incorporating APLAWS patch

r1674 | chrisg23 | 2007-09-19 17:14:18 +0200 (Mi, 19 Sep 2007) Refactor - extract permission checks on action links so that concrete implementations may override the check if required git-svn-id: https://svn.libreccm.org/ccm/trunk@31 8810af33-2d31-482b-a856-94f89814c4df
2008-02-15 20:45:08 +00:00 · 2008-02-15 20:45:08 +00:00 · a3f1171a53
parent 7ec05e633f
commit a3f1171a53
2 changed files with 79 additions and 20 deletions
--- a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java
+++ b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectDetails.java
@ -78,6 +78,27 @@ public abstract class AbstractDomainObjectDetails
        Iterator actions = getDomainObjectActions();
        while (actions.hasNext()) {
            String action = (String)actions.next();
+	    if (isActionVisible(action, dobj, state)) {
+		Element actionEl = parent.newChildElement(m_prefix + ":action",
+					getNamespace());
+		actionEl.addAttribute("name", action);
+		actionEl.addAttribute("url", getDomainObjectActionLink(state,
+					dobj, action));
+	    }
+	}
+    }
+
+    /**
+     * determine whether this action should be rendered. Default
+     * implementation returns true unless a privilege has been 
+     * specified for the action in which case a permission check 
+     * is carried out for the current user.
+     * @param action
+     * @param dobj
+     * @param state
+     * @return
+     */
+    protected boolean isActionVisible (String action, DomainObject dobj, PageState state) {
 	boolean actionVisible = true;
 	PrivilegeDescriptor privilege =	getDomainObjectActionPrivilege(action);
 	if (privilege != null) {
@ -87,17 +108,9 @@ public abstract class AbstractDomainObjectDetails
 	    }
 	    Assert.truth(dobj.getObjectType().isSubtypeOf(ACSObject.BASE_DATA_OBJECT_TYPE),
 				"I can only check permissions on ACS Objects - this domain Object is not a subtype of ACSObject ");
-
 	    PermissionDescriptor permission =	new PermissionDescriptor(privilege,(ACSObject) dobj,party);
 	    actionVisible = PermissionService.checkPermission(permission);
 	}
-			if (actionVisible) {
-            Element actionEl = parent.newChildElement(m_prefix + ":action",
-                                                      getNamespace());
-            actionEl.addAttribute("name", action);
-            actionEl.addAttribute("url", 
-                                  getDomainObjectActionLink(state, dobj, action));
-        }
+	return actionVisible;
    }
 }
-}
--- a/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java
+++ b/ccm-ldn-util/src/com/arsdigita/london/util/ui/AbstractDomainObjectList.java
@ -25,8 +25,15 @@ import com.arsdigita.bebop.parameters.IntegerParameter;
 import com.arsdigita.domain.DomainObject;
 import com.arsdigita.domain.DomainCollection;
 import com.arsdigita.domain.DomainObjectXMLRenderer;
+import com.arsdigita.kernel.ACSObject;
+import com.arsdigita.kernel.Kernel;
+import com.arsdigita.kernel.Party;
+import com.arsdigita.kernel.permissions.PermissionDescriptor;
+import com.arsdigita.kernel.permissions.PermissionService;
+import com.arsdigita.kernel.permissions.PrivilegeDescriptor;

 import com.arsdigita.xml.Element;
+import com.arsdigita.util.Assert;
 import com.arsdigita.web.URL;
 import com.arsdigita.web.ParameterMap;
 import com.arsdigita.web.Web;
@ -95,12 +102,51 @@ public abstract class AbstractDomainObjectList
        Iterator actions = getDomainObjectActions();
        while (actions.hasNext()) {
            String action = (String)actions.next();
+            
+            if (isActionVisible(action, dobj, state)) {
            Element el = generateActionXML(state, dobj, action);
            objEl.addContent(el);
        }
+        }
+        
+              
+        
+        
        return objEl;
    }
    
+    /**
+	 * determine whether this action should be rendered. Default
+	 * implementation returns true unless a privilege has been 
+	 * specified for the action in which case a permission check 
+	 * is carried out for the current user.
+	 * @param action
+	 * @param dobj
+	 * @param state
+	 * @return
+	 */
+	protected boolean isActionVisible (String action, DomainObject dobj, PageState state) {
+    	boolean actionVisible = true;
+        PrivilegeDescriptor privilege = getDomainObjectActionPrivilege(action);
+        if (privilege != null) {
+            Party party = Kernel.getContext().getParty();
+            if (party == null) {
+                party = Kernel.getPublicUser();
+            }
+            Assert
+                    .truth(
+                            dobj.getObjectType().isSubtypeOf(
+                                    ACSObject.BASE_DATA_OBJECT_TYPE),
+                            "I can only check permissions on ACS Objects - this domain Object is not a subtype of ACSObject ");
+
+            PermissionDescriptor permission = new PermissionDescriptor(
+                    privilege, (ACSObject) dobj, party);
+            actionVisible = PermissionService.checkPermission(permission);
+        }
+        return actionVisible;
+    }
+    
+    
    protected Element generatePaginatorXML(PageState state,
                                           DomainCollection objs) {
        Integer pageNumberVal = (Integer)state.getValue(m_pageNumber);