CCM NG/ccm-cms: Moved constants for privileges to extra classes, refactored usages.

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4398 8810af33-2d31-482b-a856-94f89814c4df
2016-10-21 18:19:46 +00:00 · 2016-10-21 18:19:46 +00:00 · 8b65254d3a
parent b67c9f4fac
commit 8b65254d3a
41 changed files with 589 additions and 281 deletions
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java
@ -45,6 +45,7 @@ import org.libreccm.web.CcmApplication;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionRepository;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.io.IOException;
 import java.util.HashMap;
@ -145,7 +146,7 @@ public class ContentCenterServlet extends BaseApplicationServlet {
        final List<ContentSection> sections = sectionRepo.findAll();
        boolean hasAccess = false;
        for (final ContentSection section : sections) {
-            if (permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT,
+            if (permissionChecker.isPermitted(ItemPrivileges.EDIT,
                                              section.getRootDocumentsFolder())) {
                hasAccess = true;
                break;
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java
@ -68,6 +68,7 @@ import org.librecms.contentsection.ContentItemManager;
 import org.librecms.contentsection.ContentItemRepository;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionConfig;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import org.librecms.lifecycle.Lifecycle;
 import javax.enterprise.inject.spi.CDI;
@ -425,7 +426,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
            PermissionChecker.class);
        if (s_cacheItems && contentItemManager.isLive(item)) {
            if (permissionChecker.isPermitted(
-                CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
+                ItemPrivileges.VIEW_PUBLISHED, item)) {
                DispatcherHelper.cacheForWorld(sresp, expires);
            } else {
                DispatcherHelper.cacheForUser(sresp, expires);
@ -540,7 +541,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
            item = itemResolver.getItem(section, url, CMSDispatcher.PREVIEW);
            if (item != null) {
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item);
+                    ItemPrivileges.PREVIEW, item);
            }
        } else {
            if (s_log.isInfoEnabled()) {
@ -588,7 +589,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
                }
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
+                    ItemPrivileges.VIEW_PUBLISHED, item);
                if (hasPermission) {
                }
@ -611,7 +612,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
            item = itemResolver.getItem(section, url, "live");
            if (item != null) {
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
+                    ItemPrivileges.VIEW_PUBLISHED, item);
            }
        }
@ -747,7 +748,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
    public static boolean checkAdminAccess(HttpServletRequest request,
                                           ContentSection section) {
        return CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
-            .isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT,
+            .isPermitted(ItemPrivileges.EDIT,
                         section.getRootDocumentsFolder());
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java
@ -46,6 +46,7 @@ import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionRepository;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 /**
 * <p>
@ -281,7 +282,7 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher {
                .findBean(PermissionChecker.class);
            if (permissionChecker.isPermitted(
-                CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
+                ItemPrivileges.VIEW_PUBLISHED, item)) {
                if (preview) {
                    item = getContentItem(section,
                                          remainingUrl,
@ -384,13 +385,13 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher {
                return;
            }
            //if (!sm.canAccess(user, SecurityManager.ADMIN_PAGES)) {
-            permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_EDIT,
+            permissionChecker.checkPermission(ItemPrivileges.EDIT,
                                              section.getRootDocumentsFolder());
        } else {
            // For public page requests, use the SecurityManager to check access
            // SecurityManager.canAccess(user, SecurityManager.PUBLIC_PAGES) must
            permissionChecker.checkPermission(
-                CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                ItemPrivileges.VIEW_PUBLISHED,
                section.getRootDocumentsFolder());
        }
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java
@ -48,6 +48,7 @@ import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentItemRepository;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 /**
@ -288,7 +289,7 @@ public class CMSPage extends Page implements ResourceHandler {
            final ContentItem item = itemRepo.findById(Long.parseLong("item_id")).get();
            final PermissionChecker permissionChecker = cdiUtil.findBean(
                PermissionChecker.class);
-            permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_PREVIEW, 
+            permissionChecker.checkPermission(ItemPrivileges.PREVIEW, 
                                              item);
        }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java
@ -30,6 +30,7 @@ import org.libreccm.web.ApplicationManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.io.IOException;
@ -125,7 +126,7 @@ public class ContentSectionDispatcher implements Dispatcher {
                                           ContentSection section) {
        return CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
-            .isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT, section
+            .isPermitted(ItemPrivileges.EDIT, section
                         .getRootDocumentsFolder());
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java
@ -26,7 +26,6 @@ import com.arsdigita.web.LoginSignal;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@ -38,12 +37,9 @@ import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.PermissionChecker;
 import org.libreccm.security.Shiro;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentSection;
-import org.librecms.lifecycle.Lifecycle;
+import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.util.logging.Level;
 /**
 * Dispatches to the JSP or Servlet for rendering a content item.
@ -153,7 +149,7 @@ public class ItemDispatcher implements ChainedDispatcher {
 //            if (sm.canAccess((User)null, SecurityManager.PUBLIC_PAGES, item)) {
            if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
                .isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
+                    ItemPrivileges.VIEW_PUBLISHED, item)) {
                DispatcherHelper.cacheForWorld(response, expires);
            } else {
                DispatcherHelper.cacheForUser(response, expires);
@ -205,13 +201,13 @@ public class ItemDispatcher implements ChainedDispatcher {
            item = itemResolver.getItem(section, url, "draft");
            if (item != null) {
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item);
+                    ItemPrivileges.PREVIEW, item);
            }
        } else {
            item = itemResolver.getItem(section, url, "live");
            if (item != null) {
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
+                    ItemPrivileges.VIEW_PUBLISHED, item);
            }
        }
@ -223,7 +219,7 @@ public class ItemDispatcher implements ChainedDispatcher {
            item = itemResolver.getItem(section, url, "live");
            if (item != null) {
                hasPermission = permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
+                    ItemPrivileges.VIEW_PUBLISHED, item);
            }
        }
        // chris.gilbert@westsussex.gov.uk -  if user is not logged in, give them a chance to do that, else show them the door
--- a/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java
@ -24,9 +24,9 @@ import com.arsdigita.util.Assert;
 import org.apache.shiro.authz.AuthorizationException;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.PermissionChecker;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.io.IOException;
@ -83,7 +83,7 @@ public abstract class ResourceHandlerImpl implements ResourceHandler {
                                RequestContext actx,
                                ContentItem item) {
        if (!CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
-            .isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
+            .isPermitted(ItemPrivileges.VIEW_PUBLISHED, item)) {
            throw new AuthorizationException(
                "cms.dispatcher.no_permission_to_access_resource");
        }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java
@ -18,23 +18,15 @@
 */
 package com.arsdigita.cms.ui.contentcenter;
 import com.arsdigita.bebop.BoxPanel;
 import java.math.BigDecimal;
 import com.arsdigita.bebop.Component;
 import com.arsdigita.bebop.Embedded;
 import com.arsdigita.bebop.FormProcessException;
 import com.arsdigita.bebop.Label;
 import com.arsdigita.bebop.Link;
 import com.arsdigita.bebop.Page;
 import com.arsdigita.bebop.PageState;
 import com.arsdigita.bebop.SingleSelectionModel;
 import com.arsdigita.bebop.Table;
 import com.arsdigita.bebop.event.FormProcessListener;
 import com.arsdigita.bebop.event.FormSectionEvent;
 import com.arsdigita.bebop.event.FormSubmissionListener;
 import com.arsdigita.bebop.form.Hidden;
 import com.arsdigita.bebop.parameters.BigDecimalParameter;
 import com.arsdigita.bebop.table.TableCellRenderer;
 import com.arsdigita.bebop.table.TableColumn;
@ -43,24 +35,18 @@ import com.arsdigita.bebop.table.TableModel;
 import com.arsdigita.bebop.table.TableModelBuilder;
 import com.arsdigita.cms.ui.CMSContainer;
 import com.arsdigita.ui.admin.GlobalizationUtil;
 import com.arsdigita.util.Assert;
 import com.arsdigita.util.LockableImpl;
 import com.arsdigita.web.Web;
 import org.libreccm.categorization.Category;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.PermissionChecker;
 import org.libreccm.security.User;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionConfig;
 import org.librecms.contentsection.ContentSectionRepository;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.util.Iterator;
 import java.util.List;
 import java.util.stream.Collectors;
 import javax.mail.Folder;
 /**
 * Displays all the content sections in table, with links to the admin (and in
@ -171,7 +157,7 @@ public class ContentSectionContainer extends CMSContainer {
 //                    folder = section.getRootDocumentsFolder();
 //
 //                    if (!permissionChecker.isPermitted(
-//                        CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, folder)) {
+//                        ItemPrivileges.CREATE_NEW, folder)) {
 //                        throw new FormProcessException(
 //                            (GlobalizationUtil.globalize(
 //                             "cms.ui.insufficient_privileges")));
@ -414,7 +400,7 @@ public class ContentSectionContainer extends CMSContainer {
                return allSections
                    .stream()
                    .filter(section -> permissionChecker
-                        .isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                        .isPermitted(ItemPrivileges.VIEW_PUBLISHED,
                                     section))
                    .collect(Collectors.toList());
            }
@ -616,7 +602,7 @@ public class ContentSectionContainer extends CMSContainer {
            // If the user has no access, return a Label instead of a Link
            if (permissionChecker.isPermitted(
-                CmsConstants.PRIVILEGE_ITEMS_EDIT,
+                ItemPrivileges.EDIT,
                section.getRootDocumentsFolder())) {
                return new Link(section.getLabel(),
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java
@ -76,6 +76,7 @@ import org.librecms.contentsection.ContentItemManager;
 import org.librecms.contentsection.ContentItemRepository;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionManager;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.util.Date;
@ -218,7 +219,7 @@ public class FolderBrowser extends Table {
        Assert.exists(folder);
        final boolean canDelete = permissionChecker.isPermitted(
-            CmsConstants.PRIVILEGE_ITEMS_DELETE, folder);
+            ItemPrivileges.DELETE, folder);
        m_deleteColumn.setVisible(state, canDelete);
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java
@ -66,16 +66,20 @@ import com.arsdigita.toolbox.ui.ActionGroup;
 import com.arsdigita.util.Assert;
 import com.arsdigita.util.UncheckedWrapperException;
 import com.arsdigita.web.Web;
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.io.Writer;
 import org.apache.log4j.Logger;
 import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import javax.persistence.TypedQuery;
 import org.arsdigita.cms.CMSConfig;
 import org.libreccm.categorization.Category;
 import org.libreccm.categorization.CategoryManager;
@ -88,6 +92,7 @@ import org.librecms.contentsection.ContentItem;
 import org.librecms.contentsection.ContentItemManager;
 import org.librecms.contentsection.ContentItemRepository;
 import org.librecms.contentsection.ContentSectionConfig;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 /**
 * Browse folders and manipulate them with various actions (move/copy/delete).
@ -550,7 +555,7 @@ public class FolderManipulator extends SimpleContainer implements
            final PermissionChecker permissionChecker = cdiUtil.findBean(
                    PermissionChecker.class);
            if (!permissionChecker.isPermitted(
-                    CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, target)) {
+                    ItemPrivileges.CREATE_NEW, target)) {
                data.addError("cms.ui.folder.no_permission_for_item",
                              CmsConstants.CMS_FOLDER_BUNDLE);
            }
@ -589,7 +594,7 @@ public class FolderManipulator extends SimpleContainer implements
            }
            if (!(permissionChecker.isPermitted(
-                  CmsConstants.PRIVILEGE_ITEMS_DELETE, item))
+                  ItemPrivileges.DELETE, item))
                        && isMove(state)) {
                addErrorMessage(data, "cms.ui.folder.no_permission_for_item",
                                name);
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java
@ -52,6 +52,7 @@ import com.arsdigita.util.UncheckedWrapperException;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.LifecycleDefinitionRepository;
 import org.librecms.lifecycle.PhaseDefinititionRepository;
@ -211,7 +212,7 @@ class AddPhaseForm extends CMSForm {
        });
        addSubmissionListener(new FormSecurityListener(
-            CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
+            AdminPrivileges.ADMINISTER_LIFECYLES));
        addValidationListener(new FormValidationListener() {
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java
@ -38,6 +38,7 @@ import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.LifecycleDefinition;
 import java.util.Locale;
@ -77,7 +78,7 @@ class BaseLifecycleForm extends BaseForm {
        addAction(new Cancel());
        addSubmissionListener(new FormSecurityListener(
-            CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
+            AdminPrivileges.ADMINISTER_LIFECYLES));
    }
    class NameUniqueListener implements ParameterListener {
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java
@ -39,6 +39,7 @@ import com.arsdigita.cms.ui.FormSecurityListener;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.PhaseDefinititionRepository;
 import java.math.BigDecimal;
@ -87,7 +88,7 @@ class DeletePhaseForm extends CMSForm
        addInitListener(this);
        addSubmissionListener(new FormSecurityListener(
-            CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
+            AdminPrivileges.ADMINISTER_LIFECYLES));
        addProcessListener(this);
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java
@ -48,6 +48,7 @@ import com.arsdigita.kernel.KernelConfig;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.PhaseDefinititionRepository;
 import java.util.Locale;
@ -202,7 +203,7 @@ class EditPhaseForm extends CMSForm {
        });
        addSubmissionListener(new FormSecurityListener(
-            CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
+            AdminPrivileges.ADMINISTER_LIFECYLES));
        addValidationListener(new FormValidationListener() {
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java
@ -29,21 +29,19 @@ import com.arsdigita.toolbox.ui.SecurityContainer;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.PermissionChecker;
 import org.librecms.CmsConstants;
-
+import org.librecms.contentsection.privileges.AdminPrivileges;
 /**
- * Security container that wraps the canAdministerLifecycles access check
+ * Security container that wraps the canAdministerLifecycles access check around
- * around its components.
+ * its components.
 *
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
 * @author <a href="mailto:pihman@arsdigita.com">Michael Pih</a>
 */
 public class LifecycleAdminContainer extends SecurityContainer {
    /**
-     * This default constructor should be followed by calls to
+     * This default constructor should be followed by calls to <code>add</code>.
     * <code>add</code>.
     */
    public LifecycleAdminContainer() {
        super();
@ -62,14 +60,17 @@ public class LifecycleAdminContainer extends SecurityContainer {
     * Returns true if the current user can access the child component.
     *
     * @param state The page state
     *
     * @return true if the access checks pass, false otherwise
     */
    @Override
    protected boolean canAccess(final Party party, final PageState state) {
        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-        final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class);
+        final PermissionChecker permissionChecker = cdiUtil.findBean(
            PermissionChecker.class);
-        return permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES);
+        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_LIFECYLES);
    }
 }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java
@ -36,13 +36,15 @@ import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentSectionManager;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.Lifecycle;
 import org.librecms.lifecycle.LifecycleDefinitionRepository;
 import java.math.BigDecimal;
 /**
- * <p>This class contains the split pane for the lifecycle administration
+ * <p>
 * This class contains the split pane for the lifecycle administration
 * interface.</p>
 *
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -66,7 +68,6 @@ public class LifecycleAdminPane extends BaseAdminPane {
        // XXX secvis
        //add(new LifecycleAdminContainer(m_addLink));
        setAdd(gz("cms.ui.lifecycle.add"),
               new LifecycleAddForm(m_model));
        setEdit(gz("cms.ui.lifecycle.edit"),
@ -83,37 +84,41 @@ public class LifecycleAdminPane extends BaseAdminPane {
    private class SelectionRequestLocal
        extends LifecycleDefinitionRequestLocal {
        @Override
        protected final Object initialValue(final PageState state) {
            final String id = m_model.getSelectedKey(state).toString();
            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-            final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class);
+            final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil
                .findBean(LifecycleDefinitionRepository.class);
            return lifecycleDefRepo.findById(Long.parseLong(id));
        }
    }
    private final class DeleteForm extends BaseDeleteForm {
        DeleteForm() {
            super(new Label(gz("cms.ui.lifecycle.delete_prompt")));
-            addSubmissionListener
+            addSubmissionListener(new FormSecurityListener(
-                (new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
+                AdminPrivileges.ADMINISTER_LIFECYLES));
        }
        public final void process(final FormSectionEvent event)
            throws FormProcessException {
            final PageState state = event.getPageState();
-            final ContentSection section =
+            final ContentSection section = CMS.getContext().getContentSection();
-                CMS.getContext().getContentSection();
+            final LifecycleDefinition definition = m_definition
-            final LifecycleDefinition definition =
+                .getLifecycleDefinition(state);
                m_definition.getLifecycleDefinition(state);
            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
            final ContentSectionManager sectionManager = cdiUtil.findBean(
                ContentSectionManager.class);
-            final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class);
+            final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil
                .findBean(LifecycleDefinitionRepository.class);
            sectionManager.removeLifecycleDefinitionFromContentSection(
                definition, section);
@ -121,5 +126,7 @@ public class LifecycleAdminPane extends BaseAdminPane {
            m_model.clearSelection(state);
        }
    }
 }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java
@ -46,6 +46,7 @@ import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.security.PermissionChecker;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.lifecycle.PhaseDefinititionRepository;
 import java.util.Locale;
@ -235,7 +236,7 @@ class LifecycleItemPane extends BaseItemPane {
            PermissionChecker.class);
        return permissionChecker.isPermitted(
-            CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES);
+            AdminPrivileges.ADMINISTER_LIFECYLES);
    }
    @Override
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java
@ -32,12 +32,14 @@ import com.arsdigita.cms.ui.BaseForm;
 import com.arsdigita.globalization.GlobalizedMessage;
 import com.arsdigita.ui.admin.GlobalizationUtil;
 import com.arsdigita.util.UncheckedWrapperException;
 import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.PermissionManager;
 import org.libreccm.security.Role;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.*;
@ -78,7 +80,7 @@ class BaseRoleForm extends BaseForm {
        addAction(new Finish());
        addAction(new Cancel());
-        addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
+        addSecurityListener(AdminPrivileges.ADMINISTER_ROLES);
    }
    private class PrivilegePrinter implements PrintListener {
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java
@ -30,11 +30,13 @@ import com.arsdigita.kernel.KernelConfig;
 import com.arsdigita.toolbox.ui.ActionGroup;
 import com.arsdigita.toolbox.ui.PropertyList;
 import com.arsdigita.toolbox.ui.Section;
 import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.security.*;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.stream.Collectors;
@ -92,7 +94,7 @@ class BaseRoleItemPane extends BaseItemPane {
    private class AdminVisible extends VisibilityComponent {
        AdminVisible(final Component child) {
-            super(child, CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
+            super(child, AdminPrivileges.ADMINISTER_ROLES);
        }
    }
@ -180,7 +182,7 @@ class BaseRoleItemPane extends BaseItemPane {
                final PageState state = e.getPageState();
                final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class);
-                if (!permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_ROLES)) {
+                if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_ROLES)) {
                    throw new FormProcessException(
                            new GlobalizedMessage("cms.ui.role.insufficient_privileges", CmsConstants.CMS_BUNDLE));
                }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java
@ -39,19 +39,22 @@ import com.arsdigita.cms.ui.VisibilityComponent;
 import com.arsdigita.toolbox.ui.ActionGroup;
 import com.arsdigita.toolbox.ui.Section;
 import com.arsdigita.util.LockableImpl;
 import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.Role;
 import org.libreccm.security.RoleRepository;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 /**
 * Provides the logic to administer {@link Role roles}.
 *
- * NOTE: Prior, this class managed two {@link ListModelBuilder}.
+ * NOTE: Prior, this class managed two {@link ListModelBuilder}. The reason
- * The reason being, that roles where differentiated between Viewer and Member groups.
+ * being, that roles where differentiated between Viewer and Member groups.
- * Since this is no longer the case, there exists only the {@link RoleListModelBuilder} now.
+ * Since this is no longer the case, there exists only the
 * {@link RoleListModelBuilder} now.
 *
 * @author <a href="mailto:yannick.buelter@yabue.de">Yannick Bülter</a>
 * @author Justin Ross &lt;jross@redhat.com&gt;
@ -66,8 +69,8 @@ public class RoleAdminPane extends BaseAdminPane {
    private final List m_roles;
    public RoleAdminPane() {
-        m_model = new ParameterSingleSelectionModel
+        m_model = new ParameterSingleSelectionModel(new StringParameter(
-            (new StringParameter(List.SELECTED));
+            List.SELECTED));
        setSelectionModel(m_model);
        m_model.addChangeListener(new SelectionListener());
@ -77,7 +80,6 @@ public class RoleAdminPane extends BaseAdminPane {
        m_roles = new List(new RoleListModelBuilder());
        m_roles.setSelectionModel(m_model);
        final SimpleContainer left = new SimpleContainer();
        setLeft(left);
@ -102,53 +104,63 @@ public class RoleAdminPane extends BaseAdminPane {
            group.setSubject(m_roles);
-            final ActionLink link = new ActionLink
+            final ActionLink link = new ActionLink(new Label(gz(
-                    (new Label(gz("cms.ui.role.staff.add")));
+                "cms.ui.role.staff.add")));
-            group.addAction(new VisibilityComponent(link, CmsConstants.PRIVILEGE_ADMINISTER_ROLES),
+            group.addAction(new VisibilityComponent(
                link,
                AdminPrivileges.ADMINISTER_ROLES),
                            ActionGroup.ADD);
            final RoleAddForm form = new RoleAddForm(m_model);
            getBody().add(form);
            getBody().connect(link, form);
        }
    }
    private class SelectionListener implements ChangeListener {
        @Override
        public final void stateChanged(final ChangeEvent e) {
-            s_log.debug("Selection state changed; I may change " +
+            s_log.debug("Selection state changed; I may change "
-                        "the body's visible pane");
+                            + "the body's visible pane");
            final PageState state = e.getPageState();
            getBody().reset(state);
            if (m_model.isSelected(state)) {
-                s_log.debug("The selection model is selected; displaying " +
+                s_log.debug("The selection model is selected; displaying "
-                            "the item pane");
+                                + "the item pane");
                getBody().push(state, getItemPane());
            }
        }
    }
    private class SelectionRequestLocal extends RoleRequestLocal {
        @Override
        protected final Object initialValue(final PageState state) {
-            final Long id = Long.parseLong(m_model.getSelectedKey(state).toString());
+            final Long id = Long.parseLong(m_model.getSelectedKey(state)
                .toString());
            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-            final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class);
+            final RoleRepository roleRepository = cdiUtil.findBean(
                RoleRepository.class);
            return roleRepository.findById(id);
        }
    }
    /**
-     * This builder provides a list model of the {@link Role roles} which correspond to the {@link ContentSection}
+     * This builder provides a list model of the {@link Role roles} which
-     * in this context.
+     * correspond to the {@link ContentSection} in this context.
     */
-    private static class RoleListModelBuilder extends LockableImpl implements  ListModelBuilder {
+    private static class RoleListModelBuilder extends LockableImpl implements
        ListModelBuilder {
        RoleListModelBuilder() {
            super();
@ -160,16 +172,18 @@ public class RoleAdminPane extends BaseAdminPane {
            return new RoleListModel(section.getRoles());
        }
    }
    /**
     * Provides a simple delete form to remove a {@link Role}.
     */
    private class DeleteForm extends BaseDeleteForm {
        DeleteForm() {
            super(gz("cms.ui.role.delete_prompt"));
-            addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
+            addSecurityListener(AdminPrivileges.ADMINISTER_ROLES);
        }
        @Override
@ -178,13 +192,17 @@ public class RoleAdminPane extends BaseAdminPane {
            final PageState state = e.getPageState();
            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-            final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class);
+            final RoleRepository roleRepository = cdiUtil.findBean(
-            final Long id = Long.parseLong(m_model.getSelectedKey(state).toString());
+                RoleRepository.class);
            final Long id = Long.parseLong(m_model.getSelectedKey(state)
                .toString());
            final Role role = roleRepository.findById(id);
            roleRepository.delete(role);
            m_model.clearSelection(state);
        }
    }
 }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
@ -28,10 +28,12 @@ import com.arsdigita.cms.ui.FormSecurityListener;
 import com.arsdigita.cms.ui.PartyAddForm;
 import com.arsdigita.ui.admin.GlobalizationUtil;
 import com.arsdigita.util.Assert;
 import org.apache.log4j.Logger;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.security.*;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.Arrays;
 import java.util.List;
@ -62,7 +64,7 @@ class RolePartyAddForm extends PartyAddForm {
        m_roles = roles;
        getForm().addSubmissionListener
-            (new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES));
+            (new FormSecurityListener(AdminPrivileges.ADMINISTER_ROLES));
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java
@ -39,6 +39,7 @@ import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.workflow.TaskRepository;
 import org.libreccm.workflow.WorkflowManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.workflow.CmsTaskTypeRepository;
 import java.util.HashMap;
@ -92,7 +93,7 @@ class BaseTaskForm extends BaseForm {
        addAction(new Finish());
        addAction(new Cancel());
-        addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+        addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
        addValidationListener(new ValidationListener());
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java
@ -25,6 +25,7 @@ import com.arsdigita.cms.ui.BaseForm;
 import com.arsdigita.globalization.GlobalizedMessage;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 /**
 * <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -50,7 +51,7 @@ class BaseWorkflowForm extends BaseForm {
        addAction(new Finish());
        addAction(new Cancel());
-        addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+        addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
        addValidationListener(new ValidationListener());
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java
@ -50,6 +50,7 @@ import org.libreccm.workflow.TaskRepository;
 import org.libreccm.workflow.Workflow;
 import org.libreccm.workflow.WorkflowManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.workflow.CmsTaskTypeRepository;
 import java.math.BigDecimal;
@ -128,7 +129,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
    protected class AdminVisible extends VisibilityComponent {
        public AdminVisible(final Component child) {
-            super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+            super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
        }
    }
@ -186,7 +187,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
        TaskDeleteForm() {
            super(new Label(gz("cms.ui.workflow.task.delete_prompt")));
-            addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+            addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
        }
        @Override
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java
@ -52,6 +52,7 @@ import org.libreccm.security.RoleRepository;
 import org.libreccm.workflow.TaskAssignment;
 import org.libreccm.workflow.WorkflowManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.ArrayList;
 import java.util.List;
@ -158,7 +159,7 @@ class TaskAddRole extends CMSForm {
                PermissionChecker.class);
            if (!permissionChecker.isPermitted(
-                CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW)) {
+                AdminPrivileges.ADMINISTER_WORKFLOW)) {
                throw new FormProcessException(
                    new GlobalizedMessage(
                        "cms.ui.workflow.insufficient_privileges",
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java
@ -52,6 +52,7 @@ import org.libreccm.workflow.Task;
 import org.libreccm.workflow.UserTask;
 import org.libreccm.workflow.WorkflowManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.ArrayList;
 import java.util.List;
@ -119,13 +120,13 @@ final class TaskItemPane extends BaseItemPane {
            PermissionChecker.class);
        return permissionChecker.isPermitted(
-            CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+            AdminPrivileges.ADMINISTER_WORKFLOW);
    }
    private class AdminVisible extends VisibilityComponent {
        public AdminVisible(final Component child) {
-            super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+            super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
        }
    }
--- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java
+++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java
@ -28,13 +28,11 @@ import com.arsdigita.cms.ui.VisibilityComponent;
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.workflow.Workflow;
 import org.libreccm.workflow.WorkflowManager;
 import org.libreccm.workflow.WorkflowRepository;
 import org.libreccm.workflow.WorkflowTemplate;
 import org.libreccm.workflow.WorkflowTemplateRepository;
 import org.librecms.CmsConstants;
-import java.math.BigDecimal;
+import org.librecms.contentsection.privileges.AdminPrivileges;
 /**
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -60,7 +58,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
                                         getDeleteLink()));
        addAction(new VisibilityComponent(
-            getAddLink(), CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW));
+            getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW));
    }
    private class DeleteForm extends BaseDeleteForm {
@ -68,7 +66,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
        DeleteForm() {
            super(gz("cms.ui.workflow.delete_prompt"));
-            addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
+            addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
        }
        @Override
--- a/ccm-cms/src/main/java/org/librecms/CmsConstants.java
+++ b/ccm-cms/src/main/java/org/librecms/CmsConstants.java
@ -29,11 +29,14 @@ public class CmsConstants {
    public static final String DB_SCHEMA = "CCM_CMS";
    public static final String CMS_BUNDLE = "org.librecms.CmsResources";
-    public static final String CMS_FOLDER_BUNDLE = "com.arsdigita.cms.ui.folder.CMSFolderResources";
+    public static final String CMS_FOLDER_BUNDLE
                               = "com.arsdigita.cms.ui.folder.CMSFolderResources";
-    public static final String CONTENT_CENTER_APP_TYPE = "com.arsdigita.cms.ContentCenter";
+    public static final String CONTENT_CENTER_APP_TYPE
                               = "com.arsdigita.cms.ContentCenter";
    public static final String CONTENT_CENTER_URL = "/content-center/";
-    public static final String CONTENT_CENTER_DESC_BUNDLE = "org.librecms.contentcenter.ContentCenterResources";
+    public static final String CONTENT_CENTER_DESC_BUNDLE
                               = "org.librecms.contentcenter.ContentCenterResources";
    public static final String CONTENT_SECTION_APP_TYPE
                                   = "org.librecms.contentsection.ContentSection";
@ -47,27 +50,6 @@ public class CmsConstants {
    public static final String CATEGORIZATION_TYPE_FOLDER = "folder";
    public static final String PRIVILEGE_ADMINISTER_CATEGORIES
                               = "administer_categories";
    public static final String PRIVILEGE_ADMINISTER_CONTENT_TYPES
                               = "administer_content_types";
    public static final String PRIVILEGE_ADMINISTER_LIFECYLES
                               = "administer_lifecyles";
    public static final String PRIVILEGE_ADMINISTER_ROLES = "administer_roles";
    public static final String PRIVILEGE_ADMINISTER_WORKFLOW
                               = "administer_workflow";
    public static final String PRIVILEGE_ITEMS_APPROVE = "approve_items";
    public static final String PRIVILEGE_ITEMS_PUBLISH = "publish_items";
    public static final String PRIVILEGE_ITEMS_CATEGORIZE = "categorize_items";
    public static final String PRIVILEGE_ITEMS_CREATE_NEW = "create_new_items";
    public static final String PRIVILEGE_ITEMS_DELETE = "delete_items";
    public static final String PRIVILEGE_ITEMS_EDIT = "edit_items";
    public static final String PRIVILEGE_ITEMS_PREVIEW = "preview_items";
    public static final String PRIVILEGE_ITEMS_VIEW_PUBLISHED
                               = "view_published_items";
    public static final String PRIVILEGE_APPLY_ALTERNATE_WORKFLOW
                               = "apply_alternate_workflow";
    /**
     * Constant string used as key for creating service package as a legacy
     * application.
--- a/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java
+++ b/ccm-cms/src/main/java/org/librecms/assets/AssetManager.java
@ -20,10 +20,12 @@ package org.librecms.assets;
 import java.util.List;
 import java.util.Optional;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.transaction.Transactional;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.libreccm.categorization.CategoryManager;
@ -36,6 +38,8 @@ import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.Folder;
 import org.librecms.contentsection.FolderManager;
 import org.librecms.contentsection.FolderRepository;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 /**
 * Provides methods for managing {@link Asset}s, especially sharable
@ -80,7 +84,7 @@ public class AssetManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public <T extends Asset> T createAsset(
            final String name,
-            @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+            @RequiresPrivilege(ItemPrivileges.EDIT)
            final AttachmentList attachments,
            final Class<T> type) {
        throw new UnsupportedOperationException("Not implemented yet.");
@ -104,7 +108,7 @@ public class AssetManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public <T extends Asset> T createAsset(
            final String name,
-            @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+            @RequiresPrivilege(AssetPrivileges.CREATE_NEW)
            final Folder folder,
            final Class<T> type) {
        throw new UnsupportedOperationException("Not implemented yet.");
@ -159,9 +163,9 @@ public class AssetManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void move(
-            @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+            @RequiresPrivilege(AssetPrivileges.EDIT)
            final Asset asset,
-            @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+            @RequiresPrivilege(AssetPrivileges.CREATE_NEW)
            final Folder targetFolder) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
@ -175,7 +179,7 @@ public class AssetManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
    public void copy(final Asset asset,
-                     @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+                     @RequiresPrivilege(AssetPrivileges.CREATE_NEW)
                     final Folder targetFolder) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
--- a/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java
+++ b/ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java
@ -29,6 +29,7 @@ import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.RequiresPrivilege;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.Folder;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import java.util.List;
 import java.util.Optional;
@ -89,6 +90,15 @@ public class AssetRepository
        }
    }
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void save(
        @RequiresPrivilege(AssetPrivileges.EDIT)
        final Asset asset) {
    }
    /**
     * Deletes an <strong>unused</strong> Asset. If the {@link Asset} is in use
     * (linked to at least one ContentItem) an {@link AssetInUseException} is
@ -103,7 +113,7 @@ public class AssetRepository
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void delete(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_DELETE)
+        @RequiresPrivilege(AssetPrivileges.DELETE)
        final Asset asset) {
        if (asset.getItemAttachments().isEmpty()) {
--- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java
@ -26,6 +26,7 @@ import org.libreccm.l10n.LocalizedString;
 import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.RequiresPrivilege;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.beans.IntrospectionException;
 import java.beans.Introspector;
@ -147,7 +148,7 @@ public class ContentItemL10NManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void addLanguage(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+        @RequiresPrivilege(ItemPrivileges.EDIT)
        final ContentItem item,
        final Locale locale) {
@ -218,7 +219,7 @@ public class ContentItemL10NManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeLangauge(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+        @RequiresPrivilege(ItemPrivileges.EDIT)
        final ContentItem item,
        final Locale locale) {
@ -265,7 +266,7 @@ public class ContentItemL10NManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void normalizedLanguages(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+        @RequiresPrivilege(ItemPrivileges.EDIT)
        final ContentItem item) {
        if (item == null) {
--- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java
@ -47,6 +47,7 @@ import org.libreccm.security.RequiresPrivilege;
 import org.libreccm.workflow.Workflow;
 import org.libreccm.workflow.WorkflowManager;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import org.librecms.lifecycle.Lifecycle;
 import org.librecms.lifecycle.LifecycleManager;
@ -125,7 +126,7 @@ public class ContentItemManager {
    public <T extends ContentItem> T createContentItem(
        final String name,
        final ContentSection section,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder folder,
        final Class<T> type) {
@ -174,7 +175,7 @@ public class ContentItemManager {
    public <T extends ContentItem> T createContentItem(
        final String name,
        final ContentSection section,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder folder,
        final WorkflowTemplate workflowTemplate,
        final Class<T> type) {
@ -250,9 +251,9 @@ public class ContentItemManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void move(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
+        @RequiresPrivilege(ItemPrivileges.EDIT)
        final ContentItem item,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder targetFolder) {
        if (item == null) {
            throw new IllegalArgumentException("The item to move can't be null.");
@ -322,7 +323,7 @@ public class ContentItemManager {
    @SuppressWarnings("unchecked")
    public ContentItem copy(
        final ContentItem item,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder targetFolder) {
        if (item == null) {
            throw new IllegalArgumentException("The item to copy can't be null.");
@ -563,7 +564,7 @@ public class ContentItemManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public ContentItem publish(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
+        @RequiresPrivilege(ItemPrivileges.PUBLISH)
        final ContentItem item) {
        if (item == null) {
@ -591,7 +592,7 @@ public class ContentItemManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @SuppressWarnings("unchecked")
    public ContentItem publish(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
+        @RequiresPrivilege(ItemPrivileges.PUBLISH)
        final ContentItem item,
        final LifecycleDefinition lifecycleDefinition) {
        if (item == null) {
@ -787,7 +788,7 @@ public class ContentItemManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void publish(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
+        @RequiresPrivilege(ItemPrivileges.PUBLISH)
        final Folder folder) {
        // Ensure that we are using a fresh folder and that the folder was 
@ -811,7 +812,7 @@ public class ContentItemManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void unpublish(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
+        @RequiresPrivilege(ItemPrivileges.PUBLISH)
        final ContentItem item) {
        if (item == null) {
            throw new IllegalArgumentException(
@ -860,7 +861,7 @@ public class ContentItemManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void unpublish(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
+        @RequiresPrivilege(ItemPrivileges.PUBLISH)
        final Folder folder) {
        // Ensure that we are using a fresh folder and that the folder was 
@ -910,7 +911,7 @@ public class ContentItemManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @SuppressWarnings({"unchecked"})
    public <T extends ContentItem> Optional<T> getLiveVersion(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED)
+        @RequiresPrivilege(ItemPrivileges.VIEW_PUBLISHED)
        final ContentItem item,
        final Class<T> type) {
@ -972,7 +973,7 @@ public class ContentItemManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @SuppressWarnings("unchecked")
    public <T extends ContentItem> T getDraftVersion(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PREVIEW)
+        @RequiresPrivilege(ItemPrivileges.PREVIEW)
        final ContentItem item,
        final Class<T> type) {
--- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
@ -44,12 +44,14 @@ import javax.persistence.TypedQuery;
 import javax.transaction.Transactional;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import org.librecms.lifecycle.LifecycleDefinition;
 import java.util.Optional;
 import static org.librecms.CmsConstants.*;
 import static org.librecms.contentsection.ContentSection.*;
 /**
@ -140,48 +142,69 @@ public class ContentSectionManager {
                                ALERT_RECIPIENT);
        addRoleToContentSection(section,
                                AUTHOR,
-                                PRIVILEGE_ITEMS_CATEGORIZE,
+                                ItemPrivileges.CATEGORIZE,
-                                PRIVILEGE_ITEMS_CREATE_NEW,
+                                ItemPrivileges.CREATE_NEW,
-                                PRIVILEGE_ITEMS_EDIT,
+                                ItemPrivileges.EDIT,
-                                PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                ItemPrivileges.VIEW_PUBLISHED,
-                                PRIVILEGE_ITEMS_PREVIEW);
+                                ItemPrivileges.PREVIEW,
                                AssetPrivileges.USE,
                                AssetPrivileges.CREATE_NEW,
                                AssetPrivileges.EDIT,
                                AssetPrivileges.VIEW,
                                AssetPrivileges.DELETE);
        addRoleToContentSection(section,
                                EDITOR,
-                                PRIVILEGE_ITEMS_CATEGORIZE,
+                                ItemPrivileges.CATEGORIZE,
-                                PRIVILEGE_ITEMS_CREATE_NEW,
+                                ItemPrivileges.CREATE_NEW,
-                                PRIVILEGE_ITEMS_EDIT,
+                                ItemPrivileges.EDIT,
-                                PRIVILEGE_ITEMS_APPROVE,
+                                ItemPrivileges.APPROVE,
-                                PRIVILEGE_ITEMS_DELETE,
+                                ItemPrivileges.DELETE,
-                                PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                ItemPrivileges.VIEW_PUBLISHED,
-                                PRIVILEGE_ITEMS_PREVIEW);
+                                ItemPrivileges.PREVIEW,
                                AssetPrivileges.USE,
                                AssetPrivileges.CREATE_NEW,
                                AssetPrivileges.EDIT,
                                AssetPrivileges.VIEW,
                                AssetPrivileges.DELETE);
        addRoleToContentSection(section,
                                MANAGER,
-                                PRIVILEGE_ADMINISTER_ROLES,
+                                AdminPrivileges.ADMINISTER_ROLES,
-                                PRIVILEGE_ADMINISTER_WORKFLOW,
+                                AdminPrivileges.ADMINISTER_WORKFLOW,
-                                PRIVILEGE_ADMINISTER_LIFECYLES,
+                                AdminPrivileges.ADMINISTER_LIFECYLES,
-                                PRIVILEGE_ADMINISTER_CATEGORIES,
+                                AdminPrivileges.ADMINISTER_CATEGORIES,
-                                PRIVILEGE_ADMINISTER_CONTENT_TYPES,
+                                AdminPrivileges.ADMINISTER_CONTENT_TYPES,
-                                PRIVILEGE_ITEMS_CATEGORIZE,
+                                ItemPrivileges.CATEGORIZE,
-                                PRIVILEGE_ITEMS_CREATE_NEW,
+                                ItemPrivileges.CREATE_NEW,
-                                PRIVILEGE_ITEMS_EDIT,
+                                ItemPrivileges.EDIT,
-                                PRIVILEGE_ITEMS_APPROVE,
+                                ItemPrivileges.APPROVE,
-                                PRIVILEGE_ITEMS_PUBLISH,
+                                ItemPrivileges.PUBLISH,
-                                PRIVILEGE_ITEMS_DELETE,
+                                ItemPrivileges.DELETE,
-                                PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                ItemPrivileges.VIEW_PUBLISHED,
-                                PRIVILEGE_ITEMS_PREVIEW);
+                                ItemPrivileges.PREVIEW,
                                AssetPrivileges.USE,
                                AssetPrivileges.CREATE_NEW,
                                AssetPrivileges.EDIT,
                                AssetPrivileges.VIEW,
                                AssetPrivileges.DELETE);
        addRoleToContentSection(section,
                                PUBLISHER,
-                                PRIVILEGE_ITEMS_CATEGORIZE,
+                                ItemPrivileges.CATEGORIZE,
-                                PRIVILEGE_ITEMS_CREATE_NEW,
+                                ItemPrivileges.CREATE_NEW,
-                                PRIVILEGE_ITEMS_EDIT,
+                                ItemPrivileges.EDIT,
-                                PRIVILEGE_ITEMS_APPROVE,
+                                ItemPrivileges.APPROVE,
-                                PRIVILEGE_ITEMS_PUBLISH,
+                                ItemPrivileges.PUBLISH,
-                                PRIVILEGE_ITEMS_DELETE,
+                                ItemPrivileges.DELETE,
-                                PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                ItemPrivileges.VIEW_PUBLISHED,
-                                PRIVILEGE_ITEMS_PREVIEW);
+                                ItemPrivileges.PREVIEW,
                                AssetPrivileges.USE,
                                AssetPrivileges.CREATE_NEW,
                                AssetPrivileges.EDIT,
                                AssetPrivileges.VIEW,
                                AssetPrivileges.DELETE);
        addRoleToContentSection(section,
                                CONTENT_READER,
-                                PRIVILEGE_ITEMS_VIEW_PUBLISHED);
+                                ItemPrivileges.VIEW_PUBLISHED,
                                AssetPrivileges.VIEW);
        return section;
    }
@ -224,8 +247,8 @@ public class ContentSectionManager {
    /**
     * Adds new role to a content section. the new role will not have any
     * members, they have to be added separatly. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided
-     * section.
+     * content section.
     *
     * @param section    The {@link ContentSection} to which the role is added.
     * @param roleName   The name of the new role.
@ -234,7 +257,7 @@ public class ContentSectionManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void addRoleToContentSection(
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
        final ContentSection section,
        final String roleName,
        final String... privileges) {
@ -252,9 +275,9 @@ public class ContentSectionManager {
        role.setName(String.join("_", section.getLabel(), roleName));
        roleRepo.save(role);
-        final Category rootFolder = section.getRootDocumentsFolder();
+//        final Category rootFolder = section.getRootDocumentsFolder();
        for (String privilege : privileges) {
-            permissionManager.grantPrivilege(privilege, role, rootFolder);
+            permissionManager.grantPrivilege(privilege, role, section);
        }
        addRoleToContentSection(role, section);
@ -263,8 +286,8 @@ public class ContentSectionManager {
    /**
     * Associates an existing role to with a content section. This will not
     * grant any permissions for the content section to the role. This operation
-     * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided
+     * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the
-     * content section.
+     * provided content section.
     *
     * @param role    The role to add.
     * @param section The section the role is associated with.
@ -273,7 +296,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void addRoleToContentSection(
        final Role role,
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
        final ContentSection section) {
        if (section == null) {
@ -295,8 +318,8 @@ public class ContentSectionManager {
     * role which are associated with the content section. The role itself is
     * <strong>not</strong> deleted because the role is maybe is used in other
     * places. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided
-     * section.
+     * content section.
     *
     * @param contentSection The section from which the role is removed.
     * @param role           The role to remove from the content section.
@ -304,7 +327,7 @@ public class ContentSectionManager {
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeRoleFromContentSection(
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
        final ContentSection contentSection,
        final Role role) {
@ -334,8 +357,8 @@ public class ContentSectionManager {
    /**
     * Adds a lifecycle definition to a content section. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the provided
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for the
-     * content section.
+     * provided content section.
     *
     * @param definition The lifecycle definition to add.
     * @param section    The section to which the definition is added.
@ -344,7 +367,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void addLifecycleDefinitionToContentSection(
        final LifecycleDefinition definition,
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
        final ContentSection section) {
        section.addLifecycleDefinition(definition);
@ -353,8 +376,8 @@ public class ContentSectionManager {
    /**
     * Removes a lifecycle definition from a content section. This operation
-     * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the
+     * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for
-     * provided content section.
+     * the provided content section.
     *
     * @param definition The definition to remove.
     * @param section    The section from which the definition is removed.
@ -363,7 +386,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeLifecycleDefinitionFromContentSection(
        final LifecycleDefinition definition,
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
        final ContentSection section) {
        section.removeLifecycleDefinition(definition);
@ -372,7 +395,7 @@ public class ContentSectionManager {
    /**
     * Adds a workflow template to a content section. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the provided
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the provided
     * content section.
     *
     * @param template The template to add.
@ -382,7 +405,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void addWorkflowTemplateToContentSection(
        final WorkflowTemplate template,
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
        final ContentSection section) {
        section.addWorkflowTemplate(template);
@ -391,7 +414,7 @@ public class ContentSectionManager {
    /**
     * Removes a workflow template from a content section. This operation
-     * requires {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the
+     * requires {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the
     * provided content section.
     *
     * @param template The template to remove.
@ -401,7 +424,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeWorkflowTemplateFromContentSection(
        final WorkflowTemplate template,
-        @RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
        final ContentSection section) {
        section.removeWorkflowTemplate(template);
@ -433,8 +456,8 @@ public class ContentSectionManager {
    /**
     * Adds a new {@link ContentType} to a content section, making items of that
     * type available in the content section. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the
-     * content section.
+     * provided content section.
     *
     * @param type             The type to add (a subclass of
     *                         {@link ContentItem}.
@ -456,7 +479,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public ContentType addContentTypeToSection(
        final Class<? extends ContentItem> type,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
        final ContentSection section,
        final LifecycleDefinition defaultLifecycle,
        final WorkflowTemplate defaultWorkflow) {
@ -557,8 +580,8 @@ public class ContentSectionManager {
    /**
     * Removes an <em>unused</em> {@link ContentType} from a
     * {@link ContentSection}. This operation requires
-     * {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided
+     * {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the
-     * content section.
+     * provided content section.
     *
     * @param type    The type to remove from the section.
     * @param section The section from which the type is removed.
@ -573,7 +596,7 @@ public class ContentSectionManager {
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeContentTypeFromSection(
        final Class<? extends ContentItem> type,
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
        final ContentSection section) {
        if (type == null) {
--- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java
@ -30,6 +30,9 @@ import java.util.UUID;
 import static org.librecms.CmsConstants.*;
 import static org.librecms.contentsection.ContentSection.*;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import org.librecms.contentsection.privileges.AssetPrivileges;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 /**
 *
@ -123,52 +126,91 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup {
        grantPermissions(author,
                         rootFolder,
-                         PRIVILEGE_ITEMS_CATEGORIZE,
+                         ItemPrivileges.CATEGORIZE,
-                         PRIVILEGE_ITEMS_CREATE_NEW,
+                         ItemPrivileges.CREATE_NEW,
-                         PRIVILEGE_ITEMS_EDIT,
+                         ItemPrivileges.EDIT,
-                         PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                         ItemPrivileges.VIEW_PUBLISHED,
-                         PRIVILEGE_ITEMS_PREVIEW);
+                         ItemPrivileges.PREVIEW);
        grantPermissions(author, 
                         rootAssetFolder,
                         AssetPrivileges.USE,
                         AssetPrivileges.CREATE_NEW,
                         AssetPrivileges.EDIT,
                         AssetPrivileges.VIEW,
                         AssetPrivileges.DELETE);
        grantPermissions(editor,
                         rootFolder,
-                         PRIVILEGE_ITEMS_CATEGORIZE,
+                         ItemPrivileges.CATEGORIZE,
-                         PRIVILEGE_ITEMS_CREATE_NEW,
+                         ItemPrivileges.CREATE_NEW,
-                         PRIVILEGE_ITEMS_EDIT,
+                         ItemPrivileges.EDIT,
-                         PRIVILEGE_ITEMS_APPROVE,
+                         ItemPrivileges.APPROVE,
-                         PRIVILEGE_ITEMS_DELETE,
+                         ItemPrivileges.DELETE,
-                         PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                         ItemPrivileges.VIEW_PUBLISHED,
-                         PRIVILEGE_ITEMS_PREVIEW);
+                         ItemPrivileges.PREVIEW);
        grantPermissions(editor, 
                         rootAssetFolder,
                         AssetPrivileges.USE,
                         AssetPrivileges.CREATE_NEW,
                         AssetPrivileges.EDIT,
                         AssetPrivileges.VIEW,
                         AssetPrivileges.DELETE);
        grantPermissions(manager,
                         section,
                         AdminPrivileges.ADMINISTER_ROLES,
                         AdminPrivileges.ADMINISTER_WORKFLOW,
                         AdminPrivileges.ADMINISTER_LIFECYLES,
                         AdminPrivileges.ADMINISTER_CATEGORIES,
                         AdminPrivileges.ADMINISTER_CONTENT_TYPES);
        grantPermissions(manager,
                         rootFolder,
-                         PRIVILEGE_ADMINISTER_ROLES,
+                         ItemPrivileges.CATEGORIZE,
-                         PRIVILEGE_ADMINISTER_WORKFLOW,
+                         ItemPrivileges.CREATE_NEW,
-                         PRIVILEGE_ADMINISTER_LIFECYLES,
+                         ItemPrivileges.EDIT,
-                         PRIVILEGE_ADMINISTER_CATEGORIES,
+                         ItemPrivileges.APPROVE,
-                         PRIVILEGE_ADMINISTER_CONTENT_TYPES,
+                         ItemPrivileges.PUBLISH,
-                         PRIVILEGE_ITEMS_CATEGORIZE,
+                         ItemPrivileges.DELETE,
-                         PRIVILEGE_ITEMS_CREATE_NEW,
+                         ItemPrivileges.VIEW_PUBLISHED,
-                         PRIVILEGE_ITEMS_EDIT,
+                         ItemPrivileges.PREVIEW);
-                         PRIVILEGE_ITEMS_APPROVE,
+        
-                         PRIVILEGE_ITEMS_PUBLISH,
+        grantPermissions(manager, 
-                         PRIVILEGE_ITEMS_DELETE,
+                         rootAssetFolder,
-                         PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                         AssetPrivileges.USE,
-                         PRIVILEGE_ITEMS_PREVIEW);
+                         AssetPrivileges.CREATE_NEW,
                         AssetPrivileges.EDIT,
                         AssetPrivileges.VIEW,
                         AssetPrivileges.DELETE);
        grantPermissions(publisher,
                         rootFolder,
-                         PRIVILEGE_ITEMS_CATEGORIZE,
+                         ItemPrivileges.CATEGORIZE,
-                         PRIVILEGE_ITEMS_CREATE_NEW,
+                         ItemPrivileges.CREATE_NEW,
-                         PRIVILEGE_ITEMS_EDIT,
+                         ItemPrivileges.EDIT,
-                         PRIVILEGE_ITEMS_APPROVE,
+                         ItemPrivileges.APPROVE,
-                         PRIVILEGE_ITEMS_PUBLISH,
+                         ItemPrivileges.PUBLISH,
-                         PRIVILEGE_ITEMS_DELETE,
+                         ItemPrivileges.DELETE,
-                         PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                         ItemPrivileges.VIEW_PUBLISHED,
-                         PRIVILEGE_ITEMS_PREVIEW);
+                         ItemPrivileges.PREVIEW);
        grantPermissions(publisher, 
                         rootAssetFolder,
                         AssetPrivileges.USE,
                         AssetPrivileges.CREATE_NEW,
                         AssetPrivileges.EDIT,
                         AssetPrivileges.VIEW,
                         AssetPrivileges.DELETE);
        grantPermissions(contentReader,
                         rootFolder,
-                         PRIVILEGE_ITEMS_VIEW_PUBLISHED);
+                         ItemPrivileges.VIEW_PUBLISHED);
        grantPermissions(contentReader,
                         rootAssetFolder,
                         AssetPrivileges.VIEW);
        getEntityManager().persist(alertRecipient);
        getEntityManager().persist(author);
--- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java
@ -22,6 +22,7 @@ import org.libreccm.core.AbstractEntityRepository;
 import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.RequiresPrivilege;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.List;
 import java.util.Optional;
@ -180,7 +181,7 @@ public class ContentTypeRepository
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void save(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
        final ContentType type) {
        super.save(type);
@ -190,7 +191,7 @@ public class ContentTypeRepository
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void delete(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
+        @RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
        final ContentType type) {
        if (isContentTypeInUse(type)) {
--- a/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java
@ -24,7 +24,7 @@ import org.libreccm.categorization.Category;
 import org.libreccm.core.AbstractEntityRepository;
 import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.RequiresPrivilege;
-import org.librecms.CmsConstants;
+import org.librecms.contentsection.privileges.ItemPrivileges;
 import java.util.List;
 import java.util.Optional;
@ -186,7 +186,7 @@ public class FolderRepository extends AbstractEntityRepository<Long, Folder> {
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void save(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder folder) {
        super.save(folder);
@ -196,7 +196,7 @@ public class FolderRepository extends AbstractEntityRepository<Long, Folder> {
    @Transactional(Transactional.TxType.REQUIRED)
    @Override
    public void delete(
-        @RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
+        @RequiresPrivilege(ItemPrivileges.CREATE_NEW)
        final Folder folder) {
        super.delete(folder);
--- a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java
@ -0,0 +1,79 @@
 /*
 * Copyright (C) 2016 LibreCCM Foundation.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301  USA
 */
 package org.librecms.contentsection.privileges;
 import org.libreccm.categorization.Category;
 import org.libreccm.categorization.Domain;
 import org.libreccm.web.CcmApplication;
 import org.libreccm.workflow.WorkflowTemplate;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.lifecycle.Lifecycle;
 import org.librecms.lifecycle.LifecycleDefinition;
 /**
 * Constants for privileges allowing administrative actions on a content
 * section. The privileges defined in this can only be used for
 * {@link ContentSection}s.
 *
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
 */
 public final class AdminPrivileges {
    /**
     * Allows the manipulation of the categories (see {@link Category} of the
     * {@link Domain}s assigned to the {@link ContentSection}.
     *
     * @see CcmApplication#domains
     */
    public static final String ADMINISTER_CATEGORIES = "administer_categories";
    /**
     * Allows editing, adding and removing the {@link ContentType} of a
     * {@link ContentSection}.
     *
     * @see ContentSection#contentTypes
     */
    public static final String ADMINISTER_CONTENT_TYPES
                                   = "administer_content_types";
    /**
     * Allows adding, editing and removing {@link LifecycleDefinition}s of a
     * {@link ContentSection}.
     *
     * @see ContentSection#lifecycleDefinitions
     */
    public static final String ADMINISTER_LIFECYLES = "administer_lifecyles";
    /**
     * Allows manipulation of the {@link Role}s assigned to a
     * {@link ContentSection}.
     *
     * @see ContentSection#roles
     */
    public static final String ADMINISTER_ROLES = "administer_roles";
    /**
     * Allows manipulation of the {@link WorkflowTemplate}s assigned to a
     * {@link ContentSection}.
     * 
     * @see ContentSection#workflowTemplates
     */
    public static final String ADMINISTER_WORKFLOW = "administer_workflow";
    private AdminPrivileges() {
        //Nothing
    }
 }
--- a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java
@ -0,0 +1,55 @@
 /*
 * Copyright (C) 2016 LibreCCM Foundation.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301  USA
 */
 package org.librecms.contentsection.privileges;
 /**
 * Constants for privileges allowing actions on the assets of a content section.
 * All privileges defined in this class can either be assigned for the complete 
 * {@link ContentSection} or for a specific assets {@link Folder}.
 * 
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
 */
 public final class AssetPrivileges {
    /**
     * Allows the creation of new shared {@link Asset}s.
     */
    public static final String CREATE_NEW = "create_new_assets";
    /**
     * Allows the removal of unused shared {@link Asset}s.
     */
    public static final String DELETE = "delete_assets";
    /**
     * Allows the usage of assets (associating them with a content item).
     */
    public static final String USE = "use_asset";
    /**
     * Allows editing of existing assets.
     */
    public static final String EDIT = "edit_asset";
    /**
     * Allows the user to view assets.
     */
    public static final String VIEW = "view_asset";
    private AssetPrivileges() {
        //Nothing
    }
 }
--- a/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java
+++ b/ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java
@ -0,0 +1,75 @@
 /*
 * Copyright (C) 2016 LibreCCM Foundation.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301  USA
 */
 package org.librecms.contentsection.privileges;
 import org.librecms.contentsection.ContentItem;
 /**
 * Constants for privileges allowing actions on the items of a content section.
 * All privileges defined in this class can either be assigned for the complete 
 * {@link ContentSection} or for a specific documents/items {@link Folder}.
 *
 * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
 */
 public final class ItemPrivileges {
    /**
     * Allows the user to approve {@link ContentItem}s.
     */
    public static final String APPROVE = "approve_items";
    /**
     * Allows the user to publish, republish and unpublish {@link ContentItem}.
     */
    public static final String PUBLISH = "publish_items";
    /**
     * Allows the user to categorise {@link ContentItem}s.
     */
    public static final String CATEGORIZE = "categorize_items";
    /**
     * Allows the user to create new {@link ContentItem}s.
     */
    public static final String CREATE_NEW = "create_new_items";
    /**
     * Allows the user to delete {@link ContentItem}s.
     */
    public static final String DELETE = "delete_items";
    /**
     * Allows the user to edit existing {@link ContentItem}s.
     */
    public static final String EDIT = "edit_items";
    /**
     * Allows to user to view the draft version of {@link ContentItem}.
     */
    public static final String PREVIEW = "preview_items";
    /**
     * Allows the user to view the live version of {@link ContentItems}.
     */
    public static final String VIEW_PUBLISHED = "view_published_items";
    /**
     * Allows the user to apply another {@link Workflow} than the default one to
     * an {@link ContentItem}.
     */
    public static final String APPLY_ALTERNATE_WORKFLOW
                                   = "apply_alternate_workflow";
    private ItemPrivileges() {
        //Nothing
    }
 }
--- a/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java
+++ b/ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java
@ -23,6 +23,7 @@ import org.apache.logging.log4j.Logger;
 import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.RequiresPrivilege;
 import org.librecms.CmsConstants;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.ArrayList;
 import java.util.List;
@ -59,7 +60,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public void addPhaseDefinition(
        final LifecycleDefinition lifecycleDefinition,
        final PhaseDefinition phaseDefinition) {
@ -72,7 +73,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public void removePhaseDefinition(
        final LifecycleDefinition lifecycleDefinition,
        final PhaseDefinition phaseDefinition) {
@ -85,7 +86,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public Lifecycle createLifecycle(
        final LifecycleDefinition lifecycleDefinition) {
@ -113,7 +114,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public void startLifecycle(final Lifecycle lifecycle) {
        if (!lifecycle.isStarted()) {
            if (lifecycle.isFinished()) {
@ -147,7 +148,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public void nextPhase(final Lifecycle lifecycle) {
        if (lifecycle.isStarted()) {
            int current = -1;
@ -182,7 +183,7 @@ public class LifecycleManager {
    @Transactional(Transactional.TxType.REQUIRED)
    @AuthorizationRequired
-    @RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
+    @RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
    public void reset(final Lifecycle lifecycle) {
        lifecycle.setStarted(false);
        lifecycle.setFinished(false);
--- a/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java
+++ b/ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java
@ -58,6 +58,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*;
 import org.jboss.arquillian.container.test.api.ShouldThrowException;
 import org.libreccm.workflow.WorkflowTemplate;
 import org.libreccm.workflow.WorkflowTemplateRepository;
 import org.librecms.contentsection.privileges.ItemPrivileges;
 import org.librecms.contenttypes.Article;
 import org.librecms.contenttypes.Event;
 import org.librecms.contenttypes.News;
@ -279,9 +280,9 @@ public class ContentSectionManagerTest {
        manager.addRoleToContentSection(section,
                                        "reviewer",
-                                        PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                        ItemPrivileges.VIEW_PUBLISHED,
-                                        PRIVILEGE_ITEMS_PREVIEW,
+                                        ItemPrivileges.PREVIEW,
-                                        PRIVILEGE_ITEMS_APPROVE);
+                                        ItemPrivileges.APPROVE);
    }
    /**
@ -301,9 +302,9 @@ public class ContentSectionManagerTest {
    public void addRoleSectionIsNull() {
        manager.addRoleToContentSection(null,
                                        "reviewer",
-                                        PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                        ItemPrivileges.VIEW_PUBLISHED,
-                                        PRIVILEGE_ITEMS_PREVIEW,
+                                        ItemPrivileges.PREVIEW,
-                                        PRIVILEGE_ITEMS_APPROVE);
+                                        ItemPrivileges.APPROVE);
    }
    /**
@ -325,9 +326,9 @@ public class ContentSectionManagerTest {
        manager.addRoleToContentSection(section,
                                        null,
-                                        PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                        ItemPrivileges.VIEW_PUBLISHED,
-                                        PRIVILEGE_ITEMS_PREVIEW,
+                                        ItemPrivileges.PREVIEW,
-                                        PRIVILEGE_ITEMS_APPROVE);
+                                        ItemPrivileges.APPROVE);
    }
    /**
@ -349,9 +350,9 @@ public class ContentSectionManagerTest {
        manager.addRoleToContentSection(section,
                                        " ",
-                                        PRIVILEGE_ITEMS_VIEW_PUBLISHED,
+                                        ItemPrivileges.VIEW_PUBLISHED,
-                                        PRIVILEGE_ITEMS_PREVIEW,
+                                        ItemPrivileges.PREVIEW,
-                                        PRIVILEGE_ITEMS_APPROVE);
+                                        ItemPrivileges.APPROVE);
    }
    /**