LibreCCM
/
libreccm-legacy
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

check if user is allowed to see A content asset 

git-svn-id: https://svn.libreccm.org/ccm/trunk@4199 8810af33-2d31-482b-a856-94f89814c4df
master
konermann 2016-07-17 11:44:44 +00:00
parent d8c9a0eda8
commit 01422e3f99
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ccm-cms/src/com/arsdigita/cms/FileAsset.java
View File

@ -25,13 +25,13 @@ import com.arsdigita.persistence.DataObject;
import com.arsdigita.persistence.Filter; import com.arsdigita.persistence.Filter;
import com.arsdigita.persistence.OID; import com.arsdigita.persistence.OID;
import com.arsdigita.persistence.SessionManager; import com.arsdigita.persistence.SessionManager;
import com.arsdigita.util.StringUtils;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.math.BigDecimal; import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Locale; import java.util.Locale;
/** /**
@ -118,6 +118,8 @@ public class FileAsset extends BinaryAsset {
set(HEIGHT, height); set(HEIGHT, height);
} }
public static ArrayList<FileAssetAccessChecker> assetAccessCheckerList = new ArrayList<FileAssetAccessChecker>();
/** /**
* Retrieves the Blob content. * Retrieves the Blob content.
* *
@ -268,4 +270,15 @@ public class FileAsset extends BinaryAsset {
super.beforeSave(); super.beforeSave();
} }
public static void registerAssetAccessChecker(FileAssetAccessChecker checker) {
//check if the checker is already registered
if (assetAccessCheckerList.contains(checker)) {
//do nothing
return;
}
//register checker
assetAccessCheckerList.add(checker);
}
} }

17
ccm-cms/src/com/arsdigita/cms/dispatcher/BaseAsset.java
View File

@ -21,6 +21,8 @@ package com.arsdigita.cms.dispatcher;
import com.arsdigita.bebop.parameters.BigDecimalParameter; import com.arsdigita.bebop.parameters.BigDecimalParameter;
import com.arsdigita.cms.BinaryAsset; import com.arsdigita.cms.BinaryAsset;
import com.arsdigita.cms.Asset; import com.arsdigita.cms.Asset;
import com.arsdigita.cms.FileAsset;
import com.arsdigita.cms.FileAssetAccessChecker;
import com.arsdigita.dispatcher.DispatcherHelper; import com.arsdigita.dispatcher.DispatcherHelper;
import com.arsdigita.dispatcher.RequestContext; import com.arsdigita.dispatcher.RequestContext;
import com.arsdigita.domain.DataObjectNotFoundException; import com.arsdigita.domain.DataObjectNotFoundException;
@ -28,6 +30,7 @@ import com.arsdigita.domain.DomainObjectFactory;
import com.arsdigita.mimetypes.MimeType; import com.arsdigita.mimetypes.MimeType;
import com.arsdigita.persistence.OID; import com.arsdigita.persistence.OID;
import com.arsdigita.toolbox.ui.OIDParameter; import com.arsdigita.toolbox.ui.OIDParameter;
import com.arsdigita.web.Web;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import java.io.IOException; import java.io.IOException;
@ -170,6 +173,7 @@ class BaseAsset extends ResourceHandlerImpl {
if (a instanceof BinaryAsset) { if (a instanceof BinaryAsset) {
asset = (BinaryAsset) a; asset = (BinaryAsset) a;
} else { } else {
if (s_log.isInfoEnabled()) { if (s_log.isInfoEnabled()) {
s_log.info("Asset " + oid + " is not a BinaryAsset"); s_log.info("Asset " + oid + " is not a BinaryAsset");
@ -189,7 +193,20 @@ class BaseAsset extends ResourceHandlerImpl {
return; return;
} }
//check if the content asset is still published:
// boolean hasAccess = false;
// for (FileAssetAccessChecker checker : FileAsset.assetAccessCheckerList) {
// if(checker.hasAccess((FileAsset) asset)){
// hasAccess = true;
// break;
// }
// }
//return asset if its published or the user is logged in and hereby
// authorized to access content even if its unpublished.
if(Web.getUserContext().isLoggedIn() || asset.isLiveVersion()){
setHeaders(response, asset); setHeaders(response, asset);
send(response, asset); send(response, asset);
} }
} }
}