LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

Some extra permission checks 

Former-commit-id: 17639675976a3150f8d9f10e6d776f1f52b51e1b
pull/10/head
Jens Pelzetter 2021-02-20 11:42:55 +01:00
parent 6effd9f73b
commit ddcd759c2e
4 changed files with 72 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java
View File

@ -17,8 +17,10 @@ import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
import org.libreccm.core.CcmObject;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.ContentSectionRepository;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
@ -73,6 +75,9 @@ public class CategoriesController {
@Inject
private Models models;
@Inject
private PermissionChecker permissionChecker;
@GET
@Path("/")
@AuthorizationRequired
@ -549,7 +554,8 @@ public class CategoriesController {
}
@GET
@Path("/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}")
@Path(
"/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}")
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public String setIndexElement(
@ -643,7 +649,7 @@ public class CategoriesController {
) {
return addSubcategory(
sectionIdentifier,
context,
context,
"/",
categoryName,
uniqueId,
@ -829,7 +835,7 @@ public class CategoriesController {
// Nothing
break;
}
final String parentCategoryPath = categoryManager
.getCategoryPath(parentCategory);
final String pathFragment;
@ -940,6 +946,7 @@ public class CategoriesController {
.getIdentifier());
break;
}
return sectionResult;
}
@ -957,6 +964,13 @@ public class CategoriesController {
);
}
final ContentSection section = sectionResult.get();
if (permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CATEGORIES, section
)) {
return RetrieveResult.failed(
"org/librecms/ui/contentsection/access-denied.xhtml"
);
}
final Optional<DomainOwnership> domainResult = section
.getDomains()

36
ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java
View File

@ -5,7 +5,9 @@
*/
package org.librecms.ui.contentsections;
import org.libreccm.security.PermissionChecker;
import org.librecms.contentsection.ContentSection;
import org.librecms.contentsection.privileges.AdminPrivileges;
import java.util.ArrayList;
import java.util.Collections;
@ -14,6 +16,7 @@ import java.util.Objects;
import java.util.Optional;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.inject.Named;
/**
@ -24,6 +27,9 @@ import javax.inject.Named;
@Named("ContentSectionModel")
public class ContentSectionModel {
@Inject
private PermissionChecker permissionChecker;
private ContentSection section;
private List<AssetFolderTreeNode> assetFolders;
@ -63,4 +69,34 @@ public class ContentSectionModel {
this.documentFolders = new ArrayList<>(documentFolders);
}
public boolean getCanAdministerCategories() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CATEGORIES, section
);
}
public boolean getCanAdministerContentTypes() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_CATEGORIES, section
);
}
public boolean getCanAdministerLifecycles() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_LIFECYLES, section
);
}
public boolean getCanAdministerRoles() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_ROLES, section
);
}
public boolean getCanAdministerWorkflows() {
return permissionChecker.isPermitted(
AdminPrivileges.ADMINISTER_WORKFLOW, section
);
}
}

32
ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml
View File

@ -39,20 +39,24 @@
<span>#{CmsAdminMessages['contentsection.assetfolders.title']}</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link #{activePage == 'categorySystems' ? 'active' : ''}"
href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/categorysystems'>
<bootstrap:svgIcon icon="diagram-3-fill" />
<span>#{CmsAdminMessages['contentsection.categories.title']}</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link #{activePage == 'configuration' ? 'active' : ''}"
href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/configuration'>
<bootstrap:svgIcon icon="gear-fill" />
<span>#{CmsAdminMessages['contentsection.configuration.title']}</span>
</a>
</li>
<c:if test="#{ContentSectionModel.canAdministerCategories}">
<li class="nav-item">
<a class="nav-link #{activePage == 'categorySystems' ? 'active' : ''}"
href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/categorysystems'>
<bootstrap:svgIcon icon="diagram-3-fill" />
<span>#{CmsAdminMessages['contentsection.categories.title']}</span>
</a>
</li>
</c:if>
<c:if test="#{ContentSectionModel.canAdministerContentTypes or ContentSectionModel.canAdministerLifecycles or ContentSectionModel.canAdministerRoles or ContentSectionModel.canAdministerWorkflows}">
<li class="nav-item">
<a class="nav-link #{activePage == 'configuration' ? 'active' : ''}"
href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/configuration'>
<bootstrap:svgIcon icon="gear-fill" />
<span>#{CmsAdminMessages['contentsection.configuration.title']}</span>
</a>
</li>
</c:if>
</ul>
</div>
</nav>

1
ccm-core/src/main/java/org/libreccm/ui/UserInfo.java
View File

@ -1,4 +1,5 @@
/*
*3
* Copyright (C) 2021 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or