From 8b65254d3a14815d2ec20b023cb49c1211ea6425 Mon Sep 17 00:00:00 2001 From: jensp Date: Fri, 21 Oct 2016 18:19:46 +0000 Subject: [PATCH] CCM NG/ccm-cms: Moved constants for privileges to extra classes, refactored usages. git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4398 8810af33-2d31-482b-a856-94f89814c4df --- .../arsdigita/cms/ContentCenterServlet.java | 3 +- .../arsdigita/cms/ContentSectionServlet.java | 11 +- .../cms/dispatcher/CMSDispatcher.java | 7 +- .../com/arsdigita/cms/dispatcher/CMSPage.java | 3 +- .../dispatcher/ContentSectionDispatcher.java | 3 +- .../cms/dispatcher/ItemDispatcher.java | 14 +- .../cms/dispatcher/ResourceHandlerImpl.java | 4 +- .../ContentSectionContainer.java | 22 +-- .../cms/ui/folder/FolderBrowser.java | 3 +- .../cms/ui/folder/FolderManipulator.java | 9 +- .../cms/ui/lifecycle/AddPhaseForm.java | 3 +- .../cms/ui/lifecycle/BaseLifecycleForm.java | 3 +- .../cms/ui/lifecycle/DeletePhaseForm.java | 3 +- .../cms/ui/lifecycle/EditPhaseForm.java | 3 +- .../ui/lifecycle/LifecycleAdminContainer.java | 19 +-- .../cms/ui/lifecycle/LifecycleAdminPane.java | 37 +++-- .../cms/ui/lifecycle/LifecycleItemPane.java | 3 +- .../arsdigita/cms/ui/role/BaseRoleForm.java | 4 +- .../cms/ui/role/BaseRoleItemPane.java | 6 +- .../arsdigita/cms/ui/role/RoleAdminPane.java | 64 +++++--- .../cms/ui/role/RolePartyAddForm.java | 4 +- .../cms/ui/workflow/BaseTaskForm.java | 3 +- .../cms/ui/workflow/BaseWorkflowForm.java | 3 +- .../cms/ui/workflow/BaseWorkflowItemPane.java | 5 +- .../cms/ui/workflow/TaskAddRole.java | 3 +- .../cms/ui/workflow/TaskItemPane.java | 5 +- .../cms/ui/workflow/WorkflowAdminPane.java | 8 +- .../main/java/org/librecms/CmsConstants.java | 40 ++--- .../org/librecms/assets/AssetManager.java | 14 +- .../org/librecms/assets/AssetRepository.java | 12 +- .../ContentItemL10NManager.java | 7 +- .../contentsection/ContentItemManager.java | 25 +-- .../contentsection/ContentSectionManager.java | 149 ++++++++++-------- .../contentsection/ContentSectionSetup.java | 110 +++++++++---- .../contentsection/ContentTypeRepository.java | 5 +- .../contentsection/FolderRepository.java | 6 +- .../privileges/AdminPrivileges.java | 79 ++++++++++ .../privileges/AssetPrivileges.java | 55 +++++++ .../privileges/ItemPrivileges.java | 75 +++++++++ .../librecms/lifecycle/LifecycleManager.java | 13 +- .../ContentSectionManagerTest.java | 25 +-- 41 files changed, 589 insertions(+), 281 deletions(-) create mode 100644 ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java create mode 100644 ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java create mode 100644 ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java b/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java index 587e3819d..b46531daa 100644 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java @@ -45,6 +45,7 @@ import org.libreccm.web.CcmApplication; import org.librecms.CmsConstants; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionRepository; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.io.IOException; import java.util.HashMap; @@ -145,7 +146,7 @@ public class ContentCenterServlet extends BaseApplicationServlet { final List sections = sectionRepo.findAll(); boolean hasAccess = false; for (final ContentSection section : sections) { - if (permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT, + if (permissionChecker.isPermitted(ItemPrivileges.EDIT, section.getRootDocumentsFolder())) { hasAccess = true; break; diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java b/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java index 661cfc829..a867436be 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java @@ -68,6 +68,7 @@ import org.librecms.contentsection.ContentItemManager; import org.librecms.contentsection.ContentItemRepository; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionConfig; +import org.librecms.contentsection.privileges.ItemPrivileges; import org.librecms.lifecycle.Lifecycle; import javax.enterprise.inject.spi.CDI; @@ -425,7 +426,7 @@ public class ContentSectionServlet extends BaseApplicationServlet { PermissionChecker.class); if (s_cacheItems && contentItemManager.isLive(item)) { if (permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) { + ItemPrivileges.VIEW_PUBLISHED, item)) { DispatcherHelper.cacheForWorld(sresp, expires); } else { DispatcherHelper.cacheForUser(sresp, expires); @@ -540,7 +541,7 @@ public class ContentSectionServlet extends BaseApplicationServlet { item = itemResolver.getItem(section, url, CMSDispatcher.PREVIEW); if (item != null) { hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item); + ItemPrivileges.PREVIEW, item); } } else { if (s_log.isInfoEnabled()) { @@ -588,7 +589,7 @@ public class ContentSectionServlet extends BaseApplicationServlet { } hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item); + ItemPrivileges.VIEW_PUBLISHED, item); if (hasPermission) { } @@ -611,7 +612,7 @@ public class ContentSectionServlet extends BaseApplicationServlet { item = itemResolver.getItem(section, url, "live"); if (item != null) { hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item); + ItemPrivileges.VIEW_PUBLISHED, item); } } @@ -747,7 +748,7 @@ public class ContentSectionServlet extends BaseApplicationServlet { public static boolean checkAdminAccess(HttpServletRequest request, ContentSection section) { return CdiUtil.createCdiUtil().findBean(PermissionChecker.class) - .isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT, + .isPermitted(ItemPrivileges.EDIT, section.getRootDocumentsFolder()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java index e4a07c402..c2bb8a271 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java @@ -46,6 +46,7 @@ import org.librecms.CmsConstants; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionRepository; +import org.librecms.contentsection.privileges.ItemPrivileges; /** *

@@ -281,7 +282,7 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher { .findBean(PermissionChecker.class); if (permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) { + ItemPrivileges.VIEW_PUBLISHED, item)) { if (preview) { item = getContentItem(section, remainingUrl, @@ -384,13 +385,13 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher { return; } //if (!sm.canAccess(user, SecurityManager.ADMIN_PAGES)) { - permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_EDIT, + permissionChecker.checkPermission(ItemPrivileges.EDIT, section.getRootDocumentsFolder()); } else { // For public page requests, use the SecurityManager to check access // SecurityManager.canAccess(user, SecurityManager.PUBLIC_PAGES) must permissionChecker.checkPermission( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, + ItemPrivileges.VIEW_PUBLISHED, section.getRootDocumentsFolder()); } } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java index 9010a997e..99a5c934c 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java @@ -48,6 +48,7 @@ import org.librecms.CmsConstants; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItemRepository; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.ItemPrivileges; /** @@ -288,7 +289,7 @@ public class CMSPage extends Page implements ResourceHandler { final ContentItem item = itemRepo.findById(Long.parseLong("item_id")).get(); final PermissionChecker permissionChecker = cdiUtil.findBean( PermissionChecker.class); - permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_PREVIEW, + permissionChecker.checkPermission(ItemPrivileges.PREVIEW, item); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java index 5be302dc2..d2988c5c6 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java @@ -30,6 +30,7 @@ import org.libreccm.web.ApplicationManager; import org.librecms.CmsConstants; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.io.IOException; @@ -125,7 +126,7 @@ public class ContentSectionDispatcher implements Dispatcher { ContentSection section) { return CdiUtil.createCdiUtil().findBean(PermissionChecker.class) - .isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT, section + .isPermitted(ItemPrivileges.EDIT, section .getRootDocumentsFolder()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java index 1ac9b10e5..f73affa4b 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java @@ -26,7 +26,6 @@ import com.arsdigita.web.LoginSignal; import java.io.IOException; import java.util.Collections; -import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -38,12 +37,9 @@ import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.PermissionChecker; import org.libreccm.security.Shiro; -import org.librecms.CmsConstants; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentSection; -import org.librecms.lifecycle.Lifecycle; - -import java.util.logging.Level; +import org.librecms.contentsection.privileges.ItemPrivileges; /** * Dispatches to the JSP or Servlet for rendering a content item. @@ -153,7 +149,7 @@ public class ItemDispatcher implements ChainedDispatcher { // if (sm.canAccess((User)null, SecurityManager.PUBLIC_PAGES, item)) { if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class) .isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) { + ItemPrivileges.VIEW_PUBLISHED, item)) { DispatcherHelper.cacheForWorld(response, expires); } else { DispatcherHelper.cacheForUser(response, expires); @@ -205,13 +201,13 @@ public class ItemDispatcher implements ChainedDispatcher { item = itemResolver.getItem(section, url, "draft"); if (item != null) { hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item); + ItemPrivileges.PREVIEW, item); } } else { item = itemResolver.getItem(section, url, "live"); if (item != null) { hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item); + ItemPrivileges.VIEW_PUBLISHED, item); } } @@ -223,7 +219,7 @@ public class ItemDispatcher implements ChainedDispatcher { item = itemResolver.getItem(section, url, "live"); if (item != null) { hasPermission = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item); + ItemPrivileges.VIEW_PUBLISHED, item); } } // chris.gilbert@westsussex.gov.uk - if user is not logged in, give them a chance to do that, else show them the door diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java index 5cba54ab2..5ba96df8a 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java @@ -24,9 +24,9 @@ import com.arsdigita.util.Assert; import org.apache.shiro.authz.AuthorizationException; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.PermissionChecker; -import org.librecms.CmsConstants; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.io.IOException; @@ -83,7 +83,7 @@ public abstract class ResourceHandlerImpl implements ResourceHandler { RequestContext actx, ContentItem item) { if (!CdiUtil.createCdiUtil().findBean(PermissionChecker.class) - .isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) { + .isPermitted(ItemPrivileges.VIEW_PUBLISHED, item)) { throw new AuthorizationException( "cms.dispatcher.no_permission_to_access_resource"); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java index 7fffe49c2..3ea1ae711 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java @@ -18,23 +18,15 @@ */ package com.arsdigita.cms.ui.contentcenter; -import com.arsdigita.bebop.BoxPanel; - -import java.math.BigDecimal; import com.arsdigita.bebop.Component; import com.arsdigita.bebop.Embedded; -import com.arsdigita.bebop.FormProcessException; import com.arsdigita.bebop.Label; import com.arsdigita.bebop.Link; import com.arsdigita.bebop.Page; import com.arsdigita.bebop.PageState; import com.arsdigita.bebop.SingleSelectionModel; import com.arsdigita.bebop.Table; -import com.arsdigita.bebop.event.FormProcessListener; -import com.arsdigita.bebop.event.FormSectionEvent; -import com.arsdigita.bebop.event.FormSubmissionListener; -import com.arsdigita.bebop.form.Hidden; import com.arsdigita.bebop.parameters.BigDecimalParameter; import com.arsdigita.bebop.table.TableCellRenderer; import com.arsdigita.bebop.table.TableColumn; @@ -43,24 +35,18 @@ import com.arsdigita.bebop.table.TableModel; import com.arsdigita.bebop.table.TableModelBuilder; import com.arsdigita.cms.ui.CMSContainer; import com.arsdigita.ui.admin.GlobalizationUtil; -import com.arsdigita.util.Assert; import com.arsdigita.util.LockableImpl; -import com.arsdigita.web.Web; import org.libreccm.categorization.Category; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.PermissionChecker; -import org.libreccm.security.User; -import org.librecms.CmsConstants; import org.librecms.contentsection.ContentSection; -import org.librecms.contentsection.ContentSectionConfig; import org.librecms.contentsection.ContentSectionRepository; +import org.librecms.contentsection.privileges.ItemPrivileges; -import java.util.Iterator; import java.util.List; import java.util.stream.Collectors; -import javax.mail.Folder; /** * Displays all the content sections in table, with links to the admin (and in @@ -171,7 +157,7 @@ public class ContentSectionContainer extends CMSContainer { // folder = section.getRootDocumentsFolder(); // // if (!permissionChecker.isPermitted( -// CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, folder)) { +// ItemPrivileges.CREATE_NEW, folder)) { // throw new FormProcessException( // (GlobalizationUtil.globalize( // "cms.ui.insufficient_privileges"))); @@ -414,7 +400,7 @@ public class ContentSectionContainer extends CMSContainer { return allSections .stream() .filter(section -> permissionChecker - .isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, + .isPermitted(ItemPrivileges.VIEW_PUBLISHED, section)) .collect(Collectors.toList()); } @@ -616,7 +602,7 @@ public class ContentSectionContainer extends CMSContainer { // If the user has no access, return a Label instead of a Link if (permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_EDIT, + ItemPrivileges.EDIT, section.getRootDocumentsFolder())) { return new Link(section.getLabel(), diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java index de9a1a420..dc3051c29 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java @@ -76,6 +76,7 @@ import org.librecms.contentsection.ContentItemManager; import org.librecms.contentsection.ContentItemRepository; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionManager; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.util.Date; @@ -218,7 +219,7 @@ public class FolderBrowser extends Table { Assert.exists(folder); final boolean canDelete = permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_DELETE, folder); + ItemPrivileges.DELETE, folder); m_deleteColumn.setVisible(state, canDelete); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java index 63209561f..0ce8b1825 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java @@ -66,16 +66,20 @@ import com.arsdigita.toolbox.ui.ActionGroup; import com.arsdigita.util.Assert; import com.arsdigita.util.UncheckedWrapperException; import com.arsdigita.web.Web; + import java.io.PrintWriter; import java.io.StringWriter; import java.io.Writer; + import org.apache.log4j.Logger; import java.math.BigDecimal; import java.util.ArrayList; import java.util.Arrays; import java.util.List; + import javax.persistence.TypedQuery; + import org.arsdigita.cms.CMSConfig; import org.libreccm.categorization.Category; import org.libreccm.categorization.CategoryManager; @@ -88,6 +92,7 @@ import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItemManager; import org.librecms.contentsection.ContentItemRepository; import org.librecms.contentsection.ContentSectionConfig; +import org.librecms.contentsection.privileges.ItemPrivileges; /** * Browse folders and manipulate them with various actions (move/copy/delete). @@ -550,7 +555,7 @@ public class FolderManipulator extends SimpleContainer implements final PermissionChecker permissionChecker = cdiUtil.findBean( PermissionChecker.class); if (!permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, target)) { + ItemPrivileges.CREATE_NEW, target)) { data.addError("cms.ui.folder.no_permission_for_item", CmsConstants.CMS_FOLDER_BUNDLE); } @@ -589,7 +594,7 @@ public class FolderManipulator extends SimpleContainer implements } if (!(permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ITEMS_DELETE, item)) + ItemPrivileges.DELETE, item)) && isMove(state)) { addErrorMessage(data, "cms.ui.folder.no_permission_for_item", name); diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java index a6e91d878..95bc322f4 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java @@ -52,6 +52,7 @@ import com.arsdigita.util.UncheckedWrapperException; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.configuration.ConfigurationManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.LifecycleDefinitionRepository; import org.librecms.lifecycle.PhaseDefinititionRepository; @@ -211,7 +212,7 @@ class AddPhaseForm extends CMSForm { }); addSubmissionListener(new FormSecurityListener( - CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)); + AdminPrivileges.ADMINISTER_LIFECYLES)); addValidationListener(new FormValidationListener() { diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java index 80525f2e4..e063e2036 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java @@ -38,6 +38,7 @@ import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.configuration.ConfigurationManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.LifecycleDefinition; import java.util.Locale; @@ -77,7 +78,7 @@ class BaseLifecycleForm extends BaseForm { addAction(new Cancel()); addSubmissionListener(new FormSecurityListener( - CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)); + AdminPrivileges.ADMINISTER_LIFECYLES)); } class NameUniqueListener implements ParameterListener { diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java index b11081595..fc3116363 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java @@ -39,6 +39,7 @@ import com.arsdigita.cms.ui.FormSecurityListener; import org.libreccm.cdi.utils.CdiUtil; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.PhaseDefinititionRepository; import java.math.BigDecimal; @@ -87,7 +88,7 @@ class DeletePhaseForm extends CMSForm addInitListener(this); addSubmissionListener(new FormSecurityListener( - CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)); + AdminPrivileges.ADMINISTER_LIFECYLES)); addProcessListener(this); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java index ce60792f2..f93d07dad 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java @@ -48,6 +48,7 @@ import com.arsdigita.kernel.KernelConfig; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.configuration.ConfigurationManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.PhaseDefinititionRepository; import java.util.Locale; @@ -202,7 +203,7 @@ class EditPhaseForm extends CMSForm { }); addSubmissionListener(new FormSecurityListener( - CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)); + AdminPrivileges.ADMINISTER_LIFECYLES)); addValidationListener(new FormValidationListener() { diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java index d1066227a..529439176 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java @@ -29,21 +29,19 @@ import com.arsdigita.toolbox.ui.SecurityContainer; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.PermissionChecker; import org.librecms.CmsConstants; - +import org.librecms.contentsection.privileges.AdminPrivileges; /** - * Security container that wraps the canAdministerLifecycles access check - * around its components. + * Security container that wraps the canAdministerLifecycles access check around + * its components. * * @author Jens Pelzetter * @author Michael Pih */ public class LifecycleAdminContainer extends SecurityContainer { - /** - * This default constructor should be followed by calls to - * add. + * This default constructor should be followed by calls to add. */ public LifecycleAdminContainer() { super(); @@ -62,14 +60,17 @@ public class LifecycleAdminContainer extends SecurityContainer { * Returns true if the current user can access the child component. * * @param state The page state + * * @return true if the access checks pass, false otherwise */ @Override protected boolean canAccess(final Party party, final PageState state) { final CdiUtil cdiUtil = CdiUtil.createCdiUtil(); - final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class); - - return permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES); + final PermissionChecker permissionChecker = cdiUtil.findBean( + PermissionChecker.class); + + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_LIFECYLES); } } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java index f8baa3483..1d7922042 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java @@ -36,13 +36,15 @@ import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.librecms.CmsConstants; import org.librecms.contentsection.ContentSectionManager; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.Lifecycle; import org.librecms.lifecycle.LifecycleDefinitionRepository; import java.math.BigDecimal; /** - *

This class contains the split pane for the lifecycle administration + *

+ * This class contains the split pane for the lifecycle administration * interface.

* * @author Jens Pelzetter @@ -66,7 +68,6 @@ public class LifecycleAdminPane extends BaseAdminPane { // XXX secvis //add(new LifecycleAdminContainer(m_addLink)); - setAdd(gz("cms.ui.lifecycle.add"), new LifecycleAddForm(m_model)); setEdit(gz("cms.ui.lifecycle.edit"), @@ -82,44 +83,50 @@ public class LifecycleAdminPane extends BaseAdminPane { } private class SelectionRequestLocal - extends LifecycleDefinitionRequestLocal { + extends LifecycleDefinitionRequestLocal { + @Override protected final Object initialValue(final PageState state) { final String id = m_model.getSelectedKey(state).toString(); final CdiUtil cdiUtil = CdiUtil.createCdiUtil(); - final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class); - + final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil + .findBean(LifecycleDefinitionRepository.class); + return lifecycleDefRepo.findById(Long.parseLong(id)); } + } private final class DeleteForm extends BaseDeleteForm { + DeleteForm() { super(new Label(gz("cms.ui.lifecycle.delete_prompt"))); - addSubmissionListener - (new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)); + addSubmissionListener(new FormSecurityListener( + AdminPrivileges.ADMINISTER_LIFECYLES)); } public final void process(final FormSectionEvent event) - throws FormProcessException { + throws FormProcessException { final PageState state = event.getPageState(); - final ContentSection section = - CMS.getContext().getContentSection(); - final LifecycleDefinition definition = - m_definition.getLifecycleDefinition(state); + final ContentSection section = CMS.getContext().getContentSection(); + final LifecycleDefinition definition = m_definition + .getLifecycleDefinition(state); final CdiUtil cdiUtil = CdiUtil.createCdiUtil(); final ContentSectionManager sectionManager = cdiUtil.findBean( ContentSectionManager.class); - final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class); - + final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil + .findBean(LifecycleDefinitionRepository.class); + sectionManager.removeLifecycleDefinitionFromContentSection( definition, section); lifecycleDefRepo.delete(definition); - + m_model.clearSelection(state); } + } + } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java index fef47e2d3..353b5560c 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java @@ -46,6 +46,7 @@ import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.configuration.ConfigurationManager; import org.libreccm.security.PermissionChecker; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.lifecycle.PhaseDefinititionRepository; import java.util.Locale; @@ -235,7 +236,7 @@ class LifecycleItemPane extends BaseItemPane { PermissionChecker.class); return permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES); + AdminPrivileges.ADMINISTER_LIFECYLES); } @Override diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java index 4e5e16afe..d817be7a4 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java @@ -32,12 +32,14 @@ import com.arsdigita.cms.ui.BaseForm; import com.arsdigita.globalization.GlobalizedMessage; import com.arsdigita.ui.admin.GlobalizationUtil; import com.arsdigita.util.UncheckedWrapperException; + import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.PermissionManager; import org.libreccm.security.Role; import org.librecms.CmsConstants; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.*; @@ -78,7 +80,7 @@ class BaseRoleForm extends BaseForm { addAction(new Finish()); addAction(new Cancel()); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES); + addSecurityListener(AdminPrivileges.ADMINISTER_ROLES); } private class PrivilegePrinter implements PrintListener { diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java index 435a2e517..8d6200152 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java @@ -30,11 +30,13 @@ import com.arsdigita.kernel.KernelConfig; import com.arsdigita.toolbox.ui.ActionGroup; import com.arsdigita.toolbox.ui.PropertyList; import com.arsdigita.toolbox.ui.Section; + import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.configuration.ConfigurationManager; import org.libreccm.security.*; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.stream.Collectors; @@ -92,7 +94,7 @@ class BaseRoleItemPane extends BaseItemPane { private class AdminVisible extends VisibilityComponent { AdminVisible(final Component child) { - super(child, CmsConstants.PRIVILEGE_ADMINISTER_ROLES); + super(child, AdminPrivileges.ADMINISTER_ROLES); } } @@ -180,7 +182,7 @@ class BaseRoleItemPane extends BaseItemPane { final PageState state = e.getPageState(); final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class); - if (!permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_ROLES)) { + if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_ROLES)) { throw new FormProcessException( new GlobalizedMessage("cms.ui.role.insufficient_privileges", CmsConstants.CMS_BUNDLE)); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java index 1eed1045a..a5a84e78c 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java @@ -39,19 +39,22 @@ import com.arsdigita.cms.ui.VisibilityComponent; import com.arsdigita.toolbox.ui.ActionGroup; import com.arsdigita.toolbox.ui.Section; import com.arsdigita.util.LockableImpl; + import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.Role; import org.libreccm.security.RoleRepository; import org.librecms.CmsConstants; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.AdminPrivileges; /** * Provides the logic to administer {@link Role roles}. * - * NOTE: Prior, this class managed two {@link ListModelBuilder}. - * The reason being, that roles where differentiated between Viewer and Member groups. - * Since this is no longer the case, there exists only the {@link RoleListModelBuilder} now. + * NOTE: Prior, this class managed two {@link ListModelBuilder}. The reason + * being, that roles where differentiated between Viewer and Member groups. + * Since this is no longer the case, there exists only the + * {@link RoleListModelBuilder} now. * * @author Yannick Bülter * @author Justin Ross <jross@redhat.com> @@ -66,8 +69,8 @@ public class RoleAdminPane extends BaseAdminPane { private final List m_roles; public RoleAdminPane() { - m_model = new ParameterSingleSelectionModel - (new StringParameter(List.SELECTED)); + m_model = new ParameterSingleSelectionModel(new StringParameter( + List.SELECTED)); setSelectionModel(m_model); m_model.addChangeListener(new SelectionListener()); @@ -77,7 +80,6 @@ public class RoleAdminPane extends BaseAdminPane { m_roles = new List(new RoleListModelBuilder()); m_roles.setSelectionModel(m_model); - final SimpleContainer left = new SimpleContainer(); setLeft(left); @@ -102,53 +104,63 @@ public class RoleAdminPane extends BaseAdminPane { group.setSubject(m_roles); - final ActionLink link = new ActionLink - (new Label(gz("cms.ui.role.staff.add"))); + final ActionLink link = new ActionLink(new Label(gz( + "cms.ui.role.staff.add"))); - group.addAction(new VisibilityComponent(link, CmsConstants.PRIVILEGE_ADMINISTER_ROLES), - ActionGroup.ADD); + group.addAction(new VisibilityComponent( + link, + AdminPrivileges.ADMINISTER_ROLES), + ActionGroup.ADD); final RoleAddForm form = new RoleAddForm(m_model); getBody().add(form); getBody().connect(link, form); } + } private class SelectionListener implements ChangeListener { + @Override public final void stateChanged(final ChangeEvent e) { - s_log.debug("Selection state changed; I may change " + - "the body's visible pane"); + s_log.debug("Selection state changed; I may change " + + "the body's visible pane"); final PageState state = e.getPageState(); getBody().reset(state); if (m_model.isSelected(state)) { - s_log.debug("The selection model is selected; displaying " + - "the item pane"); + s_log.debug("The selection model is selected; displaying " + + "the item pane"); getBody().push(state, getItemPane()); } } + } private class SelectionRequestLocal extends RoleRequestLocal { + @Override protected final Object initialValue(final PageState state) { - final Long id = Long.parseLong(m_model.getSelectedKey(state).toString()); + final Long id = Long.parseLong(m_model.getSelectedKey(state) + .toString()); final CdiUtil cdiUtil = CdiUtil.createCdiUtil(); - final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class); + final RoleRepository roleRepository = cdiUtil.findBean( + RoleRepository.class); return roleRepository.findById(id); } + } /** - * This builder provides a list model of the {@link Role roles} which correspond to the {@link ContentSection} - * in this context. + * This builder provides a list model of the {@link Role roles} which + * correspond to the {@link ContentSection} in this context. */ - private static class RoleListModelBuilder extends LockableImpl implements ListModelBuilder { + private static class RoleListModelBuilder extends LockableImpl implements + ListModelBuilder { RoleListModelBuilder() { super(); @@ -160,31 +172,37 @@ public class RoleAdminPane extends BaseAdminPane { return new RoleListModel(section.getRoles()); } + } /** * Provides a simple delete form to remove a {@link Role}. */ private class DeleteForm extends BaseDeleteForm { + DeleteForm() { super(gz("cms.ui.role.delete_prompt")); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES); + addSecurityListener(AdminPrivileges.ADMINISTER_ROLES); } @Override public final void process(final FormSectionEvent e) - throws FormProcessException { + throws FormProcessException { final PageState state = e.getPageState(); final CdiUtil cdiUtil = CdiUtil.createCdiUtil(); - final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class); - final Long id = Long.parseLong(m_model.getSelectedKey(state).toString()); + final RoleRepository roleRepository = cdiUtil.findBean( + RoleRepository.class); + final Long id = Long.parseLong(m_model.getSelectedKey(state) + .toString()); final Role role = roleRepository.findById(id); roleRepository.delete(role); m_model.clearSelection(state); } + } + } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java index 58eca00fd..e154a7085 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java @@ -28,10 +28,12 @@ import com.arsdigita.cms.ui.FormSecurityListener; import com.arsdigita.cms.ui.PartyAddForm; import com.arsdigita.ui.admin.GlobalizationUtil; import com.arsdigita.util.Assert; + import org.apache.log4j.Logger; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.security.*; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.Arrays; import java.util.List; @@ -62,7 +64,7 @@ class RolePartyAddForm extends PartyAddForm { m_roles = roles; getForm().addSubmissionListener - (new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES)); + (new FormSecurityListener(AdminPrivileges.ADMINISTER_ROLES)); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java index bf5cd75e3..aa4583994 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java @@ -39,6 +39,7 @@ import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.workflow.TaskRepository; import org.libreccm.workflow.WorkflowManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.workflow.CmsTaskTypeRepository; import java.util.HashMap; @@ -92,7 +93,7 @@ class BaseTaskForm extends BaseForm { addAction(new Finish()); addAction(new Cancel()); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addValidationListener(new ValidationListener()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java index 50d72cbda..1c1eff3de 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java @@ -25,6 +25,7 @@ import com.arsdigita.cms.ui.BaseForm; import com.arsdigita.globalization.GlobalizedMessage; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; /** * Jens Pelzetter @@ -50,7 +51,7 @@ class BaseWorkflowForm extends BaseForm { addAction(new Finish()); addAction(new Cancel()); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); addValidationListener(new ValidationListener()); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java index db6f3c030..cb67c7cf8 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java @@ -50,6 +50,7 @@ import org.libreccm.workflow.TaskRepository; import org.libreccm.workflow.Workflow; import org.libreccm.workflow.WorkflowManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import org.librecms.workflow.CmsTaskTypeRepository; import java.math.BigDecimal; @@ -128,7 +129,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane { protected class AdminVisible extends VisibilityComponent { public AdminVisible(final Component child) { - super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + super(child, AdminPrivileges.ADMINISTER_WORKFLOW); } } @@ -186,7 +187,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane { TaskDeleteForm() { super(new Label(gz("cms.ui.workflow.task.delete_prompt"))); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); } @Override diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java index 98950a233..ab316f4b0 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java @@ -52,6 +52,7 @@ import org.libreccm.security.RoleRepository; import org.libreccm.workflow.TaskAssignment; import org.libreccm.workflow.WorkflowManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.ArrayList; import java.util.List; @@ -158,7 +159,7 @@ class TaskAddRole extends CMSForm { PermissionChecker.class); if (!permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW)) { + AdminPrivileges.ADMINISTER_WORKFLOW)) { throw new FormProcessException( new GlobalizedMessage( "cms.ui.workflow.insufficient_privileges", diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java index aaf00b952..b63b933c5 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java @@ -52,6 +52,7 @@ import org.libreccm.workflow.Task; import org.libreccm.workflow.UserTask; import org.libreccm.workflow.WorkflowManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.ArrayList; import java.util.List; @@ -119,13 +120,13 @@ final class TaskItemPane extends BaseItemPane { PermissionChecker.class); return permissionChecker.isPermitted( - CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + AdminPrivileges.ADMINISTER_WORKFLOW); } private class AdminVisible extends VisibilityComponent { public AdminVisible(final Component child) { - super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + super(child, AdminPrivileges.ADMINISTER_WORKFLOW); } } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java index dc7c337fa..f8d3065a9 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java @@ -28,13 +28,11 @@ import com.arsdigita.cms.ui.VisibilityComponent; import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.workflow.Workflow; -import org.libreccm.workflow.WorkflowManager; import org.libreccm.workflow.WorkflowRepository; -import org.libreccm.workflow.WorkflowTemplate; import org.libreccm.workflow.WorkflowTemplateRepository; import org.librecms.CmsConstants; -import java.math.BigDecimal; +import org.librecms.contentsection.privileges.AdminPrivileges; /** * @author Jens Pelzetter @@ -60,7 +58,7 @@ public final class WorkflowAdminPane extends BaseAdminPane { getDeleteLink())); addAction(new VisibilityComponent( - getAddLink(), CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW)); + getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW)); } private class DeleteForm extends BaseDeleteForm { @@ -68,7 +66,7 @@ public final class WorkflowAdminPane extends BaseAdminPane { DeleteForm() { super(gz("cms.ui.workflow.delete_prompt")); - addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW); + addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW); } @Override diff --git a/ccm-cms/src/main/java/org/librecms/CmsConstants.java b/ccm-cms/src/main/java/org/librecms/CmsConstants.java index a911fa08e..aff817cef 100644 --- a/ccm-cms/src/main/java/org/librecms/CmsConstants.java +++ b/ccm-cms/src/main/java/org/librecms/CmsConstants.java @@ -29,44 +29,26 @@ public class CmsConstants { public static final String DB_SCHEMA = "CCM_CMS"; public static final String CMS_BUNDLE = "org.librecms.CmsResources"; - public static final String CMS_FOLDER_BUNDLE = "com.arsdigita.cms.ui.folder.CMSFolderResources"; + public static final String CMS_FOLDER_BUNDLE + = "com.arsdigita.cms.ui.folder.CMSFolderResources"; - public static final String CONTENT_CENTER_APP_TYPE = "com.arsdigita.cms.ContentCenter"; + public static final String CONTENT_CENTER_APP_TYPE + = "com.arsdigita.cms.ContentCenter"; public static final String CONTENT_CENTER_URL = "/content-center/"; - public static final String CONTENT_CENTER_DESC_BUNDLE = "org.librecms.contentcenter.ContentCenterResources"; + public static final String CONTENT_CENTER_DESC_BUNDLE + = "org.librecms.contentcenter.ContentCenterResources"; public static final String CONTENT_SECTION_APP_TYPE - = "org.librecms.contentsection.ContentSection"; + = "org.librecms.contentsection.ContentSection"; public static final String CONTENT_SECTION_SERVLET_PATH - = "/templates/servlet/content-section/*"; + = "/templates/servlet/content-section/*"; public static final String CONTENT_SECTION_DESC_BUNDLE - = "org.librecms.contentsection.ContentSectionResources"; - + = "org.librecms.contentsection.ContentSectionResources"; + public static final String CONTENT_SECTION_PAGE = "/admin"; public static final String CONTENT_SECTION_ITEM_PAGE = "/item"; public static final String CATEGORIZATION_TYPE_FOLDER = "folder"; - - public static final String PRIVILEGE_ADMINISTER_CATEGORIES - = "administer_categories"; - public static final String PRIVILEGE_ADMINISTER_CONTENT_TYPES - = "administer_content_types"; - public static final String PRIVILEGE_ADMINISTER_LIFECYLES - = "administer_lifecyles"; - public static final String PRIVILEGE_ADMINISTER_ROLES = "administer_roles"; - public static final String PRIVILEGE_ADMINISTER_WORKFLOW - = "administer_workflow"; - public static final String PRIVILEGE_ITEMS_APPROVE = "approve_items"; - public static final String PRIVILEGE_ITEMS_PUBLISH = "publish_items"; - public static final String PRIVILEGE_ITEMS_CATEGORIZE = "categorize_items"; - public static final String PRIVILEGE_ITEMS_CREATE_NEW = "create_new_items"; - public static final String PRIVILEGE_ITEMS_DELETE = "delete_items"; - public static final String PRIVILEGE_ITEMS_EDIT = "edit_items"; - public static final String PRIVILEGE_ITEMS_PREVIEW = "preview_items"; - public static final String PRIVILEGE_ITEMS_VIEW_PUBLISHED - = "view_published_items"; - public static final String PRIVILEGE_APPLY_ALTERNATE_WORKFLOW - = "apply_alternate_workflow"; /** * Constant string used as key for creating service package as a legacy @@ -77,7 +59,7 @@ public class CmsConstants { public static final String ASSET_ID = "asset_id"; public static final String IMAGE_ID = "image_id"; - + private CmsConstants() { //Nothing } diff --git a/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java b/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java index f6078dd31..29fd87565 100644 --- a/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java +++ b/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java @@ -20,10 +20,12 @@ package org.librecms.assets; import java.util.List; import java.util.Optional; + import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.persistence.EntityManager; import javax.transaction.Transactional; + import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.libreccm.categorization.CategoryManager; @@ -36,6 +38,8 @@ import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.Folder; import org.librecms.contentsection.FolderManager; import org.librecms.contentsection.FolderRepository; +import org.librecms.contentsection.privileges.AssetPrivileges; +import org.librecms.contentsection.privileges.ItemPrivileges; /** * Provides methods for managing {@link Asset}s, especially sharable @@ -80,7 +84,7 @@ public class AssetManager { @Transactional(Transactional.TxType.REQUIRED) public T createAsset( final String name, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(ItemPrivileges.EDIT) final AttachmentList attachments, final Class type) { throw new UnsupportedOperationException("Not implemented yet."); @@ -104,7 +108,7 @@ public class AssetManager { @Transactional(Transactional.TxType.REQUIRED) public T createAsset( final String name, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(AssetPrivileges.CREATE_NEW) final Folder folder, final Class type) { throw new UnsupportedOperationException("Not implemented yet."); @@ -159,9 +163,9 @@ public class AssetManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void move( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(AssetPrivileges.EDIT) final Asset asset, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(AssetPrivileges.CREATE_NEW) final Folder targetFolder) { throw new UnsupportedOperationException("Not implemented yet."); } @@ -175,7 +179,7 @@ public class AssetManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired public void copy(final Asset asset, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(AssetPrivileges.CREATE_NEW) final Folder targetFolder) { throw new UnsupportedOperationException("Not implemented yet."); } diff --git a/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java b/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java index 726f93ed9..01f1c9aa0 100644 --- a/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java +++ b/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java @@ -29,6 +29,7 @@ import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.RequiresPrivilege; import org.librecms.CmsConstants; import org.librecms.contentsection.Folder; +import org.librecms.contentsection.privileges.AssetPrivileges; import java.util.List; import java.util.Optional; @@ -89,6 +90,15 @@ public class AssetRepository } } + @AuthorizationRequired + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void save( + @RequiresPrivilege(AssetPrivileges.EDIT) + final Asset asset) { + + } + /** * Deletes an unused Asset. If the {@link Asset} is in use * (linked to at least one ContentItem) an {@link AssetInUseException} is @@ -103,7 +113,7 @@ public class AssetRepository @Transactional(Transactional.TxType.REQUIRED) @Override public void delete( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_DELETE) + @RequiresPrivilege(AssetPrivileges.DELETE) final Asset asset) { if (asset.getItemAttachments().isEmpty()) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java index 60973889c..ce6e3ee34 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java @@ -26,6 +26,7 @@ import org.libreccm.l10n.LocalizedString; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.RequiresPrivilege; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.beans.IntrospectionException; import java.beans.Introspector; @@ -147,7 +148,7 @@ public class ContentItemL10NManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void addLanguage( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(ItemPrivileges.EDIT) final ContentItem item, final Locale locale) { @@ -218,7 +219,7 @@ public class ContentItemL10NManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void removeLangauge( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(ItemPrivileges.EDIT) final ContentItem item, final Locale locale) { @@ -265,7 +266,7 @@ public class ContentItemL10NManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void normalizedLanguages( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(ItemPrivileges.EDIT) final ContentItem item) { if (item == null) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java index 644cd0049..f4b2b28dc 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java @@ -47,6 +47,7 @@ import org.libreccm.security.RequiresPrivilege; import org.libreccm.workflow.Workflow; import org.libreccm.workflow.WorkflowManager; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.ItemPrivileges; import org.librecms.lifecycle.Lifecycle; import org.librecms.lifecycle.LifecycleManager; @@ -125,7 +126,7 @@ public class ContentItemManager { public T createContentItem( final String name, final ContentSection section, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder folder, final Class type) { @@ -174,7 +175,7 @@ public class ContentItemManager { public T createContentItem( final String name, final ContentSection section, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder folder, final WorkflowTemplate workflowTemplate, final Class type) { @@ -250,9 +251,9 @@ public class ContentItemManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void move( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT) + @RequiresPrivilege(ItemPrivileges.EDIT) final ContentItem item, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder targetFolder) { if (item == null) { throw new IllegalArgumentException("The item to move can't be null."); @@ -322,7 +323,7 @@ public class ContentItemManager { @SuppressWarnings("unchecked") public ContentItem copy( final ContentItem item, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder targetFolder) { if (item == null) { throw new IllegalArgumentException("The item to copy can't be null."); @@ -563,7 +564,7 @@ public class ContentItemManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public ContentItem publish( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH) + @RequiresPrivilege(ItemPrivileges.PUBLISH) final ContentItem item) { if (item == null) { @@ -591,7 +592,7 @@ public class ContentItemManager { @Transactional(Transactional.TxType.REQUIRED) @SuppressWarnings("unchecked") public ContentItem publish( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH) + @RequiresPrivilege(ItemPrivileges.PUBLISH) final ContentItem item, final LifecycleDefinition lifecycleDefinition) { if (item == null) { @@ -787,7 +788,7 @@ public class ContentItemManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void publish( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH) + @RequiresPrivilege(ItemPrivileges.PUBLISH) final Folder folder) { // Ensure that we are using a fresh folder and that the folder was @@ -811,7 +812,7 @@ public class ContentItemManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void unpublish( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH) + @RequiresPrivilege(ItemPrivileges.PUBLISH) final ContentItem item) { if (item == null) { throw new IllegalArgumentException( @@ -860,7 +861,7 @@ public class ContentItemManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void unpublish( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH) + @RequiresPrivilege(ItemPrivileges.PUBLISH) final Folder folder) { // Ensure that we are using a fresh folder and that the folder was @@ -910,7 +911,7 @@ public class ContentItemManager { @Transactional(Transactional.TxType.REQUIRED) @SuppressWarnings({"unchecked"}) public Optional getLiveVersion( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED) + @RequiresPrivilege(ItemPrivileges.VIEW_PUBLISHED) final ContentItem item, final Class type) { @@ -972,7 +973,7 @@ public class ContentItemManager { @Transactional(Transactional.TxType.REQUIRED) @SuppressWarnings("unchecked") public T getDraftVersion( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PREVIEW) + @RequiresPrivilege(ItemPrivileges.PREVIEW) final ContentItem item, final Class type) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java index 97ebc79ca..70cf86a1d 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java @@ -44,12 +44,14 @@ import javax.persistence.TypedQuery; import javax.transaction.Transactional; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; +import org.librecms.contentsection.privileges.AssetPrivileges; +import org.librecms.contentsection.privileges.ItemPrivileges; import org.librecms.lifecycle.LifecycleDefinition; import java.util.Optional; -import static org.librecms.CmsConstants.*; import static org.librecms.contentsection.ContentSection.*; /** @@ -140,48 +142,69 @@ public class ContentSectionManager { ALERT_RECIPIENT); addRoleToContentSection(section, AUTHOR, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); addRoleToContentSection(section, EDITOR, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); addRoleToContentSection(section, MANAGER, - PRIVILEGE_ADMINISTER_ROLES, - PRIVILEGE_ADMINISTER_WORKFLOW, - PRIVILEGE_ADMINISTER_LIFECYLES, - PRIVILEGE_ADMINISTER_CATEGORIES, - PRIVILEGE_ADMINISTER_CONTENT_TYPES, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_PUBLISH, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + AdminPrivileges.ADMINISTER_ROLES, + AdminPrivileges.ADMINISTER_WORKFLOW, + AdminPrivileges.ADMINISTER_LIFECYLES, + AdminPrivileges.ADMINISTER_CATEGORIES, + AdminPrivileges.ADMINISTER_CONTENT_TYPES, + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.PUBLISH, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); addRoleToContentSection(section, PUBLISHER, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_PUBLISH, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.PUBLISH, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); addRoleToContentSection(section, CONTENT_READER, - PRIVILEGE_ITEMS_VIEW_PUBLISHED); + ItemPrivileges.VIEW_PUBLISHED, + AssetPrivileges.VIEW); return section; } @@ -224,8 +247,8 @@ public class ContentSectionManager { /** * Adds new role to a content section. the new role will not have any * members, they have to be added separatly. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content - * section. + * {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided + * content section. * * @param section The {@link ContentSection} to which the role is added. * @param roleName The name of the new role. @@ -234,7 +257,7 @@ public class ContentSectionManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void addRoleToContentSection( - @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES) final ContentSection section, final String roleName, final String... privileges) { @@ -252,9 +275,9 @@ public class ContentSectionManager { role.setName(String.join("_", section.getLabel(), roleName)); roleRepo.save(role); - final Category rootFolder = section.getRootDocumentsFolder(); +// final Category rootFolder = section.getRootDocumentsFolder(); for (String privilege : privileges) { - permissionManager.grantPrivilege(privilege, role, rootFolder); + permissionManager.grantPrivilege(privilege, role, section); } addRoleToContentSection(role, section); @@ -263,8 +286,8 @@ public class ContentSectionManager { /** * Associates an existing role to with a content section. This will not * grant any permissions for the content section to the role. This operation - * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided - * content section. + * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the + * provided content section. * * @param role The role to add. * @param section The section the role is associated with. @@ -273,7 +296,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void addRoleToContentSection( final Role role, - @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES) final ContentSection section) { if (section == null) { @@ -295,8 +318,8 @@ public class ContentSectionManager { * role which are associated with the content section. The role itself is * not deleted because the role is maybe is used in other * places. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content - * section. + * {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided + * content section. * * @param contentSection The section from which the role is removed. * @param role The role to remove from the content section. @@ -304,7 +327,7 @@ public class ContentSectionManager { @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public void removeRoleFromContentSection( - @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES) final ContentSection contentSection, final Role role) { @@ -334,8 +357,8 @@ public class ContentSectionManager { /** * Adds a lifecycle definition to a content section. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the provided - * content section. + * {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for the + * provided content section. * * @param definition The lifecycle definition to add. * @param section The section to which the definition is added. @@ -344,7 +367,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void addLifecycleDefinitionToContentSection( final LifecycleDefinition definition, - @RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) final ContentSection section) { section.addLifecycleDefinition(definition); @@ -353,8 +376,8 @@ public class ContentSectionManager { /** * Removes a lifecycle definition from a content section. This operation - * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the - * provided content section. + * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for + * the provided content section. * * @param definition The definition to remove. * @param section The section from which the definition is removed. @@ -363,7 +386,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void removeLifecycleDefinitionFromContentSection( final LifecycleDefinition definition, - @RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) final ContentSection section) { section.removeLifecycleDefinition(definition); @@ -372,7 +395,7 @@ public class ContentSectionManager { /** * Adds a workflow template to a content section. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the provided + * {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the provided * content section. * * @param template The template to add. @@ -382,7 +405,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void addWorkflowTemplateToContentSection( final WorkflowTemplate template, - @RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) final ContentSection section) { section.addWorkflowTemplate(template); @@ -391,7 +414,7 @@ public class ContentSectionManager { /** * Removes a workflow template from a content section. This operation - * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the + * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the * provided content section. * * @param template The template to remove. @@ -401,7 +424,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void removeWorkflowTemplateFromContentSection( final WorkflowTemplate template, - @RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW) final ContentSection section) { section.removeWorkflowTemplate(template); @@ -433,8 +456,8 @@ public class ContentSectionManager { /** * Adds a new {@link ContentType} to a content section, making items of that * type available in the content section. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided - * content section. + * {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the + * provided content section. * * @param type The type to add (a subclass of * {@link ContentItem}. @@ -456,7 +479,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public ContentType addContentTypeToSection( final Class type, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES) final ContentSection section, final LifecycleDefinition defaultLifecycle, final WorkflowTemplate defaultWorkflow) { @@ -506,7 +529,7 @@ public class ContentSectionManager { section.getObjectId(), section.getDisplayName())); } - + if (hasContentType(type, section)) { return typeRepo.findByContentSectionAndClass(section, type).get(); } @@ -557,8 +580,8 @@ public class ContentSectionManager { /** * Removes an unused {@link ContentType} from a * {@link ContentSection}. This operation requires - * {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided - * content section. + * {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the + * provided content section. * * @param type The type to remove from the section. * @param section The section from which the type is removed. @@ -573,7 +596,7 @@ public class ContentSectionManager { @Transactional(Transactional.TxType.REQUIRED) public void removeContentTypeFromSection( final Class type, - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES) final ContentSection section) { if (type == null) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java index cf8a08e8c..939911d61 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java @@ -30,6 +30,9 @@ import java.util.UUID; import static org.librecms.CmsConstants.*; import static org.librecms.contentsection.ContentSection.*; +import org.librecms.contentsection.privileges.AdminPrivileges; +import org.librecms.contentsection.privileges.AssetPrivileges; +import org.librecms.contentsection.privileges.ItemPrivileges; /** * @@ -123,52 +126,91 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup { grantPermissions(author, rootFolder, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW); + + grantPermissions(author, + rootAssetFolder, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); grantPermissions(editor, rootFolder, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW); + + grantPermissions(editor, + rootAssetFolder, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); + grantPermissions(manager, + section, + AdminPrivileges.ADMINISTER_ROLES, + AdminPrivileges.ADMINISTER_WORKFLOW, + AdminPrivileges.ADMINISTER_LIFECYLES, + AdminPrivileges.ADMINISTER_CATEGORIES, + AdminPrivileges.ADMINISTER_CONTENT_TYPES); + grantPermissions(manager, rootFolder, - PRIVILEGE_ADMINISTER_ROLES, - PRIVILEGE_ADMINISTER_WORKFLOW, - PRIVILEGE_ADMINISTER_LIFECYLES, - PRIVILEGE_ADMINISTER_CATEGORIES, - PRIVILEGE_ADMINISTER_CONTENT_TYPES, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_PUBLISH, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.PUBLISH, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW); + + grantPermissions(manager, + rootAssetFolder, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); grantPermissions(publisher, rootFolder, - PRIVILEGE_ITEMS_CATEGORIZE, - PRIVILEGE_ITEMS_CREATE_NEW, - PRIVILEGE_ITEMS_EDIT, - PRIVILEGE_ITEMS_APPROVE, - PRIVILEGE_ITEMS_PUBLISH, - PRIVILEGE_ITEMS_DELETE, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW); + ItemPrivileges.CATEGORIZE, + ItemPrivileges.CREATE_NEW, + ItemPrivileges.EDIT, + ItemPrivileges.APPROVE, + ItemPrivileges.PUBLISH, + ItemPrivileges.DELETE, + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW); + + grantPermissions(publisher, + rootAssetFolder, + AssetPrivileges.USE, + AssetPrivileges.CREATE_NEW, + AssetPrivileges.EDIT, + AssetPrivileges.VIEW, + AssetPrivileges.DELETE); grantPermissions(contentReader, rootFolder, - PRIVILEGE_ITEMS_VIEW_PUBLISHED); + ItemPrivileges.VIEW_PUBLISHED); + + grantPermissions(contentReader, + rootAssetFolder, + AssetPrivileges.VIEW); getEntityManager().persist(alertRecipient); getEntityManager().persist(author); diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java index 338cc2e1c..784549e40 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java @@ -22,6 +22,7 @@ import org.libreccm.core.AbstractEntityRepository; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.RequiresPrivilege; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.List; import java.util.Optional; @@ -180,7 +181,7 @@ public class ContentTypeRepository @Transactional(Transactional.TxType.REQUIRED) @Override public void save( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES) final ContentType type) { super.save(type); @@ -190,7 +191,7 @@ public class ContentTypeRepository @Transactional(Transactional.TxType.REQUIRED) @Override public void delete( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES) final ContentType type) { if (isContentTypeInUse(type)) { diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java b/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java index 3c91a97f3..a20d3930b 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java @@ -24,7 +24,7 @@ import org.libreccm.categorization.Category; import org.libreccm.core.AbstractEntityRepository; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.RequiresPrivilege; -import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.ItemPrivileges; import java.util.List; import java.util.Optional; @@ -186,7 +186,7 @@ public class FolderRepository extends AbstractEntityRepository { @Transactional(Transactional.TxType.REQUIRED) @Override public void save( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder folder) { super.save(folder); @@ -196,7 +196,7 @@ public class FolderRepository extends AbstractEntityRepository { @Transactional(Transactional.TxType.REQUIRED) @Override public void delete( - @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW) + @RequiresPrivilege(ItemPrivileges.CREATE_NEW) final Folder folder) { super.delete(folder); diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java new file mode 100644 index 000000000..94cd1f2ef --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2016 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package org.librecms.contentsection.privileges; + +import org.libreccm.categorization.Category; +import org.libreccm.categorization.Domain; +import org.libreccm.web.CcmApplication; +import org.libreccm.workflow.WorkflowTemplate; +import org.librecms.contentsection.ContentSection; +import org.librecms.lifecycle.Lifecycle; +import org.librecms.lifecycle.LifecycleDefinition; + +/** + * Constants for privileges allowing administrative actions on a content + * section. The privileges defined in this can only be used for + * {@link ContentSection}s. + * + * @author Jens Pelzetter + */ +public final class AdminPrivileges { + + /** + * Allows the manipulation of the categories (see {@link Category} of the + * {@link Domain}s assigned to the {@link ContentSection}. + * + * @see CcmApplication#domains + */ + public static final String ADMINISTER_CATEGORIES = "administer_categories"; + /** + * Allows editing, adding and removing the {@link ContentType} of a + * {@link ContentSection}. + * + * @see ContentSection#contentTypes + */ + public static final String ADMINISTER_CONTENT_TYPES + = "administer_content_types"; + /** + * Allows adding, editing and removing {@link LifecycleDefinition}s of a + * {@link ContentSection}. + * + * @see ContentSection#lifecycleDefinitions + */ + public static final String ADMINISTER_LIFECYLES = "administer_lifecyles"; + /** + * Allows manipulation of the {@link Role}s assigned to a + * {@link ContentSection}. + * + * @see ContentSection#roles + */ + public static final String ADMINISTER_ROLES = "administer_roles"; + /** + * Allows manipulation of the {@link WorkflowTemplate}s assigned to a + * {@link ContentSection}. + * + * @see ContentSection#workflowTemplates + */ + public static final String ADMINISTER_WORKFLOW = "administer_workflow"; + + private AdminPrivileges() { + //Nothing + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java new file mode 100644 index 000000000..b44c9194d --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2016 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package org.librecms.contentsection.privileges; + +/** + * Constants for privileges allowing actions on the assets of a content section. + * All privileges defined in this class can either be assigned for the complete + * {@link ContentSection} or for a specific assets {@link Folder}. + * + * @author Jens Pelzetter + */ +public final class AssetPrivileges { + + /** + * Allows the creation of new shared {@link Asset}s. + */ + public static final String CREATE_NEW = "create_new_assets"; + /** + * Allows the removal of unused shared {@link Asset}s. + */ + public static final String DELETE = "delete_assets"; + /** + * Allows the usage of assets (associating them with a content item). + */ + public static final String USE = "use_asset"; + /** + * Allows editing of existing assets. + */ + public static final String EDIT = "edit_asset"; + /** + * Allows the user to view assets. + */ + public static final String VIEW = "view_asset"; + + private AssetPrivileges() { + //Nothing + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java new file mode 100644 index 000000000..2c42a3088 --- /dev/null +++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2016 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package org.librecms.contentsection.privileges; + +import org.librecms.contentsection.ContentItem; + +/** + * Constants for privileges allowing actions on the items of a content section. + * All privileges defined in this class can either be assigned for the complete + * {@link ContentSection} or for a specific documents/items {@link Folder}. + * + * @author Jens Pelzetter + */ +public final class ItemPrivileges { + + /** + * Allows the user to approve {@link ContentItem}s. + */ + public static final String APPROVE = "approve_items"; + /** + * Allows the user to publish, republish and unpublish {@link ContentItem}. + */ + public static final String PUBLISH = "publish_items"; + /** + * Allows the user to categorise {@link ContentItem}s. + */ + public static final String CATEGORIZE = "categorize_items"; + /** + * Allows the user to create new {@link ContentItem}s. + */ + public static final String CREATE_NEW = "create_new_items"; + /** + * Allows the user to delete {@link ContentItem}s. + */ + public static final String DELETE = "delete_items"; + /** + * Allows the user to edit existing {@link ContentItem}s. + */ + public static final String EDIT = "edit_items"; + /** + * Allows to user to view the draft version of {@link ContentItem}. + */ + public static final String PREVIEW = "preview_items"; + /** + * Allows the user to view the live version of {@link ContentItems}. + */ + public static final String VIEW_PUBLISHED = "view_published_items"; + /** + * Allows the user to apply another {@link Workflow} than the default one to + * an {@link ContentItem}. + */ + public static final String APPLY_ALTERNATE_WORKFLOW + = "apply_alternate_workflow"; + + private ItemPrivileges() { + //Nothing + } + +} diff --git a/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java b/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java index 6a64053a4..cdeb102d2 100644 --- a/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java +++ b/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java @@ -23,6 +23,7 @@ import org.apache.logging.log4j.Logger; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.RequiresPrivilege; import org.librecms.CmsConstants; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.ArrayList; import java.util.List; @@ -59,7 +60,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public void addPhaseDefinition( final LifecycleDefinition lifecycleDefinition, final PhaseDefinition phaseDefinition) { @@ -72,7 +73,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public void removePhaseDefinition( final LifecycleDefinition lifecycleDefinition, final PhaseDefinition phaseDefinition) { @@ -85,7 +86,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public Lifecycle createLifecycle( final LifecycleDefinition lifecycleDefinition) { @@ -113,7 +114,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public void startLifecycle(final Lifecycle lifecycle) { if (!lifecycle.isStarted()) { if (lifecycle.isFinished()) { @@ -147,7 +148,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public void nextPhase(final Lifecycle lifecycle) { if (lifecycle.isStarted()) { int current = -1; @@ -182,7 +183,7 @@ public class LifecycleManager { @Transactional(Transactional.TxType.REQUIRED) @AuthorizationRequired - @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES) + @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES) public void reset(final Lifecycle lifecycle) { lifecycle.setStarted(false); lifecycle.setFinished(false); diff --git a/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java b/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java index bb01461e1..f58098de1 100644 --- a/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java +++ b/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java @@ -58,6 +58,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*; import org.jboss.arquillian.container.test.api.ShouldThrowException; import org.libreccm.workflow.WorkflowTemplate; import org.libreccm.workflow.WorkflowTemplateRepository; +import org.librecms.contentsection.privileges.ItemPrivileges; import org.librecms.contenttypes.Article; import org.librecms.contenttypes.Event; import org.librecms.contenttypes.News; @@ -279,9 +280,9 @@ public class ContentSectionManagerTest { manager.addRoleToContentSection(section, "reviewer", - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW, - PRIVILEGE_ITEMS_APPROVE); + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + ItemPrivileges.APPROVE); } /** @@ -301,9 +302,9 @@ public class ContentSectionManagerTest { public void addRoleSectionIsNull() { manager.addRoleToContentSection(null, "reviewer", - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW, - PRIVILEGE_ITEMS_APPROVE); + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + ItemPrivileges.APPROVE); } /** @@ -325,9 +326,9 @@ public class ContentSectionManagerTest { manager.addRoleToContentSection(section, null, - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW, - PRIVILEGE_ITEMS_APPROVE); + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + ItemPrivileges.APPROVE); } /** @@ -349,9 +350,9 @@ public class ContentSectionManagerTest { manager.addRoleToContentSection(section, " ", - PRIVILEGE_ITEMS_VIEW_PUBLISHED, - PRIVILEGE_ITEMS_PREVIEW, - PRIVILEGE_ITEMS_APPROVE); + ItemPrivileges.VIEW_PUBLISHED, + ItemPrivileges.PREVIEW, + ItemPrivileges.APPROVE); } /**