LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

Some refactoring 

Former-commit-id: dfe53097a12da0301837f3d7f1cf72373820efe1
pull/10/head
Jens Pelzetter 2021-03-02 20:33:16 +01:00
parent d2ddfac6e8
commit 5c2c27e4aa
22 changed files with 596 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java
View File

@ -190,8 +190,7 @@ public class ContentSectionPage extends CMSPage implements ActionListener {
m_tabbedPane.setTabVisible( m_tabbedPane.setTabVisible(
state, state,
m_workflowPane, m_workflowPane,
permissionChecker.isPermitted( permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS));
AdminPrivileges.ADMINISTER_WORKFLOW));
m_tabbedPane.setTabVisible( m_tabbedPane.setTabVisible(
state, state,
m_categoryPane, m_categoryPane,

2
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java
View File

@ -91,7 +91,7 @@ class BaseTaskForm extends BaseForm {
addAction(new Finish()); addAction(new Finish());
addAction(new Cancel()); addAction(new Cancel());
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
addValidationListener(new ValidationListener()); addValidationListener(new ValidationListener());
} }

2
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java
View File

@ -49,7 +49,7 @@ class BaseWorkflowForm extends BaseForm {
addAction(new Finish()); addAction(new Finish());
addAction(new Cancel()); addAction(new Cancel());
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
addValidationListener(new ValidationListener()); addValidationListener(new ValidationListener());
} }

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java
View File

@ -128,7 +128,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
protected class AdminVisible extends VisibilityComponent { protected class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) { public AdminVisible(final Component child) {
super(child, AdminPrivileges.ADMINISTER_WORKFLOW); super(child, AdminPrivileges.ADMINISTER_WORKFLOWS);
} }
} }
@ -184,7 +184,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
TaskDeleteForm() { TaskDeleteForm() {
super(new Label(gz("cms.ui.workflow.task.delete_prompt"))); super(new Label(gz("cms.ui.workflow.task.delete_prompt")));
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
} }
@Override @Override

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java
View File

@ -87,8 +87,7 @@ final class ItemWorkflowItemPane extends BaseWorkflowItemPane {
final ContentSection section = CMS.getContext().getContentSection(); final ContentSection section = CMS.getContext().getContentSection();
return permissionChecker.isPermitted( return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section);
AdminPrivileges.ADMINISTER_WORKFLOW, section);
} }

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java
View File

@ -164,8 +164,7 @@ class TaskAddRole extends CMSForm {
final PermissionChecker permissionChecker = cdiUtil.findBean( final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class); PermissionChecker.class);
if (!permissionChecker.isPermitted( if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS)) {
AdminPrivileges.ADMINISTER_WORKFLOW)) {
throw new FormProcessException( throw new FormProcessException(
new GlobalizedMessage( new GlobalizedMessage(
"cms.ui.workflow.insufficient_privileges", "cms.ui.workflow.insufficient_privileges",

5
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java
View File

@ -119,14 +119,13 @@ final class TaskItemPane extends BaseItemPane {
final PermissionChecker permissionChecker = cdiUtil.findBean( final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class); PermissionChecker.class);
return permissionChecker.isPermitted( return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS);
AdminPrivileges.ADMINISTER_WORKFLOW);
} }
private class AdminVisible extends VisibilityComponent { private class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) { public AdminVisible(final Component child) {
super(child, AdminPrivileges.ADMINISTER_WORKFLOW); super(child, AdminPrivileges.ADMINISTER_WORKFLOWS);
} }
} }

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java
View File

@ -56,7 +56,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
getDeleteLink())); getDeleteLink()));
addAction(new VisibilityComponent( addAction(new VisibilityComponent(
getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW)); getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOWS));
} }
private class DeleteForm extends BaseDeleteForm { private class DeleteForm extends BaseDeleteForm {
@ -64,7 +64,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
DeleteForm() { DeleteForm() {
super(gz("cms.ui.workflow.delete_prompt")); super(gz("cms.ui.workflow.delete_prompt"));
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
} }
@Override @Override

6
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
View File

@ -186,7 +186,7 @@ public class ContentSectionManager {
addRoleToContentSection(section, addRoleToContentSection(section,
MANAGER, MANAGER,
AdminPrivileges.ADMINISTER_ROLES, AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW, AdminPrivileges.ADMINISTER_WORKFLOWS,
AdminPrivileges.ADMINISTER_LIFECYLES, AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES, AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES, AdminPrivileges.ADMINISTER_CONTENT_TYPES,
@ -424,7 +424,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public void addWorkflowTemplateToContentSection( public void addWorkflowTemplateToContentSection(
final Workflow template, final Workflow template,
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS)
final ContentSection section) { final ContentSection section) {
Objects.requireNonNull(template); Objects.requireNonNull(template);
@ -451,7 +451,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public void removeWorkflowTemplateFromContentSection( public void removeWorkflowTemplateFromContentSection(
final Workflow template, final Workflow template,
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS)
final ContentSection section) { final ContentSection section) {
section.removeWorkflowTemplate(template); section.removeWorkflowTemplate(template);

2
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java
View File

@ -201,7 +201,7 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup {
grantPermissions(manager, grantPermissions(manager,
section, section,
AdminPrivileges.ADMINISTER_ROLES, AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW, AdminPrivileges.ADMINISTER_WORKFLOWS,
AdminPrivileges.ADMINISTER_LIFECYLES, AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES, AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES); AdminPrivileges.ADMINISTER_CONTENT_TYPES);

2
ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java
View File

@ -71,7 +71,7 @@ public final class AdminPrivileges {
* *
* @see ContentSection#workflowTemplates * @see ContentSection#workflowTemplates
*/ */
public static final String ADMINISTER_WORKFLOW = "administer_workflow"; public static final String ADMINISTER_WORKFLOWS = "administer_workflows";
private AdminPrivileges() { private AdminPrivileges() {
//Nothing //Nothing

55
ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java 100644
View File

@ -0,0 +1,55 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.AdminPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class AdminPermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canAdministerCategories(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CATEGORIES, section
);
}
public boolean canAdministerContentTypes(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CONTENT_TYPES, section
);
}
public boolean canAdministerLifecycles(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_LIFECYLES, section
);
}
public boolean canAdministerRoles(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_ROLES, section
);
}
public boolean canAdministerWorkflows(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOWS, section
);
}
}

104
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java
View File

@ -5,8 +5,6 @@
*/ */
package org.librecms.ui.contentsections; package org.librecms.ui.contentsections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.l10n.GlobalizationHelper; import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.PermissionChecker; import org.libreccm.security.PermissionChecker;
@ -18,7 +16,6 @@ import org.librecms.contentsection.AssetFolderEntry;
import org.librecms.contentsection.AssetManager; import org.librecms.contentsection.AssetManager;
import org.librecms.contentsection.AssetRepository; import org.librecms.contentsection.AssetRepository;
import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.Folder; import org.librecms.contentsection.Folder;
import org.librecms.contentsection.FolderManager; import org.librecms.contentsection.FolderManager;
import org.librecms.contentsection.FolderRepository; import org.librecms.contentsection.FolderRepository;
@ -46,7 +43,6 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
/** /**
* *
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a> * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -63,7 +59,10 @@ public class AssetFolderController {
private AssetFolderTree assetFolderTree; private AssetFolderTree assetFolderTree;
@Inject @Inject
private AssetPermissions assetPermissions; private AssetPermissionsModelProvider assetPermissions;
@Inject
private AssetPermissionsChecker assetPermissionsChecker;
@Inject @Inject
private AssetManager assetManager; private AssetManager assetManager;
@ -74,9 +73,6 @@ public class AssetFolderController {
@Inject @Inject
private ContentSectionModel contentSectionModel; private ContentSectionModel contentSectionModel;
@Inject
private ContentSectionRepository sectionRepo;
@Inject @Inject
private ContentSectionsUi sectionsUi; private ContentSectionsUi sectionsUi;
@ -98,19 +94,12 @@ public class AssetFolderController {
@Inject @Inject
private Models models; private Models models;
@Inject
private PermissionChecker permissionChecker;
@Inject @Inject
private PermissionManager permissionManager; private PermissionManager permissionManager;
@Inject @Inject
private RoleRepository roleRepo; private RoleRepository roleRepo;
private static final Logger LOGGER = LogManager.getLogger(
AssetFolderController.class
);
@GET @GET
@Path("/") @Path("/")
@AuthorizationRequired @AuthorizationRequired
@ -145,9 +134,7 @@ public class AssetFolderController {
} }
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted( if (!assetPermissionsChecker.canEditAssets(section)) {
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
sectionsUi.showAccessDenied("sectionIdentifier", sectionIdentifier); sectionsUi.showAccessDenied("sectionIdentifier", sectionIdentifier);
} }
@ -172,7 +159,7 @@ public class AssetFolderController {
} }
} }
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { if (!assetPermissionsChecker.canEditAssets(folder)) {
return sectionsUi.showAccessDenied( return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier, "sectionIdentifier", sectionIdentifier,
"folderPath", folderPath "folderPath", folderPath
@ -200,10 +187,10 @@ public class AssetFolderController {
assetFolderModel.setPath(folderPath); assetFolderModel.setPath(folderPath);
assetFolderModel.setCanCreateSubFolders( assetFolderModel.setCanCreateSubFolders(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) assetPermissionsChecker.canCreateAssets(folder)
); );
assetFolderModel.setCanCreateAssets( assetFolderModel.setCanCreateAssets(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) assetPermissionsChecker.canCreateAssets(folder)
); );
assetFolderModel.setGrantedPermissions( assetFolderModel.setGrantedPermissions(
grantedPrivileges.buildPermissionsMatrix(section, folder) grantedPrivileges.buildPermissionsMatrix(section, folder)
@ -240,19 +227,17 @@ public class AssetFolderController {
@PathParam("parentFolderPath") final String parentFolderPath, @PathParam("parentFolderPath") final String parentFolderPath,
@FormParam("folderName") final String folderName @FormParam("folderName") final String folderName
) { ) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi final Optional<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier); .findContentSection(sectionIdentifier);
final ContentSection section; final ContentSection section;
if (sectionResult.isSuccessful()) { if (sectionResult.isPresent()) {
section = sectionResult.getResult(); section = sectionResult.get();
} else { } else {
return sectionResult.getFailedResponseTemplate(); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
} }
if (!permissionChecker.isPermitted( if (!assetPermissionsChecker.canEditAssets(section)) {
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
return sectionsUi.showAccessDenied( return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier "sectionIdentifier", sectionIdentifier
); );
@ -277,9 +262,7 @@ public class AssetFolderController {
} }
} }
if (!permissionChecker.isPermitted( if (!assetPermissionsChecker.canEditAssets(parentFolder)) {
AssetPrivileges.CREATE_NEW, parentFolder
)) {
return sectionsUi.showAccessDenied( return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier, "sectionIdentifier", sectionIdentifier,
"folderPath", parentFolderPath "folderPath", parentFolderPath
@ -320,17 +303,15 @@ public class AssetFolderController {
@FormParam("permissions") final List<String> permissions @FormParam("permissions") final List<String> permissions
) { ) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi final Optional<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier); .findContentSection(sectionIdentifier);
final ContentSection section; final ContentSection section;
if (sectionResult.isSuccessful()) { if (sectionResult.isPresent()) {
section = sectionResult.getResult(); section = sectionResult.get();
} else { } else {
return sectionResult.getFailedResponseTemplate(); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
} }
if (!permissionChecker.isPermitted( if (!assetPermissionsChecker.canEditAssets(section)) {
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier); models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml"; return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
@ -357,7 +338,7 @@ public class AssetFolderController {
} }
} }
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { if (!assetPermissionsChecker.canEditAssets(folder)) {
models.put("sectionidentifier", sectionIdentifier); models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath); models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml"; return "org/librecms/ui/contentsection/access-denied.xhtml";
@ -405,17 +386,15 @@ public class AssetFolderController {
@PathParam("folderPath") final String folderPath, @PathParam("folderPath") final String folderPath,
@FormParam("folderName") final String folderName @FormParam("folderName") final String folderName
) { ) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi final Optional<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier); .findContentSection(sectionIdentifier);
final ContentSection section; final ContentSection section;
if (sectionResult.isSuccessful()) { if (sectionResult.isPresent()) {
section = sectionResult.getResult(); section = sectionResult.get();
} else { } else {
return sectionResult.getFailedResponseTemplate(); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
} }
if (!permissionChecker.isPermitted( if (!assetPermissionsChecker.canEditAssets(section)) {
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier); models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml"; return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
@ -437,7 +416,7 @@ public class AssetFolderController {
return "org/librecms/ui/contentsection/assetfolder/assetfolder-not-found.xhtml"; return "org/librecms/ui/contentsection/assetfolder/assetfolder-not-found.xhtml";
} }
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) { if (!assetPermissionsChecker.canEditAssets(folder)) {
models.put("sectionidentifier", sectionIdentifier); models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath); models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml"; return "org/librecms/ui/contentsection/access-denied.xhtml";
@ -459,31 +438,6 @@ public class AssetFolderController {
); );
} }
// private Optional<ContentSection> retrieveContentSection(
// final String sectionIdentifier
// ) {
// final Identifier identifier = identifierParser.parseIdentifier(
// sectionIdentifier
// );
//
// final Optional<ContentSection> sectionResult;
// switch (identifier.getType()) {
// case ID:
// sectionResult = sectionRepo.findById(
// Long.parseLong(identifier.getIdentifier())
// );
// break;
// case UUID:
// sectionResult = sectionRepo.findByUuid(identifier
// .getIdentifier());
// break;
// default:
// sectionResult = sectionRepo.findByLabel(identifier
// .getIdentifier());
// break;
// }
// return sectionResult;
// }
private String showAssetFolderNotFound( private String showAssetFolderNotFound(
final ContentSection section, final String folderPath final ContentSection section, final String folderPath
) { ) {

2
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java
View File

@ -20,7 +20,7 @@ public class AssetFolderTree
extends AbstractFolderTree<AssetFolderTreeNode, AssetPermissionsModel> { extends AbstractFolderTree<AssetFolderTreeNode, AssetPermissionsModel> {
@Inject @Inject
private AssetPermissions assetPermissions; private AssetPermissionsModelProvider assetPermissions;
@Override @Override
public AssetFolderTreeNode newFolderTreeNode() { public AssetFolderTreeNode newFolderTreeNode() {

117
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java 100644
View File

@ -0,0 +1,117 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.Asset;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.AssetPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class AssetPermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canCreateAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, asset
);
}
public boolean canCreateAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, section.getRootAssetsFolder()
);
}
public boolean canCreateAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, folder
);
}
public boolean canDeleteAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, asset
);
}
public boolean canDeleteAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, section.getRootAssetsFolder()
);
}
public boolean canDeleteAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, folder
);
}
public boolean canUseAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, asset
);
}
public boolean canUseAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, section.getRootAssetsFolder()
);
}
public boolean canUseAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, folder
);
}
public boolean canEditAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, asset
);
}
public boolean canEditAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
);
}
public boolean canEditAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, folder
);
}
public boolean canViewAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, asset
);
}
public boolean canViewAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, section.getRootAssetsFolder()
);
}
public boolean canViewAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, folder
);
}
}

26
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissions.java → ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsModelProvider.java
View File

@ -5,10 +5,8 @@
*/ */
package org.librecms.ui.contentsections; package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.Asset; import org.librecms.contentsection.Asset;
import org.librecms.contentsection.Folder; import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.AssetPrivileges;
import javax.enterprise.context.Dependent; import javax.enterprise.context.Dependent;
import javax.inject.Inject; import javax.inject.Inject;
@ -18,29 +16,29 @@ import javax.inject.Inject;
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a> * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/ */
@Dependent @Dependent
class AssetPermissions { class AssetPermissionsModelProvider {
@Inject @Inject
private PermissionChecker permissionChecker; private AssetPermissionsChecker permissionChecker;
public AssetPermissionsModel buildAssetPermissionsModel( public AssetPermissionsModel buildAssetPermissionsModel(
final Folder folder final Folder folder
) { ) {
final AssetPermissionsModel model = new AssetPermissionsModel(); final AssetPermissionsModel model = new AssetPermissionsModel();
model.setGrantedCreateNew( model.setGrantedCreateNew(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder) permissionChecker.canCreateAssets(folder)
); );
model.setGrantedDelete( model.setGrantedDelete(
permissionChecker.isPermitted(AssetPrivileges.DELETE, folder) permissionChecker.canDeleteAssets(folder)
); );
model.setGrantedEdit( model.setGrantedEdit(
permissionChecker.isPermitted(AssetPrivileges.EDIT, folder) permissionChecker.canEditAssets(folder)
); );
model.setGrantedUse( model.setGrantedUse(
permissionChecker.isPermitted(AssetPrivileges.USE, folder) permissionChecker.canUseAssets(folder)
); );
model.setGrantedView( model.setGrantedView(
permissionChecker.isPermitted(AssetPrivileges.VIEW, folder) permissionChecker.canViewAssets(folder)
); );
return model; return model;
@ -51,19 +49,19 @@ class AssetPermissions {
) { ) {
final AssetPermissionsModel model = new AssetPermissionsModel(); final AssetPermissionsModel model = new AssetPermissionsModel();
model.setGrantedCreateNew( model.setGrantedCreateNew(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, asset) permissionChecker.canCreateAssets(asset)
); );
model.setGrantedDelete( model.setGrantedDelete(
permissionChecker.isPermitted(AssetPrivileges.DELETE, asset) permissionChecker.canDeleteAssets(asset)
); );
model.setGrantedEdit( model.setGrantedEdit(
permissionChecker.isPermitted(AssetPrivileges.EDIT, asset) permissionChecker.canEditAssets(asset)
); );
model.setGrantedUse( model.setGrantedUse(
permissionChecker.isPermitted(AssetPrivileges.USE, asset) permissionChecker.canUseAssets(asset)
); );
model.setGrantedView( model.setGrantedView(
permissionChecker.isPermitted(AssetPrivileges.VIEW, asset) permissionChecker.canViewAssets(asset)
); );
return model; return model;

3
ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java
View File

@ -105,8 +105,7 @@ public class ConfigurationController {
|| permissionChecker.isPermitted( || permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_ROLES, section AdminPrivileges.ADMINISTER_ROLES, section
) )
|| permissionChecker.isPermitted( || permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section
AdminPrivileges.ADMINISTER_WORKFLOW, section
); );
} }

3
ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java
View File

@ -94,8 +94,7 @@ public class ContentSectionModel {
} }
public boolean getCanAdministerWorkflows() { public boolean getCanAdministerWorkflows() {
return permissionChecker.isPermitted( return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section
AdminPrivileges.ADMINISTER_WORKFLOW, section
); );
} }

85
ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java
View File

@ -7,11 +7,12 @@ package org.librecms.ui.contentsections;
import org.libreccm.api.Identifier; import org.libreccm.api.Identifier;
import org.libreccm.api.IdentifierParser; import org.libreccm.api.IdentifierParser;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository; import org.librecms.contentsection.ContentSectionRepository;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
@ -33,11 +34,16 @@ class ContentSectionsUi {
private Models models; private Models models;
private PermissionChecker permissionChecker;
public Optional<ContentSection> findContentSection( public Optional<ContentSection> findContentSection(
final String identifierParam final String identifierParam
) { ) {
final Identifier sectionIdentifier = identifierParser.parseIdentifier( final Identifier sectionIdentifier = identifierParser.parseIdentifier(
identifierParam Objects.requireNonNull(
identifierParam,
"Can't retrieve a ContentSection for identifier null."
)
); );
switch (sectionIdentifier.getType()) { switch (sectionIdentifier.getType()) {
@ -82,42 +88,41 @@ class ContentSectionsUi {
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
public RetrieveResult<ContentSection> retrieveContentSection( // public RetrieveResult<ContentSection> retrieveContentSection(
final String identifierParam // final String identifierParam
) { // ) {
final Identifier sectionIdentifier = identifierParser.parseIdentifier( // final Identifier sectionIdentifier = identifierParser.parseIdentifier(
identifierParam // identifierParam
); // );
//
final Optional<ContentSection> sectionResult; // final Optional<ContentSection> sectionResult;
switch (sectionIdentifier.getType()) { // switch (sectionIdentifier.getType()) {
case ID: // case ID:
sectionResult = sectionRepo.findById( // sectionResult = sectionRepo.findById(
Long.parseLong( // Long.parseLong(
sectionIdentifier.getIdentifier() // sectionIdentifier.getIdentifier()
) // )
); // );
break; // break;
case UUID: // case UUID:
sectionResult = sectionRepo.findByUuid( // sectionResult = sectionRepo.findByUuid(
sectionIdentifier.getIdentifier() // sectionIdentifier.getIdentifier()
); // );
break; // break;
default: // default:
sectionResult = sectionRepo.findByLabel( // sectionResult = sectionRepo.findByLabel(
sectionIdentifier.getIdentifier() // sectionIdentifier.getIdentifier()
); // );
break; // break;
} // }
//
if (sectionResult.isPresent()) { // if (sectionResult.isPresent()) {
return RetrieveResult.successful(sectionResult.get()); // return RetrieveResult.successful(sectionResult.get());
} else { // } else {
models.put("sectionIdentifier", sectionIdentifier); // models.put("sectionIdentifier", sectionIdentifier);
return RetrieveResult.failed( // return RetrieveResult.failed(
"org/librecms/ui/contentsection/contentsection-not-found.xhtml" // "org/librecms/ui/contentsection/contentsection-not-found.xhtml"
); // );
} // }
} // }
} }

210
ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java
View File

@ -84,6 +84,9 @@ public class DocumentFolderController {
@Inject @Inject
private ContentSectionModel contentSectionModel; private ContentSectionModel contentSectionModel;
@Inject
private ContentSectionsUi sectionsUi;
@Inject @Inject
private ContentTypeRepository contentTypeRepo; private ContentTypeRepository contentTypeRepo;
@ -102,9 +105,6 @@ public class DocumentFolderController {
@Inject @Inject
private Models models; private Models models;
@Inject
private ContentSectionRepository sectionRepo;
@Inject @Inject
private IdentifierParser identifierParser; private IdentifierParser identifierParser;
@ -129,6 +129,9 @@ public class DocumentFolderController {
@Inject @Inject
private CurrentUserDocumentPermissions currentUserPermissions; private CurrentUserDocumentPermissions currentUserPermissions;
@Inject
private ItemPermissionChecker itemPermissionChecker;
@GET @GET
@Path("/") @Path("/")
@AuthorizationRequired @AuthorizationRequired
@ -156,24 +159,21 @@ public class DocumentFolderController {
@QueryParam("maxResults") @DefaultValue("20") final int maxResults @QueryParam("maxResults") @DefaultValue("20") final int maxResults
) { ) {
final long start = System.currentTimeMillis(); final long start = System.currentTimeMillis();
final Optional<ContentSection> sectionResult = retrieveContentSection( final Optional<ContentSection> sectionResult = sectionsUi
sectionIdentifier .findContentSection(sectionIdentifier);
);
LOGGER.info("Retrieved content section in {} ms", LOGGER.info("Retrieved content section in {} ms",
System.currentTimeMillis() - start System.currentTimeMillis() - start
); );
if (!sectionResult.isPresent()) { if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted( if (!itemPermissionChecker.canEditItems(section)) {
ItemPrivileges.EDIT, section.getRootDocumentsFolder() return sectionsUi.showAccessDenied(
)) { "sectionidentifier", sectionIdentifier
models.put("sectionidentifier", sectionIdentifier); );
return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
contentSectionModel.setSection(section); contentSectionModel.setSection(section);
@ -194,16 +194,15 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else { } else {
models.put("contentSection", section.getLabel()); return showDocumentFolderNotFound(section, folderPath);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
} }
} }
if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) { if (!itemPermissionChecker.canEditItems(folder)) {
models.put("sectionidentifier", sectionIdentifier); return sectionsUi.showAccessDenied(
models.put("folderPath", folderPath); "sectionidentifier", sectionIdentifier,
return "org/librecms/ui/contentsection/access-denied.xhtml"; "folderPath", folderPath
);
} }
final List<DocumentFolderEntry> folderEntries = folderRepo final List<DocumentFolderEntry> folderEntries = folderRepo
@ -232,19 +231,13 @@ public class DocumentFolderController {
documentFolderModel.setPath(folderPath); documentFolderModel.setPath(folderPath);
documentFolderModel.setCanCreateSubFolders( documentFolderModel.setCanCreateSubFolders(
permissionChecker.isPermitted( itemPermissionChecker.canCreateNewItems(folder)
ItemPrivileges.CREATE_NEW, folder
)
); );
documentFolderModel.setCanCreateItems( documentFolderModel.setCanCreateItems(
permissionChecker.isPermitted( itemPermissionChecker.canCreateNewItems(folder)
ItemPrivileges.CREATE_NEW, folder
)
); );
documentFolderModel.setCanAdminister( documentFolderModel.setCanAdminister(
permissionChecker.isPermitted( itemPermissionChecker.canAdministerItems(folder)
ItemPrivileges.ADMINISTER, folder
)
); );
documentFolderModel.setGrantedPermissions( documentFolderModel.setGrantedPermissions(
grantedPrivileges.buildPermissionsMatrix(section, folder) grantedPrivileges.buildPermissionsMatrix(section, folder)
@ -266,32 +259,12 @@ public class DocumentFolderController {
public String createTestData( public String createTestData(
@PathParam("sectionIdentifier") final String sectionIdentifier @PathParam("sectionIdentifier") final String sectionIdentifier
) { ) {
final Identifier identifier = identifierParser.parseIdentifier( final Optional<ContentSection> sectionResult = sectionsUi
sectionIdentifier .findContentSection(sectionIdentifier);
);
final Optional<ContentSection> sectionResult;
switch (identifier.getType()) {
case ID:
sectionResult = sectionRepo.findById(
Long.parseLong(identifier.getIdentifier())
);
break;
case UUID:
sectionResult = sectionRepo.findByUuid(identifier
.getIdentifier());
break;
default:
sectionResult = sectionRepo.findByLabel(identifier
.getIdentifier());
break;
}
if (sectionResult.isPresent()) { if (sectionResult.isPresent()) {
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (itemPermissionChecker.canEditItems(section)) {
if (permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
if (section.getRootDocumentsFolder().getObjects().isEmpty()) { if (section.getRootDocumentsFolder().getObjects().isEmpty()) {
folderManager.createFolder( folderManager.createFolder(
"folder-1", section.getRootDocumentsFolder() "folder-1", section.getRootDocumentsFolder()
@ -343,12 +316,12 @@ public class DocumentFolderController {
return "org/librecms/ui/contentsection/documentfolder/testdata.xhtml"; return "org/librecms/ui/contentsection/documentfolder/testdata.xhtml";
} }
} else { } else {
models.put("sectionidentifier", sectionIdentifier); return sectionsUi.showAccessDenied(
return "org/librecms/ui/contentsection/access-denied.xhtml"; "sectionidentifier", sectionIdentifier
);
} }
} else { } else {
models.put("sectionIdentifier", sectionIdentifier); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
} }
@ -374,21 +347,17 @@ public class DocumentFolderController {
@PathParam("parentFolderPath") final String parentFolderPath, @PathParam("parentFolderPath") final String parentFolderPath,
@FormParam("folderName") final String folderName @FormParam("folderName") final String folderName
) { ) {
final Optional<ContentSection> sectionResult = retrieveContentSection( final Optional<ContentSection> sectionResult = sectionsUi
sectionIdentifier .findContentSection(sectionIdentifier);
);
if (!sectionResult.isPresent()) { if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted( if (!itemPermissionChecker.canEditItems(section)) {
ItemPrivileges.EDIT, section.getRootDocumentsFolder() return sectionsUi.showAccessDenied(
)) { "sectionIdentifier", sectionIdentifier
models.put("sectionidentifier", sectionIdentifier); );
return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
final Folder parentFolder; final Folder parentFolder;
@ -404,18 +373,15 @@ public class DocumentFolderController {
if (parentFolderResult.isPresent()) { if (parentFolderResult.isPresent()) {
parentFolder = parentFolderResult.get(); parentFolder = parentFolderResult.get();
} else { } else {
models.put("contentSection", section.getLabel()); return showDocumentFolderNotFound(section, folderName);
models.put("folderPath", parentFolderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
} }
} }
if (!permissionChecker.isPermitted( if (!itemPermissionChecker.canCreateNewItems(parentFolder)) {
ItemPrivileges.CREATE_NEW, parentFolder return sectionsUi.showAccessDenied(
)) { "sectionidentifier", sectionIdentifier,
models.put("sectionidentifier", sectionIdentifier); "folderPath", parentFolderPath
models.put("folderPath", parentFolderPath); );
return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
folderManager.createFolder(folderName, parentFolder); folderManager.createFolder(folderName, parentFolder);
@ -451,20 +417,15 @@ public class DocumentFolderController {
@PathParam("role") final String roleParam, @PathParam("role") final String roleParam,
@FormParam("permissions") final List<String> permissions @FormParam("permissions") final List<String> permissions
) { ) {
final Optional<ContentSection> sectionResult = retrieveContentSection( final Optional<ContentSection> sectionResult = sectionsUi
sectionIdentifier .findContentSection(sectionIdentifier);
);
if (!sectionResult.isPresent()) { if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted( if (!itemPermissionChecker.canEditItems(section)) {
ItemPrivileges.EDIT, section.getRootDocumentsFolder() sectionsUi.showAccessDenied("sectionidentifier", sectionIdentifier);
)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
final Folder folder; final Folder folder;
@ -483,16 +444,15 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else { } else {
models.put("contentSection", section.getLabel()); return showDocumentFolderNotFound(section, folderPath);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
} }
} }
if (!permissionChecker.isPermitted(ItemPrivileges.ADMINISTER, folder)) { if (!itemPermissionChecker.canAdministerItems(folder)) {
models.put("sectionidentifier", sectionIdentifier); return sectionsUi.showAccessDenied(
models.put("folderPath", folderPath); "sectionidentifier", sectionIdentifier,
return "org/librecms/ui/contentsection/access-denied.xhtml"; "folderPath", folderPath
);
} }
final Optional<Role> roleResult = roleRepo.findByName(roleParam); final Optional<Role> roleResult = roleRepo.findByName(roleParam);
@ -537,20 +497,17 @@ public class DocumentFolderController {
@PathParam("folderPath") final String folderPath, @PathParam("folderPath") final String folderPath,
@FormParam("folderName") final String folderName @FormParam("folderName") final String folderName
) { ) {
final Optional<ContentSection> sectionResult = retrieveContentSection( final Optional<ContentSection> sectionResult = sectionsUi
sectionIdentifier .findContentSection(sectionIdentifier);
);
if (!sectionResult.isPresent()) { if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier); return sectionsUi.showContentSectionNotFound(sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
} }
final ContentSection section = sectionResult.get(); final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted( if (!itemPermissionChecker.canEditItems(section)) {
ItemPrivileges.EDIT, section.getRootDocumentsFolder() return sectionsUi.showAccessDenied(
)) { "sectionidentifier", sectionIdentifier
models.put("sectionidentifier", sectionIdentifier); );
return "org/librecms/ui/contentsection/access-denied.xhtml";
} }
final Folder folder; final Folder folder;
@ -565,15 +522,14 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else { } else {
models.put("contentSection", section.getLabel()); return showDocumentFolderNotFound(section, folderPath);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
} }
if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) { if (!itemPermissionChecker.canEditItems(folder)) {
models.put("sectionidentifier", sectionIdentifier); return sectionsUi.showAccessDenied(
models.put("folderPath", folderPath); "sectionidentifier", sectionIdentifier,
return "org/librecms/ui/contentsection/access-denied.xhtml"; "folderPath", folderPath
);
} }
folder.setName(folderName); folder.setName(folderName);
@ -592,32 +548,6 @@ public class DocumentFolderController {
); );
} }
private Optional<ContentSection> retrieveContentSection(
final String sectionIdentifier
) {
final Identifier identifier = identifierParser.parseIdentifier(
sectionIdentifier
);
final Optional<ContentSection> sectionResult;
switch (identifier.getType()) {
case ID:
sectionResult = sectionRepo.findById(
Long.parseLong(identifier.getIdentifier())
);
break;
case UUID:
sectionResult = sectionRepo.findByUuid(identifier
.getIdentifier());
break;
default:
sectionResult = sectionRepo.findByLabel(identifier
.getIdentifier());
break;
}
return sectionResult;
}
private List<FolderBreadcrumbsModel> buildBreadcrumbs( private List<FolderBreadcrumbsModel> buildBreadcrumbs(
final String folderPath final String folderPath
) { ) {
@ -767,4 +697,12 @@ public class DocumentFolderController {
return row; return row;
} }
private String showDocumentFolderNotFound(
final ContentSection section, final String folderPath
) {
models.put("contentSection", section.getLabel());
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
}
} }

214
ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java 100644
View File

@ -0,0 +1,214 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.ItemPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class ItemPermissionChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canAdministerItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, item
);
}
public boolean canAdministerItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, section.getRootDocumentsFolder()
);
}
public boolean canAdministerItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, folder
);
}
public boolean canApplyAlternateWorkflowItems(
final ContentSection section
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW,
section.getRootDocumentsFolder()
);
}
public boolean canApplyAlternateWorkflowItems(
final ContentItem item
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, item
);
}
public boolean canApplyAlternateWorkflowItems(
final Folder folder
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, folder
);
}
public boolean canApproveItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, item
);
}
public boolean canApproveItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, section.getRootDocumentsFolder()
);
}
public boolean canApproveItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, folder
);
}
public boolean canCategorizeItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, item
);
}
public boolean canCategorizeItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, section.getRootDocumentsFolder()
);
}
public boolean canCategorizeItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, folder
);
}
public boolean canCreateNewItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, item
);
}
public boolean canCreateNewItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, section.getRootDocumentsFolder()
);
}
public boolean canCreateNewItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, folder
);
}
public boolean canDeleteItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, item
);
}
public boolean canDeleteItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, section.getRootDocumentsFolder()
);
}
public boolean canDeleteItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, folder
);
}
public boolean canEditItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, item
);
}
public boolean canEditItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
);
}
public boolean canEditItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, folder
);
}
public boolean canPreviewItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, item
);
}
public boolean canPreviewItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, section.getRootDocumentsFolder()
);
}
public boolean canPreviewItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, folder
);
}
public boolean canPublishItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, item
);
}
public boolean canPublishItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, section.getRootDocumentsFolder()
);
}
public boolean canPublishItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, folder
);
}
public boolean canViewPublishedItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, item
);
}
public boolean canViewPublishedItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, section.getRootDocumentsFolder()
);
}
public boolean canViewPublishedItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, folder
);
}
}

31
ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java 100644
View File

@ -0,0 +1,31 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentType;
import org.librecms.contentsection.privileges.TypePrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class TypePermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canUseType(final ContentType type) {
return permissionChecker.isPermitted(
TypePrivileges.USE_TYPE, type
);
}
}