GitLab

Added beta code for better pop-up select (not yet finished).

- create.jspx
- registrationspercouse.jspx
- openproposal.jspx
- concludedbyperiod.jspx
- show.jspx

Add configuration to support SSL on mvn tomcat:run.

To use it:
- Generate a key using the following command:
  $ keytool -genkey -alias tomcat -keyalg RSA -keystore [CAMINHO_CHAVE]

- Edit the file with Key file path and password
- Uncomment the lines
- Run "mvn tomcat:run"

Added the attribute "requires-channel="https"" to obligate the use of
HTTPS protocol (SSL/TLS) by browsers.
This change requires that the server is configured to use this protocol.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

CPF is no longer needed to professors profile.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Added null verification to avoid NullPointer.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Fixed bug: Typo on rule definition
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Removed the option "Listar professores" to logged-in professors.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Updated rules to fix some unwanted behaviors.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Added permission's control to modify transcripts, based on period and year of
the requested transcript and on the "transcript.modification.open" global
configuration. If transcript's period/year are equal to the current period/year
and transcript's modification period is open the professor may modify the transcript.

Also, this controller doesn't check if the transcript belongs or not to
the logged-in professor. To do this is used "hasPermissionToView" function.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Restricted the results to only the ones belonging to the logged-in professor.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Restricted menu options based on user authority.
Now it is only shown the options that user may access.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Removed "change password" option because it is not needed anymore.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Restricted menu options based on user authority. Now it is only shown the options that user
may access. Also, the "change password" option was removed because it is not needed anymore.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Fixed typo on rule definition
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Updated rules to fix some bugs.
Also the permission analyzer method has been changed.
Now there is only one method that verifies all the requested IDs, based on the requested type argument.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

It unified the methods "getIdFromLoggedInStudent" and  "getIdFromLoggedInProfessor"
in a single method called "getIdFromLoggedInUser", because they were the same thing.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Updated rules to fix some bugs.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Fixed bug on accessing a method on null object. Changed to a simple comparison.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Value name was "id" but on the URL it is "registration".
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Necessary Modifications on the jspx files.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Added permission control based on the ID requested by the URL.
It compares this ID with logged-in user's ID and Professor's students/courses/...
If the requested ID is equal to logged-in user's ID or is some of the students's/courses's ID
it allows the access to the information. Otherwise it denies it.
This is necessary for the cases when the user requests an ID's information direct from the URL (modifying it) and
not from a menu (with restricted registers). In this case the user could request an information
that is not allowed to him to view.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Added methods to get logged-in user ID based on user's username that was used at log-in.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Fixed some typos and temporary statements
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Added a permission's control to dropdown menus based on person's authority.
This change restricts the options shown on dropdown menus, and shows only
those registers that the person may access.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Updated code to make it cleaner and easier to be used on other methods.

The most significant change was the definition of public variables to identify each authority group.
This changes makes it easier and safer the use of this variables by other methods, because it avoids the need of comparing strings containing the authority name. Now it compares GrantedAuthority's variables.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

Updated permission rules to cover sub-pages and fixed some bugs.
Those sub-pages are, for example, buttons or options included at some page,
that once it is clicked, redirects to some other URL, or appends something to main page's URL.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>

This change is necessary for new security implementations work.
Also added new libraries for LDAP and Kerberos.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>