From 51ce088f92fef6d86bef648668f88784ccbbb5d3 Mon Sep 17 00:00:00 2001
From: jensp <jensp@8810af33-2d31-482b-a856-94f89814c4df>
Date: Fri, 2 Mar 2018 15:32:44 +0000
Subject: [PATCH] CCM NG: Fixed permission check for Assets (#2801)

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@5324 8810af33-2d31-482b-a856-94f89814c4df
---
 .../contentsection/AssetRepository.java       | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java b/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java
index 74abde765..67eaf2f46 100644
--- a/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java
@@ -18,6 +18,8 @@
  */
 package org.librecms.contentsection;
 
+import com.arsdigita.kernel.KernelConfig;
+
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.libreccm.auditing.AbstractAuditedEntityRepository;
@@ -25,6 +27,7 @@ import org.libreccm.categorization.Categorization;
 import org.libreccm.categorization.Category;
 import org.libreccm.categorization.CategoryManager;
 import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
+import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.core.CcmObjectRepository;
 import org.libreccm.core.UnexpectedErrorException;
 import org.libreccm.security.AuthorizationRequired;
@@ -33,8 +36,10 @@ import org.libreccm.security.PermissionChecker;
 import org.libreccm.security.PermissionManager;
 import org.libreccm.security.RequiresPrivilege;
 import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
 import org.libreccm.security.Shiro;
 import org.libreccm.security.User;
+import org.libreccm.security.UserRepository;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import org.librecms.contentsection.rs.Assets;
 
@@ -73,6 +78,9 @@ public class AssetRepository
 
     @Inject
     private CcmObjectRepository ccmObjectRepo;
+    
+    @Inject
+    private ConfigurationManager confManager;
 
     @Inject
     private EntityManager entityManager;
@@ -86,8 +94,14 @@ public class AssetRepository
     @Inject
     private PermissionManager permissionManager;
 
+    @Inject
+    private RoleManager roleManager;
+    
     @Inject
     private Shiro shiro;
+    
+    @Inject
+    private UserRepository userRepository;
 
     @Override
     public Long getEntityId(final Asset asset) {
@@ -677,7 +691,25 @@ public class AssetRepository
                 .map(membership -> membership.getRole())
                 .collect(Collectors.toList());
         } else {
-            roles = Collections.emptyList();
+            
+            final Optional<User> publicUser;
+            
+            final KernelConfig kernelConfig = confManager
+                .findConfiguration(KernelConfig.class);
+            final String principal = (String) shiro
+                .getPublicUser()
+                .getPrincipal();
+            if (kernelConfig.emailIsPrimaryIdentifier()) {
+                publicUser = userRepository.findByEmailAddress(principal);
+            } else {
+                publicUser = userRepository.findByName(principal);
+            }
+
+            if (publicUser.isPresent()) {
+                roles = roleManager.findAllRolesForUser(publicUser.get());
+            } else {
+                roles = Collections.emptyList();
+            }
         }
 
         final boolean isSystemUser = shiro.isSystemUser();