrentInstance();
            ADFContext adfCtx = ADFContext.getCurrent();
            SecurityContext sctx = adfCtx.getSecurityContext();
          System.out.println(sctx.getUserName());
          if( sctx.hasPermission(new RegionPermission(pageDef, RegionPermission.EDIT_ACTION)))
              return "Y";
          else
              return "N";
      }

       

       

      Any suggestion?

      Thanks

        • 1. Re: How to know if user has edit privilege on a page.
          fmw2123

          Did you try available security expressions such as

           

          •   #{securityContext.taskflowViewable['target']}
          •   #{securityContext.regionViewable['target']}
          •   #{securityContext.userGrantedResource['permission']}
          •   #{securityContext.userGrantedPermission['permission']}
          • 2. Re: How to know if user has edit privilege on a page.
            879338

            I tried #{securityContext.userGrantedPermission['permission']} EL but its throwing an error.

             

            My Jazn entry is

             

            <permission>

                     <class>oracle.webcenter.security.auth.HierarchicalResourcePermission</class>

                      <name>serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx</name>

                       <actions>create,delete,grant,personalize,update,view</actions>

            </permission>

             

            I tried following EL in outputtext.

             

             

             

            <af:outputText value="View: #{securityContext.userGrantedPermission['resourceType=oracle.webcenter.security.auth.HierarchicalResourcePermission;resourceName=serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx;action=create']}" id="ot1"/>

             

             

             

            java.lang.NullPointerException

                at oracle.adf.share.security.authorization.ADFPermission.hashCode(ADFPermission.java:138)

                at java.util.HashMap.get(HashMap.java:300)

                at oracle.security.jps.az.common.info.JpsPermissionsHash.implies(JpsPermissions.java:673)

                at oracle.security.jps.az.common.info.JpsPermissions.implies(JpsPermissions.java:185)

                at oracle.security.jps.az.common.info.DenyOverridesCombiner.decide(DenyOverridesCombiner.java:105)

                at oracle.security.jps.az.common.info.PermissionsWithEffect.decide(PermissionsWithEffect.java:267)

                at oracle.security.jps.internal.policystore.JavaPolicyProvider.impliesInternal(JavaPolicyProvider.java:790)

                at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies_NotPrivileged(JavaPolicyProvider.java:597)

                at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:567)

                at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:551)

                at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)

                at oracle.security.jps.util.JpsSubjectDomainCombiner$JpsProtectionDomain.implies(JpsSubjectDomainCombiner.java:112)

                at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)

                at java.security.AccessController.checkPermission(AccessController.java:546)

                at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)

                at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)

                at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)

                at oracle.adf.share.security.providers.jps.JpsSecurityContext.doJpsCheckPermission(JpsSecurityContext.java:330)

                at oracle.adf.share.security.providers.jps.JpsSecurityContext.internalHasPermission(JpsSecurityContext.java:253)

                at oracle.adf.share.security.SecurityContextImpl.hasPermission(SecurityContextImpl.java:185)

                at oracle.adf.share.security.PermissionEvaluator.internalGet(PermissionEvaluator.java:128)

                at oracle.adf.share.security.SecurityContextMap.get(SecurityContextMap.java:58)

                at javax.el.MapELResolver.getValue(MapELResolver.java:164)

                at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)

                at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)

                at com.sun.el.parser.AstValue.getValue(Unknown Source)

                at com.sun.el.parser.AstDeferredExpression.getValue(Unknown Source)

                at com.sun.el.parser.AstCompositeExpression.getValue(Unknown Source)

                at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)

                at org.apache.myfaces.trinidad.bean.FacesBeanImpl.getProperty(FacesBeanImpl.java:68)

                at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getValue(ValueRenderer.java:184)

                at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getConvertedString(ValueRenderer.java:145)

                at oracle.adfinternal.view.faces.renderkit.rich.OutputTextRenderer.encodeAll(OutputTextRenderer.java:148)

                at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)

             

             

            If I try using userGrantedResource as

             

            <af:outputText value="View: #{securityContext.userGrantedResource['resourceType=oracle.webcenter.security.auth.HierarchicalResourcePermission;resourceName=serviceID=oracle.webcenter.page,scopeID=s8bba98ff_4cbb_40b8_beee_296c916a23ed,resourceID=/oracle/webcenter/portalapp/pages/OurCompany/Departments/GlobalHR.jspx;action=create']}" id="ot1"/>

             

             

            I get following error.

             

            java.lang.IllegalStateException

                at oracle.adf.share.security.SecurityContextImpl.createPermissionInstance(SecurityContextImpl.java:826)

                at oracle.adf.share.security.providers.jps.JpsSecurityContext.createPermissionInstance(JpsSecurityContext.java:380)

                at oracle.adf.share.security.PermissionEvaluator.internalGet(PermissionEvaluator.java:126)

                at oracle.adf.share.security.SecurityContextMap.get(SecurityContextMap.java:58)

                at javax.el.MapELResolver.getValue(MapELResolver.java:164)

                at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)

                at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)

                at com.sun.el.parser.AstValue.getValue(Unknown Source)

                at com.sun.el.parser.AstDeferredExpression.getValue(Unknown Source)

                at com.sun.el.parser.AstCompositeExpression.getValue(Unknown Source)

                at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)

                at org.apache.myfaces.trinidad.bean.FacesBeanImpl.getProperty(FacesBeanImpl.java:68)

                at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getValue(ValueRenderer.java:184)

                at oracle.adfinternal.view.faces.renderkit.rich.ValueRenderer.getConvertedString(ValueRenderer.java:145)

                at oracle.adfinternal.view.faces.renderkit.rich.OutputTextRenderer.encodeAll(OutputTextRenderer.java:148)

                at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)

             

             

            I believe I just need to correct resourceName, resourceType and action value so that system can create a permission object at runtime. But how to derive these values from jazn-data.xml

             

            Do I have a way to specify current page in EL instead of providing its resource-name and type? Do we have some other EL, which can return current page's resourceName and resourceType.

             

            Thanks

            Sanjeev

            • 3. Re: How to know if user has edit privilege on a page.
              fmw2123

              If you know the role/group name which has edit permission on the specific page you can use the expression as below in webcenter framework application

               

              #{WCSecurityContext.userInAppRole['AppConnectionManager']}

               

              #{WCSecurityContext.userInGroup['Administrators']}

               

              {wcsecuritycontext.userinapprole['appconnectionmanager']}

              • 4. Re: How to know if user has edit privilege on a page.
                879338

                Sorry to say but I don't have that information.

                There are almost 30 admin roles and different pages use different admin roles. I need to write common EL or Java method, which can return boolean (true/false) if current login user has admin (create,update,delete) privileges on current page.

                 

                I think whole problem is resourceName, resourceType and action for HierarchicalPermission. I am not able to pass correct values to EL so its always throwing error.

                 

                Thanks

                Sanjeev.

                • 5. Re: How to know if user has edit privilege on a page.
                  RafaLabarta

                  I Couldn't get the EL expression to work, I'm using WCP 1.1.1.6

                   

                  Maybe this can give you a clue. It worked for me but i assume it is a partial approach since I'm only evaluating HierarchicalResourcePermission

                   

                  public boolean isPersonalizePermission() {
                      SecurityContext securityCtx = ADFContext.getCurrent().getSecurityContext();
                      String viewId = FacesContext.getCurrentInstance().getViewRoot().getViewId();
                    
                      Permission permission;
                      permission = getPermissionByViewId(viewId, HierarchicalResourcePermission.PERSONALIZE_ACTION);
                    
                      return (securityCtx.hasPermission(permission));
                  }

                     

                  private Permission getHierarchicalResourcePermissionByViewId(final String viewId, final String action){
                      final String permissionTarget = "serviceID=oracle.webcenter.page,scopeID=".concat(HierarchicalResourcePermission.ROOT_NODE_ID).concat(",resourceID=".concat(viewId));
                      return (new HierarchicalResourcePermission(permissionTarget, action));
                  }