LibreCCM
/
libreccm-legacy
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Navigation Index-JSP um Sicherheitsabfragen erweitern (#1242) 

Ist vielleicht nciht die eleganteste Lösung, aber ich sehe zur Zeit keine bessere.

git-svn-id: https://svn.libreccm.org/ccm/trunk@1681 8810af33-2d31-482b-a856-94f89814c4df
master
quasi 2012-06-01 16:50:37 +00:00
parent b105e62faf
commit ec2f5b22ff
5 changed files with 90 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
ccm-navigation/src/com/arsdigita/navigation/DataCollectionDefinition.java
View File

@ -5,12 +5,12 @@
* modify it under the terms of the GNU Lesser General Public License * modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of * as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This library is distributed in the hope that it will be useful, * This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -66,8 +66,8 @@ public class DataCollectionDefinition extends LockableImpl {
public final void setObjectType(String objectType) { public final void setObjectType(String objectType) {
Assert.isUnlocked(this); Assert.isUnlocked(this);
validateObjectType(objectType);
m_objectType = objectType; m_objectType = objectType;
validateObjectType(objectType);
} }
public final void setSpecificObjectType(String specificObjectType) { public final void setSpecificObjectType(String specificObjectType) {
@ -86,6 +86,12 @@ public class DataCollectionDefinition extends LockableImpl {
} }
public void setDateAttribute(DataCollectionRenderer renderer) { public void setDateAttribute(DataCollectionRenderer renderer) {
// Stop here, if the set object type is invalid a.k.a. not installed
if(this.hasInvalidObjectType()) {
return;
}
ObjectType type = SessionManager.getMetadataRoot().getObjectType( ObjectType type = SessionManager.getMetadataRoot().getObjectType(
m_objectType); m_objectType);
s_log.debug("set date attribute for collection of " + type. s_log.debug("set date attribute for collection of " + type.
@ -124,8 +130,19 @@ public class DataCollectionDefinition extends LockableImpl {
private final void validateObjectType(String objectType) { private final void validateObjectType(String objectType) {
ObjectType type = SessionManager.getMetadataRoot().getObjectType( ObjectType type = SessionManager.getMetadataRoot().getObjectType(
objectType); objectType);
Assert.exists(type, ObjectType.class);
validateObjectType(type); // WTF: I don't need an exception if the requested objecttype doesn't exists
// That will only ruin your website
//Assert.exists(type, ObjectType.class);
if(type == null) {
m_objectType = "";
} else {
validateObjectType(type);
}
}
public boolean hasInvalidObjectType() {
return m_objectType.isEmpty();
} }
protected void validateObjectType(ObjectType type) { protected void validateObjectType(ObjectType type) {
@ -153,7 +170,7 @@ public class DataCollectionDefinition extends LockableImpl {
} }
/** /**
* Activates a filter for content types which are blacklisted * Activates a filter for content types which are blacklisted
* in the AtoZ module. * in the AtoZ module.
*/ */
public void setBlackListTypes(boolean blackListTypes) { public void setBlackListTypes(boolean blackListTypes) {
@ -181,6 +198,11 @@ public class DataCollectionDefinition extends LockableImpl {
public final DataCollection getDataCollection(NavigationModel model) { public final DataCollection getDataCollection(NavigationModel model) {
Assert.isLocked(this); Assert.isLocked(this);
// Stop here, if the set object type is invalid a.k.a. not installed
if(this.hasInvalidObjectType()) {
return null;
}
DataCollection objects = SessionManager.getSession().retrieve( DataCollection objects = SessionManager.getSession().retrieve(
m_objectType); m_objectType);

8
ccm-navigation/src/com/arsdigita/navigation/DataCollectionRenderer.java
View File

@ -123,7 +123,7 @@ public class DataCollectionRenderer extends LockableImpl {
} }
/** /**
* @param objects * @param objects
* @param pageNumber current page, starting from 1 * @param pageNumber current page, starting from 1
* @return * @return
*/ */
@ -132,9 +132,9 @@ public class DataCollectionRenderer extends LockableImpl {
Assert.isLocked(this); Assert.isLocked(this);
// Quasimodo: Begin // Quasimodo: Begin
// If objects is empty, do not insert objectList-element but do insert noContent-element // If objects is null or empty, do not insert objectList-element
// and return immediately // but do insert noContent-element and return immediately
if (objects.isEmpty()) { if (objects == null || objects.isEmpty()) {
return Navigation.newElement("noContent"); return Navigation.newElement("noContent");
} }
// Quasimodo: End // Quasimodo: End

22
ccm-navigation/src/com/arsdigita/navigation/cms/CMSDataCollectionDefinition.java
View File

@ -5,12 +5,12 @@
* modify it under the terms of the GNU Lesser General Public License * modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of * as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This library is distributed in the hope that it will be useful, * This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -22,18 +22,16 @@ package com.arsdigita.navigation.cms;
import com.arsdigita.cms.CMS; import com.arsdigita.cms.CMS;
import com.arsdigita.cms.ContentItem; import com.arsdigita.cms.ContentItem;
import com.arsdigita.cms.SecurityManager; import com.arsdigita.cms.SecurityManager;
import com.arsdigita.navigation.DataCollectionDefinition;
import com.arsdigita.navigation.NavigationModel;
import com.arsdigita.kernel.ACSObject; import com.arsdigita.kernel.ACSObject;
import com.arsdigita.kernel.Kernel; import com.arsdigita.kernel.Kernel;
import com.arsdigita.kernel.Party; import com.arsdigita.kernel.Party;
import com.arsdigita.kernel.permissions.PermissionService; import com.arsdigita.kernel.permissions.PermissionService;
import com.arsdigita.kernel.permissions.PrivilegeDescriptor; import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
import com.arsdigita.navigation.DataCollectionDefinition;
import com.arsdigita.navigation.NavigationModel;
import com.arsdigita.persistence.DataCollection; import com.arsdigita.persistence.DataCollection;
import com.arsdigita.persistence.Filter; import com.arsdigita.persistence.Filter;
import com.arsdigita.persistence.metadata.ObjectType; import com.arsdigita.persistence.metadata.ObjectType;
import com.arsdigita.util.Assert; import com.arsdigita.util.Assert;
@ -42,6 +40,7 @@ public class CMSDataCollectionDefinition extends DataCollectionDefinition {
private boolean m_filterSection = false; private boolean m_filterSection = false;
private String m_filterVersion = ContentItem.LIVE; private String m_filterVersion = ContentItem.LIVE;
@Override
protected void validateObjectType(ObjectType type) { protected void validateObjectType(ObjectType type) {
Assert.isTrue(type.isSubtypeOf(ContentItem.BASE_DATA_OBJECT_TYPE), Assert.isTrue(type.isSubtypeOf(ContentItem.BASE_DATA_OBJECT_TYPE),
"object type is a content item"); "object type is a content item");
@ -51,12 +50,13 @@ public class CMSDataCollectionDefinition extends DataCollectionDefinition {
Assert.isUnlocked(this); Assert.isUnlocked(this);
m_filterSection = filterSection; m_filterSection = filterSection;
} }
public final void setFilterVersion(String version) { public final void setFilterVersion(String version) {
Assert.isUnlocked(this); Assert.isUnlocked(this);
m_filterVersion = version; m_filterVersion = version;
} }
@Override
protected void applyFilters(DataCollection objects, protected void applyFilters(DataCollection objects,
NavigationModel model) { NavigationModel model) {
super.applyFilters(objects, model); super.applyFilters(objects, model);
@ -71,18 +71,19 @@ public class CMSDataCollectionDefinition extends DataCollectionDefinition {
CMS.getContext().getContentSection() CMS.getContext().getContentSection()
); );
} }
if (m_filterVersion != null) { if (m_filterVersion != null) {
objects.addEqualsFilter(ContentItem.VERSION, objects.addEqualsFilter(ContentItem.VERSION,
m_filterVersion); m_filterVersion);
} }
objects.addPath("masterVersion.id"); objects.addPath("masterVersion.id");
// Can remove once bz 104102 is fixed // Can remove once bz 104102 is fixed
objects.addPath("masterVersion.objectType"); objects.addPath("masterVersion.objectType");
} }
@Override
protected void checkPermissions(DataCollection objects) { protected void checkPermissions(DataCollection objects) {
// parties are assigned the cms_read_item privilege on content items // parties are assigned the cms_read_item privilege on content items
// rather than the primitive READ // rather than the primitive READ
@ -97,6 +98,7 @@ public class CMSDataCollectionDefinition extends DataCollectionDefinition {
party.getOID()); party.getOID());
} }
@Override
protected String getCategorizedObjectPath(String fragment) { protected String getCategorizedObjectPath(String fragment) {
return "parent." + fragment; return "parent." + fragment;
} }

17
ccm-navigation/src/com/arsdigita/navigation/ui/AbstractObjectList.java
View File

@ -5,12 +5,12 @@
* modify it under the terms of the GNU Lesser General Public License * modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of * as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This library is distributed in the hope that it will be useful, * This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -60,8 +60,14 @@ public abstract class AbstractObjectList
protected DataCollection getObjects(HttpServletRequest request, protected DataCollection getObjects(HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
// definition needs to know if the renderer is rendering a date
// attribute so that it can decide whether to order by date for // Stop here, if the set object type is invalid a.k.a. not installed
if (m_definition.hasInvalidObjectType()) {
return null;
}
// definition needs to know if the renderer is rendering a date
// attribute so that it can decide whether to order by date for
// a date order category // a date order category
m_definition.setDateAttribute(m_renderer); m_definition.setDateAttribute(m_renderer);
@ -103,8 +109,7 @@ public abstract class AbstractObjectList
addFilter(ff.equals("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage())). addFilter(ff.equals("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage())).
addFilter(ff.and(). addFilter(ff.and().
addFilter(ff.equals("language", GlobalizationHelper.LANG_INDEPENDENT)). addFilter(ff.equals("language", GlobalizationHelper.LANG_INDEPENDENT)).
addFilter(ff.notIn("parent", "com.arsdigita.navigation.getParentIDsOfMatchedItems") addFilter(ff.notIn("parent", "com.arsdigita.navigation.getParentIDsOfMatchedItems").set("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage())));
.set("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage())));
objects.addFilter(filter); objects.addFilter(filter);
} else { } else {
objects.addEqualsFilter("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage()); objects.addEqualsFilter("language", com.arsdigita.globalization.GlobalizationHelper.getNegotiatedLocale().getLanguage());

65
ccm-navigation/src/com/arsdigita/navigation/ui/object/ComplexObjectList.java
View File

@ -3,10 +3,13 @@
* *
* Autor: Sören Bernstein * Autor: Sören Bernstein
* *
* Diese Klasse realisiert eine ObjectList für Navigation, der man Filterbefehle für die SQL-Abfrage mitgeben kann. Auf * Diese Klasse realisiert eine ObjectList für Navigation,
* diese Weise lassen sich Objekte listen, die bestimmte Kriterien erfüllen. * der man Filterbefehle für die SQL-Abfrage mitgeben kann.
* Auf diese Weise lassen sich Objekte listen, die bestimmte
* Kriterien erfüllen.
* *
* Angelegt wurde Sie für die Auflistung der aktuellen News und Veranstalungen auf einer Navigationsseite. * Angelegt wurde Sie für die Auflistung der aktuellen News
* und Veranstalungen auf einer Navigationsseite.
*/ */
package com.arsdigita.navigation.ui.object; package com.arsdigita.navigation.ui.object;
@ -36,7 +39,7 @@ public class ComplexObjectList extends AbstractObjectList {
protected String m_filter = null; protected String m_filter = null;
protected Map m_filterParameters = new HashMap(); protected Map m_filterParameters = new HashMap();
protected Map<String, String> m_customAttributes = protected Map<String, String> m_customAttributes =
new HashMap<String, String>(); new HashMap<String, String>();
public void setCustomName(String name) { public void setCustomName(String name) {
m_customName = name; m_customName = name;
@ -47,9 +50,10 @@ public class ComplexObjectList extends AbstractObjectList {
} }
/** /**
* Hinzufügen eines SQL-Filter zur Abfrage Verarbeitet einen boolschen Filter, der SQL-konform Formatiert ist. Siehe * Hinzufügen eines SQL-Filter zur Abfrage
* PostgreSQL-Handbuch zur where-Klausel * Verarbeitet einen boolschen Filter, der SQL-konform Formatiert ist.
* * Siehe PostgreSQL-Handbuch zur where-Klausel
(??)
* @param sqlfilter * @param sqlfilter
*/ */
public void setSQLFilter(String sqlfilter) { public void setSQLFilter(String sqlfilter) {
@ -73,42 +77,43 @@ public class ComplexObjectList extends AbstractObjectList {
} }
/* /*
* Diese Methode überschreibt die Methode aus der Eltern-Klasse, um die SQL-Filter berücksichtigen zu können * die SQL-Filter berücksichtigen zu können
*/ */
@Override @Override
protected DataCollection getObjects(HttpServletRequest request, protected DataCollection getObjects(HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
DataCollection objects = super.getObjects(request, response); DataCollection objects = super.getObjects(request, response);
// Setze den Filter // Don't try do anything with a null object
if (m_filter != null) { if (objects != null) {
FilterFactory fact = objects.getFilterFactory(); // Setze den Filter
Filter sql = fact.simple(m_filter); if (m_filter != null) {
// Setze die Parameter FilterFactory fact = objects.getFilterFactory();
Iterator params = m_filterParameters.entrySet().iterator(); Filter sql = fact.simple(m_filter);
while (params.hasNext()) {
// Setze die Parameter
Iterator params = m_filterParameters.entrySet().iterator();
while (params.hasNext()) {
Map.Entry entry = (Map.Entry) params.next();
String param = (String) entry.getKey();
Object value = (Object) entry.getValue();
if (value != null) {
sql.set(param, value);
}
Map.Entry entry = (Map.Entry) params.next();
String param = (String) entry.getKey();
Object value = (Object) entry.getValue();
if (value != null) {
sql.set(param, value);
} }
objects.addFilter(sql);
} }
objects.addFilter(sql);
} }
return objects; return objects;
} }
/* /* Diese Methode wird vom Servlet aufgerufen */
* Diese Methode wird vom Servlet aufgerufen
*/
public Element generateXML(HttpServletRequest request, public Element generateXML(HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
Element content = Navigation.newElement("complexObjectList"); Element content = Navigation.newElement("complexObjectList");
@ -120,9 +125,9 @@ public class ComplexObjectList extends AbstractObjectList {
for (Map.Entry<String, String> attribute : m_customAttributes.entrySet()) { for (Map.Entry<String, String> attribute : m_customAttributes.entrySet()) {
content.addAttribute(attribute.getKey(), attribute.getValue()); content.addAttribute(attribute.getKey(), attribute.getValue());
} }
content.addContent(generateObjectListXML(request, response)); content.addContent(generateObjectListXML(request, response));
return content; return content;
} }
} }