GreetingItem beachtet nun Berechtigungen für das IndexItem

git-svn-id: https://svn.libreccm.org/ccm/trunk@1129 8810af33-2d31-482b-a856-94f89814c4df

ccm-ldn-navigation/src/com/arsdigita/london/navigation/ui/GreetingItem.java

@@ -39,6 +39,7 @@ import com.arsdigita.kernel.permissions.PermissionDescriptor;
 import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
 import com.arsdigita.london.navigation.Navigation;
+import com.arsdigita.web.LoginSignal;
 import com.arsdigita.xml.Element;
 
 /**
@@ -51,6 +52,7 @@ import com.arsdigita.xml.Element;
  * ContentPage or extend the ContentPage.
  *
  * @author <a href="mailto:dominik@redhat.com">Dominik Kacprzak</a>
+ * @author Jens Pelzetter (jensp)
  * @version $Id: GreetingItem.java 1473 2007-03-12 15:16:39Z chrisgilbert23 $
  */
 public class GreetingItem extends AbstractComponent {
@@ -81,17 +83,33 @@ public class GreetingItem extends AbstractComponent {
         // Note that the xml that is generated is only of use if you DO NOT CACHE index pages.
         // cg.
 
-        PermissionDescriptor edit = new PermissionDescriptor(PrivilegeDescriptor.
+        PermissionDescriptor edit = new PermissionDescriptor(
-                get(SecurityManager.CMS_EDIT_ITEM), item, currentParty);
+                PrivilegeDescriptor.get(SecurityManager.CMS_EDIT_ITEM),
+                item,
+                currentParty);
         if (PermissionService.checkPermission(edit)) {
             content.addAttribute("canEdit", "true");
         }
-        PermissionDescriptor publish = new PermissionDescriptor(PrivilegeDescriptor.
+        PermissionDescriptor publish = new PermissionDescriptor(
-                get(SecurityManager.CMS_PUBLISH), item, currentParty);
+                PrivilegeDescriptor.get(SecurityManager.CMS_PUBLISH),
+                item,
+                currentParty);
         if (PermissionService.checkPermission(publish)) {
             content.addAttribute("canPublish", "true");
         }
 
+        /**
+         * jensp 2011-10-02: GreetingItem/IndexItem was displayed even if the
+         * current party has no access to the item.
+         */
+        PermissionDescriptor read = new PermissionDescriptor(
+                PrivilegeDescriptor.get(SecurityManager.CMS_READ_ITEM),
+                item,
+                currentParty);
+        if (!PermissionService.checkPermission(read)) {
+            throw new LoginSignal(request);
+        }
+
         ContentBundle bundle = (ContentBundle) item;
         
         /* Fix by Jens Pelzetter, 2009-08-28
@@ -103,8 +121,7 @@ public class GreetingItem extends AbstractComponent {
          * Fixed by using negotiate() instead, which takes the locale
          * send by the User Client in account and tries to find a suitable
          * language version.
-         */
+         */ //ContentItem baseItem = bundle.getPrimaryInstance();
-        //ContentItem baseItem = bundle.getPrimaryInstance();
         ContentItem baseItem = bundle.getInstance(GlobalizationHelper.
                 getNegotiatedLocale().getLanguage());
         // If there is no matching language version for this content item
@@ -128,10 +145,11 @@ public class GreetingItem extends AbstractComponent {
 
         generateGreetingItemXml(itemEl, baseItem);
 
-        for(ExtraXMLGenerator generator : baseItem.getExtraXMLGenerators()) {
+        for (ExtraXMLGenerator generator : baseItem.getExtraXMLGenerators()) {
             try {
-                generator.generateXML(baseItem, content, new PageState(null, request,
+                generator.generateXML(baseItem, content, new PageState(null,
-                                                                   response));
+                                                                       request,
+                                                                       response));
             } catch (ServletException ex) {
                 s_log.error(ex);
             }