diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java index 59710ef5b..a1f3643d7 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java @@ -17,8 +17,10 @@ import org.libreccm.categorization.ObjectNotAssignedToCategoryException; import org.libreccm.core.CcmObject; import org.libreccm.l10n.GlobalizationHelper; import org.libreccm.security.AuthorizationRequired; +import org.libreccm.security.PermissionChecker; import org.librecms.contentsection.ContentSection; import org.librecms.contentsection.ContentSectionRepository; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.time.ZoneId; import java.time.format.DateTimeFormatter; @@ -73,6 +75,9 @@ public class CategoriesController { @Inject private Models models; + @Inject + private PermissionChecker permissionChecker; + @GET @Path("/") @AuthorizationRequired @@ -549,7 +554,8 @@ public class CategoriesController { } @GET - @Path("/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}") + @Path( + "/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}") @AuthorizationRequired @Transactional(Transactional.TxType.REQUIRED) public String setIndexElement( @@ -643,7 +649,7 @@ public class CategoriesController { ) { return addSubcategory( sectionIdentifier, - context, + context, "/", categoryName, uniqueId, @@ -829,7 +835,7 @@ public class CategoriesController { // Nothing break; } - + final String parentCategoryPath = categoryManager .getCategoryPath(parentCategory); final String pathFragment; @@ -940,6 +946,7 @@ public class CategoriesController { .getIdentifier()); break; } + return sectionResult; } @@ -957,6 +964,13 @@ public class CategoriesController { ); } final ContentSection section = sectionResult.get(); + if (permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_CATEGORIES, section + )) { + return RetrieveResult.failed( + "org/librecms/ui/contentsection/access-denied.xhtml" + ); + } final Optional domainResult = section .getDomains() diff --git a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java index 337eb341f..6ff46cb66 100644 --- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java +++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java @@ -5,7 +5,9 @@ */ package org.librecms.ui.contentsections; +import org.libreccm.security.PermissionChecker; import org.librecms.contentsection.ContentSection; +import org.librecms.contentsection.privileges.AdminPrivileges; import java.util.ArrayList; import java.util.Collections; @@ -14,6 +16,7 @@ import java.util.Objects; import java.util.Optional; import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; import javax.inject.Named; /** @@ -24,6 +27,9 @@ import javax.inject.Named; @Named("ContentSectionModel") public class ContentSectionModel { + @Inject + private PermissionChecker permissionChecker; + private ContentSection section; private List assetFolders; @@ -63,4 +69,34 @@ public class ContentSectionModel { this.documentFolders = new ArrayList<>(documentFolders); } + public boolean getCanAdministerCategories() { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_CATEGORIES, section + ); + } + + public boolean getCanAdministerContentTypes() { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_CATEGORIES, section + ); + } + + public boolean getCanAdministerLifecycles() { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_LIFECYLES, section + ); + } + + public boolean getCanAdministerRoles() { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_ROLES, section + ); + } + + public boolean getCanAdministerWorkflows() { + return permissionChecker.isPermitted( + AdminPrivileges.ADMINISTER_WORKFLOW, section + ); + } + } diff --git a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml index db63f8efe..a3112ab58 100644 --- a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml +++ b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml @@ -39,20 +39,24 @@ #{CmsAdminMessages['contentsection.assetfolders.title']} -
  • - - - #{CmsAdminMessages['contentsection.categories.title']} - -
    • -
  • - - - #{CmsAdminMessages['contentsection.configuration.title']} - -
    • + +
  • + + + #{CmsAdminMessages['contentsection.categories.title']} + +
    • +     + +
  • + + + #{CmsAdminMessages['contentsection.configuration.title']} + +
    • +     diff --git a/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java b/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java index 0b85e7e56..9f0c819b2 100644 --- a/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java +++ b/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java @@ -1,4 +1,5 @@ /* + *3 * Copyright (C) 2021 LibreCCM Foundation. * * This library is free software; you can redistribute it and/or