Some extra permission checks

Former-commit-id: 17639675976a3150f8d9f10e6d776f1f52b51e1b
2021-02-20 11:42:55 +01:00 · 2021-02-20 11:42:55 +01:00 · ddcd759c2e
parent 6effd9f73b
commit ddcd759c2e
4 changed files with 72 additions and 17 deletions
--- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java
+++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/CategoriesController.java
@ -17,8 +17,10 @@ import org.libreccm.categorization.ObjectNotAssignedToCategoryException;
 import org.libreccm.core.CcmObject;
 import org.libreccm.l10n.GlobalizationHelper;
 import org.libreccm.security.AuthorizationRequired;
 import org.libreccm.security.PermissionChecker;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.ContentSectionRepository;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
@ -73,6 +75,9 @@ public class CategoriesController {
    @Inject
    private Models models;
    @Inject
    private PermissionChecker permissionChecker;
    @GET
    @Path("/")
    @AuthorizationRequired
@ -549,7 +554,8 @@ public class CategoriesController {
    }
    @GET
-    @Path("/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}")
+    @Path(
        "/{context}/categories/{categoryPath:(.+)?}/@index-element/{indexElementUuid}")
    @AuthorizationRequired
    @Transactional(Transactional.TxType.REQUIRED)
    public String setIndexElement(
@ -940,6 +946,7 @@ public class CategoriesController {
                    .getIdentifier());
                break;
        }
        return sectionResult;
    }
@ -957,6 +964,13 @@ public class CategoriesController {
            );
        }
        final ContentSection section = sectionResult.get();
        if (permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_CATEGORIES, section
        )) {
            return RetrieveResult.failed(
                "org/librecms/ui/contentsection/access-denied.xhtml"
            );
        }
        final Optional<DomainOwnership> domainResult = section
            .getDomains()
--- a/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java
+++ b/ccm-cms/src/main/java/org/librecms/ui/contentsections/ContentSectionModel.java
@ -5,7 +5,9 @@
 */
 package org.librecms.ui.contentsections;
 import org.libreccm.security.PermissionChecker;
 import org.librecms.contentsection.ContentSection;
 import org.librecms.contentsection.privileges.AdminPrivileges;
 import java.util.ArrayList;
 import java.util.Collections;
@ -14,6 +16,7 @@ import java.util.Objects;
 import java.util.Optional;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
 /**
@ -24,6 +27,9 @@ import javax.inject.Named;
@Named("ContentSectionModel")
 public class ContentSectionModel {
    @Inject
    private PermissionChecker permissionChecker;
    private ContentSection section;
    private List<AssetFolderTreeNode> assetFolders;
@ -63,4 +69,34 @@ public class ContentSectionModel {
        this.documentFolders = new ArrayList<>(documentFolders);
    }
    public boolean getCanAdministerCategories() {
        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_CATEGORIES, section
        );
    }
    public boolean getCanAdministerContentTypes() {
        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_CATEGORIES, section
        );
    }
    public boolean getCanAdministerLifecycles() {
        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_LIFECYLES, section
        );
    }
    public boolean getCanAdministerRoles() {
        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_ROLES, section
        );
    }
    public boolean getCanAdministerWorkflows() {
        return permissionChecker.isPermitted(
            AdminPrivileges.ADMINISTER_WORKFLOW, section
        );
    }
 }
--- a/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml
+++ b/ccm-cms/src/main/resources/WEB-INF/views/org/librecms/ui/contentsection/contentsection.xhtml
@ -39,20 +39,24 @@
                                <span>#{CmsAdminMessages['contentsection.assetfolders.title']}</span>
                            </a>
                        </li>
-                        <li class="nav-item">
+                        <c:if test="#{ContentSectionModel.canAdministerCategories}">
-                            <a class="nav-link #{activePage == 'categorySystems' ? 'active' : ''}"
+                            <li class="nav-item">
-                               href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/categorysystems'>
+                                <a class="nav-link #{activePage == 'categorySystems' ? 'active' : ''}"
-                                <bootstrap:svgIcon icon="diagram-3-fill" />
+                                   href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/categorysystems'>
-                                <span>#{CmsAdminMessages['contentsection.categories.title']}</span>
+                                    <bootstrap:svgIcon icon="diagram-3-fill" />
-                            </a>
+                                    <span>#{CmsAdminMessages['contentsection.categories.title']}</span>
-                        </li>
+                                </a>
-                        <li class="nav-item">
+                            </li>
-                            <a class="nav-link #{activePage == 'configuration' ? 'active' : ''}"
+                        </c:if>
-                               href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/configuration'>
+                        <c:if test="#{ContentSectionModel.canAdministerContentTypes or ContentSectionModel.canAdministerLifecycles or ContentSectionModel.canAdministerRoles or ContentSectionModel.canAdministerWorkflows}">
-                                <bootstrap:svgIcon icon="gear-fill" />
+                            <li class="nav-item">
-                                <span>#{CmsAdminMessages['contentsection.configuration.title']}</span>
+                                <a class="nav-link #{activePage == 'configuration' ? 'active' : ''}"
-                            </a>
+                                   href='#{mvc.basePath}/#{ContentSectionModel.sectionName}/configuration'>
-                        </li>
+                                    <bootstrap:svgIcon icon="gear-fill" />
                                    <span>#{CmsAdminMessages['contentsection.configuration.title']}</span>
                                </a>
                            </li>
                        </c:if>
                    </ul>
                </div>
            </nav>
--- a/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java
+++ b/ccm-core/src/main/java/org/libreccm/ui/UserInfo.java
@ -1,4 +1,5 @@
 /*
 *3
 * Copyright (C) 2021 LibreCCM Foundation.
 *
 * This library is free software; you can redistribute it and/or