CCM NG/ccm-cms: Bugfixes

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4784 8810af33-2d31-482b-a856-94f89814c4df

Former-commit-id: bca4d95dbd

ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java

@@ -293,11 +293,13 @@ public class CMSPage extends Page implements ResourceHandler {
         if (itemId != null) {
             final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
             final ContentItemRepository itemRepo = cdiUtil.findBean(ContentItemRepository.class);
-            final ContentItem item = itemRepo.findById(Long.parseLong("item_id")).get();
+            final ContentItem item = itemRepo
+                .findById(Long.parseLong(itemId)).get();
             final PermissionChecker permissionChecker = cdiUtil.findBean(
                 PermissionChecker.class);
             permissionChecker.checkPermission(ItemPrivileges.PREVIEW, 
                                               item);
+            CMS.getContext().setContentItem(item);
         }
         
         final Document document = buildDocument(request, response);

ccm-cms/src/main/java/org/librecms/contentsection/ContentItemRepository.java

@@ -32,6 +32,7 @@ import org.libreccm.core.CcmObjectRepository;
 import org.libreccm.core.UnexpectedErrorException;
 import org.libreccm.security.PermissionChecker;
 import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
 
 import java.util.List;
 import java.util.Optional;
@@ -44,8 +45,11 @@ import javax.persistence.TypedQuery;
 
 import org.libreccm.security.Shiro;
 import org.libreccm.security.User;
+import org.libreccm.security.UserManager;
+import org.libreccm.security.UserRepository;
 import org.libreccm.workflow.Workflow;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.stream.Collectors;
 
@@ -75,6 +79,15 @@ public class ContentItemRepository
     @Inject
     private Shiro shiro;
 
+    @Inject
+    private UserRepository userRepository;
+
+    @Inject
+    private UserManager userManager;
+
+    @Inject
+    private RoleManager roleManager;
+
     @Inject
     private PermissionChecker permissionChecker;
 
@@ -110,6 +123,7 @@ public class ContentItemRepository
      * @return The content item identified by the provided {@code itemId} or
      *         nothing if there is such content item.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public Optional<ContentItem> findById(final long itemId) {
 
         final TypedQuery<ContentItem> query = getEntityManager()
@@ -166,6 +180,7 @@ public class ContentItemRepository
      * @return The content item identified by the provided {@code uuid} or
      *         nothing if there is such content item.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public Optional<ContentItem> findByUuid(final String uuid) {
 
         final TypedQuery<ContentItem> query = getEntityManager()
@@ -193,6 +208,7 @@ public class ContentItemRepository
      *         {@link Optional} if there is no such item or if it is not of the
      *         requested type.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     @SuppressWarnings("unchecked")
     public <T extends ContentItem> Optional<T> findByUuid(final String uuid,
                                                           final Class<T> type) {
@@ -224,6 +240,7 @@ public class ContentItemRepository
      *
      * @return A list of all content items of the requested type.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     @SuppressWarnings("unchecked")
     public <T extends ContentItem> List<T> findByType(final Class<T> type) {
 
@@ -242,6 +259,7 @@ public class ContentItemRepository
      *
      * @return A list of all items in the provided folder.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public List<ContentItem> findByFolder(final Category folder) {
 
         final TypedQuery<ContentItem> query = getEntityManager()
@@ -260,6 +278,7 @@ public class ContentItemRepository
      *
      * @return The number of content items in the category/folder.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public long countItemsInFolder(final Category folder) {
 
         final TypedQuery<Long> query = getEntityManager()
@@ -499,20 +518,29 @@ public class ContentItemRepository
         final Optional<User> user = shiro.getUser();
         final List<Role> roles;
         if (user.isPresent()) {
-            roles = user
+            final User theUser = userRepository
-                .get()
+                .findById(user.get().getPartyId())
-                .getRoleMemberships()
+                .orElseThrow(() -> new IllegalArgumentException(String
-                .stream()
+                .format(
-                .map(membership -> membership.getRole())
+                    "No user with id %d in the database. "
-                .collect(Collectors.toList());
+                        + "Where did that ID come from?",
+                    user.get().getPartyId())));
+            roles = roleManager.findAllRolesForUser(theUser);
         } else {
+
             roles = Collections.emptyList();
         }
 
         final boolean isSystemUser = shiro.isSystemUser();
         final boolean isAdmin = permissionChecker.isPermitted("*");
 
+        // The roles collection is passed to an IN JPQL query. JPQL/SQL
+        // does not allow empty collections as paramete of IN. But null works...
+        if (roles.isEmpty()) {
+            query.setParameter("roles", null);
+        } else {
             query.setParameter("roles", roles);
+        }
         query.setParameter("isSystemUser", isSystemUser);
         query.setParameter("isAdmin", isAdmin);
     }

ccm-core/src/main/java/org/libreccm/security/RoleManager.java

@@ -20,7 +20,11 @@ package org.libreccm.security;
 
 import org.libreccm.core.CoreConstants;
 
+import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
@@ -128,6 +132,7 @@ public class RoleManager {
      *
      * @param party The party to check.
      * @param role  The role to check.
+     *
      * @return {@code true} if the provided {@code role} is assigned to the
      *         provided {@code party}.
      */
@@ -142,4 +147,40 @@ public class RoleManager {
         return !result.isEmpty();
     }
 
+    /**
+     * Finds all roles directly or indirectly assigned to a user.
+     *
+     * @param user The user
+     *
+     * @return A list of all roles assigned to the user or to a group the user
+     *         is a member of, sorted by name.
+     */
+    @Transactional(Transactional.TxType.REQUIRED)
+    public List<Role> findAllRolesForUser(final User user) {
+
+        final List<Role> directlyAssigned = user
+            .getRoleMemberships()
+            .stream()
+            .map(membership -> membership.getRole())
+            .collect(Collectors.toList());
+
+        final Set<Role> roles = new HashSet<>();
+
+        final List<Group> groups = user
+            .getGroupMemberships()
+            .stream()
+            .map(membership -> membership.getGroup())
+            .collect(Collectors.toList());
+
+        for (final Group group : groups) {
+            roles.addAll(group
+                .getRoleMemberships()
+                .stream()
+                .map(membership -> membership.getRole())
+                .collect(Collectors.toList()));
+        }
+        
+        return new ArrayList<>(roles);
+    }
+
 }