check if user is allowed to see A content asset

git-svn-id: https://svn.libreccm.org/ccm/trunk@4199 8810af33-2d31-482b-a856-94f89814c4df
2016-07-17 11:44:44 +00:00 · 2016-07-17 11:44:44 +00:00 · 01422e3f99
parent d8c9a0eda8
commit 01422e3f99
2 changed files with 33 additions and 3 deletions
--- a/ccm-cms/src/com/arsdigita/cms/FileAsset.java
+++ b/ccm-cms/src/com/arsdigita/cms/FileAsset.java
@ -25,13 +25,13 @@ import com.arsdigita.persistence.DataObject;
 import com.arsdigita.persistence.Filter;
 import com.arsdigita.persistence.OID;
 import com.arsdigita.persistence.SessionManager;
-import com.arsdigita.util.StringUtils;

 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.math.BigDecimal;
+import java.util.ArrayList;
 import java.util.Locale;

 /**
@ -118,6 +118,8 @@ public class FileAsset extends BinaryAsset {
        set(HEIGHT, height);
    }

+    public static ArrayList<FileAssetAccessChecker> assetAccessCheckerList = new ArrayList<FileAssetAccessChecker>();
+
    /**
     * Retrieves the Blob content.
     *
@ -268,4 +270,15 @@ public class FileAsset extends BinaryAsset {

        super.beforeSave();
    }
+
+    public static void registerAssetAccessChecker(FileAssetAccessChecker checker) {
+        //check if the checker is already registered
+        if (assetAccessCheckerList.contains(checker)) {
+            //do nothing
+            return;
+        }
+        //register checker
+        assetAccessCheckerList.add(checker);
+    }
+
 }
--- a/ccm-cms/src/com/arsdigita/cms/dispatcher/BaseAsset.java
+++ b/ccm-cms/src/com/arsdigita/cms/dispatcher/BaseAsset.java
@ -21,6 +21,8 @@ package com.arsdigita.cms.dispatcher;
 import com.arsdigita.bebop.parameters.BigDecimalParameter;
 import com.arsdigita.cms.BinaryAsset;
 import com.arsdigita.cms.Asset;
+import com.arsdigita.cms.FileAsset;
+import com.arsdigita.cms.FileAssetAccessChecker;
 import com.arsdigita.dispatcher.DispatcherHelper;
 import com.arsdigita.dispatcher.RequestContext;
 import com.arsdigita.domain.DataObjectNotFoundException;
@ -28,6 +30,7 @@ import com.arsdigita.domain.DomainObjectFactory;
 import com.arsdigita.mimetypes.MimeType;
 import com.arsdigita.persistence.OID;
 import com.arsdigita.toolbox.ui.OIDParameter;
+import com.arsdigita.web.Web;
 import org.apache.log4j.Logger;

 import java.io.IOException;
@ -170,6 +173,7 @@ class BaseAsset extends ResourceHandlerImpl {

            if (a instanceof BinaryAsset) {
                asset = (BinaryAsset) a;
+
            } else {
                if (s_log.isInfoEnabled()) {
                    s_log.info("Asset " + oid + " is not a BinaryAsset");
@ -189,7 +193,20 @@ class BaseAsset extends ResourceHandlerImpl {
            return;
        }

+        //check if the content asset is still published:
+//        boolean hasAccess = false;
+//        for (FileAssetAccessChecker checker : FileAsset.assetAccessCheckerList) {
+//            if(checker.hasAccess((FileAsset) asset)){
+//                hasAccess = true;
+//                break;
+//            }
+//        }
+
+        //return asset if its published or the user is logged in and hereby
+        // authorized to access content even if its unpublished.
+        if(Web.getUserContext().isLoggedIn() || asset.isLiveVersion()){
            setHeaders(response, asset);
            send(response, asset);
        }
+    }
 }