modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/form/EditableFormItem.java
| 20 -
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/groups/detail/GeneralProperties.java
| 102 ++++++----
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/OverviewForm.java
| 5
3 files changed, 73 insertions(+), 54 deletions(-)
New commits:
commit 4e353c14ab0eb728ee8da5cfa165cb2185ae529d
Author: Ian Springer <ian.springer(a)redhat.com>
Date: Fri Apr 1 11:06:49 2011 -0400
make sure only users w/ group inventory perm can edit group general props
(
https://bugzilla.redhat.com/show_bug.cgi?id=692842); escape HTML resource/group props
when they're displayed as static text
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/form/EditableFormItem.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/form/EditableFormItem.java
index 09c2273..86f87b3 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/form/EditableFormItem.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/form/EditableFormItem.java
@@ -1,6 +1,6 @@
/*
* RHQ Management Platform
- * Copyright (C) 2005-2010 Red Hat, Inc.
+ * Copyright (C) 2005-2011 Red Hat, Inc.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
@@ -20,7 +20,6 @@
* if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
-
package org.rhq.enterprise.gui.coregui.client.components.form;
import java.util.Date;
@@ -54,11 +53,9 @@ import
org.rhq.enterprise.gui.coregui.client.util.selenium.LocatableDynamicForm;
* but can be toggled into an "editable" form that allows the user to enter a
different value.
*
* This default implementation provides editing the value within a text field. However,
this class
- * is designed to be extended, thus allowing the subclasses to edit values via
- * checkboxes, radio buttons, etc.
+ * is designed to be extended, thus allowing the subclasses to edit values via
checkboxes, radio buttons, etc.
*
* @author John Mazzitelli
- *
*/
public class EditableFormItem extends CanvasItem {
@@ -103,7 +100,6 @@ public class EditableFormItem extends CanvasItem {
// if we are not in edit-mode, we want to show the edit icon, but only if the
mouse hovers over us
this.innerForm.addMouseOutHandler(new MouseOutHandler() {
- @Override
public void onMouseOut(MouseOutEvent event) {
if (!isEditing()) {
EditableFormItem.this.staticItem.setIcons(blankIcon);
@@ -112,7 +108,6 @@ public class EditableFormItem extends CanvasItem {
}
});
this.innerForm.addMouseOverHandler(new MouseOverHandler() {
- @Override
public void onMouseOver(MouseOverEvent event) {
if (!isEditing() && !isReadOnly()) {
EditableFormItem.this.staticItem.setIcons(editIcon);
@@ -135,12 +130,14 @@ public class EditableFormItem extends CanvasItem {
item.setIconWidth(16);
item.setShowIcons(true);
item.setShowIfCondition(new FormItemIfFunction() {
- @Override
public boolean execute(FormItem item, Object value, DynamicForm form) {
return !isEditing();
}
});
item.setTextBoxStyle("editableText");
+ if (item instanceof StaticTextItem) {
+ ((StaticTextItem)item).setOutputAsHTML(true);
+ }
return item;
}
@@ -156,7 +153,6 @@ public class EditableFormItem extends CanvasItem {
item.setIconWidth(16);
item.setShowIcons(true);
item.setShowIfCondition(new FormItemIfFunction() {
- @Override
public boolean execute(FormItem item, Object value, DynamicForm form) {
return isEditing();
}
@@ -183,6 +179,7 @@ public class EditableFormItem extends CanvasItem {
* @return the form item used to show the static (read-only) value
*/
protected FormItem instantiateStaticFormItem() {
+ @SuppressWarnings({"UnnecessaryLocalVariable"})
StaticTextItem item = new StaticTextItem();
return item;
}
@@ -197,6 +194,7 @@ public class EditableFormItem extends CanvasItem {
* @return the form item used to edit the value
*/
protected FormItem instantiateEditFormItem() {
+ @SuppressWarnings({"UnnecessaryLocalVariable"})
TextItem item = new TextItem();
return item;
}
@@ -206,7 +204,6 @@ public class EditableFormItem extends CanvasItem {
editIcon.setSrc(ImageManager.getEditIcon());
editIcon.setPrompt(MSG.common_button_edit()); // TODO have better message?
editIcon.addFormItemClickHandler(new FormItemClickHandler() {
- @Override
public void onFormItemClick(FormItemIconClickEvent event) {
// should never get here if read-only (the icon is hidden) but just to be
sure, check read-only status again
if (!isReadOnly()) {
@@ -222,7 +219,6 @@ public class EditableFormItem extends CanvasItem {
approveIcon.setSrc(ImageManager.getApproveIcon());
approveIcon.setPrompt(MSG.common_button_ok()); // TODO have better message?
approveIcon.addFormItemClickHandler(new FormItemClickHandler() {
- @Override
public void onFormItemClick(FormItemIconClickEvent event) {
if (EditableFormItem.this.innerForm.validate(false)) {
Object newValue = event.getItem().getValue();
@@ -239,7 +235,6 @@ public class EditableFormItem extends CanvasItem {
cancelIcon.setSrc(ImageManager.getCancelIcon());
cancelIcon.setPrompt(MSG.common_button_cancel()); // TODO have better message?
cancelIcon.addFormItemClickHandler(new FormItemClickHandler() {
- @Override
public void onFormItemClick(FormItemIconClickEvent event) {
switchToStaticMode();
}
@@ -434,4 +429,5 @@ public class EditableFormItem extends CanvasItem {
public static interface ValueEditedHandler {
public void editedValue(Object newValue);
}
+
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/groups/detail/GeneralProperties.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/groups/detail/GeneralProperties.java
index fde8d13..9d8eb61 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/groups/detail/GeneralProperties.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/groups/detail/GeneralProperties.java
@@ -42,6 +42,7 @@ import
org.rhq.enterprise.gui.coregui.client.components.form.EditableFormItem.Va
import org.rhq.enterprise.gui.coregui.client.components.table.TimestampCellFormatter;
import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup;
import org.rhq.enterprise.gui.coregui.client.gwt.ResourceGroupGWTServiceAsync;
+import org.rhq.enterprise.gui.coregui.client.util.StringUtility;
import org.rhq.enterprise.gui.coregui.client.util.message.Message;
import org.rhq.enterprise.gui.coregui.client.util.selenium.LocatableVLayout;
@@ -76,20 +77,18 @@ public class GeneralProperties extends LocatableVLayout {
List<FormItem> formItems = new ArrayList<FormItem>();
- boolean dynamic = (group.getGroupDefinition() != null);
+ boolean isDynaGroup = (group.getGroupDefinition() != null);
+ boolean hasInventoryPermission =
(this.groupComposite.getResourcePermission().isInventory());
+ boolean isEditable = (!isDynaGroup && hasInventoryPermission);
StringLengthValidator notEmptyOrNullValidator = new StringLengthValidator(1,
null, false);
StringLengthValidator notNullValidator = new StringLengthValidator(null, null,
false);
- final FormItem nameItem = (dynamic) ? new StaticTextItem() : new
EditableFormItem();
- nameItem.setName("name");
- nameItem.setTitle(MSG.common_title_name());
- nameItem.setValue(group.getName());
- if (nameItem instanceof EditableFormItem) {
- final EditableFormItem togglableNameItem = (EditableFormItem) nameItem;
+ final FormItem nameItem;
+ if (isEditable) {
+ final EditableFormItem togglableNameItem = new EditableFormItem();
togglableNameItem.setValidators(notEmptyOrNullValidator);
togglableNameItem.setValueEditedHandler(new ValueEditedHandler() {
- @Override
public void editedValue(Object newValue) {
final String newName = newValue.toString();
final String oldName = group.getName();
@@ -106,7 +105,7 @@ public class GeneralProperties extends LocatableVLayout {
// We failed to update it on the Server, so change back
the ResourceGroup and the form item
// to the original value.
group.setName(oldName);
- nameItem.setValue(oldName);
+ togglableNameItem.setValue(oldName);
}
public void onSuccess(Void result) {
@@ -119,16 +118,28 @@ public class GeneralProperties extends LocatableVLayout {
});
}
});
+ nameItem = togglableNameItem;
+ } else {
+ StaticTextItem staticNameItem = new StaticTextItem();
+ staticNameItem.setOutputAsHTML(true);
+ nameItem = staticNameItem;
}
+
+ nameItem.setName("name");
+ nameItem.setTitle(MSG.common_title_name());
+ nameItem.setValue(group.getName());
+
formItems.add(nameItem);
StaticTextItem typeItem = new StaticTextItem("memberType",
MSG.view_group_summary_memberType());
ResourceType type = group.getResourceType();
if (type != null) {
+ // compatible group
typeItem.setTooltip(MSG.common_title_plugin() + ": " +
type.getPlugin() + "\n<br>"
+ MSG.common_title_type() + ": " + type.getName());
typeItem.setValue(type.getName() + " (" + type.getPlugin() +
")");
} else {
+ // mixed group
typeItem.setValue("<i>" + MSG.view_group_summary_mixed() +
"</i>");
}
formItems.add(typeItem);
@@ -138,15 +149,12 @@ public class GeneralProperties extends LocatableVLayout {
countItem.setValue(memberCount);
formItems.add(countItem);
- final FormItem descriptionItem = (dynamic) ? new StaticTextItem() : new
EditableFormItem();
- descriptionItem.setName("description");
- descriptionItem.setTitle(MSG.common_title_description());
- descriptionItem.setValue(group.getDescription());
- if (descriptionItem instanceof EditableFormItem) {
- final EditableFormItem togglableDescriptionItem = (EditableFormItem)
descriptionItem;
+ final FormItem descriptionItem;
+ String value;
+ if (isEditable) {
+ final EditableFormItem togglableDescriptionItem = new EditableFormItem();
togglableDescriptionItem.setValidators(notNullValidator);
togglableDescriptionItem.setValueEditedHandler(new ValueEditedHandler() {
- @Override
public void editedValue(Object newValue) {
final String newDescription = newValue.toString();
final String oldDescription = group.getDescription();
@@ -162,7 +170,7 @@ public class GeneralProperties extends LocatableVLayout {
// We failed to update it on the Server, so change back
the ResourceGroup and the form item
// to the original value.
group.setDescription(oldDescription);
- descriptionItem.setValue(oldDescription);
+ togglableDescriptionItem.setValue(oldDescription);
}
public void onSuccess(Void result) {
@@ -172,33 +180,46 @@ public class GeneralProperties extends LocatableVLayout {
});
}
});
+ descriptionItem = togglableDescriptionItem;
+ value = group.getDescription();
+ } else {
+ descriptionItem = new StaticTextItem();
+ value = StringUtility.escapeHtml(group.getDescription());
}
+
+ descriptionItem.setName("description");
+ descriptionItem.setTitle(MSG.common_title_description());
+ descriptionItem.setValue(value);
+
formItems.add(descriptionItem);
StaticTextItem dynamicItem = new StaticTextItem("dynamic",
MSG.view_group_summary_dynamic());
- dynamicItem.setValue(dynamic ? MSG.common_val_yes() : MSG.common_val_no());
+ dynamicItem.setValue(isDynaGroup ? MSG.common_val_yes() : MSG.common_val_no());
formItems.add(dynamicItem);
- EditableFormItem recursiveItem = new
CheckboxEditableFormItem("recursive", MSG.view_group_summary_recursive());
- recursiveItem.setValueEditedHandler(new ValueEditedHandler() {
- @Override
- public void editedValue(Object newValue) {
- boolean isRecursive = (newValue != null) ? ((Boolean)
newValue).booleanValue() : false;
- resourceGroupService.setRecursive(group.getId(), isRecursive, new
AsyncCallback<Void>() {
- @Override
- public void onSuccess(Void result) {
- CoreGUI.getMessageCenter().notify(
- new
Message(MSG.view_group_detail_recursiveChange(group.getName())));
- }
+ FormItem recursiveItem;
+ if (isEditable) {
+ CheckboxEditableFormItem editableRecursiveItem = new
CheckboxEditableFormItem("recursive", MSG.view_group_summary_recursive());
+ editableRecursiveItem.setValueEditedHandler(new ValueEditedHandler() {
+ public void editedValue(Object newValue) {
+ boolean isRecursive = ((newValue != null) &&
(Boolean)newValue);
+ resourceGroupService.setRecursive(group.getId(), isRecursive, new
AsyncCallback<Void>() {
+ public void onSuccess(Void result) {
+ CoreGUI.getMessageCenter().notify(
+ new
Message(MSG.view_group_detail_recursiveChange(group.getName())));
+ }
- @Override
- public void onFailure(Throwable caught) {
- CoreGUI.getErrorHandler().handleError(
-
MSG.view_group_detail_failRecursiveChange(String.valueOf(group.getName())));
- }
- });
- }
- });
+ public void onFailure(Throwable caught) {
+ CoreGUI.getErrorHandler().handleError(
+
MSG.view_group_detail_failRecursiveChange(String.valueOf(group.getName())));
+ }
+ });
+ }
+ });
+ recursiveItem = editableRecursiveItem;
+ } else {
+ recursiveItem = new StaticTextItem("recursive",
MSG.view_group_summary_recursive());
+ }
recursiveItem.setValue((group.isRecursive()) ? MSG.common_val_yes() :
MSG.common_val_no());
formItems.add(recursiveItem);
@@ -214,20 +235,21 @@ public class GeneralProperties extends LocatableVLayout {
lastModifiedByItem.setValue(group.getModifiedBy());
formItems.add(lastModifiedByItem);
- if (dynamic) {
+ if (isDynaGroup) {
StaticTextItem groupDefinitionItem = new
StaticTextItem("groupDefinition", MSG
.view_group_summary_groupDefinition());
GroupDefinition groupDefinition = group.getGroupDefinition();
String groupDefinitionUrl =
LinkManager.getGroupDefinitionLink(groupDefinition.getId());
+ String groupDefinitionName =
StringUtility.escapeHtml(groupDefinition.getName());
groupDefinitionItem
- .setValue("<a href=\"" + groupDefinitionUrl +
"\">" + groupDefinition.getName() + "</a>");
+ .setValue("<a href=\"" + groupDefinitionUrl +
"\">" + groupDefinitionName + "</a>");
formItems.add(groupDefinitionItem);
}
generalPropsForm.setItems(formItems.toArray(new FormItem[formItems.size()]));
addMember(generalPropsForm);
- if (dynamic) {
+ if (isDynaGroup) {
spacer = new HLayout();
spacer.setHeight(10);
addMember(spacer);
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/OverviewForm.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/OverviewForm.java
index 7547339..dfe6bdb 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/OverviewForm.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/OverviewForm.java
@@ -277,8 +277,9 @@ public class OverviewForm extends EnhancedDynamicForm {
// Version
StaticTextItem versionItem = new StaticTextItem("version",
MSG.view_summaryOverviewForm_field_version());
- versionItem.setValue((resource.getVersion() != null) ? resource.getVersion() :
"<i>" + MSG.common_label_none()
- + "</i>");
+ String version = (resource.getVersion() != null) ? resource.getVersion() :
"<i>" + MSG.common_label_none()
+ + "</i>";
+ versionItem.setValue(version);
versionItem.setEndRow(true);
formItems.add(versionItem);