LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

CCM NG/ccm-cms: Moved constants for privileges to extra classes, refactored usages. 

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4398 8810af33-2d31-482b-a856-94f89814c4df
pull/2/head
jensp 2016-10-21 18:19:46 +00:00
parent b67c9f4fac
commit 8b65254d3a
41 changed files with 589 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ccm-cms/src/main/java/com/arsdigita/cms/ContentCenterServlet.java
View File

@ -45,6 +45,7 @@ import org.libreccm.web.CcmApplication;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.io.IOException;
import java.util.HashMap;
@ -145,7 +146,7 @@ public class ContentCenterServlet extends BaseApplicationServlet {
final List<ContentSection> sections = sectionRepo.findAll();
boolean hasAccess = false;
for (final ContentSection section : sections) {
if (permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT,
if (permissionChecker.isPermitted(ItemPrivileges.EDIT,
section.getRootDocumentsFolder())) {
hasAccess = true;
break;

11
ccm-cms/src/main/java/com/arsdigita/cms/ContentSectionServlet.java
View File

@ -68,6 +68,7 @@ import org.librecms.contentsection.ContentItemManager;
import org.librecms.contentsection.ContentItemRepository;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionConfig;
import org.librecms.contentsection.privileges.ItemPrivileges;
import org.librecms.lifecycle.Lifecycle;
import javax.enterprise.inject.spi.CDI;
@ -425,7 +426,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
PermissionChecker.class);
if (s_cacheItems && contentItemManager.isLive(item)) {
if (permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
ItemPrivileges.VIEW_PUBLISHED, item)) {
DispatcherHelper.cacheForWorld(sresp, expires);
} else {
DispatcherHelper.cacheForUser(sresp, expires);
@ -540,7 +541,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
item = itemResolver.getItem(section, url, CMSDispatcher.PREVIEW);
if (item != null) {
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item);
ItemPrivileges.PREVIEW, item);
}
} else {
if (s_log.isInfoEnabled()) {
@ -588,7 +589,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
}
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
ItemPrivileges.VIEW_PUBLISHED, item);
if (hasPermission) {
}
@ -611,7 +612,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
item = itemResolver.getItem(section, url, "live");
if (item != null) {
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
ItemPrivileges.VIEW_PUBLISHED, item);
}
}
@ -747,7 +748,7 @@ public class ContentSectionServlet extends BaseApplicationServlet {
public static boolean checkAdminAccess(HttpServletRequest request,
ContentSection section) {
return CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
.isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT,
.isPermitted(ItemPrivileges.EDIT,
section.getRootDocumentsFolder());
}

7
ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSDispatcher.java
View File

@ -46,6 +46,7 @@ import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
* <p>
@ -281,7 +282,7 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher {
.findBean(PermissionChecker.class);
if (permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
ItemPrivileges.VIEW_PUBLISHED, item)) {
if (preview) {
item = getContentItem(section,
remainingUrl,
@ -384,13 +385,13 @@ public class CMSDispatcher implements Dispatcher, ChainedDispatcher {
return;
}
//if (!sm.canAccess(user, SecurityManager.ADMIN_PAGES)) {
permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_EDIT,
permissionChecker.checkPermission(ItemPrivileges.EDIT,
section.getRootDocumentsFolder());
} else {
// For public page requests, use the SecurityManager to check access
// SecurityManager.canAccess(user, SecurityManager.PUBLIC_PAGES) must
permissionChecker.checkPermission(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED,
ItemPrivileges.VIEW_PUBLISHED,
section.getRootDocumentsFolder());
}
}

3
ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/CMSPage.java
View File

@ -48,6 +48,7 @@ import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentItemRepository;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
@ -288,7 +289,7 @@ public class CMSPage extends Page implements ResourceHandler {
final ContentItem item = itemRepo.findById(Long.parseLong("item_id")).get();
final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class);
permissionChecker.checkPermission(CmsConstants.PRIVILEGE_ITEMS_PREVIEW,
permissionChecker.checkPermission(ItemPrivileges.PREVIEW,
item);
}

3
ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ContentSectionDispatcher.java
View File

@ -30,6 +30,7 @@ import org.libreccm.web.ApplicationManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.io.IOException;
@ -125,7 +126,7 @@ public class ContentSectionDispatcher implements Dispatcher {
ContentSection section) {
return CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
.isPermitted(CmsConstants.PRIVILEGE_ITEMS_EDIT, section
.isPermitted(ItemPrivileges.EDIT, section
.getRootDocumentsFolder());
}

14
ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ItemDispatcher.java
View File

@ -26,7 +26,6 @@ import com.arsdigita.web.LoginSignal;
import java.io.IOException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@ -38,12 +37,9 @@ import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.PermissionChecker;
import org.libreccm.security.Shiro;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.lifecycle.Lifecycle;
import java.util.logging.Level;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
* Dispatches to the JSP or Servlet for rendering a content item.
@ -153,7 +149,7 @@ public class ItemDispatcher implements ChainedDispatcher {
// if (sm.canAccess((User)null, SecurityManager.PUBLIC_PAGES, item)) {
if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
ItemPrivileges.VIEW_PUBLISHED, item)) {
DispatcherHelper.cacheForWorld(response, expires);
} else {
DispatcherHelper.cacheForUser(response, expires);
@ -205,13 +201,13 @@ public class ItemDispatcher implements ChainedDispatcher {
item = itemResolver.getItem(section, url, "draft");
if (item != null) {
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_PREVIEW, item);
ItemPrivileges.PREVIEW, item);
}
} else {
item = itemResolver.getItem(section, url, "live");
if (item != null) {
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
ItemPrivileges.VIEW_PUBLISHED, item);
}
}
@ -223,7 +219,7 @@ public class ItemDispatcher implements ChainedDispatcher {
item = itemResolver.getItem(section, url, "live");
if (item != null) {
hasPermission = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item);
ItemPrivileges.VIEW_PUBLISHED, item);
}
}
// chris.gilbert@westsussex.gov.uk - if user is not logged in, give them a chance to do that, else show them the door

4
ccm-cms/src/main/java/com/arsdigita/cms/dispatcher/ResourceHandlerImpl.java
View File

@ -24,9 +24,9 @@ import com.arsdigita.util.Assert;
import org.apache.shiro.authz.AuthorizationException;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.PermissionChecker;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.io.IOException;
@ -83,7 +83,7 @@ public abstract class ResourceHandlerImpl implements ResourceHandler {
RequestContext actx,
ContentItem item) {
if (!CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
.isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED, item)) {
.isPermitted(ItemPrivileges.VIEW_PUBLISHED, item)) {
throw new AuthorizationException(
"cms.dispatcher.no_permission_to_access_resource");
}

22
ccm-cms/src/main/java/com/arsdigita/cms/ui/contentcenter/ContentSectionContainer.java
View File

@ -18,23 +18,15 @@
*/
package com.arsdigita.cms.ui.contentcenter;
import com.arsdigita.bebop.BoxPanel;
import java.math.BigDecimal;
import com.arsdigita.bebop.Component;
import com.arsdigita.bebop.Embedded;
import com.arsdigita.bebop.FormProcessException;
import com.arsdigita.bebop.Label;
import com.arsdigita.bebop.Link;
import com.arsdigita.bebop.Page;
import com.arsdigita.bebop.PageState;
import com.arsdigita.bebop.SingleSelectionModel;
import com.arsdigita.bebop.Table;
import com.arsdigita.bebop.event.FormProcessListener;
import com.arsdigita.bebop.event.FormSectionEvent;
import com.arsdigita.bebop.event.FormSubmissionListener;
import com.arsdigita.bebop.form.Hidden;
import com.arsdigita.bebop.parameters.BigDecimalParameter;
import com.arsdigita.bebop.table.TableCellRenderer;
import com.arsdigita.bebop.table.TableColumn;
@ -43,24 +35,18 @@ import com.arsdigita.bebop.table.TableModel;
import com.arsdigita.bebop.table.TableModelBuilder;
import com.arsdigita.cms.ui.CMSContainer;
import com.arsdigita.ui.admin.GlobalizationUtil;
import com.arsdigita.util.Assert;
import com.arsdigita.util.LockableImpl;
import com.arsdigita.web.Web;
import org.libreccm.categorization.Category;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.PermissionChecker;
import org.libreccm.security.User;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionConfig;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.mail.Folder;
/**
* Displays all the content sections in table, with links to the admin (and in
@ -171,7 +157,7 @@ public class ContentSectionContainer extends CMSContainer {
// folder = section.getRootDocumentsFolder();
//
// if (!permissionChecker.isPermitted(
// CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, folder)) {
// ItemPrivileges.CREATE_NEW, folder)) {
// throw new FormProcessException(
// (GlobalizationUtil.globalize(
// "cms.ui.insufficient_privileges")));
@ -414,7 +400,7 @@ public class ContentSectionContainer extends CMSContainer {
return allSections
.stream()
.filter(section -> permissionChecker
.isPermitted(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED,
.isPermitted(ItemPrivileges.VIEW_PUBLISHED,
section))
.collect(Collectors.toList());
}
@ -616,7 +602,7 @@ public class ContentSectionContainer extends CMSContainer {
// If the user has no access, return a Label instead of a Link
if (permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_EDIT,
ItemPrivileges.EDIT,
section.getRootDocumentsFolder())) {
return new Link(section.getLabel(),

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderBrowser.java
View File

@ -76,6 +76,7 @@ import org.librecms.contentsection.ContentItemManager;
import org.librecms.contentsection.ContentItemRepository;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionManager;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.util.Date;
@ -218,7 +219,7 @@ public class FolderBrowser extends Table {
Assert.exists(folder);
final boolean canDelete = permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_DELETE, folder);
ItemPrivileges.DELETE, folder);
m_deleteColumn.setVisible(state, canDelete);
}

9
ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderManipulator.java
View File

@ -66,16 +66,20 @@ import com.arsdigita.toolbox.ui.ActionGroup;
import com.arsdigita.util.Assert;
import com.arsdigita.util.UncheckedWrapperException;
import com.arsdigita.web.Web;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.Writer;
import org.apache.log4j.Logger;
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.persistence.TypedQuery;
import org.arsdigita.cms.CMSConfig;
import org.libreccm.categorization.Category;
import org.libreccm.categorization.CategoryManager;
@ -88,6 +92,7 @@ import org.librecms.contentsection.ContentItem;
import org.librecms.contentsection.ContentItemManager;
import org.librecms.contentsection.ContentItemRepository;
import org.librecms.contentsection.ContentSectionConfig;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
* Browse folders and manipulate them with various actions (move/copy/delete).
@ -550,7 +555,7 @@ public class FolderManipulator extends SimpleContainer implements
final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class);
if (!permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW, target)) {
ItemPrivileges.CREATE_NEW, target)) {
data.addError("cms.ui.folder.no_permission_for_item",
CmsConstants.CMS_FOLDER_BUNDLE);
}
@ -589,7 +594,7 @@ public class FolderManipulator extends SimpleContainer implements
}
if (!(permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ITEMS_DELETE, item))
ItemPrivileges.DELETE, item))
&& isMove(state)) {
addErrorMessage(data, "cms.ui.folder.no_permission_for_item",
name);

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/AddPhaseForm.java
View File

@ -52,6 +52,7 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.configuration.ConfigurationManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.LifecycleDefinitionRepository;
import org.librecms.lifecycle.PhaseDefinititionRepository;
@ -211,7 +212,7 @@ class AddPhaseForm extends CMSForm {
});
addSubmissionListener(new FormSecurityListener(
CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
AdminPrivileges.ADMINISTER_LIFECYLES));
addValidationListener(new FormValidationListener() {

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/BaseLifecycleForm.java
View File

@ -38,6 +38,7 @@ import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.configuration.ConfigurationManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.LifecycleDefinition;
import java.util.Locale;
@ -77,7 +78,7 @@ class BaseLifecycleForm extends BaseForm {
addAction(new Cancel());
addSubmissionListener(new FormSecurityListener(
CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
AdminPrivileges.ADMINISTER_LIFECYLES));
}
class NameUniqueListener implements ParameterListener {

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/DeletePhaseForm.java
View File

@ -39,6 +39,7 @@ import com.arsdigita.cms.ui.FormSecurityListener;
import org.libreccm.cdi.utils.CdiUtil;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.PhaseDefinititionRepository;
import java.math.BigDecimal;
@ -87,7 +88,7 @@ class DeletePhaseForm extends CMSForm
addInitListener(this);
addSubmissionListener(new FormSecurityListener(
CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
AdminPrivileges.ADMINISTER_LIFECYLES));
addProcessListener(this);
}

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/EditPhaseForm.java
View File

@ -48,6 +48,7 @@ import com.arsdigita.kernel.KernelConfig;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.configuration.ConfigurationManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.PhaseDefinititionRepository;
import java.util.Locale;
@ -202,7 +203,7 @@ class EditPhaseForm extends CMSForm {
});
addSubmissionListener(new FormSecurityListener(
CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
AdminPrivileges.ADMINISTER_LIFECYLES));
addValidationListener(new FormValidationListener() {

17
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminContainer.java
View File

@ -29,21 +29,19 @@ import com.arsdigita.toolbox.ui.SecurityContainer;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.PermissionChecker;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
/**
* Security container that wraps the canAdministerLifecycles access check
* around its components.
* Security container that wraps the canAdministerLifecycles access check around
* its components.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
* @author <a href="mailto:pihman@arsdigita.com">Michael Pih</a>
*/
public class LifecycleAdminContainer extends SecurityContainer {
/**
* This default constructor should be followed by calls to
* <code>add</code>.
* This default constructor should be followed by calls to <code>add</code>.
*/
public LifecycleAdminContainer() {
super();
@ -62,14 +60,17 @@ public class LifecycleAdminContainer extends SecurityContainer {
* Returns true if the current user can access the child component.
*
* @param state The page state
*
* @return true if the access checks pass, false otherwise
*/
@Override
protected boolean canAccess(final Party party, final PageState state) {
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class);
final PermissionChecker permissionChecker = cdiUtil.findBean(
PermissionChecker.class);
return permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES);
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_LIFECYLES);
}
}

27
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleAdminPane.java
View File

@ -36,13 +36,15 @@ import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentSectionManager;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.Lifecycle;
import org.librecms.lifecycle.LifecycleDefinitionRepository;
import java.math.BigDecimal;
/**
* <p>This class contains the split pane for the lifecycle administration
* <p>
* This class contains the split pane for the lifecycle administration
* interface.</p>
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -66,7 +68,6 @@ public class LifecycleAdminPane extends BaseAdminPane {
// XXX secvis
//add(new LifecycleAdminContainer(m_addLink));
setAdd(gz("cms.ui.lifecycle.add"),
new LifecycleAddForm(m_model));
setEdit(gz("cms.ui.lifecycle.edit"),
@ -83,37 +84,41 @@ public class LifecycleAdminPane extends BaseAdminPane {
private class SelectionRequestLocal
extends LifecycleDefinitionRequestLocal {
@Override
protected final Object initialValue(final PageState state) {
final String id = m_model.getSelectedKey(state).toString();
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class);
final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil
.findBean(LifecycleDefinitionRepository.class);
return lifecycleDefRepo.findById(Long.parseLong(id));
}
}
private final class DeleteForm extends BaseDeleteForm {
DeleteForm() {
super(new Label(gz("cms.ui.lifecycle.delete_prompt")));
addSubmissionListener
(new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES));
addSubmissionListener(new FormSecurityListener(
AdminPrivileges.ADMINISTER_LIFECYLES));
}
public final void process(final FormSectionEvent event)
throws FormProcessException {
final PageState state = event.getPageState();
final ContentSection section =
CMS.getContext().getContentSection();
final LifecycleDefinition definition =
m_definition.getLifecycleDefinition(state);
final ContentSection section = CMS.getContext().getContentSection();
final LifecycleDefinition definition = m_definition
.getLifecycleDefinition(state);
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final ContentSectionManager sectionManager = cdiUtil.findBean(
ContentSectionManager.class);
final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil.findBean(LifecycleDefinitionRepository.class);
final LifecycleDefinitionRepository lifecycleDefRepo = cdiUtil
.findBean(LifecycleDefinitionRepository.class);
sectionManager.removeLifecycleDefinitionFromContentSection(
definition, section);
@ -121,5 +126,7 @@ public class LifecycleAdminPane extends BaseAdminPane {
m_model.clearSelection(state);
}
}
}

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/lifecycle/LifecycleItemPane.java
View File

@ -46,6 +46,7 @@ import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.security.PermissionChecker;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.lifecycle.PhaseDefinititionRepository;
import java.util.Locale;
@ -235,7 +236,7 @@ class LifecycleItemPane extends BaseItemPane {
PermissionChecker.class);
return permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES);
AdminPrivileges.ADMINISTER_LIFECYLES);
}
@Override

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleForm.java
View File

@ -32,12 +32,14 @@ import com.arsdigita.cms.ui.BaseForm;
import com.arsdigita.globalization.GlobalizedMessage;
import com.arsdigita.ui.admin.GlobalizationUtil;
import com.arsdigita.util.UncheckedWrapperException;
import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.PermissionManager;
import org.libreccm.security.Role;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.*;
@ -78,7 +80,7 @@ class BaseRoleForm extends BaseForm {
addAction(new Finish());
addAction(new Cancel());
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
addSecurityListener(AdminPrivileges.ADMINISTER_ROLES);
}
private class PrivilegePrinter implements PrintListener {

6
ccm-cms/src/main/java/com/arsdigita/cms/ui/role/BaseRoleItemPane.java
View File

@ -30,11 +30,13 @@ import com.arsdigita.kernel.KernelConfig;
import com.arsdigita.toolbox.ui.ActionGroup;
import com.arsdigita.toolbox.ui.PropertyList;
import com.arsdigita.toolbox.ui.Section;
import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.security.*;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.stream.Collectors;
@ -92,7 +94,7 @@ class BaseRoleItemPane extends BaseItemPane {
private class AdminVisible extends VisibilityComponent {
AdminVisible(final Component child) {
super(child, CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
super(child, AdminPrivileges.ADMINISTER_ROLES);
}
}
@ -180,7 +182,7 @@ class BaseRoleItemPane extends BaseItemPane {
final PageState state = e.getPageState();
final PermissionChecker permissionChecker = cdiUtil.findBean(PermissionChecker.class);
if (!permissionChecker.isPermitted(CmsConstants.PRIVILEGE_ADMINISTER_ROLES)) {
if (!permissionChecker.isPermitted(AdminPrivileges.ADMINISTER_ROLES)) {
throw new FormProcessException(
new GlobalizedMessage("cms.ui.role.insufficient_privileges", CmsConstants.CMS_BUNDLE));
}

60
ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RoleAdminPane.java
View File

@ -39,19 +39,22 @@ import com.arsdigita.cms.ui.VisibilityComponent;
import com.arsdigita.toolbox.ui.ActionGroup;
import com.arsdigita.toolbox.ui.Section;
import com.arsdigita.util.LockableImpl;
import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.Role;
import org.libreccm.security.RoleRepository;
import org.librecms.CmsConstants;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.AdminPrivileges;
/**
* Provides the logic to administer {@link Role roles}.
*
* NOTE: Prior, this class managed two {@link ListModelBuilder}.
* The reason being, that roles where differentiated between Viewer and Member groups.
* Since this is no longer the case, there exists only the {@link RoleListModelBuilder} now.
* NOTE: Prior, this class managed two {@link ListModelBuilder}. The reason
* being, that roles where differentiated between Viewer and Member groups.
* Since this is no longer the case, there exists only the
* {@link RoleListModelBuilder} now.
*
* @author <a href="mailto:yannick.buelter@yabue.de">Yannick Bülter</a>
* @author Justin Ross &lt;jross@redhat.com&gt;
@ -66,8 +69,8 @@ public class RoleAdminPane extends BaseAdminPane {
private final List m_roles;
public RoleAdminPane() {
m_model = new ParameterSingleSelectionModel
(new StringParameter(List.SELECTED));
m_model = new ParameterSingleSelectionModel(new StringParameter(
List.SELECTED));
setSelectionModel(m_model);
m_model.addChangeListener(new SelectionListener());
@ -77,7 +80,6 @@ public class RoleAdminPane extends BaseAdminPane {
m_roles = new List(new RoleListModelBuilder());
m_roles.setSelectionModel(m_model);
final SimpleContainer left = new SimpleContainer();
setLeft(left);
@ -102,53 +104,63 @@ public class RoleAdminPane extends BaseAdminPane {
group.setSubject(m_roles);
final ActionLink link = new ActionLink
(new Label(gz("cms.ui.role.staff.add")));
final ActionLink link = new ActionLink(new Label(gz(
"cms.ui.role.staff.add")));
group.addAction(new VisibilityComponent(link, CmsConstants.PRIVILEGE_ADMINISTER_ROLES),
group.addAction(new VisibilityComponent(
link,
AdminPrivileges.ADMINISTER_ROLES),
ActionGroup.ADD);
final RoleAddForm form = new RoleAddForm(m_model);
getBody().add(form);
getBody().connect(link, form);
}
}
private class SelectionListener implements ChangeListener {
@Override
public final void stateChanged(final ChangeEvent e) {
s_log.debug("Selection state changed; I may change " +
"the body's visible pane");
s_log.debug("Selection state changed; I may change "
+ "the body's visible pane");
final PageState state = e.getPageState();
getBody().reset(state);
if (m_model.isSelected(state)) {
s_log.debug("The selection model is selected; displaying " +
"the item pane");
s_log.debug("The selection model is selected; displaying "
+ "the item pane");
getBody().push(state, getItemPane());
}
}
}
private class SelectionRequestLocal extends RoleRequestLocal {
@Override
protected final Object initialValue(final PageState state) {
final Long id = Long.parseLong(m_model.getSelectedKey(state).toString());
final Long id = Long.parseLong(m_model.getSelectedKey(state)
.toString());
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class);
final RoleRepository roleRepository = cdiUtil.findBean(
RoleRepository.class);
return roleRepository.findById(id);
}
}
/**
* This builder provides a list model of the {@link Role roles} which correspond to the {@link ContentSection}
* in this context.
* This builder provides a list model of the {@link Role roles} which
* correspond to the {@link ContentSection} in this context.
*/
private static class RoleListModelBuilder extends LockableImpl implements ListModelBuilder {
private static class RoleListModelBuilder extends LockableImpl implements
ListModelBuilder {
RoleListModelBuilder() {
super();
@ -160,16 +172,18 @@ public class RoleAdminPane extends BaseAdminPane {
return new RoleListModel(section.getRoles());
}
}
/**
* Provides a simple delete form to remove a {@link Role}.
*/
private class DeleteForm extends BaseDeleteForm {
DeleteForm() {
super(gz("cms.ui.role.delete_prompt"));
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES);
addSecurityListener(AdminPrivileges.ADMINISTER_ROLES);
}
@Override
@ -178,13 +192,17 @@ public class RoleAdminPane extends BaseAdminPane {
final PageState state = e.getPageState();
final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
final RoleRepository roleRepository = cdiUtil.findBean(RoleRepository.class);
final Long id = Long.parseLong(m_model.getSelectedKey(state).toString());
final RoleRepository roleRepository = cdiUtil.findBean(
RoleRepository.class);
final Long id = Long.parseLong(m_model.getSelectedKey(state)
.toString());
final Role role = roleRepository.findById(id);
roleRepository.delete(role);
m_model.clearSelection(state);
}
}
}

4
ccm-cms/src/main/java/com/arsdigita/cms/ui/role/RolePartyAddForm.java
View File

@ -28,10 +28,12 @@ import com.arsdigita.cms.ui.FormSecurityListener;
import com.arsdigita.cms.ui.PartyAddForm;
import com.arsdigita.ui.admin.GlobalizationUtil;
import com.arsdigita.util.Assert;
import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.security.*;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.Arrays;
import java.util.List;
@ -62,7 +64,7 @@ class RolePartyAddForm extends PartyAddForm {
m_roles = roles;
getForm().addSubmissionListener
(new FormSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_ROLES));
(new FormSecurityListener(AdminPrivileges.ADMINISTER_ROLES));
}

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseTaskForm.java
View File

@ -39,6 +39,7 @@ import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.workflow.TaskRepository;
import org.libreccm.workflow.WorkflowManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.workflow.CmsTaskTypeRepository;
import java.util.HashMap;
@ -92,7 +93,7 @@ class BaseTaskForm extends BaseForm {
addAction(new Finish());
addAction(new Cancel());
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addValidationListener(new ValidationListener());
}

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowForm.java
View File

@ -25,6 +25,7 @@ import com.arsdigita.cms.ui.BaseForm;
import com.arsdigita.globalization.GlobalizedMessage;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
/**
* <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -50,7 +51,7 @@ class BaseWorkflowForm extends BaseForm {
addAction(new Finish());
addAction(new Cancel());
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
addValidationListener(new ValidationListener());
}

5
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/BaseWorkflowItemPane.java
View File

@ -50,6 +50,7 @@ import org.libreccm.workflow.TaskRepository;
import org.libreccm.workflow.Workflow;
import org.libreccm.workflow.WorkflowManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.workflow.CmsTaskTypeRepository;
import java.math.BigDecimal;
@ -128,7 +129,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
protected class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) {
super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
}
}
@ -186,7 +187,7 @@ abstract class BaseWorkflowItemPane extends BaseItemPane {
TaskDeleteForm() {
super(new Label(gz("cms.ui.workflow.task.delete_prompt")));
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
}
@Override

3
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskAddRole.java
View File

@ -52,6 +52,7 @@ import org.libreccm.security.RoleRepository;
import org.libreccm.workflow.TaskAssignment;
import org.libreccm.workflow.WorkflowManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.ArrayList;
import java.util.List;
@ -158,7 +159,7 @@ class TaskAddRole extends CMSForm {
PermissionChecker.class);
if (!permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW)) {
AdminPrivileges.ADMINISTER_WORKFLOW)) {
throw new FormProcessException(
new GlobalizedMessage(
"cms.ui.workflow.insufficient_privileges",

5
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/TaskItemPane.java
View File

@ -52,6 +52,7 @@ import org.libreccm.workflow.Task;
import org.libreccm.workflow.UserTask;
import org.libreccm.workflow.WorkflowManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.ArrayList;
import java.util.List;
@ -119,13 +120,13 @@ final class TaskItemPane extends BaseItemPane {
PermissionChecker.class);
return permissionChecker.isPermitted(
CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
AdminPrivileges.ADMINISTER_WORKFLOW);
}
private class AdminVisible extends VisibilityComponent {
public AdminVisible(final Component child) {
super(child, CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
super(child, AdminPrivileges.ADMINISTER_WORKFLOW);
}
}

8
ccm-cms/src/main/java/com/arsdigita/cms/ui/workflow/WorkflowAdminPane.java
View File

@ -28,13 +28,11 @@ import com.arsdigita.cms.ui.VisibilityComponent;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.workflow.Workflow;
import org.libreccm.workflow.WorkflowManager;
import org.libreccm.workflow.WorkflowRepository;
import org.libreccm.workflow.WorkflowTemplate;
import org.libreccm.workflow.WorkflowTemplateRepository;
import org.librecms.CmsConstants;
import java.math.BigDecimal;
import org.librecms.contentsection.privileges.AdminPrivileges;
/**
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -60,7 +58,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
getDeleteLink()));
addAction(new VisibilityComponent(
getAddLink(), CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW));
getAddLink(), AdminPrivileges.ADMINISTER_WORKFLOW));
}
private class DeleteForm extends BaseDeleteForm {
@ -68,7 +66,7 @@ public final class WorkflowAdminPane extends BaseAdminPane {
DeleteForm() {
super(gz("cms.ui.workflow.delete_prompt"));
addSecurityListener(CmsConstants.PRIVILEGE_ADMINISTER_WORKFLOW);
addSecurityListener(AdminPrivileges.ADMINISTER_WORKFLOW);
}
@Override

30
ccm-cms/src/main/java/org/librecms/CmsConstants.java
View File

@ -29,11 +29,14 @@ public class CmsConstants {
public static final String DB_SCHEMA = "CCM_CMS";
public static final String CMS_BUNDLE = "org.librecms.CmsResources";
public static final String CMS_FOLDER_BUNDLE = "com.arsdigita.cms.ui.folder.CMSFolderResources";
public static final String CMS_FOLDER_BUNDLE
= "com.arsdigita.cms.ui.folder.CMSFolderResources";
public static final String CONTENT_CENTER_APP_TYPE = "com.arsdigita.cms.ContentCenter";
public static final String CONTENT_CENTER_APP_TYPE
= "com.arsdigita.cms.ContentCenter";
public static final String CONTENT_CENTER_URL = "/content-center/";
public static final String CONTENT_CENTER_DESC_BUNDLE = "org.librecms.contentcenter.ContentCenterResources";
public static final String CONTENT_CENTER_DESC_BUNDLE
= "org.librecms.contentcenter.ContentCenterResources";
public static final String CONTENT_SECTION_APP_TYPE
= "org.librecms.contentsection.ContentSection";
@ -47,27 +50,6 @@ public class CmsConstants {
public static final String CATEGORIZATION_TYPE_FOLDER = "folder";
public static final String PRIVILEGE_ADMINISTER_CATEGORIES
= "administer_categories";
public static final String PRIVILEGE_ADMINISTER_CONTENT_TYPES
= "administer_content_types";
public static final String PRIVILEGE_ADMINISTER_LIFECYLES
= "administer_lifecyles";
public static final String PRIVILEGE_ADMINISTER_ROLES = "administer_roles";
public static final String PRIVILEGE_ADMINISTER_WORKFLOW
= "administer_workflow";
public static final String PRIVILEGE_ITEMS_APPROVE = "approve_items";
public static final String PRIVILEGE_ITEMS_PUBLISH = "publish_items";
public static final String PRIVILEGE_ITEMS_CATEGORIZE = "categorize_items";
public static final String PRIVILEGE_ITEMS_CREATE_NEW = "create_new_items";
public static final String PRIVILEGE_ITEMS_DELETE = "delete_items";
public static final String PRIVILEGE_ITEMS_EDIT = "edit_items";
public static final String PRIVILEGE_ITEMS_PREVIEW = "preview_items";
public static final String PRIVILEGE_ITEMS_VIEW_PUBLISHED
= "view_published_items";
public static final String PRIVILEGE_APPLY_ALTERNATE_WORKFLOW
= "apply_alternate_workflow";
/**
* Constant string used as key for creating service package as a legacy
* application.

14
ccm-cms/src/main/java/org/librecms/assets/AssetManager.java
View File

@ -20,10 +20,12 @@ package org.librecms.assets;
import java.util.List;
import java.util.Optional;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.transaction.Transactional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.categorization.CategoryManager;
@ -36,6 +38,8 @@ import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.FolderManager;
import org.librecms.contentsection.FolderRepository;
import org.librecms.contentsection.privileges.AssetPrivileges;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
* Provides methods for managing {@link Asset}s, especially sharable
@ -80,7 +84,7 @@ public class AssetManager {
@Transactional(Transactional.TxType.REQUIRED)
public <T extends Asset> T createAsset(
final String name,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(ItemPrivileges.EDIT)
final AttachmentList attachments,
final Class<T> type) {
throw new UnsupportedOperationException("Not implemented yet.");
@ -104,7 +108,7 @@ public class AssetManager {
@Transactional(Transactional.TxType.REQUIRED)
public <T extends Asset> T createAsset(
final String name,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(AssetPrivileges.CREATE_NEW)
final Folder folder,
final Class<T> type) {
throw new UnsupportedOperationException("Not implemented yet.");
@ -159,9 +163,9 @@ public class AssetManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void move(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(AssetPrivileges.EDIT)
final Asset asset,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(AssetPrivileges.CREATE_NEW)
final Folder targetFolder) {
throw new UnsupportedOperationException("Not implemented yet.");
}
@ -175,7 +179,7 @@ public class AssetManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
public void copy(final Asset asset,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(AssetPrivileges.CREATE_NEW)
final Folder targetFolder) {
throw new UnsupportedOperationException("Not implemented yet.");
}

12
ccm-cms/src/main/java/org/librecms/assets/AssetRepository.java
View File

@ -29,6 +29,7 @@ import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.librecms.CmsConstants;
import org.librecms.contentsection.Folder;
import org.librecms.contentsection.privileges.AssetPrivileges;
import java.util.List;
import java.util.Optional;
@ -89,6 +90,15 @@ public class AssetRepository
}
}
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
@RequiresPrivilege(AssetPrivileges.EDIT)
final Asset asset) {
}
/**
* Deletes an <strong>unused</strong> Asset. If the {@link Asset} is in use
* (linked to at least one ContentItem) an {@link AssetInUseException} is
@ -103,7 +113,7 @@ public class AssetRepository
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_DELETE)
@RequiresPrivilege(AssetPrivileges.DELETE)
final Asset asset) {
if (asset.getItemAttachments().isEmpty()) {

7
ccm-cms/src/main/java/org/librecms/contentsection/ContentItemL10NManager.java
View File

@ -26,6 +26,7 @@ import org.libreccm.l10n.LocalizedString;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.beans.IntrospectionException;
import java.beans.Introspector;
@ -147,7 +148,7 @@ public class ContentItemL10NManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void addLanguage(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(ItemPrivileges.EDIT)
final ContentItem item,
final Locale locale) {
@ -218,7 +219,7 @@ public class ContentItemL10NManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void removeLangauge(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(ItemPrivileges.EDIT)
final ContentItem item,
final Locale locale) {
@ -265,7 +266,7 @@ public class ContentItemL10NManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void normalizedLanguages(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(ItemPrivileges.EDIT)
final ContentItem item) {
if (item == null) {

25
ccm-cms/src/main/java/org/librecms/contentsection/ContentItemManager.java
View File

@ -47,6 +47,7 @@ import org.libreccm.security.RequiresPrivilege;
import org.libreccm.workflow.Workflow;
import org.libreccm.workflow.WorkflowManager;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.ItemPrivileges;
import org.librecms.lifecycle.Lifecycle;
import org.librecms.lifecycle.LifecycleManager;
@ -125,7 +126,7 @@ public class ContentItemManager {
public <T extends ContentItem> T createContentItem(
final String name,
final ContentSection section,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder folder,
final Class<T> type) {
@ -174,7 +175,7 @@ public class ContentItemManager {
public <T extends ContentItem> T createContentItem(
final String name,
final ContentSection section,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder folder,
final WorkflowTemplate workflowTemplate,
final Class<T> type) {
@ -250,9 +251,9 @@ public class ContentItemManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void move(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_EDIT)
@RequiresPrivilege(ItemPrivileges.EDIT)
final ContentItem item,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder targetFolder) {
if (item == null) {
throw new IllegalArgumentException("The item to move can't be null.");
@ -322,7 +323,7 @@ public class ContentItemManager {
@SuppressWarnings("unchecked")
public ContentItem copy(
final ContentItem item,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder targetFolder) {
if (item == null) {
throw new IllegalArgumentException("The item to copy can't be null.");
@ -563,7 +564,7 @@ public class ContentItemManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public ContentItem publish(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
@RequiresPrivilege(ItemPrivileges.PUBLISH)
final ContentItem item) {
if (item == null) {
@ -591,7 +592,7 @@ public class ContentItemManager {
@Transactional(Transactional.TxType.REQUIRED)
@SuppressWarnings("unchecked")
public ContentItem publish(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
@RequiresPrivilege(ItemPrivileges.PUBLISH)
final ContentItem item,
final LifecycleDefinition lifecycleDefinition) {
if (item == null) {
@ -787,7 +788,7 @@ public class ContentItemManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void publish(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
@RequiresPrivilege(ItemPrivileges.PUBLISH)
final Folder folder) {
// Ensure that we are using a fresh folder and that the folder was
@ -811,7 +812,7 @@ public class ContentItemManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void unpublish(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
@RequiresPrivilege(ItemPrivileges.PUBLISH)
final ContentItem item) {
if (item == null) {
throw new IllegalArgumentException(
@ -860,7 +861,7 @@ public class ContentItemManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void unpublish(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PUBLISH)
@RequiresPrivilege(ItemPrivileges.PUBLISH)
final Folder folder) {
// Ensure that we are using a fresh folder and that the folder was
@ -910,7 +911,7 @@ public class ContentItemManager {
@Transactional(Transactional.TxType.REQUIRED)
@SuppressWarnings({"unchecked"})
public <T extends ContentItem> Optional<T> getLiveVersion(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_VIEW_PUBLISHED)
@RequiresPrivilege(ItemPrivileges.VIEW_PUBLISHED)
final ContentItem item,
final Class<T> type) {
@ -972,7 +973,7 @@ public class ContentItemManager {
@Transactional(Transactional.TxType.REQUIRED)
@SuppressWarnings("unchecked")
public <T extends ContentItem> T getDraftVersion(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_PREVIEW)
@RequiresPrivilege(ItemPrivileges.PREVIEW)
final ContentItem item,
final Class<T> type) {

147
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java
View File

@ -44,12 +44,14 @@ import javax.persistence.TypedQuery;
import javax.transaction.Transactional;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.contentsection.privileges.AssetPrivileges;
import org.librecms.contentsection.privileges.ItemPrivileges;
import org.librecms.lifecycle.LifecycleDefinition;
import java.util.Optional;
import static org.librecms.CmsConstants.*;
import static org.librecms.contentsection.ContentSection.*;
/**
@ -140,48 +142,69 @@ public class ContentSectionManager {
ALERT_RECIPIENT);
addRoleToContentSection(section,
AUTHOR,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
addRoleToContentSection(section,
EDITOR,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
addRoleToContentSection(section,
MANAGER,
PRIVILEGE_ADMINISTER_ROLES,
PRIVILEGE_ADMINISTER_WORKFLOW,
PRIVILEGE_ADMINISTER_LIFECYLES,
PRIVILEGE_ADMINISTER_CATEGORIES,
PRIVILEGE_ADMINISTER_CONTENT_TYPES,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_PUBLISH,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW,
AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES,
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.PUBLISH,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
addRoleToContentSection(section,
PUBLISHER,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_PUBLISH,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.PUBLISH,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
addRoleToContentSection(section,
CONTENT_READER,
PRIVILEGE_ITEMS_VIEW_PUBLISHED);
ItemPrivileges.VIEW_PUBLISHED,
AssetPrivileges.VIEW);
return section;
}
@ -224,8 +247,8 @@ public class ContentSectionManager {
/**
* Adds new role to a content section. the new role will not have any
* members, they have to be added separatly. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content
* section.
* {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided
* content section.
*
* @param section The {@link ContentSection} to which the role is added.
* @param roleName The name of the new role.
@ -234,7 +257,7 @@ public class ContentSectionManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void addRoleToContentSection(
@RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
final ContentSection section,
final String roleName,
final String... privileges) {
@ -252,9 +275,9 @@ public class ContentSectionManager {
role.setName(String.join("_", section.getLabel(), roleName));
roleRepo.save(role);
final Category rootFolder = section.getRootDocumentsFolder();
// final Category rootFolder = section.getRootDocumentsFolder();
for (String privilege : privileges) {
permissionManager.grantPrivilege(privilege, role, rootFolder);
permissionManager.grantPrivilege(privilege, role, section);
}
addRoleToContentSection(role, section);
@ -263,8 +286,8 @@ public class ContentSectionManager {
/**
* Associates an existing role to with a content section. This will not
* grant any permissions for the content section to the role. This operation
* requires {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided
* content section.
* requires {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the
* provided content section.
*
* @param role The role to add.
* @param section The section the role is associated with.
@ -273,7 +296,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addRoleToContentSection(
final Role role,
@RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
final ContentSection section) {
if (section == null) {
@ -295,8 +318,8 @@ public class ContentSectionManager {
* role which are associated with the content section. The role itself is
* <strong>not</strong> deleted because the role is maybe is used in other
* places. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_ROLES} for the provided content
* section.
* {@link CmsConstants#AdminPrivileges.ADMINISTER_ROLES} for the provided
* content section.
*
* @param contentSection The section from which the role is removed.
* @param role The role to remove from the content section.
@ -304,7 +327,7 @@ public class ContentSectionManager {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void removeRoleFromContentSection(
@RequiresPrivilege(PRIVILEGE_ADMINISTER_ROLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_ROLES)
final ContentSection contentSection,
final Role role) {
@ -334,8 +357,8 @@ public class ContentSectionManager {
/**
* Adds a lifecycle definition to a content section. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the provided
* content section.
* {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for the
* provided content section.
*
* @param definition The lifecycle definition to add.
* @param section The section to which the definition is added.
@ -344,7 +367,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addLifecycleDefinitionToContentSection(
final LifecycleDefinition definition,
@RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
final ContentSection section) {
section.addLifecycleDefinition(definition);
@ -353,8 +376,8 @@ public class ContentSectionManager {
/**
* Removes a lifecycle definition from a content section. This operation
* requires {@link CmsConstants#PRIVILEGE_ADMINISTER_LIFECYLES} for the
* provided content section.
* requires {@link CmsConstants#AdminPrivileges.ADMINISTER_LIFECYLES} for
* the provided content section.
*
* @param definition The definition to remove.
* @param section The section from which the definition is removed.
@ -363,7 +386,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeLifecycleDefinitionFromContentSection(
final LifecycleDefinition definition,
@RequiresPrivilege(PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
final ContentSection section) {
section.removeLifecycleDefinition(definition);
@ -372,7 +395,7 @@ public class ContentSectionManager {
/**
* Adds a workflow template to a content section. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the provided
* {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the provided
* content section.
*
* @param template The template to add.
@ -382,7 +405,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void addWorkflowTemplateToContentSection(
final WorkflowTemplate template,
@RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
final ContentSection section) {
section.addWorkflowTemplate(template);
@ -391,7 +414,7 @@ public class ContentSectionManager {
/**
* Removes a workflow template from a content section. This operation
* requires {@link CmsConstants#PRIVILEGE_ADMINISTER_WORKFLOW} for the
* requires {@link CmsConstants#AdminPrivileges.ADMINISTER_WORKFLOW} for the
* provided content section.
*
* @param template The template to remove.
@ -401,7 +424,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeWorkflowTemplateFromContentSection(
final WorkflowTemplate template,
@RequiresPrivilege(PRIVILEGE_ADMINISTER_WORKFLOW)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_WORKFLOW)
final ContentSection section) {
section.removeWorkflowTemplate(template);
@ -433,8 +456,8 @@ public class ContentSectionManager {
/**
* Adds a new {@link ContentType} to a content section, making items of that
* type available in the content section. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided
* content section.
* {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the
* provided content section.
*
* @param type The type to add (a subclass of
* {@link ContentItem}.
@ -456,7 +479,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public ContentType addContentTypeToSection(
final Class<? extends ContentItem> type,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
final ContentSection section,
final LifecycleDefinition defaultLifecycle,
final WorkflowTemplate defaultWorkflow) {
@ -557,8 +580,8 @@ public class ContentSectionManager {
/**
* Removes an <em>unused</em> {@link ContentType} from a
* {@link ContentSection}. This operation requires
* {@link CmsConstants#PRIVILEGE_ADMINISTER_CONTENT_TYPES} for the provided
* content section.
* {@link CmsConstants#AdminPrivileges.ADMINISTER_CONTENT_TYPES} for the
* provided content section.
*
* @param type The type to remove from the section.
* @param section The section from which the type is removed.
@ -573,7 +596,7 @@ public class ContentSectionManager {
@Transactional(Transactional.TxType.REQUIRED)
public void removeContentTypeFromSection(
final Class<? extends ContentItem> type,
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
final ContentSection section) {
if (type == null) {

110
ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java
View File

@ -30,6 +30,9 @@ import java.util.UUID;
import static org.librecms.CmsConstants.*;
import static org.librecms.contentsection.ContentSection.*;
import org.librecms.contentsection.privileges.AdminPrivileges;
import org.librecms.contentsection.privileges.AssetPrivileges;
import org.librecms.contentsection.privileges.ItemPrivileges;
/**
*
@ -123,52 +126,91 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup {
grantPermissions(author,
rootFolder,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW);
grantPermissions(author,
rootAssetFolder,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
grantPermissions(editor,
rootFolder,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW);
grantPermissions(editor,
rootAssetFolder,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
grantPermissions(manager,
section,
AdminPrivileges.ADMINISTER_ROLES,
AdminPrivileges.ADMINISTER_WORKFLOW,
AdminPrivileges.ADMINISTER_LIFECYLES,
AdminPrivileges.ADMINISTER_CATEGORIES,
AdminPrivileges.ADMINISTER_CONTENT_TYPES);
grantPermissions(manager,
rootFolder,
PRIVILEGE_ADMINISTER_ROLES,
PRIVILEGE_ADMINISTER_WORKFLOW,
PRIVILEGE_ADMINISTER_LIFECYLES,
PRIVILEGE_ADMINISTER_CATEGORIES,
PRIVILEGE_ADMINISTER_CONTENT_TYPES,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_PUBLISH,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.PUBLISH,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW);
grantPermissions(manager,
rootAssetFolder,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
grantPermissions(publisher,
rootFolder,
PRIVILEGE_ITEMS_CATEGORIZE,
PRIVILEGE_ITEMS_CREATE_NEW,
PRIVILEGE_ITEMS_EDIT,
PRIVILEGE_ITEMS_APPROVE,
PRIVILEGE_ITEMS_PUBLISH,
PRIVILEGE_ITEMS_DELETE,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW);
ItemPrivileges.CATEGORIZE,
ItemPrivileges.CREATE_NEW,
ItemPrivileges.EDIT,
ItemPrivileges.APPROVE,
ItemPrivileges.PUBLISH,
ItemPrivileges.DELETE,
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW);
grantPermissions(publisher,
rootAssetFolder,
AssetPrivileges.USE,
AssetPrivileges.CREATE_NEW,
AssetPrivileges.EDIT,
AssetPrivileges.VIEW,
AssetPrivileges.DELETE);
grantPermissions(contentReader,
rootFolder,
PRIVILEGE_ITEMS_VIEW_PUBLISHED);
ItemPrivileges.VIEW_PUBLISHED);
grantPermissions(contentReader,
rootAssetFolder,
AssetPrivileges.VIEW);
getEntityManager().persist(alertRecipient);
getEntityManager().persist(author);

5
ccm-cms/src/main/java/org/librecms/contentsection/ContentTypeRepository.java
View File

@ -22,6 +22,7 @@ import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.List;
import java.util.Optional;
@ -180,7 +181,7 @@ public class ContentTypeRepository
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
final ContentType type) {
super.save(type);
@ -190,7 +191,7 @@ public class ContentTypeRepository
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_CONTENT_TYPES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_CONTENT_TYPES)
final ContentType type) {
if (isContentTypeInUse(type)) {

6
ccm-cms/src/main/java/org/librecms/contentsection/FolderRepository.java
View File

@ -24,7 +24,7 @@ import org.libreccm.categorization.Category;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.ItemPrivileges;
import java.util.List;
import java.util.Optional;
@ -186,7 +186,7 @@ public class FolderRepository extends AbstractEntityRepository<Long, Folder> {
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder folder) {
super.save(folder);
@ -196,7 +196,7 @@ public class FolderRepository extends AbstractEntityRepository<Long, Folder> {
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(
@RequiresPrivilege(CmsConstants.PRIVILEGE_ITEMS_CREATE_NEW)
@RequiresPrivilege(ItemPrivileges.CREATE_NEW)
final Folder folder) {
super.delete(folder);

79
ccm-cms/src/main/java/org/librecms/contentsection/privileges/AdminPrivileges.java 100644
View File

@ -0,0 +1,79 @@
/*
* Copyright (C) 2016 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.librecms.contentsection.privileges;
import org.libreccm.categorization.Category;
import org.libreccm.categorization.Domain;
import org.libreccm.web.CcmApplication;
import org.libreccm.workflow.WorkflowTemplate;
import org.librecms.contentsection.ContentSection;
import org.librecms.lifecycle.Lifecycle;
import org.librecms.lifecycle.LifecycleDefinition;
/**
* Constants for privileges allowing administrative actions on a content
* section. The privileges defined in this can only be used for
* {@link ContentSection}s.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public final class AdminPrivileges {
/**
* Allows the manipulation of the categories (see {@link Category} of the
* {@link Domain}s assigned to the {@link ContentSection}.
*
* @see CcmApplication#domains
*/
public static final String ADMINISTER_CATEGORIES = "administer_categories";
/**
* Allows editing, adding and removing the {@link ContentType} of a
* {@link ContentSection}.
*
* @see ContentSection#contentTypes
*/
public static final String ADMINISTER_CONTENT_TYPES
= "administer_content_types";
/**
* Allows adding, editing and removing {@link LifecycleDefinition}s of a
* {@link ContentSection}.
*
* @see ContentSection#lifecycleDefinitions
*/
public static final String ADMINISTER_LIFECYLES = "administer_lifecyles";
/**
* Allows manipulation of the {@link Role}s assigned to a
* {@link ContentSection}.
*
* @see ContentSection#roles
*/
public static final String ADMINISTER_ROLES = "administer_roles";
/**
* Allows manipulation of the {@link WorkflowTemplate}s assigned to a
* {@link ContentSection}.
*
* @see ContentSection#workflowTemplates
*/
public static final String ADMINISTER_WORKFLOW = "administer_workflow";
private AdminPrivileges() {
//Nothing
}
}

55
ccm-cms/src/main/java/org/librecms/contentsection/privileges/AssetPrivileges.java 100644
View File

@ -0,0 +1,55 @@
/*
* Copyright (C) 2016 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.librecms.contentsection.privileges;
/**
* Constants for privileges allowing actions on the assets of a content section.
* All privileges defined in this class can either be assigned for the complete
* {@link ContentSection} or for a specific assets {@link Folder}.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public final class AssetPrivileges {
/**
* Allows the creation of new shared {@link Asset}s.
*/
public static final String CREATE_NEW = "create_new_assets";
/**
* Allows the removal of unused shared {@link Asset}s.
*/
public static final String DELETE = "delete_assets";
/**
* Allows the usage of assets (associating them with a content item).
*/
public static final String USE = "use_asset";
/**
* Allows editing of existing assets.
*/
public static final String EDIT = "edit_asset";
/**
* Allows the user to view assets.
*/
public static final String VIEW = "view_asset";
private AssetPrivileges() {
//Nothing
}
}

75
ccm-cms/src/main/java/org/librecms/contentsection/privileges/ItemPrivileges.java 100644
View File

@ -0,0 +1,75 @@
/*
* Copyright (C) 2016 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.librecms.contentsection.privileges;
import org.librecms.contentsection.ContentItem;
/**
* Constants for privileges allowing actions on the items of a content section.
* All privileges defined in this class can either be assigned for the complete
* {@link ContentSection} or for a specific documents/items {@link Folder}.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public final class ItemPrivileges {
/**
* Allows the user to approve {@link ContentItem}s.
*/
public static final String APPROVE = "approve_items";
/**
* Allows the user to publish, republish and unpublish {@link ContentItem}.
*/
public static final String PUBLISH = "publish_items";
/**
* Allows the user to categorise {@link ContentItem}s.
*/
public static final String CATEGORIZE = "categorize_items";
/**
* Allows the user to create new {@link ContentItem}s.
*/
public static final String CREATE_NEW = "create_new_items";
/**
* Allows the user to delete {@link ContentItem}s.
*/
public static final String DELETE = "delete_items";
/**
* Allows the user to edit existing {@link ContentItem}s.
*/
public static final String EDIT = "edit_items";
/**
* Allows to user to view the draft version of {@link ContentItem}.
*/
public static final String PREVIEW = "preview_items";
/**
* Allows the user to view the live version of {@link ContentItems}.
*/
public static final String VIEW_PUBLISHED = "view_published_items";
/**
* Allows the user to apply another {@link Workflow} than the default one to
* an {@link ContentItem}.
*/
public static final String APPLY_ALTERNATE_WORKFLOW
= "apply_alternate_workflow";
private ItemPrivileges() {
//Nothing
}
}

13
ccm-cms/src/main/java/org/librecms/lifecycle/LifecycleManager.java
View File

@ -23,6 +23,7 @@ import org.apache.logging.log4j.Logger;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.librecms.CmsConstants;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.ArrayList;
import java.util.List;
@ -59,7 +60,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public void addPhaseDefinition(
final LifecycleDefinition lifecycleDefinition,
final PhaseDefinition phaseDefinition) {
@ -72,7 +73,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public void removePhaseDefinition(
final LifecycleDefinition lifecycleDefinition,
final PhaseDefinition phaseDefinition) {
@ -85,7 +86,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public Lifecycle createLifecycle(
final LifecycleDefinition lifecycleDefinition) {
@ -113,7 +114,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public void startLifecycle(final Lifecycle lifecycle) {
if (!lifecycle.isStarted()) {
if (lifecycle.isFinished()) {
@ -147,7 +148,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public void nextPhase(final Lifecycle lifecycle) {
if (lifecycle.isStarted()) {
int current = -1;
@ -182,7 +183,7 @@ public class LifecycleManager {
@Transactional(Transactional.TxType.REQUIRED)
@AuthorizationRequired
@RequiresPrivilege(CmsConstants.PRIVILEGE_ADMINISTER_LIFECYLES)
@RequiresPrivilege(AdminPrivileges.ADMINISTER_LIFECYLES)
public void reset(final Lifecycle lifecycle) {
lifecycle.setStarted(false);
lifecycle.setFinished(false);

25
ccm-cms/src/test/java/org/librecms/contentsection/ContentSectionManagerTest.java
View File

@ -58,6 +58,7 @@ import static org.libreccm.testutils.DependenciesHelpers.*;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.libreccm.workflow.WorkflowTemplate;
import org.libreccm.workflow.WorkflowTemplateRepository;
import org.librecms.contentsection.privileges.ItemPrivileges;
import org.librecms.contenttypes.Article;
import org.librecms.contenttypes.Event;
import org.librecms.contenttypes.News;
@ -279,9 +280,9 @@ public class ContentSectionManagerTest {
manager.addRoleToContentSection(section,
"reviewer",
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW,
PRIVILEGE_ITEMS_APPROVE);
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
ItemPrivileges.APPROVE);
}
/**
@ -301,9 +302,9 @@ public class ContentSectionManagerTest {
public void addRoleSectionIsNull() {
manager.addRoleToContentSection(null,
"reviewer",
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW,
PRIVILEGE_ITEMS_APPROVE);
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
ItemPrivileges.APPROVE);
}
/**
@ -325,9 +326,9 @@ public class ContentSectionManagerTest {
manager.addRoleToContentSection(section,
null,
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW,
PRIVILEGE_ITEMS_APPROVE);
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
ItemPrivileges.APPROVE);
}
/**
@ -349,9 +350,9 @@ public class ContentSectionManagerTest {
manager.addRoleToContentSection(section,
" ",
PRIVILEGE_ITEMS_VIEW_PUBLISHED,
PRIVILEGE_ITEMS_PREVIEW,
PRIVILEGE_ITEMS_APPROVE);
ItemPrivileges.VIEW_PUBLISHED,
ItemPrivileges.PREVIEW,
ItemPrivileges.APPROVE);
}
/**