diff --git a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java index e65d45104..ca75141d9 100755 --- a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java +++ b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java @@ -78,26 +78,39 @@ public abstract class AbstractDomainObjectDetails Iterator actions = getDomainObjectActions(); while (actions.hasNext()) { String action = (String)actions.next(); - boolean actionVisible = true; - PrivilegeDescriptor privilege = getDomainObjectActionPrivilege(action); - if (privilege != null) { - Party party = Kernel.getContext().getParty(); - if (party == null) { - party = Kernel.getPublicUser(); - } - Assert.truth(dobj.getObjectType().isSubtypeOf(ACSObject.BASE_DATA_OBJECT_TYPE), - "I can only check permissions on ACS Objects - this domain Object is not a subtype of ACSObject "); + if (isActionVisible(action, dobj, state)) { + Element actionEl = parent.newChildElement(m_prefix + ":action", + getNamespace()); + actionEl.addAttribute("name", action); + actionEl.addAttribute("url", getDomainObjectActionLink(state, + dobj, action)); + } + } + } - PermissionDescriptor permission = new PermissionDescriptor(privilege,(ACSObject) dobj,party); - actionVisible = PermissionService.checkPermission(permission); - } - if (actionVisible) { - Element actionEl = parent.newChildElement(m_prefix + ":action", - getNamespace()); - actionEl.addAttribute("name", action); - actionEl.addAttribute("url", - getDomainObjectActionLink(state, dobj, action)); - } + /** + * determine whether this action should be rendered. Default + * implementation returns true unless a privilege has been + * specified for the action in which case a permission check + * is carried out for the current user. + * @param action + * @param dobj + * @param state + * @return + */ + protected boolean isActionVisible (String action, DomainObject dobj, PageState state) { + boolean actionVisible = true; + PrivilegeDescriptor privilege = getDomainObjectActionPrivilege(action); + if (privilege != null) { + Party party = Kernel.getContext().getParty(); + if (party == null) { + party = Kernel.getPublicUser(); + } + Assert.truth(dobj.getObjectType().isSubtypeOf(ACSObject.BASE_DATA_OBJECT_TYPE), + "I can only check permissions on ACS Objects - this domain Object is not a subtype of ACSObject "); + PermissionDescriptor permission = new PermissionDescriptor(privilege,(ACSObject) dobj,party); + actionVisible = PermissionService.checkPermission(permission); + } + return actionVisible; } } -} diff --git a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java index c8998628a..ddfccc208 100755 --- a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java +++ b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java @@ -25,8 +25,15 @@ import com.arsdigita.bebop.parameters.IntegerParameter; import com.arsdigita.domain.DomainObject; import com.arsdigita.domain.DomainCollection; import com.arsdigita.domain.DomainObjectXMLRenderer; +import com.arsdigita.kernel.ACSObject; +import com.arsdigita.kernel.Kernel; +import com.arsdigita.kernel.Party; +import com.arsdigita.kernel.permissions.PermissionDescriptor; +import com.arsdigita.kernel.permissions.PermissionService; +import com.arsdigita.kernel.permissions.PrivilegeDescriptor; import com.arsdigita.xml.Element; +import com.arsdigita.util.Assert; import com.arsdigita.web.URL; import com.arsdigita.web.ParameterMap; import com.arsdigita.web.Web; @@ -95,12 +102,51 @@ public abstract class AbstractDomainObjectList Iterator actions = getDomainObjectActions(); while (actions.hasNext()) { String action = (String)actions.next(); + + if (isActionVisible(action, dobj, state)) { Element el = generateActionXML(state, dobj, action); objEl.addContent(el); } + } + + + + return objEl; } + /** + * determine whether this action should be rendered. Default + * implementation returns true unless a privilege has been + * specified for the action in which case a permission check + * is carried out for the current user. + * @param action + * @param dobj + * @param state + * @return + */ + protected boolean isActionVisible (String action, DomainObject dobj, PageState state) { + boolean actionVisible = true; + PrivilegeDescriptor privilege = getDomainObjectActionPrivilege(action); + if (privilege != null) { + Party party = Kernel.getContext().getParty(); + if (party == null) { + party = Kernel.getPublicUser(); + } + Assert + .truth( + dobj.getObjectType().isSubtypeOf( + ACSObject.BASE_DATA_OBJECT_TYPE), + "I can only check permissions on ACS Objects - this domain Object is not a subtype of ACSObject "); + + PermissionDescriptor permission = new PermissionDescriptor( + privilege, (ACSObject) dobj, party); + actionVisible = PermissionService.checkPermission(permission); + } + return actionVisible; + } + + protected Element generatePaginatorXML(PageState state, DomainCollection objs) { Integer pageNumberVal = (Integer)state.getValue(m_pageNumber);