From d23b783607744ba3e9f92d26359238c9066544b8 Mon Sep 17 00:00:00 2001 From: Jens Pelzetter Date: Sat, 6 Feb 2021 20:06:40 +0100 Subject: [PATCH] Content Sections UI: Edit permissions, dialog for renaming folders --- .../DocumentFolderController.java | 129 ++++++++++++++-- .../documentfolder/documentfolder.xhtml | 144 +++++++++++++----- .../ui/contentsection/role-not-found.xhtml | 25 +++ .../org/librecms/CmsAdminMessages.properties | 11 ++ .../librecms/CmsAdminMessages_de.properties | 11 ++ .../main/scss/content-sections/_custom.scss | 3 + 6 files changed, 272 insertions(+), 51 deletions(-) create mode 100644 ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/role-not-found.xhtml diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java index 72a09edf6..667fce760 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/DocumentFolderController.java @@ -15,6 +15,7 @@ import org.libreccm.security.Permission; import org.libreccm.security.PermissionChecker; import org.libreccm.security.PermissionManager; import org.libreccm.security.Role; +import org.libreccm.security.RoleRepository; import org.librecms.contentsection.ContentItem; import org.librecms.contentsection.ContentItemL10NManager; import org.librecms.contentsection.ContentItemManager; @@ -75,9 +76,6 @@ public class DocumentFolderController { DocumentFolderController.class ); - @Inject - private CmsAdminMessages cmsAdminMessages; - @Inject private ContentItemManager itemManager; @@ -90,9 +88,6 @@ public class DocumentFolderController { @Inject private ContentSectionModel contentSectionModel; - @Inject - private ContentTypeManager contentTypeManager; - @Inject private ContentTypeRepository contentTypeRepo; @@ -123,6 +118,9 @@ public class DocumentFolderController { @Inject private PermissionManager permissionManager; + @Inject + private RoleRepository roleRepo; + @GET @Path("/") @AuthorizationRequired @@ -170,6 +168,8 @@ public class DocumentFolderController { return "org/librecms/ui/contentsection/access-denied.xhtml"; } + contentSectionModel.setSection(section); + final Folder folder; if (folderPath.isEmpty()) { folder = section.getRootDocumentsFolder(); @@ -417,6 +417,107 @@ public class DocumentFolderController { ); } + @POST + @Path("/@permissions/{role}/") + @AuthorizationRequired + @Transactional(Transactional.TxType.REQUIRED) + public String updatePermissions( + @PathParam("sectionIdentifier") final String sectionIdentifier, + @PathParam("role") final String roleParam, + @FormParam("permissions") final List permissions + ) { + return updatePermissions( + sectionIdentifier, "", roleParam, permissions + ); + } + + @POST + @Path("/@permissions/{role}/{folderPath:(.+)?}") + @AuthorizationRequired + @Transactional(Transactional.TxType.REQUIRED) + public String updatePermissions( + @PathParam("sectionIdentifier") final String sectionIdentifier, + @PathParam("folderPath") final String folderPath, + @PathParam("role") final String roleParam, + @FormParam("permissions") final List permissions + ) { + final Optional sectionResult = retrieveContentSection( + sectionIdentifier + ); + if (!sectionResult.isPresent()) { + models.put("sectionIdentifier", sectionIdentifier); + return "org/librecms/ui/contentsection/contentsection-not-found.xhtml"; + } + + final ContentSection section = sectionResult.get(); + if (!permissionChecker.isPermitted( + ItemPrivileges.EDIT, section.getRootDocumentsFolder() + )) { + models.put("sectionidentifier", sectionIdentifier); + return "org/librecms/ui/contentsection/access-denied.xhtml"; + } + + final Folder folder; + if (folderPath.isEmpty()) { + folder = section.getRootDocumentsFolder(); + documentFolderModel.setBreadcrumbs(Collections.emptyList()); + } else { + final Optional folderResult = folderRepo + .findByPath( + section, + folderPath, + FolderType.DOCUMENTS_FOLDER + ); + if (folderResult.isPresent()) { + folder = folderResult.get(); + + documentFolderModel.setBreadcrumbs(buildBreadcrumbs(folderPath)); + } else { + models.put("contentSection", section.getLabel()); + models.put("folderPath", folderPath); + return "org/librecms/ui/contentsection/documentfolder/documentfolder-not-found.xhtml"; + } + } + + if (!permissionChecker.isPermitted(ItemPrivileges.ADMINISTER, folder)) { + models.put("sectionidentifier", sectionIdentifier); + models.put("folderPath", folderPath); + return "org/librecms/ui/contentsection/access-denied.xhtml"; + } + + final Optional roleResult = roleRepo.findByName(roleParam); + if (!roleResult.isPresent()) { + models.put("role", roleParam); + } + final Role role = roleResult.get(); + + final List privileges = permissionManager + .listDefiniedPrivileges(ItemPrivileges.class); + + privileges + .stream() + .filter(privilege -> permissions.contains(privilege)) + .forEach( + privilege -> permissionManager.grantPrivilege( + privilege, role, folder + ) + ); + privileges + .stream() + .filter(privilege -> !permissions.contains(privilege)) + .forEach( + privilege -> permissionManager.revokePrivilege( + privilege, role, folder + ) + ); + + return String.format( + "redirect:/%s/documentfolders/%s", + sectionIdentifier, + folderPath + ); + } + private Optional retrieveContentSection( final String sectionIdentifier ) { @@ -793,11 +894,12 @@ public class DocumentFolderController { ) ) .collect(Collectors.toList()); - - final PrivilegesGrantedToRoleModel model = new PrivilegesGrantedToRoleModel(); + + final PrivilegesGrantedToRoleModel model + = new PrivilegesGrantedToRoleModel(); model.setGrantedPrivileges(grantedPrivilges); model.setGrantee(role.getName()); - + return model; } @@ -817,16 +919,18 @@ public class DocumentFolderController { permission -> permission.getGrantee().equals(role) && permission.getGrantedPrivilege().equals(privilege) + && permission.getObject().equals(folder) + && permission.getInheritedFrom() != null ) ); model.setPrivilege(privilege); return model; } - + private List buildCurrentUserPermissions( final Folder folder - ) { + ) { return permissionManager .listDefiniedPrivileges(ItemPrivileges.class) .stream() @@ -836,10 +940,11 @@ public class DocumentFolderController { private GrantedPrivilegeModel buildCurrentUserPermission( final Folder folder, final String privilege - ) { + ) { final GrantedPrivilegeModel model = new GrantedPrivilegeModel(); model.setPrivilege(privilege); model.setGranted(permissionChecker.isPermitted(privilege, folder)); return model; } + } diff --git a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml index 0ef922e1b..3d26f2ecb 100644 --- a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml +++ b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/documentfolder/documentfolder.xhtml @@ -225,7 +225,7 @@ #{CmsAdminMessages['contentsection.documentfolder.headers.lastedit.label']} - + #{CmsAdminMessages['contentsection.documentfolder.headers.actions.label']} @@ -277,54 +277,57 @@ - - - - - -