LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

Some refactoring 

Former-commit-id: dfe53097a12da0301837f3d7f1cf72373820efe1
pull/10/head
Jens Pelzetter 2021-03-02 20:33:16 +01:00
parent d2ddfac6e8
commit 5c2c27e4aa
22 changed files with 596 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/ContentSectionPage.java
View File

@ -190,8 +190,7 @@ public class ContentSectionPage extends CMSPage implements ActionListener {
m_tabbedPane.setTabVisible(
state,
m_workflowPane,
permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW));
permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS));
m_tabbedPane.setTabVisible(
state,
m_categoryPane,

2
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java
View File

@ -91,7 +91,7 @@ class BaseTaskForm extends BaseForm {
addAction(new Finish());
addAction(new Cancel());
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
addValidationListener(new ValidationListener());
}

2
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java
View File

@ -49,7 +49,7 @@ class BaseWorkflowForm extends BaseForm {
addAction(new Finish());
addAction(new Cancel());
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
addValidationListener(new ValidationListener());
}

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java
View File

@ -128,7 +128,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
protected class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) {
super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
super(child, AdminPrivileges.ADMINISTER_WORKFLOWS);
}
}
@ -184,7 +184,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
TaskDeleteForm() {
super(new Label(gz("cms.ui.workflow.task.delete_prompt")));
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
}
@Override

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/ItemWorkflowItemPane.java
View File

@ -87,8 +87,7 @@ final class ItemWorkflowItemPane extends BaseWorkflowItemPane {
final ContentSection section = CMS.getContext().getContentSection();
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW, section);
return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section);
}

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java
View File

@ -164,8 +164,7 @@ class TaskAddRole extends CMSForm {
final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class);
if (!permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW)) {
if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS)) {
throw new FormProcessException(
new GlobalizedMessage(
"cms.ui.workflow.insufficient_privileges",

5
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java
View File

@ -119,14 +119,13 @@ final class TaskItemPane extends BaseItemPane {
final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class);
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW);
return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS);
}
private class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) {
super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
super(child, AdminPrivileges.ADMINISTER_WORKFLOWS);
}
}

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java
View File

@ -56,7 +56,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
getDeleteLink()));
addAction(new VisibilityComponent(
getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW));
getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOWS));
}
private class DeleteForm extends BaseDeleteForm {
@ -64,7 +64,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
DeleteForm() {
super(gz("cms.ui.workflow.delete_prompt"));
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOWS);
}
@Override

6
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
View File

@ -186,7 +186,7 @@ public class ContentSectionManager {
addRoleToContentSection(section,
MANAGER,
AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW,
AdminPrivileges.ADMINISTER_WORKFLOWS,
AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES,
@ -424,7 +424,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addWorkflowTemplateToContentSection(
final Workflow template,
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS)
final ContentSection section) {
Objects.requireNonNull(template);
@ -451,7 +451,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeWorkflowTemplateFromContentSection(
final Workflow template,
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOWS)
final ContentSection section) {
section.removeWorkflowTemplate(template);

2
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java
View File

@ -201,7 +201,7 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup {
grantPermissions(manager,
section,
AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW,
AdminPrivileges.ADMINISTER_WORKFLOWS,
AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES);

2
ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java
View File

@ -71,7 +71,7 @@ public final class AdminPrivileges {
*
* @see ContentSection#workflowTemplates
*/
public static final String ADMINISTER_WORKFLOW = "administer_workflow";
public static final String ADMINISTER_WORKFLOWS = "administer_workflows";
private AdminPrivileges() {
//Nothing

55
ccm-cms/src/main/java/org/librecms/ui/contentsections/AdminPermissionsChecker.java 100644
View File

@ -0,0 +1,55 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.AdminPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class AdminPermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canAdministerCategories(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CATEGORIES, section
);
}
public boolean canAdministerContentTypes(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CONTENT_TYPES, section
);
}
public boolean canAdministerLifecycles(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_LIFECYLES, section
);
}
public boolean canAdministerRoles(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_ROLES, section
);
}
public boolean canAdministerWorkflows(final ContentSection section) {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOWS, section
);
}
}

104
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderController.java
View File

@ -5,8 +5,6 @@
*/
package org.librecms.ui.contentsections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.PermissionChecker;
@ -18,7 +16,6 @@ import org.librecms.contentsection.AssetFolderEntry;
import org.librecms.contentsection.AssetManager;
import org.librecms.contentsection.AssetRepository;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.FolderManager;
import org.librecms.contentsection.FolderRepository;
@ -46,7 +43,6 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -63,7 +59,10 @@ public class AssetFolderController {
private AssetFolderTree assetFolderTree;
@Inject
private AssetPermissions assetPermissions;
private AssetPermissionsModelProvider assetPermissions;
@Inject
private AssetPermissionsChecker assetPermissionsChecker;
@Inject
private AssetManager assetManager;
@ -74,9 +73,6 @@ public class AssetFolderController {
@Inject
private ContentSectionModel contentSectionModel;
@Inject
private ContentSectionRepository sectionRepo;
@Inject
private ContentSectionsUi sectionsUi;
@ -98,19 +94,12 @@ public class AssetFolderController {
@Inject
private Models models;
@Inject
private PermissionChecker permissionChecker;
@Inject
private PermissionManager permissionManager;
@Inject
private RoleRepository roleRepo;
private static final Logger LOGGER = LogManager.getLogger(
AssetFolderController.class
);
@GET
@Path("/")
@AuthorizationRequired
@ -145,9 +134,7 @@ public class AssetFolderController {
}
final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
if (!assetPermissionsChecker.canEditAssets(section)) {
sectionsUi.showAccessDenied("sectionIdentifier", sectionIdentifier);
}
@ -172,7 +159,7 @@ public class AssetFolderController {
}
}
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) {
if (!assetPermissionsChecker.canEditAssets(folder)) {
return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier,
"folderPath", folderPath
@ -200,10 +187,10 @@ public class AssetFolderController {
assetFolderModel.setPath(folderPath);
assetFolderModel.setCanCreateSubFolders(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder)
assetPermissionsChecker.canCreateAssets(folder)
);
assetFolderModel.setCanCreateAssets(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder)
assetPermissionsChecker.canCreateAssets(folder)
);
assetFolderModel.setGrantedPermissions(
grantedPrivileges.buildPermissionsMatrix(section, folder)
@ -240,19 +227,17 @@ public class AssetFolderController {
@PathParam("parentFolderPath") final String parentFolderPath,
@FormParam("folderName") final String folderName
) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
final ContentSection section;
if (sectionResult.isSuccessful()) {
section = sectionResult.getResult();
if (sectionResult.isPresent()) {
section = sectionResult.get();
} else {
return sectionResult.getFailedResponseTemplate();
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
if (!permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
if (!assetPermissionsChecker.canEditAssets(section)) {
return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier
);
@ -277,9 +262,7 @@ public class AssetFolderController {
}
}
if (!permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, parentFolder
)) {
if (!assetPermissionsChecker.canEditAssets(parentFolder)) {
return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier,
"folderPath", parentFolderPath
@ -320,17 +303,15 @@ public class AssetFolderController {
@FormParam("permissions") final List<String> permissions
) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
final ContentSection section;
if (sectionResult.isSuccessful()) {
section = sectionResult.getResult();
if (sectionResult.isPresent()) {
section = sectionResult.get();
} else {
return sectionResult.getFailedResponseTemplate();
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
if (!permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
if (!assetPermissionsChecker.canEditAssets(section)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
}
@ -357,7 +338,7 @@ public class AssetFolderController {
}
}
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) {
if (!assetPermissionsChecker.canEditAssets(folder)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
@ -405,17 +386,15 @@ public class AssetFolderController {
@PathParam("folderPath") final String folderPath,
@FormParam("folderName") final String folderName
) {
final RetrieveResult<ContentSection> sectionResult = sectionsUi
.retrieveContentSection(sectionIdentifier);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
final ContentSection section;
if (sectionResult.isSuccessful()) {
section = sectionResult.getResult();
if (sectionResult.isPresent()) {
section = sectionResult.get();
} else {
return sectionResult.getFailedResponseTemplate();
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
if (!permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
)) {
if (!assetPermissionsChecker.canEditAssets(section)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
}
@ -437,7 +416,7 @@ public class AssetFolderController {
return "org/librecms/ui/contentsection/assetfolder/assetfolder-not-found.xhtml";
}
if (!permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)) {
if (!assetPermissionsChecker.canEditAssets(folder)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
@ -459,31 +438,6 @@ public class AssetFolderController {
);
}
// private Optional<ContentSection> retrieveContentSection(
// final String sectionIdentifier
// ) {
// final Identifier identifier = identifierParser.parseIdentifier(
// sectionIdentifier
// );
//
// final Optional<ContentSection> sectionResult;
// switch (identifier.getType()) {
// case ID:
// sectionResult = sectionRepo.findById(
// Long.parseLong(identifier.getIdentifier())
// );
// break;
// case UUID:
// sectionResult = sectionRepo.findByUuid(identifier
// .getIdentifier());
// break;
// default:
// sectionResult = sectionRepo.findByLabel(identifier
// .getIdentifier());
// break;
// }
// return sectionResult;
// }
private String showAssetFolderNotFound(
final ContentSection section, final String folderPath
) {

2
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetFolderTree.java
View File

@ -20,7 +20,7 @@ public class AssetFolderTree
extends AbstractFolderTree<AssetFolderTreeNode, AssetPermissionsModel> {
@Inject
private AssetPermissions assetPermissions;
private AssetPermissionsModelProvider assetPermissions;
@Override
public AssetFolderTreeNode newFolderTreeNode() {

117
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsChecker.java 100644
View File

@ -0,0 +1,117 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.Asset;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.AssetPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class AssetPermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canCreateAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, asset
);
}
public boolean canCreateAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, section.getRootAssetsFolder()
);
}
public boolean canCreateAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.CREATE_NEW, folder
);
}
public boolean canDeleteAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, asset
);
}
public boolean canDeleteAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, section.getRootAssetsFolder()
);
}
public boolean canDeleteAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.DELETE, folder
);
}
public boolean canUseAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, asset
);
}
public boolean canUseAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, section.getRootAssetsFolder()
);
}
public boolean canUseAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.USE, folder
);
}
public boolean canEditAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, asset
);
}
public boolean canEditAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, section.getRootAssetsFolder()
);
}
public boolean canEditAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.EDIT, folder
);
}
public boolean canViewAssets(final Asset asset) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, asset
);
}
public boolean canViewAssets(final ContentSection section) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, section.getRootAssetsFolder()
);
}
public boolean canViewAssets(final Folder folder) {
return permissionChecker.isPermitted(
AssetPrivileges.VIEW, folder
);
}
}

26
ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissions.java → ccm-cms/src/main/java/org/librecms/ui/contentsections/AssetPermissionsModelProvider.java
View File

@ -5,10 +5,8 @@
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.Asset;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.AssetPrivileges;
import javax.enterprise.context.Dependent;
import javax.inject.Inject;
@ -18,29 +16,29 @@ import javax.inject.Inject;
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Dependent
class AssetPermissions {
class AssetPermissionsModelProvider {
@Inject
private PermissionChecker permissionChecker;
private AssetPermissionsChecker permissionChecker;
public AssetPermissionsModel buildAssetPermissionsModel(
final Folder folder
) {
final AssetPermissionsModel model = new AssetPermissionsModel();
model.setGrantedCreateNew(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, folder)
permissionChecker.canCreateAssets(folder)
);
model.setGrantedDelete(
permissionChecker.isPermitted(AssetPrivileges.DELETE, folder)
permissionChecker.canDeleteAssets(folder)
);
model.setGrantedEdit(
permissionChecker.isPermitted(AssetPrivileges.EDIT, folder)
permissionChecker.canEditAssets(folder)
);
model.setGrantedUse(
permissionChecker.isPermitted(AssetPrivileges.USE, folder)
permissionChecker.canUseAssets(folder)
);
model.setGrantedView(
permissionChecker.isPermitted(AssetPrivileges.VIEW, folder)
permissionChecker.canViewAssets(folder)
);
return model;
@ -51,19 +49,19 @@ class AssetPermissions {
) {
final AssetPermissionsModel model = new AssetPermissionsModel();
model.setGrantedCreateNew(
permissionChecker.isPermitted(AssetPrivileges.CREATE_NEW, asset)
permissionChecker.canCreateAssets(asset)
);
model.setGrantedDelete(
permissionChecker.isPermitted(AssetPrivileges.DELETE, asset)
permissionChecker.canDeleteAssets(asset)
);
model.setGrantedEdit(
permissionChecker.isPermitted(AssetPrivileges.EDIT, asset)
permissionChecker.canEditAssets(asset)
);
model.setGrantedUse(
permissionChecker.isPermitted(AssetPrivileges.USE, asset)
permissionChecker.canUseAssets(asset)
);
model.setGrantedView(
permissionChecker.isPermitted(AssetPrivileges.VIEW, asset)
permissionChecker.canViewAssets(asset)
);
return model;

3
ccm-cms/src/main/java/org/librecms/ui/contentsections/ConfigurationController.java
View File

@ -105,8 +105,7 @@ public class ConfigurationController {
|| permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_ROLES, section
)
|| permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW, section
|| permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section
);
}

3
ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java
View File

@ -94,8 +94,7 @@ public class ContentSectionModel {
}
public boolean getCanAdministerWorkflows() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW, section
return permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_WORKFLOWS, section
);
}

85
ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionsUi.java
View File

@ -7,11 +7,12 @@ package org.librecms.ui.contentsections;
import org.libreccm.api.Identifier;
import org.libreccm.api.IdentifierParser;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.enterprise.context.RequestScoped;
@ -33,11 +34,16 @@ class ContentSectionsUi {
private Models models;
private PermissionChecker permissionChecker;
public Optional<ContentSection> findContentSection(
final String identifierParam
) {
final Identifier sectionIdentifier = identifierParser.parseIdentifier(
identifierParam
Objects.requireNonNull(
identifierParam,
"Can't retrieve a ContentSection for identifier null."
)
);
switch (sectionIdentifier.getType()) {
@ -82,42 +88,41 @@ class ContentSectionsUi {
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
}
public RetrieveResult<ContentSection> retrieveContentSection(
final String identifierParam
) {
final Identifier sectionIdentifier = identifierParser.parseIdentifier(
identifierParam
);
final Optional<ContentSection> sectionResult;
switch (sectionIdentifier.getType()) {
case ID:
sectionResult = sectionRepo.findById(
Long.parseLong(
sectionIdentifier.getIdentifier()
)
);
break;
case UUID:
sectionResult = sectionRepo.findByUuid(
sectionIdentifier.getIdentifier()
);
break;
default:
sectionResult = sectionRepo.findByLabel(
sectionIdentifier.getIdentifier()
);
break;
}
if (sectionResult.isPresent()) {
return RetrieveResult.successful(sectionResult.get());
} else {
models.put("sectionIdentifier", sectionIdentifier);
return RetrieveResult.failed(
"org/librecms/ui/contentsection/contentsection-not-found.xhtml"
);
}
}
// public RetrieveResult<ContentSection> retrieveContentSection(
// final String identifierParam
// ) {
// final Identifier sectionIdentifier = identifierParser.parseIdentifier(
// identifierParam
// );
//
// final Optional<ContentSection> sectionResult;
// switch (sectionIdentifier.getType()) {
// case ID:
// sectionResult = sectionRepo.findById(
// Long.parseLong(
// sectionIdentifier.getIdentifier()
// )
// );
// break;
// case UUID:
// sectionResult = sectionRepo.findByUuid(
// sectionIdentifier.getIdentifier()
// );
// break;
// default:
// sectionResult = sectionRepo.findByLabel(
// sectionIdentifier.getIdentifier()
// );
// break;
// }
//
// if (sectionResult.isPresent()) {
// return RetrieveResult.successful(sectionResult.get());
// } else {
// models.put("sectionIdentifier", sectionIdentifier);
// return RetrieveResult.failed(
// "org/librecms/ui/contentsection/contentsection-not-found.xhtml"
// );
// }
// }
}

210
ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java
View File

@ -84,6 +84,9 @@ public class DocumentFolderController {
@Inject
private ContentSectionModel contentSectionModel;
@Inject
private ContentSectionsUi sectionsUi;
@Inject
private ContentTypeRepository contentTypeRepo;
@ -102,9 +105,6 @@ public class DocumentFolderController {
@Inject
private Models models;
@Inject
private ContentSectionRepository sectionRepo;
@Inject
private IdentifierParser identifierParser;
@ -129,6 +129,9 @@ public class DocumentFolderController {
@Inject
private CurrentUserDocumentPermissions currentUserPermissions;
@Inject
private ItemPermissionChecker itemPermissionChecker;
@GET
@Path("/")
@AuthorizationRequired
@ -156,24 +159,21 @@ public class DocumentFolderController {
@QueryParam("maxResults") @DefaultValue("20") final int maxResults
) {
final long start = System.currentTimeMillis();
final Optional<ContentSection> sectionResult = retrieveContentSection(
sectionIdentifier
);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
LOGGER.info("Retrieved content section in {} ms",
System.currentTimeMillis() - start
);
if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(section)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier
);
}
contentSectionModel.setSection(section);
@ -194,16 +194,15 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else {
models.put("contentSection", section.getLabel());
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
return showDocumentFolderNotFound(section, folderPath);
}
}
if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(folder)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier,
"folderPath", folderPath
);
}
final List<DocumentFolderEntry> folderEntries = folderRepo
@ -232,19 +231,13 @@ public class DocumentFolderController {
documentFolderModel.setPath(folderPath);
documentFolderModel.setCanCreateSubFolders(
permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, folder
)
itemPermissionChecker.canCreateNewItems(folder)
);
documentFolderModel.setCanCreateItems(
permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, folder
)
itemPermissionChecker.canCreateNewItems(folder)
);
documentFolderModel.setCanAdminister(
permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, folder
)
itemPermissionChecker.canAdministerItems(folder)
);
documentFolderModel.setGrantedPermissions(
grantedPrivileges.buildPermissionsMatrix(section, folder)
@ -266,32 +259,12 @@ public class DocumentFolderController {
public String createTestData(
@PathParam("sectionIdentifier") final String sectionIdentifier
) {
final Identifier identifier = identifierParser.parseIdentifier(
sectionIdentifier
);
final Optional<ContentSection> sectionResult;
switch (identifier.getType()) {
case ID:
sectionResult = sectionRepo.findById(
Long.parseLong(identifier.getIdentifier())
);
break;
case UUID:
sectionResult = sectionRepo.findByUuid(identifier
.getIdentifier());
break;
default:
sectionResult = sectionRepo.findByLabel(identifier
.getIdentifier());
break;
}
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
if (sectionResult.isPresent()) {
final ContentSection section = sectionResult.get();
if (permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
if (itemPermissionChecker.canEditItems(section)) {
if (section.getRootDocumentsFolder().getObjects().isEmpty()) {
folderManager.createFolder(
"folder-1", section.getRootDocumentsFolder()
@ -343,12 +316,12 @@ public class DocumentFolderController {
return "org/librecms/ui/contentsection/documentfolder/testdata.xhtml";
}
} else {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier
);
}
} else {
models.put("sectionIdentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
}
@ -374,21 +347,17 @@ public class DocumentFolderController {
@PathParam("parentFolderPath") final String parentFolderPath,
@FormParam("folderName") final String folderName
) {
final Optional<ContentSection> sectionResult = retrieveContentSection(
sectionIdentifier
);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(section)) {
return sectionsUi.showAccessDenied(
"sectionIdentifier", sectionIdentifier
);
}
final Folder parentFolder;
@ -404,18 +373,15 @@ public class DocumentFolderController {
if (parentFolderResult.isPresent()) {
parentFolder = parentFolderResult.get();
} else {
models.put("contentSection", section.getLabel());
models.put("folderPath", parentFolderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
return showDocumentFolderNotFound(section, folderName);
}
}
if (!permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, parentFolder
)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", parentFolderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canCreateNewItems(parentFolder)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier,
"folderPath", parentFolderPath
);
}
folderManager.createFolder(folderName, parentFolder);
@ -451,20 +417,15 @@ public class DocumentFolderController {
@PathParam("role") final String roleParam,
@FormParam("permissions") final List<String> permissions
) {
final Optional<ContentSection> sectionResult = retrieveContentSection(
sectionIdentifier
);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(section)) {
sectionsUi.showAccessDenied("sectionidentifier", sectionIdentifier);
}
final Folder folder;
@ -483,16 +444,15 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else {
models.put("contentSection", section.getLabel());
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
return showDocumentFolderNotFound(section, folderPath);
}
}
if (!permissionChecker.isPermitted(ItemPrivileges.ADMINISTER, folder)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canAdministerItems(folder)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier,
"folderPath", folderPath
);
}
final Optional<Role> roleResult = roleRepo.findByName(roleParam);
@ -537,20 +497,17 @@ public class DocumentFolderController {
@PathParam("folderPath") final String folderPath,
@FormParam("folderName") final String folderName
) {
final Optional<ContentSection> sectionResult = retrieveContentSection(
sectionIdentifier
);
final Optional<ContentSection> sectionResult = sectionsUi
.findContentSection(sectionIdentifier);
if (!sectionResult.isPresent()) {
models.put("sectionIdentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/contentsection-not-found.xhtml";
return sectionsUi.showContentSectionNotFound(sectionIdentifier);
}
final ContentSection section = sectionResult.get();
if (!permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
)) {
models.put("sectionidentifier", sectionIdentifier);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(section)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier
);
}
final Folder folder;
@ -565,15 +522,14 @@ public class DocumentFolderController {
documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath));
} else {
models.put("contentSection", section.getLabel());
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
return showDocumentFolderNotFound(section, folderPath);
}
if (!permissionChecker.isPermitted(ItemPrivileges.EDIT, folder)) {
models.put("sectionidentifier", sectionIdentifier);
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/access-denied.xhtml";
if (!itemPermissionChecker.canEditItems(folder)) {
return sectionsUi.showAccessDenied(
"sectionidentifier", sectionIdentifier,
"folderPath", folderPath
);
}
folder.setName(folderName);
@ -592,32 +548,6 @@ public class DocumentFolderController {
);
}
private Optional<ContentSection> retrieveContentSection(
final String sectionIdentifier
) {
final Identifier identifier = identifierParser.parseIdentifier(
sectionIdentifier
);
final Optional<ContentSection> sectionResult;
switch (identifier.getType()) {
case ID:
sectionResult = sectionRepo.findById(
Long.parseLong(identifier.getIdentifier())
);
break;
case UUID:
sectionResult = sectionRepo.findByUuid(identifier
.getIdentifier());
break;
default:
sectionResult = sectionRepo.findByLabel(identifier
.getIdentifier());
break;
}
return sectionResult;
}
private List<FolderBreadcrumbsModel> buildBreadcrumbs(
final String folderPath
) {
@ -767,4 +697,12 @@ public class DocumentFolderController {
return row;
}
private String showDocumentFolderNotFound(
final ContentSection section, final String folderPath
) {
models.put("contentSection", section.getLabel());
models.put("folderPath", folderPath);
return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml";
}
}

214
ccm-cms/src/main/java/org/librecms/ui/contentsections/ItemPermissionChecker.java 100644
View File

@ -0,0 +1,214 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.ItemPrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class ItemPermissionChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canAdministerItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, item
);
}
public boolean canAdministerItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, section.getRootDocumentsFolder()
);
}
public boolean canAdministerItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.ADMINISTER, folder
);
}
public boolean canApplyAlternateWorkflowItems(
final ContentSection section
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW,
section.getRootDocumentsFolder()
);
}
public boolean canApplyAlternateWorkflowItems(
final ContentItem item
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, item
);
}
public boolean canApplyAlternateWorkflowItems(
final Folder folder
) {
return permissionChecker.isPermitted(
ItemPrivileges.APPLY_ALTERNATE_WORKFLOW, folder
);
}
public boolean canApproveItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, item
);
}
public boolean canApproveItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, section.getRootDocumentsFolder()
);
}
public boolean canApproveItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.APPROVE, folder
);
}
public boolean canCategorizeItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, item
);
}
public boolean canCategorizeItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, section.getRootDocumentsFolder()
);
}
public boolean canCategorizeItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.CATEGORIZE, folder
);
}
public boolean canCreateNewItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, item
);
}
public boolean canCreateNewItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, section.getRootDocumentsFolder()
);
}
public boolean canCreateNewItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.CREATE_NEW, folder
);
}
public boolean canDeleteItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, item
);
}
public boolean canDeleteItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, section.getRootDocumentsFolder()
);
}
public boolean canDeleteItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.DELETE, folder
);
}
public boolean canEditItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, item
);
}
public boolean canEditItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, section.getRootDocumentsFolder()
);
}
public boolean canEditItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.EDIT, folder
);
}
public boolean canPreviewItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, item
);
}
public boolean canPreviewItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, section.getRootDocumentsFolder()
);
}
public boolean canPreviewItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.PREVIEW, folder
);
}
public boolean canPublishItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, item
);
}
public boolean canPublishItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, section.getRootDocumentsFolder()
);
}
public boolean canPublishItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.PUBLISH, folder
);
}
public boolean canViewPublishedItems(final ContentItem item) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, item
);
}
public boolean canViewPublishedItems(final ContentSection section) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, section.getRootDocumentsFolder()
);
}
public boolean canViewPublishedItems(final Folder folder) {
return permissionChecker.isPermitted(
ItemPrivileges.VIEW_PUBLISHED, folder
);
}
}

31
ccm-cms/src/main/java/org/librecms/ui/contentsections/TypePermissionsChecker.java 100644
View File

@ -0,0 +1,31 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentType;
import org.librecms.contentsection.privileges.TypePrivileges;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class TypePermissionsChecker {
@Inject
private PermissionChecker permissionChecker;
public boolean canUseType(final ContentType type) {
return permissionChecker.isPermitted(
TypePrivileges.USE_TYPE, type
);
}
}