CCM NG: Fixed permission check for Assets (#2801)
git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@5324 8810af33-2d31-482b-a856-94f89814c4df
jensp
parent
dd8f95061f
commit
d91e414389
|
|
@ -18,6 +18,8 @@
|
||||||
*/
|
*/
|
||||||
package org.librecms.contentsection;
|
package org.librecms.contentsection;
|
||||||
|
|
||||||
|
import com.arsdigita.kernel.KernelConfig;
|
||||||
|
|
||||||
import org.apache.logging.log4j.LogManager;
|
import org.apache.logging.log4j.LogManager;
|
||||||
import org.apache.logging.log4j.Logger;
|
import org.apache.logging.log4j.Logger;
|
||||||
import org.libreccm.auditing.AbstractAuditedEntityRepository;
|
import org.libreccm.auditing.AbstractAuditedEntityRepository;
|
||||||
|
|
@ -25,6 +27,7 @@ import org.libreccm.categorization.Categorization;
|
||||||
import org.libreccm.categorization.Category;
|
import org.libreccm.categorization.Category;
|
||||||
import org.libreccm.categorization.CategoryManager;
|
import org.libreccm.categorization.CategoryManager;
|
||||||
import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
|
import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
|
||||||
|
import org.libreccm.configuration.ConfigurationManager;
|
||||||
import org.libreccm.core.CcmObjectRepository;
|
import org.libreccm.core.CcmObjectRepository;
|
||||||
import org.libreccm.core.UnexpectedErrorException;
|
import org.libreccm.core.UnexpectedErrorException;
|
||||||
import org.libreccm.security.AuthorizationRequired;
|
import org.libreccm.security.AuthorizationRequired;
|
||||||
|
|
@ -33,8 +36,10 @@ import org.libreccm.security.PermissionChecker;
|
||||||
import org.libreccm.security.PermissionManager;
|
import org.libreccm.security.PermissionManager;
|
||||||
import org.libreccm.security.RequiresPrivilege;
|
import org.libreccm.security.RequiresPrivilege;
|
||||||
import org.libreccm.security.Role;
|
import org.libreccm.security.Role;
|
||||||
|
import org.libreccm.security.RoleManager;
|
||||||
import org.libreccm.security.Shiro;
|
import org.libreccm.security.Shiro;
|
||||||
import org.libreccm.security.User;
|
import org.libreccm.security.User;
|
||||||
|
import org.libreccm.security.UserRepository;
|
||||||
import org.librecms.contentsection.privileges.AssetPrivileges;
|
import org.librecms.contentsection.privileges.AssetPrivileges;
|
||||||
import org.librecms.contentsection.rs.Assets;
|
import org.librecms.contentsection.rs.Assets;
|
||||||
|
|
||||||
|
|
@ -74,6 +79,9 @@ public class AssetRepository
|
||||||
@Inject
|
@Inject
|
||||||
private CcmObjectRepository ccmObjectRepo;
|
private CcmObjectRepository ccmObjectRepo;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
private ConfigurationManager confManager;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
private EntityManager entityManager;
|
private EntityManager entityManager;
|
||||||
|
|
||||||
|
|
@ -86,9 +94,15 @@ public class AssetRepository
|
||||||
@Inject
|
@Inject
|
||||||
private PermissionManager permissionManager;
|
private PermissionManager permissionManager;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
private RoleManager roleManager;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
private Shiro shiro;
|
private Shiro shiro;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
private UserRepository userRepository;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Long getEntityId(final Asset asset) {
|
public Long getEntityId(final Asset asset) {
|
||||||
return asset.getObjectId();
|
return asset.getObjectId();
|
||||||
|
|
@ -677,8 +691,26 @@ public class AssetRepository
|
||||||
.map(membership -> membership.getRole())
|
.map(membership -> membership.getRole())
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
final Optional<User> publicUser;
|
||||||
|
|
||||||
|
final KernelConfig kernelConfig = confManager
|
||||||
|
.findConfiguration(KernelConfig.class);
|
||||||
|
final String principal = (String) shiro
|
||||||
|
.getPublicUser()
|
||||||
|
.getPrincipal();
|
||||||
|
if (kernelConfig.emailIsPrimaryIdentifier()) {
|
||||||
|
publicUser = userRepository.findByEmailAddress(principal);
|
||||||
|
} else {
|
||||||
|
publicUser = userRepository.findByName(principal);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (publicUser.isPresent()) {
|
||||||
|
roles = roleManager.findAllRolesForUser(publicUser.get());
|
||||||
|
} else {
|
||||||
roles = Collections.emptyList();
|
roles = Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
final boolean isSystemUser = shiro.isSystemUser();
|
final boolean isSystemUser = shiro.isSystemUser();
|
||||||
final boolean isAdmin = permissionChecker.isPermitted("*");
|
final boolean isAdmin = permissionChecker.isPermitted("*");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue