Add global view permission for events as per #1546

Core/RELEASE-NOTES

@@ -20,6 +20,7 @@
 * Add new types to Mailing List to allow any phone number and User phone numbers
 * Adding a system setting that allows control over what tags are displayed this defaults to all tags
 * Add read and edit permission to event detectors default to previous behavior if no permissions are set
+* Add events view permission that has a default of the user role to be consistent with previous versions of Mango this permission can restrict a user to not be able to see any events
 
 *Version 3.7.4*
 * Improve work item failure logging

Core/src/com/infiniteautomation/mango/spring/service/EventInstanceService.java

@@ -9,6 +9,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
 import org.jooq.Field;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -70,6 +71,10 @@ public boolean hasReadPermission(PermissionHolder user, EventInstanceVO vo) {
      * @throws PermissionException
      */
     public List<UserEventLevelSummary> getActiveSummary() throws PermissionException {
+        PermissionHolder user = Common.getUser();
+        Objects.requireNonNull(user, "Permission holder must be set in security context");
+        this.permissionService.ensureEventsVewPermission(user);
+
         Map<AlarmLevels, UserEventLevelSummary> summaries = new EnumMap<>(AlarmLevels.class);
         for (AlarmLevels level : AlarmLevels.values()) {
             if(level == AlarmLevels.IGNORE) {
@@ -90,6 +95,10 @@ public List<UserEventLevelSummary> getActiveSummary() throws PermissionException
      * @return
      */
     public List<UserEventLevelSummary> getUnacknowledgedSummary() {
+        PermissionHolder user = Common.getUser();
+        Objects.requireNonNull(user, "Permission holder must be set in security context");
+        this.permissionService.ensureEventsVewPermission(user);
+
         Map<AlarmLevels, UserEventLevelSummary> summaries = new EnumMap<>(AlarmLevels.class);
         for (AlarmLevels level : AlarmLevels.values()) {
             if(level == AlarmLevels.IGNORE) {
@@ -115,6 +124,10 @@ public List<UserEventLevelSummary> getUnacknowledgedSummary() {
      * @throws PermissionException
      */
     public Collection<DataPointEventLevelSummary> getDataPointEventSummaries(String[] dataPointXids) throws NotFoundException, PermissionException {
+        PermissionHolder user = Common.getUser();
+        Objects.requireNonNull(user, "Permission holder must be set in security context");
+        this.permissionService.ensureEventsVewPermission(user);
+
         Map<Integer, DataPointEventLevelSummary> map = new LinkedHashMap<>();
         for(String xid : dataPointXids) {
             Integer point = dataPointService.getDao().getIdByXid(xid);
@@ -139,7 +152,9 @@ public Collection<DataPointEventLevelSummary> getDataPointEventSummaries(String[
      */
     public List<EventInstance> getAllActiveUserEvents() {
         PermissionHolder user = Common.getUser();
-        this.permissionService.ensureValidPermissionHolder(user);
+        Objects.requireNonNull(user, "Permission holder must be set in security context");
+        this.permissionService.ensureEventsVewPermission(user);
+
         return Common.eventManager.getAllActiveUserEvents(user);
     }
 

Core/src/com/infiniteautomation/mango/spring/service/PermissionService.java

@@ -30,6 +30,7 @@
 import com.serotonin.m2m2.module.ModuleRegistry;
 import com.serotonin.m2m2.module.PermissionDefinition;
 import com.serotonin.m2m2.module.definitions.permissions.DataSourcePermissionDefinition;
+import com.serotonin.m2m2.module.definitions.permissions.EventsViewPermissionDefinition;
 import com.serotonin.m2m2.rt.event.type.EventType;
 import com.serotonin.m2m2.vo.AbstractVO;
 import com.serotonin.m2m2.vo.DataPointVO;
@@ -59,14 +60,17 @@ public class PermissionService {
     private final RoleDao roleDao;
     private final DataSourcePermissionDefinition dataSourcePermission;
     private final PermissionHolder systemSuperadmin;
+    private final EventsViewPermissionDefinition eventsViewPermission;
 
     @Autowired
     public PermissionService(RoleDao roleDao,
             @Qualifier(MangoRuntimeContextConfiguration.SYSTEM_SUPERADMIN_PERMISSION_HOLDER)
-    PermissionHolder systemSuperadmin) {
+    PermissionHolder systemSuperadmin,
+    EventsViewPermissionDefinition eventsView) {
         this.roleDao = roleDao;
         this.dataSourcePermission = (DataSourcePermissionDefinition) ModuleRegistry.getPermissionDefinition(DataSourcePermissionDefinition.PERMISSION);
         this.systemSuperadmin = systemSuperadmin;
+        this.eventsViewPermission = eventsView;
     }
 
     /**
@@ -399,7 +403,7 @@ public boolean hasDataPointSetPermission(PermissionHolder user, int dataPointId)
      * @return
      */
     public boolean hasEventTypePermission(PermissionHolder user, EventType eventType) {
-        return hasAdminRole(user) || eventType.hasPermission(user, this);
+        return hasAdminRole(user) || (hasEventsViewPermission(user) && eventType.hasPermission(user, this));
     }
 
     /**
@@ -423,6 +427,28 @@ public void ensureEventTypePermission(PermissionHolder user, EventTypeVO eventTy
         ensureEventTypePermission(user, eventType.getEventType());
     }
 
+    /**
+     * Can this user view any events?
+     * @param user
+     * @return
+     */
+    public boolean hasEventsViewPermission (PermissionHolder user) {
+        if (!isValidPermissionHolder(user)) return false;
+
+        if(user.hasAdminRole()) return true;
+
+        return hasPermission(user, eventsViewPermission.getPermission());
+    }
+
+    /**
+     * Ensure this user can view any events?
+     * @param user
+     */
+    public void ensureEventsVewPermission(PermissionHolder user) {
+        if (!hasEventsViewPermission(user))
+            throw new PermissionException(new TranslatableMessage("permission.exception.event", user.getPermissionHolderName()), user);
+    }
+
     /**
      * Does this permission holder have at least one of the required roles
      * @param user

Core/src/com/serotonin/m2m2/module/definitions/permissions/EventsViewPermissionDefinition.java

@@ -13,6 +13,9 @@
 import com.serotonin.m2m2.vo.role.Role;
 
 /**
+ * Permission to view any events, each individual event is also restricted
+ *  based on the event type permission.
+ *
  * @author Terry Packer
  *
  */