From 660b2926c6622f78a960c69f59059f0ce2aae4d7 Mon Sep 17 00:00:00 2001 From: jensp Date: Sat, 13 May 2017 09:38:30 +0000 Subject: [PATCH] CCM NG/ccm-cms: AssetRepository queries now check permissions git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4733 8810af33-2d31-482b-a856-94f89814c4df Former-commit-id: f5f485e360d27b2b71cd173770ffb8eca1d7ee30 --- .../org/librecms/contentsection/Asset.java | 299 ++++++++++++++---- .../contentsection/AssetRepository.java | 65 +++- .../librecms/contentsection/ContentItem.java | 28 +- .../contentsection/AssetRepositoryTest.java | 209 ++++++++---- .../AssetRepositoryTest/data.xml | 2 +- 5 files changed, 470 insertions(+), 133 deletions(-) diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java b/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java index 629a28fc2..228a6066d 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/Asset.java @@ -23,6 +23,7 @@ import org.libreccm.categorization.Categorization; import org.libreccm.core.CcmObject; import org.libreccm.l10n.LocalizedString; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AssetPrivileges; import java.util.ArrayList; import java.util.Collections; @@ -56,124 +57,306 @@ import static org.librecms.CmsConstants.*; @Inheritance(strategy = InheritanceType.JOINED) @Audited @NamedQueries({ - @NamedQuery(name = "Asset.findByUuid", - query = "SELECT a FROM Asset a WHERE a.uuid = :uuid") + @NamedQuery( + name = "Asset.findByUuid", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "LEFT JOIN a.permissions p " + + "WHERE a.uuid = :uuid " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByType", - query = "SELECT a FROM Asset a " - + "WHERE TYPE(a) = :type " - + "AND a.categories IS NOT EMPTY") + @NamedQuery( + name = "Asset.findByType", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "LEFT JOIN a.permissions p " + + "WHERE TYPE(a) = :type " + + "AND a.categories IS NOT EMPTY " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ") " + + "ORDER BY a.displayName") , - @NamedQuery(name = "Asset.findByTypeAndContentSection", - query = "SELECT a FROM Asset a " - + "JOIN a.categories c " - + "WHERE TYPE(a) = :type " - + "AND c.category.section = :section") + @NamedQuery( + name = "Asset.findByTypeAndContentSection", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + + "WHERE TYPE(a) = :type " + + "AND c.category.section = :section " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByUuidAndType", - query = "SELECT a FROM Asset a " - + "WHERE a.uuid = :uuid " - + "AND TYPE(a) = :type") + @NamedQuery( + name = "Asset.findByUuidAndType", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "LEFT JOIN a.permissions p " + + "WHERE a.uuid = :uuid " + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByContentSection", - query = "SELECT a FROM Asset a " - + "JOIN a.categories c " - + "WHERE c.category.section = :section") + @NamedQuery( + name = "Asset.findByContentSection", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + + "WHERE c.category.section = :section " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByTitle'", - query = "SELECT a FROM Asset a " - + "JOIN a.title.values t " - + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " - + "AND a.categories IS NOT EMPTY") + @NamedQuery( + name = "Asset.findByTitle'", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.title.values t " + + "LEFT JOIN a.permissions p " + + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " + + "AND a.categories IS NOT EMPTY " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByTitleAndContentSection", - query = "SELECT a FROM Asset a " - + "JOIN a.title.values t " - + "JOIN a.categories c " - + "WHERE LOWER(t) LIKE CONCAT('%s', :title, '%s') " - + "AND c.category.section = :section") + @NamedQuery( + name = "Asset.findByTitleAndContentSection", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.title.values t " + + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + + "WHERE LOWER(t) LIKE CONCAT('%s', :title, '%s') " + + "AND c.category.section = :section " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByTitleAndType", - query = "SELECT a FROM Asset a " - + "JOIN a.title.values t " - + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " - + "AND TYPE(a) = :type") + @NamedQuery( + name = "Asset.findByTitleAndType", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.title.values t " + + "LEFT JOIN a.permissions p " + + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , - @NamedQuery(name = "Asset.findByTitleAndTypeAndContentSection", - query = "SELECT a FROM Asset a " - + "JOIN a.title.values t " - + "JOIN a.categories c " - + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " - + "AND TYPE(a) = :type " - + "AND c.category.section = :section") + @NamedQuery( + name = "Asset.findByTitleAndTypeAndContentSection", + query = "SELECT DISTINCT a " + + "FROM Asset a " + + "JOIN a.title.values t " + + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + + "WHERE LOWER(t) LIKE CONCAT('%', :title, '%') " + + "AND TYPE(a) = :type " + + "AND c.category.section = :section " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.findByFolder", - query = "SELECT a FROM Asset a " + query = "SELECT DISTINCT a " + + "FROM Asset a " + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "'") + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.countInFolder", - query = "SELECT COUNT(a) FROM Asset a " + query = "SELECT COUNT(DISTINCT a) " + + "FROM Asset a " + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "'") + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.filterByFolderAndTitle", - query = "SELECT a FROM Asset a " + query = "SELECT DISTINCT a " + + "FROM Asset a " + "JOIN a.categories c " + "JOIN a.title.values t " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%')") + + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%') " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.countFilterByFolderAndTitle", - query = "SELECT COUNT(a) FROM Asset a " + query = "SELECT COUNT(DISTINCT a) " + + "FROM Asset a " + "JOIN a.categories c " + "JOIN a.title.values t " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%')") + + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%') " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.filterByFolderAndType", - query = "SELECT a FROM Asset a " + query = "SELECT DISTINCT a " + + "FROM Asset a " + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND TYPE(a) = :type") + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ") " + + "ORDER BY a.displayName") , @NamedQuery( name = "Asset.countFilterByFolderAndType", - query = "SELECT COUNT(a) FROM Asset a " + query = "SELECT COUNT(DISTINCT a) " + + "FROM Asset a " + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND TYPE(a) = :type") + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.filterByFolderAndTitleAndType", - query = "SELECT a FROM Asset a " + query = "SELECT DISTINCT a " + + "FROM Asset a " + "JOIN a.title.values t " + "JOIN a.categories c " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%') " - + "AND TYPE(a) = :type") + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") , @NamedQuery( name = "Asset.countFilterByFolderAndTitleAndType", - query = "SELECT COUNT(a) FROM Asset a " + query = "SELECT COUNT(DISTINCT a) " + + "FROM Asset a " + "JOIN a.categories c " + "JOIN a.title.values t " + + "LEFT JOIN a.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND LOWER(t) LIKE CONCAT('%', LOWER(:title), '%') " - + "AND TYPE(a) = :type") + + "AND TYPE(a) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " '" + AssetPrivileges.VIEW + "' " + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + ")") }) public class Asset extends CcmObject { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java b/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java index 66d46538d..803edf9e6 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/AssetRepository.java @@ -25,9 +25,14 @@ import org.libreccm.categorization.ObjectNotAssignedToCategoryException; import org.libreccm.core.CcmObjectRepository; import org.libreccm.core.UnexpectedErrorException; import org.libreccm.security.AuthorizationRequired; +import org.libreccm.security.PermissionChecker; import org.libreccm.security.RequiresPrivilege; +import org.libreccm.security.Role; +import org.libreccm.security.Shiro; +import org.libreccm.security.User; import org.librecms.contentsection.privileges.AssetPrivileges; +import java.util.Collections; import java.util.List; import java.util.Optional; import java.util.UUID; @@ -49,6 +54,12 @@ import javax.transaction.Transactional; public class AssetRepository extends AbstractAuditedEntityRepository { + @Inject + private Shiro shiro; + + @Inject + private PermissionChecker permissionChecker; + @Inject private EntityManager entityManager; @@ -150,9 +161,11 @@ public class AssetRepository */ @Transactional(Transactional.TxType.REQUIRED) public Optional findByUuid(final String uuid) { - final TypedQuery query = entityManager.createNamedQuery( - "Asset.findByUuid", Asset.class); + + final TypedQuery query = entityManager + .createNamedQuery("Asset.findByUuid", Asset.class); query.setParameter("uuid", uuid); + setAuthorizationParameters(query); try { return Optional.of(query.getSingleResult()); @@ -181,6 +194,7 @@ public class AssetRepository "Asset.findByUuidAndType", Asset.class); query.setParameter("uuid", uuid); query.setParameter("type", type); + setAuthorizationParameters(query); try { return Optional.of(query.getSingleResult()); @@ -195,6 +209,7 @@ public class AssetRepository final TypedQuery query = entityManager .createNamedQuery("Asset.findByContentSection", Asset.class); query.setParameter("section", section); + setAuthorizationParameters(query); return query.getResultList(); } @@ -217,6 +232,7 @@ public class AssetRepository final TypedQuery query = entityManager .createNamedQuery("Asset.findByTitle", Asset.class); query.setParameter("title", title); + setAuthorizationParameters(query); return query.getResultList(); } @@ -228,6 +244,7 @@ public class AssetRepository "Asset.findByTitleAndContentSection", Asset.class); query.setParameter("title", title); query.setParameter("section", section); + setAuthorizationParameters(query); return query.getResultList(); } @@ -247,6 +264,7 @@ public class AssetRepository final TypedQuery query = entityManager.createNamedQuery( "Asset.findByType", Asset.class); query.setParameter("type", type); + setAuthorizationParameters(query); return query.getResultList(); } @@ -270,6 +288,7 @@ public class AssetRepository "Asset.findByTypeAndContentSection", Asset.class); query.setParameter("type", type); query.setParameter("section", section); + setAuthorizationParameters(query); return query.getResultList(); } @@ -292,6 +311,7 @@ public class AssetRepository .createNamedQuery("Asset.findByTitle", Asset.class); query.setParameter("title", title); query.setParameter("type", type); + setAuthorizationParameters(query); return query.getResultList(); } @@ -302,12 +322,13 @@ public class AssetRepository final ContentSection section) { final TypedQuery query = entityManager - .createNamedQuery("Asset.findByTitleAndTypeAndContentSection", - Asset.class); + .createNamedQuery("Asset.findByTitleAndTypeAndContentSection", + Asset.class); query.setParameter("title", title); query.setParameter("type", type); query.setParameter("section", section); - + setAuthorizationParameters(query); + return query.getResultList(); } @@ -323,6 +344,7 @@ public class AssetRepository final TypedQuery query = entityManager.createNamedQuery( "Asset.findByFolder", Asset.class); query.setParameter("folder", folder); + setAuthorizationParameters(query); return query.getResultList(); } @@ -339,7 +361,8 @@ public class AssetRepository final TypedQuery query = entityManager.createNamedQuery( "Asset.countInFolder", Long.class); query.setParameter("folder", folder); - + setAuthorizationParameters(query); + return query.getSingleResult(); } @@ -362,6 +385,7 @@ public class AssetRepository "Asset.filterByFolderAndTitle", Asset.class); query.setParameter("folder", folder); query.setParameter("title", title); + setAuthorizationParameters(query); return query.getResultList(); } @@ -385,6 +409,7 @@ public class AssetRepository "Asset.countFilterByFolderAndTitle", Long.class); query.setParameter("folder", folder); query.setParameter("title", title); + setAuthorizationParameters(query); return query.getSingleResult(); } @@ -407,6 +432,7 @@ public class AssetRepository "Asset.filterByFolderAndType", Asset.class); query.setParameter("folder", folder); query.setParameter("type", type); + setAuthorizationParameters(query); return query.getResultList(); } @@ -427,6 +453,7 @@ public class AssetRepository "Asset.countFilterByFolderAndType", Long.class); query.setParameter("folder", folder); query.setParameter("type", type); + setAuthorizationParameters(query); return query.getSingleResult(); } @@ -453,6 +480,7 @@ public class AssetRepository query.setParameter("folder", folder); query.setParameter("type", type); query.setParameter("title", title); + setAuthorizationParameters(query); return query.getResultList(); } @@ -479,8 +507,33 @@ public class AssetRepository query.setParameter("folder", folder); query.setParameter("type", type); query.setParameter("title", title); + setAuthorizationParameters(query); return query.getSingleResult(); } + private void setAuthorizationParameters(final TypedQuery query) { + + final Optional user = shiro.getUser(); + final List roles; + if (user.isPresent()) { + roles = user + .get() + .getRoleMemberships() + .stream() + .map(membership -> membership.getRole()) + .collect(Collectors.toList()); + } else { + roles = Collections.emptyList(); + } + + + final boolean isSystemUser = shiro.isSystemUser(); + final boolean isAdmin = permissionChecker.isPermitted("*"); + + query.setParameter("roles", roles); + query.setParameter("isSystemUser", isSystemUser); + query.setParameter("isAdmin", isAdmin); + } + } diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java index af70ef0ca..dba0aac62 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java @@ -73,7 +73,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.objectId = :objectId " + "AND (" + " (" @@ -93,7 +93,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.uuid = :uuid " + "AND (" + " (" @@ -113,7 +113,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE TYPE(i) = :type " + "AND (" + " (" @@ -133,7 +133,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.objectId = :objectId " + "AND TYPE(i) = :type " + "AND (" @@ -154,7 +154,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.uuid = :uuid " + "AND TYPE(i) = :type " + "AND (" @@ -176,7 +176,7 @@ import static org.librecms.CmsConstants.*; = "SELECT DISTINCT i " + "FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND (" @@ -198,7 +198,7 @@ import static org.librecms.CmsConstants.*; = "SELECT COUNT(DISTINCT i) " + "FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND (" @@ -220,7 +220,7 @@ import static org.librecms.CmsConstants.*; = "SELECT DISTINCT i " + "FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND i.displayName = :name " @@ -242,7 +242,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT COUNT(DISTINCT i)" + " FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND i.displayName = :name " @@ -264,7 +264,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND LOWER(i.displayName) LIKE CONCAT(LOWER(:name), '%') " @@ -286,7 +286,7 @@ import static org.librecms.CmsConstants.*; name = "ContentItem.countFilterByFolderAndName", query = "SELECT COUNT(DISTINCT i) FROM ContentItem i " + "JOIN i.categories c " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND LOWER(i.displayName) LIKE CONCAT(LOWER(:name), '%') " @@ -316,7 +316,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.itemUuid = :uuid " + "AND i.version = 'DRAFT' " + "AND " @@ -329,7 +329,7 @@ import static org.librecms.CmsConstants.*; query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.itemUuid = :uuid " + "AND i.version = 'LIVE' " + "AND " @@ -344,7 +344,7 @@ import static org.librecms.CmsConstants.*; name = "ContentItem.findItemWithWorkflow", query = "SELECT DISTINCT i " + "FROM ContentItem i " - + "JOIN i.permissions p " + + "LEFT JOIN i.permissions p " + "WHERE i.workflow = :workflow " + "AND (" + " (" diff --git a/ccm-cms/src/test/java/org/librecms/contentsection/AssetRepositoryTest.java b/ccm-cms/src/test/java/org/librecms/contentsection/AssetRepositoryTest.java index 23f3bcd0f..0cdd77980 100644 --- a/ccm-cms/src/test/java/org/librecms/contentsection/AssetRepositoryTest.java +++ b/ccm-cms/src/test/java/org/librecms/contentsection/AssetRepositoryTest.java @@ -20,6 +20,7 @@ package org.librecms.contentsection; import static org.libreccm.testutils.DependenciesHelpers.*; +import org.apache.shiro.subject.Subject; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.ShouldThrowException; import org.jboss.arquillian.junit.Arquillian; @@ -47,11 +48,13 @@ import java.util.List; import java.util.Optional; import javax.inject.Inject; + import org.jboss.arquillian.persistence.CleanupUsingScript; import org.librecms.assets.FileAsset; import org.librecms.assets.Image; import org.librecms.assets.VideoAsset; +import org.librecms.contentsection.rs.Assets; import static org.hamcrest.CoreMatchers.*; import static org.junit.Assert.*; @@ -232,14 +235,31 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void findAssetByUuid() { - final Optional header = assetRepo.findByUuid( - "4635589f-b87a-46d9-979e-6af14af063e5"); - final Optional phb = assetRepo.findByUuid( - "0a192e98-3b28-49d0-833f-bc9ff5f9d1d4"); - final Optional datasheet = assetRepo.findByUuid( - "0393840f-06a6-4ec3-aeb3-a612f845ad60"); - final Optional none = assetRepo.findByUuid( - "5211bf56-c20b-40b3-8ef8-0c7d35325fda"); + + final Optional header = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuid("4635589f-b87a-46d9-979e-6af14af063e5"); + }); + final Optional phb = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuid("0a192e98-3b28-49d0-833f-bc9ff5f9d1d4"); + }); + final Optional datasheet = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuid("0393840f-06a6-4ec3-aeb3-a612f845ad60"); + }); + final Optional none = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuid("5211bf56-c20b-40b3-8ef8-0c7d35325fda"); + }); assertThat(header.isPresent(), is(true)); assertThat(header.get(), is(instanceOf(Asset.class))); @@ -272,9 +292,21 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void findAssetByUuidAndType() { - final Optional asset = assetRepo.findByUuidAndType( - "4635589f-b87a-46d9-979e-6af14af063e5", Image.class); - final Optional none = assetRepo.findByUuidAndType("4635589f-b87a-46d9-979e-6af14af063e5", FileAsset.class); + + final Optional asset = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuidAndType("4635589f-b87a-46d9-979e-6af14af063e5", + Image.class); + }); + final Optional none = shiro + .getSystemUser() + .execute(() -> { + return assetRepo + .findByUuidAndType("4635589f-b87a-46d9-979e-6af14af063e5", + FileAsset.class); + }); assertThat(asset.isPresent(), is(true)); assertThat(asset.get().getDisplayName(), is(equalTo("header.png"))); @@ -291,8 +323,13 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void findAssetByType() { - final List images = assetRepo.findByType(Image.class); - final List files = assetRepo.findByType(FileAsset.class); + + final List images = shiro + .getSystemUser() + .execute(() -> assetRepo.findByType(Image.class)); + final List files = shiro + .getSystemUser() + .execute(() -> assetRepo.findByType(FileAsset.class)); assertThat(images.isEmpty(), is(false)); assertThat(files.isEmpty(), is(false)); @@ -301,13 +338,14 @@ public class AssetRepositoryTest { assertThat(files.size(), is(2)); assertThat(images.get(0).getDisplayName(), is(equalTo("header.png"))); - assertThat(images.get(1).getDisplayName(), is(equalTo("the-phb.png"))); - assertThat(images.get(2).getDisplayName(), + assertThat(images.get(1).getDisplayName(), is(equalTo("services-header.png"))); + assertThat(images.get(2).getDisplayName(), is(equalTo("the-phb.png"))); + - assertThat(files.get(0).getDisplayName(), + assertThat(files.get(0).getDisplayName(), is(equalTo("catalog.pdf"))); + assertThat(files.get(1).getDisplayName(), is(equalTo("product1-datasheet.pdf"))); - assertThat(files.get(1).getDisplayName(), is(equalTo("catalog.pdf"))); } /** @@ -319,11 +357,16 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void findAssetsByFolder() { + final Folder media = folderRepo.findById(-400L).get(); final Folder data = folderRepo.findById(-500L).get(); - final List mediaAssets = assetRepo.findByFolder(media); - final List dataAssets = assetRepo.findByFolder(data); + final List mediaAssets = shiro + .getSystemUser() + .execute(() -> assetRepo.findByFolder(media)); + final List dataAssets = shiro + .getSystemUser() + .execute(() -> assetRepo.findByFolder(data)); assertThat(mediaAssets.size(), is(5)); assertThat(dataAssets.size(), is(0)); @@ -339,11 +382,18 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void countAssetsInFolder() { + final Folder media = folderRepo.findById(-400L).get(); final Folder data = folderRepo.findById(-500L).get(); - assertThat(assetRepo.countAssetsInFolder(media), is(5L)); - assertThat(assetRepo.countAssetsInFolder(data), is(0L)); + final Subject systemUser = shiro.getSystemUser(); + + assertThat( + systemUser.execute(() -> assetRepo.countAssetsInFolder(media)), + is(5L)); + assertThat( + systemUser.execute(() -> assetRepo.countAssetsInFolder(data)), + is(0L)); } /** @@ -355,12 +405,17 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void filterAssetByFolderAndTitle() { - final Folder media = folderRepo.findById(-400L).get(); - final List result1 = assetRepo.filterByFolderAndTitle(media, - "hea"); - final List result2 = assetRepo.filterByFolderAndTitle(media, - "photo"); + final Folder media = shiro + .getSystemUser() + .execute(() -> folderRepo.findById(-400L).get()); + + final List result1 = shiro + .getSystemUser() + .execute(() -> assetRepo.filterByFolderAndTitle(media, "hea")); + final List result2 = shiro + .getSystemUser() + .execute(() -> assetRepo.filterByFolderAndTitle(media, "photo")); assertThat(result1.size(), is(2)); assertThat(result2.size(), is(0)); @@ -378,12 +433,21 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void countFilterAssetByFolderAndTitle() { + final Folder media = folderRepo.findById(-400L).get(); - assertThat(assetRepo.countFilterByFolderAndTitle(media, "hea"), - is(2L)); - assertThat(assetRepo.countFilterByFolderAndTitle(media, "photo"), - is(0L)); + final Subject systemUser = shiro.getSystemUser(); + + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndTitle(media, "hea"); + }), + is(2L)); + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndTitle(media, "photo"); + }), + is(0L)); } /** @@ -396,27 +460,34 @@ public class AssetRepositoryTest { @UsingDataSet( "datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml") public void filterAssetsByFolderAndType() { + final Folder media = folderRepo.findById(-400L).get(); - final List images = assetRepo.filterByFolderAndType(media, - Image.class); - final List files = assetRepo.filterByFolderAndType(media, - FileAsset.class); - final List videos = assetRepo.filterByFolderAndType( - media, VideoAsset.class); + final Subject systemUser = shiro.getSystemUser(); + + final List images = systemUser + .execute(() -> assetRepo.filterByFolderAndType(media, + Image.class)); + final List files = systemUser + .execute(() -> assetRepo.filterByFolderAndType(media, + FileAsset.class)); + final List videos = systemUser + .execute(() -> assetRepo.filterByFolderAndType(media, + VideoAsset.class)); assertThat(images.size(), is(3)); assertThat(files.size(), is(2)); assertThat(videos.size(), is(0)); assertThat(images.get(0).getDisplayName(), is(equalTo("header.png"))); - assertThat(images.get(1).getDisplayName(), is(equalTo("the-phb.png"))); - assertThat(images.get(2).getDisplayName(), + assertThat(images.get(1).getDisplayName(), is(equalTo("services-header.png"))); + assertThat(images.get(2).getDisplayName(), is(equalTo("the-phb.png"))); - assertThat(files.get(0).getDisplayName(), + assertThat(files.get(0).getDisplayName(), is(equalTo("catalog.pdf"))); + assertThat(files.get(1).getDisplayName(), is(equalTo("product1-datasheet.pdf"))); - assertThat(files.get(1).getDisplayName(), is(equalTo("catalog.pdf"))); + } /** @@ -431,12 +502,25 @@ public class AssetRepositoryTest { public void countFilterAssetsByFolderAndType() { final Folder media = folderRepo.findById(-400L).get(); - assertThat(assetRepo.countFilterByFolderAndType(media, Image.class), - is(3L)); - assertThat(assetRepo.countFilterByFolderAndType(media, FileAsset.class), - is(2L)); - assertThat(assetRepo.countFilterByFolderAndType(media, VideoAsset.class), - is(0L)); + final Subject systemUser = shiro.getSystemUser(); + + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndType(media, Image.class); + }), + is(3L)); + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndType(media, + FileAsset.class); + }), + is(2L)); + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndType(media, + VideoAsset.class); + }), + is(0L)); } /** @@ -451,9 +535,16 @@ public class AssetRepositoryTest { public void filterAssetsByFolderAndTypeAndTitle() { final Folder media = folderRepo.findById(-400L).get(); - final List result1 = assetRepo.filterByFolderAndTypeAndTitle( - media, Image.class, "hea"); - final List result2 = assetRepo.filterByFolderAndTypeAndTitle(media, FileAsset.class, "hea"); + final List result1 = shiro + .getSystemUser() + .execute(() -> assetRepo.filterByFolderAndTypeAndTitle(media, + Image.class, + "hea")); + final List result2 = shiro + .getSystemUser() + .execute(() -> assetRepo.filterByFolderAndTypeAndTitle(media, + FileAsset.class, + "hea")); assertThat(result1.size(), is(2)); assertThat(result2.size(), is(0)); @@ -472,11 +563,21 @@ public class AssetRepositoryTest { public void countFilterAssetsByFolderAndTypeAndTitle() { final Folder media = folderRepo.findById(-400L).get(); - assertThat(assetRepo.countFilterByFolderAndTypeAndTitle( - media, Image.class, "hea"), - is(2L)); - assertThat(assetRepo.countFilterByFolderAndTypeAndTitle(media, FileAsset.class, "hea"), - is(0L)); + final Subject systemUser = shiro.getSystemUser(); + + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndTypeAndTitle( + media, Image.class, "hea"); + }), + is(2L)); + assertThat( + systemUser.execute(() -> { + return assetRepo.countFilterByFolderAndTypeAndTitle(media, + FileAsset.class, + "hea"); + }), + is(0L)); } } diff --git a/ccm-cms/src/test/resources/datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml b/ccm-cms/src/test/resources/datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml index 8ab7a94cc..e0b04c4ee 100644 --- a/ccm-cms/src/test/resources/datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml +++ b/ccm-cms/src/test/resources/datasets/org/librecms/contentsection/AssetRepositoryTest/data.xml @@ -446,5 +446,5 @@ uuid="2ab364cf-28a9-4c3d-803c-a7742e7d49cd" asset_id="-1100" attachment_list_id="-40200" /> - +