From 9084ade61ef974c1c586c28a1449832fc7b1d780 Mon Sep 17 00:00:00 2001 From: jensp Date: Thu, 11 May 2017 18:13:47 +0000 Subject: [PATCH] CCM NG/ccm-cms: Extended named queries for ContentItem to take permissions into account git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4731 8810af33-2d31-482b-a856-94f89814c4df --- .../librecms/contentsection/ContentItem.java | 250 +++++++++++------- 1 file changed, 161 insertions(+), 89 deletions(-) diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java index 3ca5574b3..50fc45113 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentItem.java @@ -71,111 +71,140 @@ import static org.librecms.CmsConstants.*; @NamedQuery( name = "ContentItem.findById", query - = "SELECT DISTINCT i " - + "FROM ContentItem i " - + "JOIN i.permissions p " - + "WHERE i.objectId = :objectId " - + "AND (" - + " (" - + " p.grantee IN :roles " - + " AND p.grantedPrivilege = " - + " (CASE WHEN i.version = 'DRAFT' " - + " THEN '" + ItemPrivileges.PREVIEW + "' " - + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " - + " END" - + " )" - + " ) " - + " OR true = :isSystemUser OR true = :isAdmin" - + " )") + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.permissions p " + + "WHERE i.objectId = :objectId " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.findByType", query - = "SELECT DISTINCT i " - + "FROM ContentItem i " - + "JOIN i.permissions p " - + "WHERE TYPE(i) = :type " - + "AND (" - + " (" - + " p.grantee IN :roles " - + " AND p.grantedPrivilege = " - + " (CASE WHEN i.version = 'DRAFT' " - + " THEN '" + ItemPrivileges.PREVIEW + "' " - + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " - + " END" - + " )" - + " ) " - + " OR true = :isSystemUser OR true = :isAdmin" - + " )") + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.permissions p " + + "WHERE TYPE(i) = :type " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " ) " + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.findByFolder", query - = "SELECT DISTINCT i " - + "FROM ContentItem i " - + "JOIN i.categories c " - + "JOIN i.permissions p " - + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND (" - + " (" - + " p.grantee IN :roles " - + " AND p.grantedPrivilege = " - + " (CASE WHEN i.version = 'DRAFT' " - + " THEN '" + ItemPrivileges.PREVIEW + "' " - + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " - + " END" - + " )" - + " )" - + " OR true = :isSystemUser OR true = :isAdmin" - + " )") + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.categories c " + + "JOIN i.permissions p " + + "WHERE c.category = :folder " + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.countItemsInFolder", - query = "SELECT COUNT(i) FROM ContentItem i " - + "JOIN i.categories c " - + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "'") + query + = "SELECT DISTINCT COUNT(i) " + + "FROM ContentItem i " + + "JOIN i.categories c " + + "JOIN i.permissions p " + + "WHERE c.category = :folder " + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.findByNameInFolder", query - = "SELECT DISTINCT i " - + "FROM ContentItem i " - + "JOIN i.categories c " - + "JOIN i.permissions p " - + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND i.displayName = :name " - + "AND (" - + " (" - + " p.grantee IN :roles " - + " AND p.grantedPrivilege = " - + " (CASE WHEN i.version = 'DRAFT' " - + " THEN '" + ItemPrivileges.PREVIEW + "' " - + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " - + " END" - + " )" - + " )" - + " OR true = :isSystemUser OR true = :isAdmin" - + " )") + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.categories c " + + "JOIN i.permissions p " + + "WHERE c.category = :folder " + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND i.displayName = :name " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.countByNameInFolder", - query = "SELECT COUNT(i) FROM ContentItem i " + query = "SELECT DISTINCT COUNT(i)" + + " FROM ContentItem i " + "JOIN i.categories c " + + "JOIN i.permissions p " + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER - + "' " - + "AND i.displayName = :name") + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + + "AND i.displayName = :name " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )") , @NamedQuery( name = "ContentItem.filterByFolderAndName", - query = "SELECT i FROM ContentItem i " + query = "SELECT DISTINCT i " + + "FROM ContentItem i " + "JOIN i.categories c " + + "JOIN i.permissions p " + "WHERE c.category = :folder " - + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER - + "' " + + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " + "AND LOWER(i.displayName) LIKE CONCAT(LOWER(:name), '%')") , @NamedQuery( @@ -185,7 +214,19 @@ import static org.librecms.CmsConstants.*; + "WHERE c.category = :folder " + "AND c.type = '" + CATEGORIZATION_TYPE_FOLDER + "' " - + "AND LOWER(i.displayName) LIKE CONCAT(LOWER(:name), '%')" + + "AND LOWER(i.displayName) LIKE CONCAT(LOWER(:name), '%') " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )" ) , @NamedQuery( @@ -197,20 +238,51 @@ import static org.librecms.CmsConstants.*; , @NamedQuery( name = "ContentItem.findDraftVersion", - query = "SELECT i FROM ContentItem i " - + "WHERE i.itemUuid = :uuid " - + "AND i.version = org.librecms.contentsection.ContentItemVersion.DRAFT") + query + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.permissions p " + + "WHERE i.itemUuid = :uuid " + + "AND i.version = 'DRAFT' " + + "AND " + + "((p.grantee IN :roles " + + "AND p.grantedPrivilege = '" + ItemPrivileges.PREVIEW + "' " + + ") OR true = :isSystemUser OR true = :isAdmin)") , @NamedQuery( name = "ContentItem.findLiveVersion", - query = "SELECT i FROM ContentItem i " - + "WHERE i.itemUuid = :uuid " - + "AND i.version = org.librecms.contentsection.ContentItemVersion.LIVE") + query + = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.permissions p " + + "WHERE i.itemUuid = :uuid " + + "AND i.version = 'LIVE' " + + "AND " + + "((p.grantee IN :roles " + + "AND p.grantedPrivilege = " + + "'" + + ItemPrivileges.VIEW_PUBLISHED + + "' " + + ") OR true = :isSystemUser OR true = :isAdmin)") , @NamedQuery( name = "ContentItem.findItemWithWorkflow", - query = "SELECT i FROM ContentItem i " - + "WHERE i.workflow = :workflow" + query = "SELECT DISTINCT i " + + "FROM ContentItem i " + + "JOIN i.permissions p " + + "WHERE i.workflow = :workflow " + + "AND (" + + " (" + + " p.grantee IN :roles " + + " AND p.grantedPrivilege = " + + " (CASE WHEN i.version = 'DRAFT' " + + " THEN '" + ItemPrivileges.PREVIEW + "' " + + " ELSE '" + ItemPrivileges.VIEW_PUBLISHED + "' " + + " END" + + " )" + + " )" + + " OR true = :isSystemUser OR true = :isAdmin" + + " )" ) }) public class ContentItem extends CcmObject implements Serializable {