Hi Тимофей,
We had the same requirement. You can try something like this, see below.
Use the TabDefiniton on your form tabs, and the FormDefiniton on the form
itself, or make it the default implementation. Then add roles and/groups nodes
to the tab definition and everything should work.
We made this the default behavior by defining these implementations as the
default ones in our module.xml file, see the XML snippet below.
Hope this helps!
Regards from Vienna,
Richard
import info.magnolia.ui.form.definition.ConfiguredTabDefinition;
/**
* ConfiguredTabDefinition with additonal support for configuring roles and
groups which
* may use this tab.
* @author Richard Unger
*/
public class RoleAwareConfiguredTabDefinition extends ConfiguredTabDefinition {
protected String roles = null;
protected String groups = null;
public String getRoles() {
return roles;
}
/**
* @param roles comma-separted list of role-names which may use this tab
*/
public void setRoles(String roles) {
this.roles = roles;
}
public String getGroups() {
return groups;
}
/**
* @param groups comma-separted list of group-names which may use this
tab
*/
public void setGroups(String groups) {
this.groups = groups;
}
}
and:
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.collections.Predicate;
import org.apache.commons.collections.iterators.FilterIterator;
import org.apache.commons.lang.StringUtils;
import ATKUtil;
import info.magnolia.ui.form.definition.ConfiguredFormDefinition;
import info.magnolia.ui.form.definition.TabDefinition;
/**
* FormDefinition implementation which extends ConfiguredFormDefinition with
* the ability to exclude/include form tabs by roles or groups of the current
user.
*
* To use:
* - in your form definition, configure a
* - set the property "roles" to a comma-seperated list of roles which may see
this tab
* - set the property "groups" to a comma-seperated list of groups which may
see this tab
* - if neither property has a value, the tab is visible to all users
*
* @author Richard Unger
*/
public class RoleAwareConfiguredFormDefintion extends ConfiguredFormDefinition {
@Override
public List<TabDefinition> getTabs() {
super.getTabs();
FilterIterator fi = new
FilterIterator(super.getTabs().iterator(), new Predicate(){
@Override
public boolean evaluate(Object tab) {
if (tab instanceof
RoleAwareConfiguredTabDefinition){
RoleAwareConfiguredTabDefinition ratab
= (RoleAwareConfiguredTabDefinition)tab;
if
(StringUtils.isEmpty(ratab.getRoles()) &&
StringUtils.isEmpty(ratab.getGroups()))
return true; // if no roles or
groups are configured, return true
boolean roleOk = false;
boolean groupOk = false;
if
(!StringUtils.isEmpty(ratab.getRoles()))
roleOk =
ATKUtil.currentUserHasAnyOfTheseRoles(ratab.getRoles());
if
(!StringUtils.isEmpty(ratab.getGroups()))
groupOk =
ATKUtil.currentUserHasAnyOfTheseGroups(ratab.getGroups());
return (roleOk || groupOk); // user
must have one of the groups or roles
}
// for other tab definition types just return
true
return true;
}
});
List<TabDefinition> filteredList = new
ArrayList<TabDefinition>();
while (fi.hasNext())
filteredList.add((TabDefinition) fi.next());
return filteredList;
}
}
And the helper methods from ATKUtil:
/**
* @param groups comma-separated list of groups
* @return true if the user is member of any of the groups, false
otherwise or if groups param is empty or null
*/
public static boolean currentUserHasAnyOfTheseGroups(String groups) {
if (StringUtils.isEmpty(groups))
return false;
User user = MgnlContext.getUser();
if (user!=null){
Collection<String> allGroups = user.getAllGroups();
for (String grp : groups.split(","))
if (allGroups.contains(grp))
return true;
}
return false;
}
/**
* @param roles comma-separated list of roles
* @return true if the user is member of any of the roles, false
otherwise or if roles param is empty or null
*/
public static boolean currentUserHasAnyOfTheseRoles(String roles) {
if (StringUtils.isEmpty(roles))
return false;
User user = MgnlContext.getUser();
if (user!=null){
Collection<String> allRoles = user.getAllRoles();
for (String role : roles.split(","))
if (allRoles.contains(role))
return true;
}
return false;
}
<type-mapping>
<type>info.magnolia.ui.form.definition.FormDefinition</type>
<implementation>x.y.z.RoleAwareConfiguredFormDefintion</implementation>
</type-mapping>
<type-mapping>
<type>info.magnolia.ui.form.definition.TabDefinition</type>
<implementation>x.y.z.RoleAwareConfiguredTabDefinition</implementation>
</type-mapping>
> -----Ursprüngliche Nachricht-----
> Von: user-list-ow...@magnolia-cms.com
> [mailto:user-list-owner@magnolia- cms.com] Im Auftrag von ???????
> ????????? (via Magnolia Forums)
> Gesendet: Dienstag, 27. Oktober 2015 15:12
> An: Magnolia User List
> Betreff: [magnolia-user] Allow access for dialog tabs
>
> Hi all.
>
> How to restrict access to tabs in dialog for some role?
> For example some-editor-role has access only to tabs A and B and have
> not to tab C.
>
> --
> Context is everything: http://forum.magnolia-
> cms.com/forum/thread.html?threadId=e0768358-9b11-4fbe-b16a-
> dc47f2673b95
>
>
> ----------------------------------------------------------------
> For list details, see http://www.magnolia-cms.com/community/mailing-
> lists.html
> Alternatively, use our forums: http://forum.magnolia-cms.com/ To
> unsubscribe, E-mail to: <user-list-unsubscr...@magnolia-cms.com>
> ----------------------------------------------------------------
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <user-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
