diff --git a/ccm-cms/src/com/arsdigita/cms/dispatcher/SimpleXMLGenerator.java b/ccm-cms/src/com/arsdigita/cms/dispatcher/SimpleXMLGenerator.java index fb47c4fb6..b35d797c4 100755 --- a/ccm-cms/src/com/arsdigita/cms/dispatcher/SimpleXMLGenerator.java +++ b/ccm-cms/src/com/arsdigita/cms/dispatcher/SimpleXMLGenerator.java @@ -106,6 +106,10 @@ public class SimpleXMLGenerator implements XMLGenerator { if (PermissionService.checkPermission(edit)) { parent.addAttribute("canEdit", "true"); } + PermissionDescriptor publish = new PermissionDescriptor(PrivilegeDescriptor.get(SecurityManager.CMS_PUBLISH), item, currentParty); + if (PermissionService.checkPermission(publish)) { + parent.addAttribute("canPublish", "true"); + } String className = item.getDefaultDomainClass(); // Ensure correct subtype of ContentItem is instantiated diff --git a/ccm-cms/src/com/arsdigita/cms/ui/authoring/NewItemForm.java b/ccm-cms/src/com/arsdigita/cms/ui/authoring/NewItemForm.java index 6fe580737..587f4ffbf 100755 --- a/ccm-cms/src/com/arsdigita/cms/ui/authoring/NewItemForm.java +++ b/ccm-cms/src/com/arsdigita/cms/ui/authoring/NewItemForm.java @@ -33,7 +33,14 @@ import com.arsdigita.bebop.parameters.BigDecimalParameter; import com.arsdigita.cms.ContentSection; import com.arsdigita.cms.ContentType; import com.arsdigita.cms.ContentTypeCollection; +import com.arsdigita.cms.SecurityManager; import com.arsdigita.globalization.GlobalizedMessage; +import com.arsdigita.kernel.Kernel; +import com.arsdigita.kernel.Party; +import com.arsdigita.kernel.permissions.PermissionDescriptor; +import com.arsdigita.kernel.permissions.PermissionManager; +import com.arsdigita.kernel.permissions.PermissionService; +import com.arsdigita.kernel.permissions.PrivilegeDescriptor; import com.arsdigita.util.UncheckedWrapperException; import com.arsdigita.xml.Element; @@ -104,7 +111,27 @@ public abstract class NewItemForm extends Form { if(!c.isEmpty()) { // Add content types while(c.next()) { + boolean list = true; ContentType type = c.getContentType(); + if (PermissionService.getDirectGrantedPermissions(type.getOID()).size() > 0) { + // chris gilbert - allow restriction of some types to certain + // users/groups. No interface to do this, but group could be + // created and permission granted in a content type loader + // + // can't permission filter the collection because most types + // will have no permissions granted. This approach involves + // a small overhead getting the count of granted permissions for + // each type (mitigated by only checking DIRECT permissions) + + Party party = Kernel.getContext().getParty(); + if (party == null) { + party = Kernel.getPublicUser(); + } + PermissionDescriptor create = new PermissionDescriptor(PrivilegeDescriptor.get(SecurityManager.CMS_NEW_ITEM), type, party ); + list = PermissionService.checkPermission(create); + + } + if (list) { //for dp content type label localization //String t = type.getAssociatedObjectType(); String cn = type.getClassName(); @@ -118,6 +145,8 @@ public abstract class NewItemForm extends Form { (type.getID().toString(), type.getLabel())); } } + + } c.reset(); } }