From a08e1138bcdd219757b2a10cf62c9b549978cbd8 Mon Sep 17 00:00:00 2001 From: jensp Date: Wed, 8 Feb 2017 18:07:03 +0000 Subject: [PATCH] CCM NG/ccm-cms: FolderBrowser now shows up. Needs testing. git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4557 8810af33-2d31-482b-a856-94f89814c4df Former-commit-id: ecb3a5c2abdacf444e8b47352bb45da212c721e4 --- .../java/com/arsdigita/cms/ui/BrowsePane.java | 30 ++++- .../cms/ui/folder/FolderTreeModelBuilder.java | 1 - .../ui/permissions/CMSPermissionsPane.java | 21 ++-- .../permissions/CMSPermissionsTableModel.java | 4 +- .../contentsection/ContentSectionSetup.java | 23 ++++ .../org/librecms/CmsResources.properties | 25 +++++ .../org/librecms/CmsResources_de.properties | 25 +++++ .../org/librecms/CmsResources_fr.properties | 25 +++++ .../org/libreccm/security/Permission.java | 6 + .../libreccm/security/PermissionChecker.java | 106 +++++++++--------- .../libreccm/security/PermissionManager.java | 2 +- 11 files changed, 201 insertions(+), 67 deletions(-) diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java index 0d20ed6b1..dc76afa79 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/BrowsePane.java @@ -18,17 +18,21 @@ */ package com.arsdigita.cms.ui; +import com.arsdigita.bebop.Component; import com.arsdigita.bebop.Label; import com.arsdigita.bebop.Page; import com.arsdigita.bebop.PageState; import com.arsdigita.bebop.Resettable; import com.arsdigita.bebop.SegmentedPanel; import com.arsdigita.bebop.SingleSelectionModel; +import com.arsdigita.bebop.Text; +import com.arsdigita.bebop.Tree; import com.arsdigita.bebop.event.FormProcessListener; import com.arsdigita.bebop.event.FormSectionEvent; import com.arsdigita.bebop.event.FormSubmissionListener; import com.arsdigita.bebop.event.ActionEvent; import com.arsdigita.bebop.event.ActionListener; +import com.arsdigita.bebop.tree.TreeCellRenderer; import com.arsdigita.cms.CMS; import com.arsdigita.cms.ui.folder.FolderRequestLocal; import com.arsdigita.cms.ui.folder.FolderSelectionModel; @@ -40,6 +44,7 @@ import com.arsdigita.util.Assert; import org.libreccm.categorization.Category; import org.libreccm.core.CcmObject; import org.librecms.CmsConstants; +import org.librecms.contentsection.Folder; /** * A pane that contains a folder tree on the left and a folder manipulator on @@ -61,6 +66,29 @@ public class BrowsePane extends LayoutPanel implements Resettable { /* The folder tree displayed on the left side / left column */ tree = new BaseTree(new FolderTreeModelBuilder()); + tree.setCellRenderer(new TreeCellRenderer() { + + @Override + public Component getComponent(final Tree tree, + final PageState state, + final Object value, + final boolean isSelected, + final boolean isExpanded, + final boolean isLeaf, + final Object key) { + if (value instanceof Folder) { + final Folder folder = (Folder) value; + if (folder.getParentCategory() == null) { + return new Text("/"); + } else { + return new Text(folder.getName()); + } + } else { + return new Text(value.toString()); + } + } + + }); selectionModel = tree.getSelectionModel(); folderModel = new FolderSelectionModel(selectionModel); folderRequestLocal = new FolderRequestLocal(folderModel); @@ -70,7 +98,7 @@ public class BrowsePane extends LayoutPanel implements Resettable { final Label heading = new Label( new GlobalizedMessage("cms.ui.folder_browser", - CmsConstants.CMS_FOLDER_BUNDLE)); + CmsConstants.CMS_BUNDLE)); left.addSegment(heading, tree); flatItemList = new FlatItemList(folderRequestLocal, folderModel); diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderTreeModelBuilder.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderTreeModelBuilder.java index bf7c1cdff..6c0be452f 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderTreeModelBuilder.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/folder/FolderTreeModelBuilder.java @@ -32,7 +32,6 @@ import com.arsdigita.util.LockableImpl; import java.util.Collections; import java.util.Iterator; -import org.libreccm.categorization.Category; import org.libreccm.cdi.utils.CdiUtil; import org.librecms.contentsection.Folder; diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsPane.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsPane.java index 496c95bcc..1900851d6 100755 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsPane.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsPane.java @@ -245,7 +245,7 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, if (permissionsTable != null) { return permissionsTable; } - + final BoxPanel panel = new BoxPanel(BoxPanel.VERTICAL); final Label header = new Label(new GlobalizedMessage( "cms.ui.permissions.table.header", @@ -264,6 +264,8 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, new Label(new GlobalizedMessage( "cms.ui.permissions.table.role_header", CmsConstants.CMS_BUNDLE))); + headerLabels.add(new Label(new GlobalizedMessage( + "cms.ui.permissions.table.remove_all.header"))); final Table table = new Table(new CMSPermissionsTableModelBuilder(this), headerLabels.toArray()); table.setClassAttr("dataTable"); @@ -281,7 +283,9 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, final ControlLink link = new ControlLink(""); - if ((boolean) value) { + final CMSPermissionsTableColumn col + = (CMSPermissionsTableColumn) value; + if (col.isPermitted()) { link.setClassAttr("checkBoxChecked"); } else { link.setClassAttr("checkBoxUnchecked"); @@ -303,9 +307,12 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, final Object key, final int row, final int column) { - final ControlLink link = new ControlLink((String) value); + final ControlLink link = new ControlLink(new Label( + new GlobalizedMessage( + "cms.ui.permissions.table.actions.remove_all", + CmsConstants.CMS_BUNDLE))); link.setConfirmation(new GlobalizedMessage( - "permissions.table.actions.removeAll", + "cms.ui.permissions.table.actions.remove_all.confirm", CmsConstants.CMS_BUNDLE)); return link; @@ -424,7 +431,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // .getPermissions(CMSPermissionsConstants.INHERITED); // return inheritedPermissions; // } - public SimpleContainer getAdminListingPanel() { if (adminListing == null) { adminListing = new ObjectAdminListing(selectionModel); @@ -511,7 +517,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // } // return contextPanel; // } - ParameterModel getSearchString() { return searchString; } @@ -537,7 +542,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // getPermissionGrantPanel().setVisible(state, false); // getNoSearchResultPanel().setVisible(state, true); // } - // /** // * Show the Grant privileges panel // * @@ -551,7 +555,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // getNoSearchResultPanel().setVisible(state, false); // getPermissionGrantPanel().setVisible(state, true); // } - // /** // * Shows the administration page of permissions to one object. // * @@ -595,7 +598,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // // getPermissionGrantPanel().setVisible(state, false); // } - @Override public void actionPerformed(final ActionEvent event) { @@ -637,7 +639,6 @@ public class CMSPermissionsPane extends SimpleContainer implements Resettable, // getAdminListingPanel().setVisible(state, false); // } // } - public String getPrivilegeName(final String privilege) { return privilegeNameMap.get(privilege); } diff --git a/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsTableModel.java b/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsTableModel.java index b8ae1c5cc..2fd824e1e 100644 --- a/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsTableModel.java +++ b/ccm-cms/src/main/java/com/arsdigita/cms/ui/permissions/CMSPermissionsTableModel.java @@ -71,7 +71,7 @@ class CMSPermissionsTableModel implements TableModel { } else if (columnIndex == getColumnCount() - 1) { return "Remove all"; } else { - return currentRow.getColumns().get(columnIndex - 2); + return currentRow.getColumns().get(columnIndex - 1); } } @@ -80,7 +80,7 @@ class CMSPermissionsTableModel implements TableModel { if (columnIndex == 0 || columnIndex == getColumnCount() - 1) { return currentRow.getRoleName(); } else { - return currentRow.getColumns().get(columnIndex).getPrivilege(); + return currentRow.getColumns().get(columnIndex - 1).getPrivilege(); } } diff --git a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java index 09112f58a..9581ee818 100644 --- a/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java +++ b/ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionSetup.java @@ -234,6 +234,29 @@ public class ContentSectionSetup extends AbstractCcmApplicationSetup { getEntityManager().persist(publisher); getEntityManager().persist(contentReader); + section.addRole(alertRecipient); + section.addRole(author); + section.addRole(editor); + section.addRole(manager); + section.addRole(publisher); + section.addRole(contentReader); + + + + final String itemResolverClassName; + if (getIntegrationProps().containsKey(String.format("%s.item_resolver", + sectionName))) { + itemResolverClassName = getIntegrationProps().getProperty( + String.format("%s.item_resolver", + sectionName)); + } else if(getIntegrationProps().containsKey("default_item_resolver")) { + itemResolverClassName = getIntegrationProps().getProperty("default_item_resolver_name"); + } else { + itemResolverClassName = MultilingualItemResolver.class.getName(); + } + section.setItemResolverClass(itemResolverClassName); + + getEntityManager().merge(section); } } diff --git a/ccm-cms/src/main/resources/org/librecms/CmsResources.properties b/ccm-cms/src/main/resources/org/librecms/CmsResources.properties index 27f9fa354..59a9ffe1c 100644 --- a/ccm-cms/src/main/resources/org/librecms/CmsResources.properties +++ b/ccm-cms/src/main/resources/org/librecms/CmsResources.properties @@ -16,3 +16,28 @@ cms.ui.admin_center=Admin Center cms.ui.contentcenter.section_hint=All documents are organized in one or more contect sections. Each content section may have its own system of permission and its own administrators, independent from each other. Select a section where you will edit a document or create a new one. cms.ui.contentcenter.location=Location cms.ui.contentcenter.location_hint=In Legacy mode links to public pages. +cms.ui.browse=Documents +cms.ui.search=Search +cms.ui.roles=Roles +cms.ui.workflows=Workflows +cms.ui.lifecycles=Lifecycles +cms.ui.content_types=Content types +cms.ui.cse=Soon expired +cms.ui.reports=Reports +cms.ui.permissions=Permissions +cms.ui.permissions.table.header=The following permissions have been granted on the current object: +cms.ui.permissions.table.role_header=Role +cms.ui.permissions.table.privilege.headers.administer_items=Administer items +cms.ui.permissions.table.privilege.headers.apply_alternate_workflow=Apply alternate workflow +cms.ui.permissions.table.privilege.headers.approve_items=Approve items +cms.ui.permissions.table.privilege.headers.categorize_items=Categorise items +cms.ui.permissions.table.privilege.headers.create_new_items=Create new items +cms.ui.permissions.table.privilege.headers.delete_items=Delete items +cms.ui.permissions.table.privilege.headers.edit_items=Edit items +cms.ui.permissions.table.privilege.headers.preview_items=Preview items +cms.ui.permissions.table.privilege.headers.publish_items=Publish items +cms.ui.permissions.table.privilege.headers.view_published_items=View published items +cms.ui.folder_browser=Folders +cms.ui.permissions.table.actions.remove_all=Remove all permissions +cms.ui.permissions.table.actions.remove_all.confirm=Are you sure to remove all permissions for this role from the current object? +cms.ui.permissions.table.remove_all.header=Remove all diff --git a/ccm-cms/src/main/resources/org/librecms/CmsResources_de.properties b/ccm-cms/src/main/resources/org/librecms/CmsResources_de.properties index 53ca6579b..165c9cd17 100644 --- a/ccm-cms/src/main/resources/org/librecms/CmsResources_de.properties +++ b/ccm-cms/src/main/resources/org/librecms/CmsResources_de.properties @@ -16,3 +16,28 @@ cms.ui.admin_center=Admin Center cms.ui.contentcenter.section_hint=All documents are organized in one or more contect sections. Each content section may have its own system of permission and its own administrators, independent from each other. Select a section where you will edit a document or create a new one. cms.ui.contentcenter.location=Ort cms.ui.contentcenter.location_hint=In Legacy mode links to public pages. +cms.ui.browse=Dokumente +cms.ui.search=Suche +cms.ui.roles=Rollen +cms.ui.workflows=Arbeitsabl\u00e4ufe +cms.ui.lifecycles=Ver\u00f6ffentlichungszyklen +cms.ui.content_types=Dokumenttypen +cms.ui.cse=Bald abgelaufen +cms.ui.reports=Berichte +cms.ui.permissions=Berechtigungen +cms.ui.permissions.table.header=Die folgenden Berechtigungen wurden f\u00fcr das aktuelle Objekt erteilt: +cms.ui.permissions.table.role_header=Rolle +cms.ui.permissions.table.privilege.headers.administer_items=Dokumente verwalten +cms.ui.permissions.table.privilege.headers.apply_alternate_workflow=Alternative Arbeitsablauf zuweisen +cms.ui.permissions.table.privilege.headers.approve_items=Dokumente genehmigen +cms.ui.permissions.table.privilege.headers.categorize_items=Dokumente kategorisieren +cms.ui.permissions.table.privilege.headers.create_new_items=Neue Dokumente anlegen +cms.ui.permissions.table.privilege.headers.delete_items=Dokumente l\u00f6schen +cms.ui.permissions.table.privilege.headers.edit_items=Dokumente bearbeiten +cms.ui.permissions.table.privilege.headers.preview_items=Vorschau betrachten +cms.ui.permissions.table.privilege.headers.publish_items=Dokumente ver\u00f6ffentlichen +cms.ui.permissions.table.privilege.headers.view_published_items=Ver\u00f6ffentlichte Dokumente betrachten +cms.ui.folder_browser=Ordner +cms.ui.permissions.table.actions.remove_all=Alle Berechtigungen entfernen +cms.ui.permissions.table.actions.remove_all.confirm=Sind Sie sicher, dass Sie alle Berechtigungen f\u00fcr diese Rolle von dem aktuellen Objekt entfernen wollen? +cms.ui.permissions.table.remove_all.header=Alle entfernen diff --git a/ccm-cms/src/main/resources/org/librecms/CmsResources_fr.properties b/ccm-cms/src/main/resources/org/librecms/CmsResources_fr.properties index 70bc7507f..185a2956e 100644 --- a/ccm-cms/src/main/resources/org/librecms/CmsResources_fr.properties +++ b/ccm-cms/src/main/resources/org/librecms/CmsResources_fr.properties @@ -16,3 +16,28 @@ cms.ui.admin_center=Admin Center cms.ui.contentcenter.section_hint=All documents are organized in one or more contect sections. Each content section may have its own system of permission and its own administrators, independent from each other. Select a section where you will edit a document or create a new one. cms.ui.contentcenter.location=Location cms.ui.contentcenter.location_hint=In Legacy mode links to public pages. +cms.ui.browse=Documents +cms.ui.search=Search +cms.ui.roles=Roles +cms.ui.workflows=Workflows +cms.ui.lifecycles=Lifecycles +cms.ui.content_types=Content types +cms.ui.cse=Soon expired +cms.ui.reports=Reports +cms.ui.permissions=Permissions +cms.ui.permissions.table.header=The following permissions have been granted on the current object: +cms.ui.permissions.table.role_header=Role +cms.ui.permissions.table.privilege.headers.administer_items=Administer items +cms.ui.permissions.table.privilege.headers.apply_alternate_workflow=Apply alternate workflow +cms.ui.permissions.table.privilege.headers.approve_items=Approve items +cms.ui.permissions.table.privilege.headers.categorize_items=Categorise items +cms.ui.permissions.table.privilege.headers.create_new_items=Create new items +cms.ui.permissions.table.privilege.headers.delete_items=Delete items +cms.ui.permissions.table.privilege.headers.edit_items=Edit items +cms.ui.permissions.table.privilege.headers.preview_items=Preview items +cms.ui.permissions.table.privilege.headers.publish_items=Publish items +cms.ui.permissions.table.privilege.headers.view_published_items=View published items +cms.ui.folder_browser=Folders +cms.ui.permissions.table.actions.remove_all=Remove all permissions +cms.ui.permissions.table.actions.remove_all.confirm=Are you sure to remove all permissions for this role from the current object? +cms.ui.permissions.table.remove_all.header=Remove all diff --git a/ccm-core/src/main/java/org/libreccm/security/Permission.java b/ccm-core/src/main/java/org/libreccm/security/Permission.java index db739acdb..db6c08835 100644 --- a/ccm-core/src/main/java/org/libreccm/security/Permission.java +++ b/ccm-core/src/main/java/org/libreccm/security/Permission.java @@ -60,6 +60,12 @@ import javax.persistence.OneToOne; @Table(name = "PERMISSIONS", schema = DB_SCHEMA) @NamedQueries({ @NamedQuery(name = "Permission.existsForPrivilegeRoleObject", + query = "SELECT COUNT(p) FROM Permission p " + + "WHERE p.grantedPrivilege = :privilege " + + "AND p.grantee = :grantee " + + "AND p.object = :object") + , + @NamedQuery(name = "Permission.existsDirectForPrivilegeRoleObject", query = "SELECT COUNT(p) FROM Permission p " + "WHERE p.grantedPrivilege = :privilege " + "AND p.grantee = :grantee " diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java index eb0cfb139..d22dc19d6 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java @@ -29,9 +29,15 @@ import java.util.Optional; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.transaction.Transactional; + import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import java.util.Objects; + +import javax.persistence.EntityManager; +import javax.persistence.TypedQuery; + /** * An utility class for checking permissions. Uses the current {@link Subject} * as provided by the {@link Shiro} bean useless otherwise indicated. @@ -42,7 +48,7 @@ import org.apache.logging.log4j.Logger; public class PermissionChecker { private static final Logger LOGGER = LogManager.getLogger( - PermissionChecker.class); + PermissionChecker.class); /** * The current subject as provided by {@link Shiro#getSubject()}. @@ -50,6 +56,9 @@ public class PermissionChecker { @Inject private Subject subject; + @Inject + private EntityManager entityManager; + @Inject private Shiro shiro; @@ -63,14 +72,14 @@ public class PermissionChecker { * @param privilege The privilege granted by the permission. * * @return {@code true} if the current subject has a permission granting the - * provided {@code privilege}, {@code false} otherwise. + * provided {@code privilege}, {@code false} otherwise. */ public boolean isPermitted(final String privilege) { if (subject.isAuthenticated()) { return subject.isPermitted(generatePermissionString(privilege)); } else { return shiro.getPublicUser().isPermitted(generatePermissionString( - privilege)); + privilege)); } } @@ -79,22 +88,22 @@ public class PermissionChecker { * provided {@code privilege}. * * @param privilege The privilege granted by the permission. - * @param role The role to check for a permission granting the - * {@code privilege}. + * @param role The role to check for a permission granting the + * {@code privilege}. * * @return {@code true} if the role has a permission granting the provided - * {@code privilege}, {@code false} otherwise. + * {@code privilege}, {@code false} otherwise. */ @Transactional(Transactional.TxType.REQUIRED) public boolean isPermitted(final String privilege, final Role role) { if (privilege == null || privilege.trim().isEmpty()) { throw new IllegalArgumentException( - "Can't check permission null (or empty)"); + "Can't check permission null (or empty)"); } if (role == null) { throw new IllegalArgumentException( - "Can't check permission for role null."); + "Can't check permission for role null."); } //Ensure that we have a none detached entity @@ -108,10 +117,10 @@ public class PermissionChecker { } final Optional permission = theRole.get().getPermissions() - .stream() - .filter(granted -> privilege.equals(granted. - getGrantedPrivilege())) - .findFirst(); + .stream() + .filter(granted -> privilege.equals(granted. + getGrantedPrivilege())) + .findFirst(); return permission.isPresent(); } @@ -121,18 +130,19 @@ public class PermissionChecker { * {@code privilege} on the provided {@code object}. * * @param privilege The granted privilege. - * @param object The object on which the privilege is granted. + * @param object The object on which the privilege is granted. * * @return {@code true} if the there is a permission granting the provided - * {@code privilege} on the provided {@code object} to the current subject. + * {@code privilege} on the provided {@code object} to the current + * subject. */ public boolean isPermitted(final String privilege, final CcmObject object) { if (subject.isAuthenticated()) { return subject.isPermitted(generatePermissionString( - privilege, object)); + privilege, object)); } else { return shiro.getPublicUser().isPermitted(generatePermissionString( - privilege, object)); + privilege, object)); } } @@ -141,48 +151,39 @@ public class PermissionChecker { * provided {@code privilege} on the provided object. * * @param privilege The granted privilege. - * @param object The object on which the {@code privilege} is granted. - * @param role The role to check for a permission granting the - * {@code privilege}. + * @param object The object on which the {@code privilege} is granted. + * @param role The role to check for a permission granting the + * {@code privilege}. * * @return {@code true} if the there is a permission granting the provided - * {@code privilege} on the provided {@code object} to the provided - * {@code role}. + * {@code privilege} on the provided {@code object} to the provided + * {@code role}. */ public boolean isPermitted(final String privilege, final CcmObject object, final Role role) { if (privilege == null || privilege.trim().isEmpty()) { throw new IllegalArgumentException( - "Can't check permission null (or empty)"); + "Can't check permission null (or empty)"); } if (role == null) { throw new IllegalArgumentException( - "Can't check permission for role null."); + "Can't check permission for role null."); } if (object == null) { throw new IllegalArgumentException( - "Can verify permissions for object null."); + "Can verify permissions for object null."); } - //Ensure that we have a none detached entity - final Optional theRole = roleRepo.findById(role.getRoleId()); - if (!theRole.isPresent()) { - //If the role is not found in the database print a warning in the - //and return false - LOGGER.warn("To provided role {} was not found in the database.", - role.toString()); - return false; - } - - final Optional permission = theRole.get().getPermissions() - .stream() - .filter(granted -> granted.getObject() != null) - .filter(granted -> object.equals(granted.getObject())) - .findFirst(); - return permission.isPresent(); + final TypedQuery query = entityManager.createNamedQuery( + "Permission.existsForPrivilegeRoleObject", Long.class); + query.setParameter("privilege", privilege); + query.setParameter("grantee" ,role); + query.setParameter("object" ,object); + + return query.getSingleResult() > 0; } /** @@ -193,15 +194,15 @@ public class PermissionChecker { * @param privilege The privilege to check for. * * @throws AuthorizationException If the current subject has not permission - * granting the provided privilege. + * granting the provided privilege. */ public void checkPermission(final String privilege) - throws AuthorizationException { + throws AuthorizationException { if (subject.isAuthenticated()) { subject.checkPermission(generatePermissionString(privilege)); } else { shiro.getPublicUser().checkPermission(generatePermissionString( - privilege)); + privilege)); } } @@ -211,19 +212,20 @@ public class PermissionChecker { * * * @param privilege The privilege to check for. - * @param object The object on which the privilege is granted. + * @param object The object on which the privilege is granted. * * @throws AuthorizationException If there is no permission granting the - * provided privilege to the current subject on the provided object.. + * provided privilege to the current subject + * on the provided object.. */ public void checkPermission(final String privilege, final CcmObject object) - throws AuthorizationException { + throws AuthorizationException { if (subject.isAuthenticated()) { subject.checkPermission(generatePermissionString(privilege, object)); } else { shiro.getPublicUser().checkPermission(generatePermissionString( - privilege, object)); + privilege, object)); } } @@ -234,13 +236,13 @@ public class PermissionChecker { * placeholder object is returned with the {@link CcmObject#displayName} * property set the {@code Access denied}. * - * @param The type of the object to check. + * @param The type of the object to check. * @param privilege The privilige to check for. - * @param object The object on which the privilege is granted. - * @param clazz The class of the object. + * @param object The object on which the privilege is granted. + * @param clazz The class of the object. * * @return The object if the current subject is permitted to access, a - * placeholder object if not. + * placeholder object if not. */ public T checkPermission(final String privilege, final T object, @@ -256,7 +258,7 @@ public class PermissionChecker { * @param object The object to check. * * @return {@code true} if the object is a Access denied object, - * {@code false} if not. + * {@code false} if not. */ public boolean isAccessDeniedObject(final CcmObject object) { if (object == null) { diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java index 94d0e0f04..840f1b832 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java @@ -536,7 +536,7 @@ public class PermissionManager { final Role grantee, final CcmObject object) { final TypedQuery query = entityManager.createNamedQuery( - "Permission.existsForPrivilegeRoleObject", Long.class); + "Permission.existsDirectForPrivilegeRoleObject", Long.class); query.setParameter(QUERY_PARAM_PRIVILEGE, privilege); query.setParameter(QUERY_PARAM_GRANTEE, grantee); query.setParameter(QUERY_PARAM_OBJECT, object);