diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/PartyAddForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/PartyAddForm.java
index 79d98c8b4..f8ffdbbcd 100755
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/PartyAddForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/PartyAddForm.java
@@ -49,8 +49,8 @@ import java.util.TooManyListenersException;
/**
* Form for adding multiple parties to a role.
*
- * @author Yannick Bülter
* @author Scott Seago (scott@arsdigita.com)
+ * @author Yannick Bülter
*/
public abstract class PartyAddForm extends SimpleContainer
implements FormInitListener, FormProcessListener {
diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPaneController.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPaneController.java
index fa5f818b6..4a9f3f131 100644
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPaneController.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPaneController.java
@@ -23,9 +23,11 @@ import com.arsdigita.kernel.KernelConfig;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.security.Party;
+import org.libreccm.security.PartyRepository;
import org.libreccm.security.Permission;
import org.libreccm.security.PermissionManager;
import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
import org.libreccm.security.RoleRepository;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionManager;
@@ -51,22 +53,28 @@ import javax.transaction.Transactional;
* @author Jens Pelzetter
*/
@RequestScoped
-public class RoleAdminPaneController {
+class RoleAdminPaneController {
+
+ @Inject
+ private ConfigurationManager confManager;
+
+ @Inject
+ private PartyRepository partyRepo;
@Inject
private PermissionManager permissionManager;
@Inject
- private ContentSectionRepository sectionRepo;
+ private RoleManager roleManager;
+
+ @Inject
+ private RoleRepository roleRepo;
@Inject
private ContentSectionManager sectionManager;
@Inject
- private RoleRepository roleRepo;
-
- @Inject
- private ConfigurationManager confManager;
+ private ContentSectionRepository sectionRepo;
@Transactional(Transactional.TxType.REQUIRED)
public List findRolesForContentSection(final ContentSection section) {
@@ -358,4 +366,21 @@ public class RoleAdminPaneController {
return role;
}
+ @Transactional(Transactional.TxType.REQUIRED)
+ public void assignRoleToParty(final long roleId, final long partyId) {
+
+ final Role role = roleRepo
+ .findById(roleId)
+ .orElseThrow(() -> new IllegalArgumentException(String
+ .format("No role with ID %d in the database.",
+ roleId)));
+ final Party party = partyRepo
+ .findById(partyId)
+ .orElseThrow(() -> new IllegalArgumentException(String
+ .format("No party with ID %d in the database.",
+ partyId)));
+
+ roleManager.assignRoleToParty(role, party);
+ }
+
}
diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
index 8ea8f15dd..372445bdf 100755
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
@@ -32,8 +32,13 @@ import com.arsdigita.util.Assert;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
-import org.libreccm.security.*;
-import org.librecms.CmsConstants;
+
+import org.libreccm.security.Party;
+import org.libreccm.security.PartyRepository;
+import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
+import org.libreccm.security.RoleRepository;
+import org.libreccm.security.User;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.Arrays;
@@ -54,64 +59,72 @@ import java.util.List;
*/
class RolePartyAddForm extends PartyAddForm {
- private static Logger LOGGER = LogManager.getLogger(RolePartyAddForm.class);
+ private static final Logger LOGGER = LogManager
+ .getLogger(RolePartyAddForm.class);
- private SingleSelectionModel m_roles;
+ private final SingleSelectionModel roleSelectionModel;
- RolePartyAddForm(SingleSelectionModel roles, TextField search) {
+ RolePartyAddForm(final SingleSelectionModel roleSelectionModel,
+ final TextField search) {
+
super(search);
- m_roles = roles;
+ this.roleSelectionModel = roleSelectionModel;
- getForm().addSubmissionListener(new FormSecurityListener(
- AdminPrivileges.ADMINISTER_ROLES));
+ super
+ .getForm()
+ .addSubmissionListener(
+ new FormSecurityListener(AdminPrivileges.ADMINISTER_ROLES));
}
@Override
- protected List makeQuery(PageState s) {
- Assert.isTrue(m_roles.isSelected(s));
+ protected List makeQuery(final PageState state) {
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final PartyRepository partyRepository = cdiUtil.findBean(
PartyRepository.class);
- final String searchQuery = (String) getSearchWidget().getValue(s);
+ final String searchQuery = (String) getSearchWidget().getValue(state);
return partyRepository.searchByName(searchQuery);
}
@Override
public void process(FormSectionEvent event) throws FormProcessException {
- FormData data = event.getFormData();
- PageState state = event.getPageState();
- Assert.isTrue(m_roles.isSelected(state));
+
+ final FormData data = event.getFormData();
+ final PageState state = event.getPageState();
- String[] parties = (String[]) data.get("parties");
+ final String[] parties = (String[]) data.get("parties");
LOGGER.debug("PARTIES = " + Arrays.toString(parties));
if (parties == null) {
throw new FormProcessException(GlobalizationUtil.globalize(
"cms.ui.role.no_party_selected"));
}
- final Long roleId = new Long((String) m_roles.getSelectedKey(state));
+ final Long roleId = Long
+ .parseLong(roleSelectionModel.getSelectedKey(state));
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
- final RoleRepository roleRepository = cdiUtil.findBean(
- RoleRepository.class);
- final PartyRepository partyRepository = cdiUtil.findBean(
- PartyRepository.class);
- final RoleManager roleManager = cdiUtil.findBean(RoleManager.class);
+// final RoleRepository roleRepository = cdiUtil.findBean(
+// RoleRepository.class);
+// final PartyRepository partyRepository = cdiUtil.findBean(
+// PartyRepository.class);
+// final RoleManager roleManager = cdiUtil.findBean(RoleManager.class);
+ final RoleAdminPaneController controller = cdiUtil
+ .findBean(RoleAdminPaneController.class);
- final Role role = roleRepository.findById(roleId).get();
+// final Role role = roleRepository.findById(roleId).get();
// Add each checked party to the role
- Party party;
+// Party party;
for (int i = 0; i < parties.length; i++) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("parties[" + i + "] = " + parties[i]);
}
- party = partyRepository.findByName(parties[i]).get();
- roleManager.assignRoleToParty(role, party);
+// party = partyRepository.findById(Long.parseLong(parties[i])).get();
+// roleManager.assignRoleToParty(role, party);
+ controller.assignRoleToParty(roleId, Long.parseLong(parties[i]));
}
}
diff --git a/ccm-cms/src/main/java/org/librecms/pagemodel/ItemListComponentRenderer.java b/ccm-cms/src/main/java/org/librecms/pagemodel/ItemListComponentRenderer.java
index 2429ca962..31cfa0bab 100644
--- a/ccm-cms/src/main/java/org/librecms/pagemodel/ItemListComponentRenderer.java
+++ b/ccm-cms/src/main/java/org/librecms/pagemodel/ItemListComponentRenderer.java
@@ -54,7 +54,20 @@ import javax.servlet.http.HttpServletRequest;
import static org.librecms.pages.PagesConstants.*;
import org.libreccm.pagemodel.RendersComponent;
+import org.libreccm.security.Permission;
+import org.libreccm.security.PermissionChecker;
+import org.libreccm.security.Role;
+import org.libreccm.security.RoleManager;
+import org.libreccm.security.Shiro;
+import org.libreccm.security.User;
+import org.libreccm.security.UserRepository;
import org.librecms.contentsection.ContentItemVersion;
+import org.librecms.contentsection.privileges.ItemPrivileges;
+
+import java.util.Optional;
+
+import javax.persistence.criteria.JoinType;
+import javax.persistence.criteria.Predicate;
/**
* Renderer for the {@link ItemListComponent}.
@@ -78,6 +91,18 @@ public class ItemListComponentRenderer
@Inject
private HttpServletRequest request;
+ @Inject
+ private PermissionChecker permissionChecker;
+
+ @Inject
+ private RoleManager roleManager;
+
+ @Inject
+ private Shiro shiro;
+
+ @Inject
+ private UserRepository userRepository;
+
@Override
public Map renderComponent(
final ItemListComponent componentModel,
@@ -114,7 +139,7 @@ public class ItemListComponentRenderer
final List categories = new ArrayList<>();
if (componentModel.isDescending()) {
categories.addAll(collectCategories(category));
- }
+ }
categories.add(category);
final Class limitToType = getLimitToType(
@@ -164,17 +189,113 @@ public class ItemListComponentRenderer
.from(limitToType);
final Join catJoin = from
.join("categories");
+ final Join permissionsJoin = from
+ .join("permissions", JoinType.LEFT);
- criteriaQuery.where(criteriaBuilder
+ final Optional user = shiro.getUser();
+ final List roles;
+ if (user.isPresent()) {
+ final User theUser = userRepository
+ .findById(user.get().getPartyId())
+ .orElseThrow(() -> new IllegalArgumentException(String
+ .format(
+ "No user with id %d in the database. "
+ + "Where did that ID come from?",
+ user.get().getPartyId())));
+ roles = roleManager.findAllRolesForUser(theUser);
+ } else {
+
+ final Optional publicUser;
+
+ final KernelConfig kernelConfig = confManager
+ .findConfiguration(KernelConfig.class);
+ final String principal = (String) shiro
+ .getPublicUser()
+ .getPrincipal();
+ if (kernelConfig.emailIsPrimaryIdentifier()) {
+ publicUser = userRepository.findByEmailAddress(principal);
+ } else {
+ publicUser = userRepository.findByName(principal);
+ }
+
+ if (publicUser.isPresent()) {
+ roles = roleManager.findAllRolesForUser(publicUser.get());
+ } else {
+ roles = Collections.emptyList();
+ }
+ }
+
+ final boolean isSystemUser = shiro.isSystemUser();
+ final boolean isAdmin = permissionChecker.isPermitted("*");
+
+ final Predicate permissionsCheck;
+ if (roles.isEmpty()) {
+ permissionsCheck = criteriaBuilder
+ .or(
+ criteriaBuilder.equal(criteriaBuilder.literal(true),
+ isSystemUser),
+ criteriaBuilder.equal(criteriaBuilder.literal(true),
+ isAdmin)
+ );
+ } else {
+ permissionsCheck = criteriaBuilder
+ .or(
+ criteriaBuilder
+ .and(
+ criteriaBuilder.in(permissionsJoin.get("grantee"))
+ .value(roles),
+ criteriaBuilder
+ .equal(
+ permissionsJoin.get("grantedPrivilege"),
+ criteriaBuilder.selectCase()
+ .when(
+ criteriaBuilder.equal(
+ from.get("version"),
+ ContentItemVersion.DRAFT),
+ ItemPrivileges.PREVIEW)
+ .otherwise(
+ ItemPrivileges.VIEW_PUBLISHED))
+ ),
+ criteriaBuilder
+ .equal(criteriaBuilder.literal(true),
+ isSystemUser),
+ criteriaBuilder
+ .equal(criteriaBuilder.literal(true),
+ isAdmin)
+ );
+ }
+
+ criteriaQuery.distinct(true).where(criteriaBuilder
.and(catJoin.get("category").in(categories),
criteriaBuilder.equal(catJoin.get("indexObject"), false),
criteriaBuilder.equal(catJoin.get("type"), ""),
criteriaBuilder.equal(from.get("version"),
- ContentItemVersion.LIVE)));
-// criteriaQuery
-// .where(criteriaBuilder
-// .and(catJoin.get("category").in(categories),
-// criteriaBuilder.equal(catJoin.get("index"), false)));
+ ContentItemVersion.LIVE),
+ permissionsCheck
+// criteriaBuilder.or(
+// criteriaBuilder.and(
+// criteriaBuilder
+// .in(permissionsJoin.get("grantee"))
+// .value(roles),
+// criteriaBuilder.equal(
+// permissionsJoin.get("grantedPrivilege"),
+// criteriaBuilder.selectCase()
+// .when(
+// criteriaBuilder
+// .equal(from.get("version"),
+// ContentItemVersion.DRAFT),
+// ItemPrivileges.PREVIEW)
+// .otherwise(ItemPrivileges.VIEW_PUBLISHED))
+// ),
+// criteriaBuilder
+// .equal(criteriaBuilder.literal(true),
+// isSystemUser),
+// criteriaBuilder
+// .equal(criteriaBuilder.literal(true),
+// isAdmin)
+// )
+ )
+ );
criteriaQuery
.orderBy(listOrder