CCM NG: Fixed permission check for Assets (#2801)

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@5324 8810af33-2d31-482b-a856-94f89814c4df Former-commit-id: d91e414389
2018-03-02 15:32:44 +00:00 · 2018-03-02 15:32:44 +00:00 · 5e283ffe5b
parent 759a0716f3
commit 5e283ffe5b
1 changed files with 33 additions and 1 deletions
--- a/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java
@ -18,6 +18,8 @@
 */
 package org.librecms.contentsection;

+import com.arsdigita.kernel.KernelConfig;
+
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.libreccm.auditing.AbstractAuditedEntityRepository;
@ -25,6 +27,7 @@ import org.libreccm.categorization.Categorization;
 import org.libreccm.categorization.Category;
 import org.libreccm.categorization.CategoryManager;
 import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
+import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.core.CcmObjectRepository;
 import org.libreccm.core.UnexpectedErrorException;
 import org.libreccm.security.AuthorizationRequired;
@ -33,8 +36,10 @@ import org.libreccm.security.PermissionChecker;
 import org.libreccm.security.PermissionManager;
 import org.libreccm.security.RequiresPrivilege;
 import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
 import org.libreccm.security.Shiro;
 import org.libreccm.security.User;
+import org.libreccm.security.UserRepository;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import org.librecms.contentsection.rs.Assets;

@ -74,6 +79,9 @@ public class AssetRepository
    @Inject
    private CcmObjectRepository ccmObjectRepo;
    
+    @Inject
+    private ConfigurationManager confManager;
+
    @Inject
    private EntityManager entityManager;

@ -86,9 +94,15 @@ public class AssetRepository
    @Inject
    private PermissionManager permissionManager;

+    @Inject
+    private RoleManager roleManager;
+    
    @Inject
    private Shiro shiro;
    
+    @Inject
+    private UserRepository userRepository;
+
    @Override
    public Long getEntityId(final Asset asset) {
        return asset.getObjectId();
@ -677,8 +691,26 @@ public class AssetRepository
                .map(membership -> membership.getRole())
                .collect(Collectors.toList());
        } else {
+            
+            final Optional<User> publicUser;
+            
+            final KernelConfig kernelConfig = confManager
+                .findConfiguration(KernelConfig.class);
+            final String principal = (String) shiro
+                .getPublicUser()
+                .getPrincipal();
+            if (kernelConfig.emailIsPrimaryIdentifier()) {
+                publicUser = userRepository.findByEmailAddress(principal);
+            } else {
+                publicUser = userRepository.findByName(principal);
+            }
+
+            if (publicUser.isPresent()) {
+                roles = roleManager.findAllRolesForUser(publicUser.get());
+            } else {
                roles = Collections.emptyList();
            }
+        }

        final boolean isSystemUser = shiro.isSystemUser();
        final boolean isAdmin = permissionChecker.isPermitted("*");