User authorizing management

mortoza_khan · April 11, 2021, 9:49pm

I have created a role programmatically where the user with this role can create an user but the “add role” option always remains inactive. Thanks for any suggestions to fix this problem.

Here is the user creation screen where you see the Roles “Add” option is inactive.

Here is the user role created and assigned to this user:

@Role(name = AdminUserRole.NAME)
public class AdminUserRole extends AnnotatedRoleDefinition {
    public final static String NAME = "AUTO_User_Admin";

    @EntityAccess(entityClass = User.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = UserRole.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = UserExt.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = com.haulmont.cuba.security.entity.Role.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = Company.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = Employee.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = Salesperson.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = CustomerProfile.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = VendorProfile.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = DistributionCentre.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = Plant.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = CompanyAccess.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = PlantAccess.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})

    @Override
    public EntityPermissionsContainer entityPermissions() {
        return super.entityPermissions();
    }

    @EntityAttributeAccess(entityClass = User.class, modify = "*")
    @EntityAttributeAccess(entityClass = UserRole.class, modify = "*")
    @EntityAttributeAccess(entityClass = UserExt.class, modify = "*")
    @EntityAttributeAccess(entityClass = com.haulmont.cuba.security.entity.Role.class, modify = "*")
    @EntityAttributeAccess(entityClass = Company.class, modify = "*")
    @EntityAttributeAccess(entityClass = Employee.class, modify = "*")
    @EntityAttributeAccess(entityClass = Salesperson.class, modify = "*")
    @EntityAttributeAccess(entityClass = CustomerProfile.class, modify = "*")
    @EntityAttributeAccess(entityClass = VendorProfile.class, modify = "*")
    @EntityAttributeAccess(entityClass = DistributionCentre.class, modify = "*")
    @EntityAttributeAccess(entityClass = Plant.class, modify = "*")
    @EntityAttributeAccess(entityClass = PlantAccess.class, modify = "*")
    @EntityAttributeAccess(entityClass = CompanyAccess.class, modify = "*")
    @Override
    public EntityAttributePermissionsContainer entityAttributePermissions() {
        return super.entityAttributePermissions();
    }

    @ScreenAccess(screenIds = {"administration","mnuSystemAdmin", "sec$User.browse", "sec$User.edit", "erp_UserExt.browse", "erp_UserExt.edit", "sec$Role.browse"})
    @Override
    public ScreenPermissionsContainer screenPermissions() {
        return super.screenPermissions();
    }

Another:

@com.haulmont.cuba.security.app.role.annotation.Role(name = AdminUserRolesRole.NAME)
public class AdminUserRolesRole extends AnnotatedRoleDefinition {
public final static String NAME = “AUTO_USER_ROLE_ADMIN role”;

    @EntityAccess(entityClass = Group.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = Role.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = UserRole.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = UserSessionEntity.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = ScheduledTask.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = SessionLogEntry.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})
    @EntityAccess(entityClass = EmailTemplate.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})

    @Override
    public EntityPermissionsContainer entityPermissions() {
        return super.entityPermissions();
    }

    @EntityAttributeAccess(entityClass = Group.class, modify = "*")
    @EntityAttributeAccess(entityClass = Role.class, modify = "*")
    @EntityAttributeAccess(entityClass = UserRole.class, modify = "*")
    @EntityAttributeAccess(entityClass = UserSessionEntity.class, modify = "*")
    @EntityAttributeAccess(entityClass = ScheduledTask.class, modify = "*")
    @EntityAttributeAccess(entityClass = SessionLogEntry.class, modify = "*")
    @EntityAttributeAccess(entityClass = EmailTemplate.class, modify = "*")
    @Override
    public EntityAttributePermissionsContainer entityAttributePermissions() {
        return super.entityAttributePermissions();
    }

@ScreenAccess(screenIds = {"administration", "sec$Group.browse", "sec$Group.edit", "sec$Role.browse", "sec$Role.edit",
        "sec$UserSessionEntity.browse", "sec$SessionLogEntity.browse"   //"sys$ScheduledTask.browse", "sys$ScheduledTask.edit",
        , "performanceStatistics" //,"emailtemplates$EmailTemplate.browse","emailtemplates$EmailTemplate.edit"
        })
@Override
public ScreenPermissionsContainer screenPermissions() {
    return super.screenPermissions();
}

}

skatova · April 13, 2021, 2:22pm

Hi!
Which version of the platform do you use?

Regards,
Elena

mortoza_khan · April 14, 2021, 2:05am

CUBA all latest versions of platform and studio.

skatova · April 14, 2021, 6:19pm

Unfortunately, we cannot reproduce the problem.
Could you please if it is possible, attached a small project that reproduced it?

Regards,
Elena

mortoza_khan · April 15, 2021, 2:16am

Hi
My project was created in 6.x and later migrated to 7.x, now using latest 7.2.x.

skatova · April 21, 2021, 7:20pm

Unfortunately, we cannot reproduce the problem on the latest version after migration from 6.x platform version.
We will try to help you if you send us a small sample project along with reproduction scenario that demonstrates the issue.

Regards,
Elena

mortoza_khan · April 22, 2021, 6:48pm

We may find no problem by creating a new project but there might have something wrong in my project. Is there any clue where I should check in order to hunt the root cause? Thanks for any suggestions.

albudarov · April 23, 2021, 6:27am

I would advise you to debug the following code in the com.haulmont.cuba.gui.app.security.user.edit.UserEditor#init method:

    @Override
    public void init(Map<String, Object> params) {
        super.init(params);
// ...

        AddRoleAction addRoleAction = new AddRoleAction();
        addRoleAction.setEnabled(security.isEntityOpPermitted(UserRole.class, EntityOp.CREATE));
        rolesTable.addAction(addRoleAction);
        rolesTableAddBtn.setAction(addRoleAction);

It enables or disables the Add action and button.

mortoza_khan · April 23, 2021, 1:35pm

Hi Alex
Thanks. I have tried please guide how this can be read to fix the problem.