From 5c2c27e4aa8f8ca8b87b0c05477451619c027aab Mon Sep 17 00:00:00 2001 From: Jens Pelzetter Date: Tue, 2 Mar 2021 20:33:16 +0100 Subject: [PATCH] Some refactoring Former-commit-id: dfe53097a12da0301837f3d7f1cf72373820efe1 --- .../arsdigita/cms/ui/ContentSectionPage.java | 3 +- .../cms/ui/workflow/BaseTaskForm.java | 2 +- .../cms/ui/workflow/BaseWorkflowForm.java | 2 +- .../cms/ui/workflow/BaseWorkflowItemPane.java | 4 +- .../cms/ui/workflow/ItemWorkflowItemPane.java | 3 +- .../cms/ui/workflow/TaskAddRole.java | 3 +- .../cms/ui/workflow/TaskItemPane.java | 5 +- .../cms/ui/workflow/WorkflowAdminPane.java | 4 +- .../contentsection/ContentSectionManager.java | 6 +- .../contentsection/ContentSectionSetup.java | 2 +- .../privileges/AdminPrivileges.java | 2 +- .../AdminPermissionsChecker.java | 55 +++++ .../AssetFolderController.java | 104 +++------ .../ui/contentsections/AssetFolderTree.java | 2 +- .../AssetPermissionsChecker.java | 117 ++++++++++ ...ava => AssetPermissionsModelProvider.java} | 26 +-- .../ConfigurationController.java | 3 +- .../contentsections/ContentSectionModel.java | 3 +- .../ui/contentsections/ContentSectionsUi.java | 85 +++---- .../DocumentFolderController.java | 210 ++++++----------- .../ItemPermissionChecker.java | 214 ++++++++++++++++++ .../TypePermissionsChecker.java | 31 +++ 22 files changed, 596 insertions(+), 290 deletions(-) create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java rename ccm-cms/src/main/java/org/librecms/ui/contentsections/{AssetPermissions.java => AssetPermissionsModelProvider.java} (59%) create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java create mode 100644 ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java index 0bf6e499c..94b4d4701 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java @@ -190,8 +190,7 @@ public class ContentSectionPage extends CMSPage implements ActionListener { m_tabbedPane.setTabVisible( state, m_workflowPane, - permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW)); + permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS)); m_tabbedPane.setTabVisible( state, m_categoryPane, diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java index 0b927a77c..eb90d1288 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java @@ -91,7 +91,7 @@ class BaseTaskForm extends BaseForm { addAction(new Finish()); addAction(new Cancel()); - addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS); addValidationListener(new ValidationListener()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java index bfaecd32e..51987d2f2 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java @@ -49,7 +49,7 @@ class BaseWorkflowForm extends BaseForm { addAction(new Finish()); addAction(new Cancel()); - addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS); addValidationListener(new ValidationListener()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java index d75ca8208..967151096 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java @@ -128,7 +128,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane { protected class AdminVisible extends VisibilityComponent { public AdminVisible(final Component child) { - super(child, AdminPrivileges.ADMINISTER_WORKFLOW); + super(child, AdminPrivileges.ADMINISTER_WORKFLOWS); } } @@ -184,7 +184,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane { TaskDeleteForm() { super(new Label(gz("cms.ui.workflow.task.delete_prompt"))); - addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS); } @Override diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java index 10ea0b1a6..b1b468913 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java @@ -87,8 +87,7 @@ final class ItemWorkflowItemPane extends BaseWorkflowItemPane { final ContentSection section = CMS.getContext().getContentSection(); - return permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW, section); + return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java index 110947e47..16916ceef 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java @@ -164,8 +164,7 @@ class TaskAddRole extends CMSForm { final PermissionChecker permissionChecker = cdiUtil.findBean( PermissionChecker.class); - if (!permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW)) { + if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS)) { throw new FormProcessException( new GlobalizedMessage( "cms.ui.workflow.insufficient_privileges", diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java index 14c65461d..b246082ec 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java @@ -119,14 +119,13 @@ final class TaskItemPane extends BaseItemPane { final PermissionChecker permissionChecker = cdiUtil.findBean( PermissionChecker.class); - return permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW); + return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS); } private class AdminVisible extends VisibilityComponent { public AdminVisible(final Component child) { - super(child, AdminPrivileges.ADMINISTER_WORKFLOW); + super(child, AdminPrivileges.ADMINISTER_WORKFLOWS); } } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java index 66bf9b690..7268269b2 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java @@ -56,7 +56,7 @@ public final class WorkflowAdminPane extends BaseAdminPane { getDeleteLink())); addAction(new VisibilityComponent( - getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW)); + getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOWS)); } private class DeleteForm extends BaseDeleteForm { @@ -64,7 +64,7 @@ public final class WorkflowAdminPane extends BaseAdminPane { DeleteForm() { super(gz("cms.ui.workflow.delete_prompt")); - addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS); } @Override diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java index 7582c9bd4..70c936d25 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java @@ -186,7 +186,7 @@ public class ContentSectionManager { addRoleToContentSection(section, MANAGER, AdminPrivileges.ADMINISTER_ROLES, - AdminPrivileges.ADMINISTER_WORKFLOW, + AdminPrivileges.ADMINISTER_WORKFLOWS, AdminPrivileges.ADMINISTER_LIFECYLES, AdminPrivileges.ADMINISTER_CATEGORIES, AdminPrivileges.ADMINISTER_CONTENT_TYPES, @@ -424,7 +424,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void addWorkflowTemplateToContentSection( final Workflow template, - @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS) final ContentSection section) { Objects.requireNonNull(template); @@ -451,7 +451,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void removeWorkflowTemplateFromContentSection( final Workflow template, - @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS) final ContentSection section) { section.removeWorkflowTemplate(template); diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java index 38d529a39..23ae695dd 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java @@ -201,7 +201,7 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup { grantPermissions(manager, section, AdminPrivileges.ADMINISTER_ROLES, - AdminPrivileges.ADMINISTER_WORKFLOW, + AdminPrivileges.ADMINISTER_WORKFLOWS, AdminPrivileges.ADMINISTER_LIFECYLES, AdminPrivileges.ADMINISTER_CATEGORIES, AdminPrivileges.ADMINISTER_CONTENT_TYPES); diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java index b4d5891e1..4a54f0471 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java @@ -71,7 +71,7 @@ public final class AdminPrivileges { * * @see ContentSection#workflowTemplates */ - public static final String ADMINISTER_WORKFLOW = "administer_workflow"; + public static final String ADMINISTER_WORKFLOWS = "administer_workflows"; private AdminPrivileges() { //Nothing diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java new file mode 100644 index 000000000..b09e74f6a --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java @@ -0,0 +1,55 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +import org.libreccm.security.PermissionChecker; +import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.AdminPrivileges; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class AdminPermissionsChecker { + + @Inject + private PermissionChecker permissionChecker; + + public boolean canAdministerCategories(final ContentSection section) { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_CATEGORIES, section + ); + } + + public boolean canAdministerContentTypes(final ContentSection section) { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_CONTENT_TYPES, section + ); + } + + public boolean canAdministerLifecycles(final ContentSection section) { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_LIFECYLES, section + ); + } + + public boolean canAdministerRoles(final ContentSection section) { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_ROLES, section + ); + } + + public boolean canAdministerWorkflows(final ContentSection section) { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_WORKFLOWS, section + ); + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java index 15d5cec62..36002fc76 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java @@ -5,8 +5,6 @@ */ package org.librecms.ui.contentsections; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import org.libreccm.l10n.GlobalizationHelper; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.PermissionChecker; @@ -18,7 +16,6 @@ import org.librecms.contentsection.AssetFolderEntry; import org.librecms.contentsection.AssetManager; import org.librecms.contentsection.AssetRepository; import org.librecms.contentsection.ContentSection; -import org.librecms.contentsection.ContentSectionRepository; import org.librecms.contentsection.Folder; import org.librecms.contentsection.FolderManager; import org.librecms.contentsection.FolderRepository; @@ -46,7 +43,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; - /** * * @author Jens Pelzetter @@ -63,7 +59,10 @@ public class AssetFolderController { private AssetFolderTree assetFolderTree; @Inject - private AssetPermissions assetPermissions; + private AssetPermissionsModelProvider assetPermissions; + + @Inject + private AssetPermissionsChecker assetPermissionsChecker; @Inject private AssetManager assetManager; @@ -74,9 +73,6 @@ public class AssetFolderController { @Inject private ContentSectionModel contentSectionModel; - @Inject - private ContentSectionRepository sectionRepo; - @Inject private ContentSectionsUi sectionsUi; @@ -98,19 +94,12 @@ public class AssetFolderController { @Inject private Models models; - @Inject - private PermissionChecker permissionChecker; - @Inject private PermissionManager permissionManager; @Inject private RoleRepository roleRepo; - private static final Logger LOGGER = LogManager.getLogger( - AssetFolderController.class - ); - @GET @Path("/") @AuthorizationRequired @@ -145,9 +134,7 @@ public class AssetFolderController { } final ContentSection section = sectionResult.get(); - if (!permissionChecker.isPermitted( - AssetPrivileges.EDIT, section.getRootAssetsFolder() - )) { + if (!assetPermissionsChecker.canEditAssets(section)) { sectionsUi.showAccessDenied("sectionIdentifier", sectionIdentifier); } @@ -172,7 +159,7 @@ public class AssetFolderController { } } - if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { + if (!assetPermissionsChecker.canEditAssets(folder)) { return sectionsUi.showAccessDenied( "sectionIdentifier", sectionIdentifier, "folderPath", folderPath @@ -200,10 +187,10 @@ public class AssetFolderController { assetFolderModel.setPath(folderPath); assetFolderModel.setCanCreateSubFolders( - permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) + assetPermissionsChecker.canCreateAssets(folder) ); assetFolderModel.setCanCreateAssets( - permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) + assetPermissionsChecker.canCreateAssets(folder) ); assetFolderModel.setGrantedPermissions( grantedPrivileges.buildPermissionsMatrix(section, folder) @@ -240,19 +227,17 @@ public class AssetFolderController { @PathParam("parentFolderPath") final String parentFolderPath, @FormParam("folderName") final String folderName ) { - final RetrieveResult sectionResult = sectionsUi - .retrieveContentSection(sectionIdentifier); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); final ContentSection section; - if (sectionResult.isSuccessful()) { - section = sectionResult.getResult(); + if (sectionResult.isPresent()) { + section = sectionResult.get(); } else { - return sectionResult.getFailedResponseTemplate(); + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } - if (!permissionChecker.isPermitted( - AssetPrivileges.EDIT, section.getRootAssetsFolder() - )) { + if (!assetPermissionsChecker.canEditAssets(section)) { return sectionsUi.showAccessDenied( "sectionIdentifier", sectionIdentifier ); @@ -277,9 +262,7 @@ public class AssetFolderController { } } - if (!permissionChecker.isPermitted( - AssetPrivileges.CREATE_NEW, parentFolder - )) { + if (!assetPermissionsChecker.canEditAssets(parentFolder)) { return sectionsUi.showAccessDenied( "sectionIdentifier", sectionIdentifier, "folderPath", parentFolderPath @@ -320,17 +303,15 @@ public class AssetFolderController { @FormParam("permissions") final List permissions ) { - final RetrieveResult sectionResult = sectionsUi - .retrieveContentSection(sectionIdentifier); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); final ContentSection section; - if (sectionResult.isSuccessful()) { - section = sectionResult.getResult(); + if (sectionResult.isPresent()) { + section = sectionResult.get(); } else { - return sectionResult.getFailedResponseTemplate(); + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } - if (!permissionChecker.isPermitted( - AssetPrivileges.EDIT, section.getRootAssetsFolder() - )) { + if (!assetPermissionsChecker.canEditAssets(section)) { models.put("sectionidentifier", sectionIdentifier); return "org/librecms/ui/contentsection/access-denied.xhtml"; } @@ -357,7 +338,7 @@ public class AssetFolderController { } } - if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { + if (!assetPermissionsChecker.canEditAssets(folder)) { models.put("sectionidentifier", sectionIdentifier); models.put("folderPath", folderPath); return "org/librecms/ui/contentsection/access-denied.xhtml"; @@ -405,17 +386,15 @@ public class AssetFolderController { @PathParam("folderPath") final String folderPath, @FormParam("folderName") final String folderName ) { - final RetrieveResult sectionResult = sectionsUi - .retrieveContentSection(sectionIdentifier); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); final ContentSection section; - if (sectionResult.isSuccessful()) { - section = sectionResult.getResult(); + if (sectionResult.isPresent()) { + section = sectionResult.get(); } else { - return sectionResult.getFailedResponseTemplate(); + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } - if (!permissionChecker.isPermitted( - AssetPrivileges.EDIT, section.getRootAssetsFolder() - )) { + if (!assetPermissionsChecker.canEditAssets(section)) { models.put("sectionidentifier", sectionIdentifier); return "org/librecms/ui/contentsection/access-denied.xhtml"; } @@ -437,7 +416,7 @@ public class AssetFolderController { return "org/librecms/ui/contentsection/assetfolder/assetfolder-not-found.xhtml"; } - if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { + if (!assetPermissionsChecker.canEditAssets(folder)) { models.put("sectionidentifier", sectionIdentifier); models.put("folderPath", folderPath); return "org/librecms/ui/contentsection/access-denied.xhtml"; @@ -459,31 +438,6 @@ public class AssetFolderController { ); } -// private Optional retrieveContentSection( -// final String sectionIdentifier -// ) { -// final Identifier identifier = identifierParser.parseIdentifier( -// sectionIdentifier -// ); -// -// final Optional sectionResult; -// switch (identifier.getType()) { -// case ID: -// sectionResult = sectionRepo.findById( -// Long.parseLong(identifier.getIdentifier()) -// ); -// break; -// case UUID: -// sectionResult = sectionRepo.findByUuid(identifier -// .getIdentifier()); -// break; -// default: -// sectionResult = sectionRepo.findByLabel(identifier -// .getIdentifier()); -// break; -// } -// return sectionResult; -// } private String showAssetFolderNotFound( final ContentSection section, final String folderPath ) { diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java index 2c35cb49d..82ed66de5 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java @@ -20,7 +20,7 @@ public class AssetFolderTree extends AbstractFolderTree { @Inject - private AssetPermissions assetPermissions; + private AssetPermissionsModelProvider assetPermissions; @Override public AssetFolderTreeNode newFolderTreeNode() { diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java new file mode 100644 index 000000000..19d861c8d --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java @@ -0,0 +1,117 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +import org.libreccm.security.PermissionChecker; +import org.librecms.contentsection.Asset; +import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.Folder; +import org.librecms.contentsection.privileges.AssetPrivileges; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class AssetPermissionsChecker { + + @Inject + private PermissionChecker permissionChecker; + + public boolean canCreateAssets(final Asset asset) { + return permissionChecker.isPermitted( + AssetPrivileges.CREATE_NEW, asset + ); + } + + public boolean canCreateAssets(final ContentSection section) { + return permissionChecker.isPermitted( + AssetPrivileges.CREATE_NEW, section.getRootAssetsFolder() + ); + } + + public boolean canCreateAssets(final Folder folder) { + return permissionChecker.isPermitted( + AssetPrivileges.CREATE_NEW, folder + ); + } + + public boolean canDeleteAssets(final Asset asset) { + return permissionChecker.isPermitted( + AssetPrivileges.DELETE, asset + ); + } + + public boolean canDeleteAssets(final ContentSection section) { + return permissionChecker.isPermitted( + AssetPrivileges.DELETE, section.getRootAssetsFolder() + ); + } + + public boolean canDeleteAssets(final Folder folder) { + return permissionChecker.isPermitted( + AssetPrivileges.DELETE, folder + ); + } + + public boolean canUseAssets(final Asset asset) { + return permissionChecker.isPermitted( + AssetPrivileges.USE, asset + ); + } + + public boolean canUseAssets(final ContentSection section) { + return permissionChecker.isPermitted( + AssetPrivileges.USE, section.getRootAssetsFolder() + ); + } + + public boolean canUseAssets(final Folder folder) { + return permissionChecker.isPermitted( + AssetPrivileges.USE, folder + ); + } + + public boolean canEditAssets(final Asset asset) { + return permissionChecker.isPermitted( + AssetPrivileges.EDIT, asset + ); + } + + public boolean canEditAssets(final ContentSection section) { + return permissionChecker.isPermitted( + AssetPrivileges.EDIT, section.getRootAssetsFolder() + ); + } + + public boolean canEditAssets(final Folder folder) { + return permissionChecker.isPermitted( + AssetPrivileges.EDIT, folder + ); + } + + public boolean canViewAssets(final Asset asset) { + return permissionChecker.isPermitted( + AssetPrivileges.VIEW, asset + ); + } + + public boolean canViewAssets(final ContentSection section) { + return permissionChecker.isPermitted( + AssetPrivileges.VIEW, section.getRootAssetsFolder() + ); + } + + public boolean canViewAssets(final Folder folder) { + return permissionChecker.isPermitted( + AssetPrivileges.VIEW, folder + ); + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissions.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsModelProvider.java similarity index 59% rename from ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissions.java rename to ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsModelProvider.java index fac5243e8..52e9ed1bc 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissions.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsModelProvider.java @@ -5,10 +5,8 @@ */ package org.librecms.ui.contentsections; -import org.libreccm.security.PermissionChecker; import org.librecms.contentsection.Asset; import org.librecms.contentsection.Folder; -import org.librecms.contentsection.privileges.AssetPrivileges; import javax.enterprise.context.Dependent; import javax.inject.Inject; @@ -18,29 +16,29 @@ import javax.inject.Inject; * @author Jens Pelzetter */ @Dependent -class AssetPermissions { +class AssetPermissionsModelProvider { @Inject - private PermissionChecker permissionChecker; + private AssetPermissionsChecker permissionChecker; public AssetPermissionsModel buildAssetPermissionsModel( final Folder folder ) { final AssetPermissionsModel model = new AssetPermissionsModel(); model.setGrantedCreateNew( - permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) + permissionChecker.canCreateAssets(folder) ); model.setGrantedDelete( - permissionChecker.isPermitted(AssetPrivileges.DELETE, folder) + permissionChecker.canDeleteAssets(folder) ); model.setGrantedEdit( - permissionChecker.isPermitted(AssetPrivileges.EDIT, folder) + permissionChecker.canEditAssets(folder) ); model.setGrantedUse( - permissionChecker.isPermitted(AssetPrivileges.USE, folder) + permissionChecker.canUseAssets(folder) ); model.setGrantedView( - permissionChecker.isPermitted(AssetPrivileges.VIEW, folder) + permissionChecker.canViewAssets(folder) ); return model; @@ -51,19 +49,19 @@ class AssetPermissions { ) { final AssetPermissionsModel model = new AssetPermissionsModel(); model.setGrantedCreateNew( - permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, asset) + permissionChecker.canCreateAssets(asset) ); model.setGrantedDelete( - permissionChecker.isPermitted(AssetPrivileges.DELETE, asset) + permissionChecker.canDeleteAssets(asset) ); model.setGrantedEdit( - permissionChecker.isPermitted(AssetPrivileges.EDIT, asset) + permissionChecker.canEditAssets(asset) ); model.setGrantedUse( - permissionChecker.isPermitted(AssetPrivileges.USE, asset) + permissionChecker.canUseAssets(asset) ); model.setGrantedView( - permissionChecker.isPermitted(AssetPrivileges.VIEW, asset) + permissionChecker.canViewAssets(asset) ); return model; diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java index 04d134b3f..3f104fe4f 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java @@ -105,8 +105,7 @@ public class ConfigurationController { || permissionChecker.isPermitted( AdminPrivileges.ADMINISTER_ROLES, section ) - || permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW, section + || permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section ); } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java index 6ff46cb66..88f4dc7d1 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java @@ -94,8 +94,7 @@ public class ContentSectionModel { } public boolean getCanAdministerWorkflows() { - return permissionChecker.isPermitted( - AdminPrivileges.ADMINISTER_WORKFLOW, section + return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section ); } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java index 0bc6cfb89..5ab8f055d 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java @@ -7,11 +7,12 @@ package org.librecms.ui.contentsections; import org.libreccm.api.Identifier; import org.libreccm.api.IdentifierParser; +import org.libreccm.security.PermissionChecker; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionRepository; -import java.util.HashMap; import java.util.Map; +import java.util.Objects; import java.util.Optional; import javax.enterprise.context.RequestScoped; @@ -33,11 +34,16 @@ class ContentSectionsUi { private Models models; + private PermissionChecker permissionChecker; + public Optional findContentSection( final String identifierParam ) { final Identifier sectionIdentifier = identifierParser.parseIdentifier( - identifierParam + Objects.requireNonNull( + identifierParam, + "Can't retrieve a ContentSection for identifier null." + ) ); switch (sectionIdentifier.getType()) { @@ -82,42 +88,41 @@ class ContentSectionsUi { return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; } - public RetrieveResult retrieveContentSection( - final String identifierParam - ) { - final Identifier sectionIdentifier = identifierParser.parseIdentifier( - identifierParam - ); - - final Optional sectionResult; - switch (sectionIdentifier.getType()) { - case ID: - sectionResult = sectionRepo.findById( - Long.parseLong( - sectionIdentifier.getIdentifier() - ) - ); - break; - case UUID: - sectionResult = sectionRepo.findByUuid( - sectionIdentifier.getIdentifier() - ); - break; - default: - sectionResult = sectionRepo.findByLabel( - sectionIdentifier.getIdentifier() - ); - break; - } - - if (sectionResult.isPresent()) { - return RetrieveResult.successful(sectionResult.get()); - } else { - models.put("sectionIdentifier", sectionIdentifier); - return RetrieveResult.failed( - "org/librecms/ui/contentsection/contentsection-not-found.xhtml" - ); - } - } - +// public RetrieveResult retrieveContentSection( +// final String identifierParam +// ) { +// final Identifier sectionIdentifier = identifierParser.parseIdentifier( +// identifierParam +// ); +// +// final Optional sectionResult; +// switch (sectionIdentifier.getType()) { +// case ID: +// sectionResult = sectionRepo.findById( +// Long.parseLong( +// sectionIdentifier.getIdentifier() +// ) +// ); +// break; +// case UUID: +// sectionResult = sectionRepo.findByUuid( +// sectionIdentifier.getIdentifier() +// ); +// break; +// default: +// sectionResult = sectionRepo.findByLabel( +// sectionIdentifier.getIdentifier() +// ); +// break; +// } +// +// if (sectionResult.isPresent()) { +// return RetrieveResult.successful(sectionResult.get()); +// } else { +// models.put("sectionIdentifier", sectionIdentifier); +// return RetrieveResult.failed( +// "org/librecms/ui/contentsection/contentsection-not-found.xhtml" +// ); +// } +// } } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java index 45c9b1207..d699366f8 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java @@ -84,6 +84,9 @@ public class DocumentFolderController { @Inject private ContentSectionModel contentSectionModel; + @Inject + private ContentSectionsUi sectionsUi; + @Inject private ContentTypeRepository contentTypeRepo; @@ -102,9 +105,6 @@ public class DocumentFolderController { @Inject private Models models; - @Inject - private ContentSectionRepository sectionRepo; - @Inject private IdentifierParser identifierParser; @@ -129,6 +129,9 @@ public class DocumentFolderController { @Inject private CurrentUserDocumentPermissions currentUserPermissions; + @Inject + private ItemPermissionChecker itemPermissionChecker; + @GET @Path("/") @AuthorizationRequired @@ -156,24 +159,21 @@ public class DocumentFolderController { @QueryParam("maxResults") @DefaultValue("20") final int maxResults ) { final long start = System.currentTimeMillis(); - final Optional sectionResult = retrieveContentSection( - sectionIdentifier - ); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); LOGGER.info("Retrieved content section in {} ms", System.currentTimeMillis() - start ); if (!sectionResult.isPresent()) { - models.put("sectionIdentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } final ContentSection section = sectionResult.get(); - if (!permissionChecker.isPermitted( - ItemPrivileges.EDIT, section.getRootDocumentsFolder() - )) { - models.put("sectionidentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(section)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier + ); } contentSectionModel.setSection(section); @@ -194,16 +194,15 @@ public class DocumentFolderController { documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); } else { - models.put("contentSection", section.getLabel()); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + return showDocumentFolderNotFound(section, folderPath); } } - if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) { - models.put("sectionidentifier", sectionIdentifier); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(folder)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier, + "folderPath", folderPath + ); } final List folderEntries = folderRepo @@ -232,19 +231,13 @@ public class DocumentFolderController { documentFolderModel.setPath(folderPath); documentFolderModel.setCanCreateSubFolders( - permissionChecker.isPermitted( - ItemPrivileges.CREATE_NEW, folder - ) + itemPermissionChecker.canCreateNewItems(folder) ); documentFolderModel.setCanCreateItems( - permissionChecker.isPermitted( - ItemPrivileges.CREATE_NEW, folder - ) + itemPermissionChecker.canCreateNewItems(folder) ); documentFolderModel.setCanAdminister( - permissionChecker.isPermitted( - ItemPrivileges.ADMINISTER, folder - ) + itemPermissionChecker.canAdministerItems(folder) ); documentFolderModel.setGrantedPermissions( grantedPrivileges.buildPermissionsMatrix(section, folder) @@ -266,32 +259,12 @@ public class DocumentFolderController { public String createTestData( @PathParam("sectionIdentifier") final String sectionIdentifier ) { - final Identifier identifier = identifierParser.parseIdentifier( - sectionIdentifier - ); - final Optional sectionResult; - switch (identifier.getType()) { - case ID: - sectionResult = sectionRepo.findById( - Long.parseLong(identifier.getIdentifier()) - ); - break; - case UUID: - sectionResult = sectionRepo.findByUuid(identifier - .getIdentifier()); - break; - default: - sectionResult = sectionRepo.findByLabel(identifier - .getIdentifier()); - break; - } + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); if (sectionResult.isPresent()) { final ContentSection section = sectionResult.get(); - - if (permissionChecker.isPermitted( - ItemPrivileges.EDIT, section.getRootDocumentsFolder() - )) { + if (itemPermissionChecker.canEditItems(section)) { if (section.getRootDocumentsFolder().getObjects().isEmpty()) { folderManager.createFolder( "folder-1", section.getRootDocumentsFolder() @@ -343,12 +316,12 @@ public class DocumentFolderController { return "org/librecms/ui/contentsection/documentfolder/testdata.xhtml"; } } else { - models.put("sectionidentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier + ); } } else { - models.put("sectionIdentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } } @@ -374,21 +347,17 @@ public class DocumentFolderController { @PathParam("parentFolderPath") final String parentFolderPath, @FormParam("folderName") final String folderName ) { - final Optional sectionResult = retrieveContentSection( - sectionIdentifier - ); - + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); if (!sectionResult.isPresent()) { - models.put("sectionIdentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } final ContentSection section = sectionResult.get(); - if (!permissionChecker.isPermitted( - ItemPrivileges.EDIT, section.getRootDocumentsFolder() - )) { - models.put("sectionidentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(section)) { + return sectionsUi.showAccessDenied( + "sectionIdentifier", sectionIdentifier + ); } final Folder parentFolder; @@ -404,18 +373,15 @@ public class DocumentFolderController { if (parentFolderResult.isPresent()) { parentFolder = parentFolderResult.get(); } else { - models.put("contentSection", section.getLabel()); - models.put("folderPath", parentFolderPath); - return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + return showDocumentFolderNotFound(section, folderName); } } - if (!permissionChecker.isPermitted( - ItemPrivileges.CREATE_NEW, parentFolder - )) { - models.put("sectionidentifier", sectionIdentifier); - models.put("folderPath", parentFolderPath); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canCreateNewItems(parentFolder)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier, + "folderPath", parentFolderPath + ); } folderManager.createFolder(folderName, parentFolder); @@ -451,20 +417,15 @@ public class DocumentFolderController { @PathParam("role") final String roleParam, @FormParam("permissions") final List permissions ) { - final Optional sectionResult = retrieveContentSection( - sectionIdentifier - ); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); if (!sectionResult.isPresent()) { - models.put("sectionIdentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } final ContentSection section = sectionResult.get(); - if (!permissionChecker.isPermitted( - ItemPrivileges.EDIT, section.getRootDocumentsFolder() - )) { - models.put("sectionidentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(section)) { + sectionsUi.showAccessDenied("sectionidentifier", sectionIdentifier); } final Folder folder; @@ -483,16 +444,15 @@ public class DocumentFolderController { documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); } else { - models.put("contentSection", section.getLabel()); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + return showDocumentFolderNotFound(section, folderPath); } } - if (!permissionChecker.isPermitted(ItemPrivileges.ADMINISTER, folder)) { - models.put("sectionidentifier", sectionIdentifier); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canAdministerItems(folder)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier, + "folderPath", folderPath + ); } final Optional roleResult = roleRepo.findByName(roleParam); @@ -537,20 +497,17 @@ public class DocumentFolderController { @PathParam("folderPath") final String folderPath, @FormParam("folderName") final String folderName ) { - final Optional sectionResult = retrieveContentSection( - sectionIdentifier - ); + final Optional sectionResult = sectionsUi + .findContentSection(sectionIdentifier); if (!sectionResult.isPresent()) { - models.put("sectionIdentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + return sectionsUi.showContentSectionNotFound(sectionIdentifier); } final ContentSection section = sectionResult.get(); - if (!permissionChecker.isPermitted( - ItemPrivileges.EDIT, section.getRootDocumentsFolder() - )) { - models.put("sectionidentifier", sectionIdentifier); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(section)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier + ); } final Folder folder; @@ -565,15 +522,14 @@ public class DocumentFolderController { documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); } else { - models.put("contentSection", section.getLabel()); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + return showDocumentFolderNotFound(section, folderPath); } - if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) { - models.put("sectionidentifier", sectionIdentifier); - models.put("folderPath", folderPath); - return "org/librecms/ui/contentsection/access-denied.xhtml"; + if (!itemPermissionChecker.canEditItems(folder)) { + return sectionsUi.showAccessDenied( + "sectionidentifier", sectionIdentifier, + "folderPath", folderPath + ); } folder.setName(folderName); @@ -592,32 +548,6 @@ public class DocumentFolderController { ); } - private Optional retrieveContentSection( - final String sectionIdentifier - ) { - final Identifier identifier = identifierParser.parseIdentifier( - sectionIdentifier - ); - - final Optional sectionResult; - switch (identifier.getType()) { - case ID: - sectionResult = sectionRepo.findById( - Long.parseLong(identifier.getIdentifier()) - ); - break; - case UUID: - sectionResult = sectionRepo.findByUuid(identifier - .getIdentifier()); - break; - default: - sectionResult = sectionRepo.findByLabel(identifier - .getIdentifier()); - break; - } - return sectionResult; - } - private List buildBreadcrumbs( final String folderPath ) { @@ -767,4 +697,12 @@ public class DocumentFolderController { return row; } + private String showDocumentFolderNotFound( + final ContentSection section, final String folderPath + ) { + models.put("contentSection", section.getLabel()); + models.put("folderPath", folderPath); + return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + } + } diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java new file mode 100644 index 000000000..d68d480c2 --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java @@ -0,0 +1,214 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +import org.libreccm.security.PermissionChecker; +import org.librecms.contentsection.ContentItem; +import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.Folder; +import org.librecms.contentsection.privileges.ItemPrivileges; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class ItemPermissionChecker { + + @Inject + private PermissionChecker permissionChecker; + + public boolean canAdministerItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.ADMINISTER, item + ); + } + + public boolean canAdministerItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.ADMINISTER, section.getRootDocumentsFolder() + ); + } + + public boolean canAdministerItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.ADMINISTER, folder + ); + } + + public boolean canApplyAlternateWorkflowItems( + final ContentSection section + ) { + return permissionChecker.isPermitted( + ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, + section.getRootDocumentsFolder() + ); + } + + public boolean canApplyAlternateWorkflowItems( + final ContentItem item + ) { + return permissionChecker.isPermitted( + ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, item + ); + } + + public boolean canApplyAlternateWorkflowItems( + final Folder folder + ) { + return permissionChecker.isPermitted( + ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, folder + ); + } + + public boolean canApproveItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.APPROVE, item + ); + } + + public boolean canApproveItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.APPROVE, section.getRootDocumentsFolder() + ); + } + + public boolean canApproveItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.APPROVE, folder + ); + } + + public boolean canCategorizeItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.CATEGORIZE, item + ); + } + + public boolean canCategorizeItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.CATEGORIZE, section.getRootDocumentsFolder() + ); + } + + public boolean canCategorizeItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.CATEGORIZE, folder + ); + } + + public boolean canCreateNewItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.CREATE_NEW, item + ); + } + + public boolean canCreateNewItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.CREATE_NEW, section.getRootDocumentsFolder() + ); + } + + public boolean canCreateNewItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.CREATE_NEW, folder + ); + } + + public boolean canDeleteItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.DELETE, item + ); + } + + public boolean canDeleteItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.DELETE, section.getRootDocumentsFolder() + ); + } + + public boolean canDeleteItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.DELETE, folder + ); + } + + public boolean canEditItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.EDIT, item + ); + } + + public boolean canEditItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.EDIT, section.getRootDocumentsFolder() + ); + } + + public boolean canEditItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.EDIT, folder + ); + } + + public boolean canPreviewItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.PREVIEW, item + ); + } + + public boolean canPreviewItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.PREVIEW, section.getRootDocumentsFolder() + ); + } + + public boolean canPreviewItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.PREVIEW, folder + ); + } + + public boolean canPublishItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.PUBLISH, item + ); + } + + public boolean canPublishItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.PUBLISH, section.getRootDocumentsFolder() + ); + } + + public boolean canPublishItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.PUBLISH, folder + ); + } + + public boolean canViewPublishedItems(final ContentItem item) { + return permissionChecker.isPermitted( + ItemPrivileges.VIEW_PUBLISHED, item + ); + } + + public boolean canViewPublishedItems(final ContentSection section) { + return permissionChecker.isPermitted( + ItemPrivileges.VIEW_PUBLISHED, section.getRootDocumentsFolder() + ); + } + + public boolean canViewPublishedItems(final Folder folder) { + return permissionChecker.isPermitted( + ItemPrivileges.VIEW_PUBLISHED, folder + ); + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java new file mode 100644 index 000000000..e4bbecd27 --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java @@ -0,0 +1,31 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.librecms.ui.contentsections; + +import org.libreccm.security.PermissionChecker; +import org.librecms.contentsection.ContentType; +import org.librecms.contentsection.privileges.TypePrivileges; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class TypePermissionsChecker { + + @Inject + private PermissionChecker permissionChecker; + + public boolean canUseType(final ContentType type) { + return permissionChecker.isPermitted( + TypePrivileges.USE_TYPE, type + ); + } + +}