shared accessdenied_page_field.jsp

Serge Huber Thu, 28 Oct 2004 05:54:15 -0700

shuber      2004/10/28 14:54:13 CEST


  Modified files:        (Branch: JAHIA-4-0-BRANCH)
    src/java             JahiaEnginesResources.properties 
                         JahiaEnginesResources_en.properties 
                         JahiaEnginesResources_fr.properties 
    src/java/org/jahia/engines/shared Page_Field.java 
  Added files:           (Branch: JAHIA-4-0-BRANCH)
    src/views/jsp/jahia/engines/shared accessdenied_page_field.jsp 
  Log:
  Fix for JAHIA-213 :
  - If a user sets restrictive rights to a page in the "page properties" screen, the 
behavior when editing the parent container has changed. We are now able to edit it but 
the  update container engine will display a "Access to this page has been denied" 
message instead of allowing page access (this also degenerated to the case where we 
could create a new page, removing the previous one, which was the problem that this 
bug identified).
  
  Revision   Changes    Path
  1.58.2.5   +1 -0      jahia/src/java/JahiaEnginesResources.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaEnginesResources.properties.diff?r1=1.58.2.4&r2=1.58.2.5&f=h
  1.26.2.5   +1 -0      jahia/src/java/JahiaEnginesResources_en.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaEnginesResources_en.properties.diff?r1=1.26.2.4&r2=1.26.2.5&f=h
  1.35.2.6   +1 -0      jahia/src/java/JahiaEnginesResources_fr.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaEnginesResources_fr.properties.diff?r1=1.35.2.5&r2=1.35.2.6&f=h
  1.72.4.12  +47 -3     jahia/src/java/org/jahia/engines/shared/Page_Field.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/org/jahia/engines/shared/Page_Field.java.diff?r1=1.72.4.11&r2=1.72.4.12&f=h
  1.1.2.1    +27 -0     
jahia/src/views/jsp/jahia/engines/shared/accessdenied_page_field.jsp (new)
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/views/jsp/jahia/engines/shared/accessdenied_page_field.jsp?rev=1.1.2.1&content-type=text/plain
  
  
  
  Index: JahiaEnginesResources.properties
  ===================================================================
  RCS file: 
/home/cvs/repository/jahia/src/java/Attic/JahiaEnginesResources.properties,v
  retrieving revision 1.58.2.4
  retrieving revision 1.58.2.5
  diff -u -r1.58.2.4 -r1.58.2.5
  --- JahiaEnginesResources.properties  7 Oct 2004 13:46:11 -0000       1.58.2.4
  +++ JahiaEnginesResources.properties  28 Oct 2004 12:54:12 -0000      1.58.2.5
  @@ -789,6 +789,7 @@
   org.jahia.engines.shared.File_Field.unknownFile.label                               
                          = Unknown file
   org.jahia.engines.shared.fileNotModified.label                                      
                          = The field content cannot be modified.
   org.jahia.engines.shared.Float_Field.valueMustBeNumber.label                        
                          = The value must be a number
  +org.jahia.engines.shared.Page_Field.accessDenied.label                              
                                                                           = Access to 
this page has been denied
   org.jahia.engines.shared.Page_Field.changePageTemplate.label                        
                                                                   = <b>Change</b> the 
existing Jahia page template
   org.jahia.engines.shared.Page_Field.choosePageOperations.label                      
                                                                           = Please 
choose one of the following Jahia page operations
   org.jahia.engines.shared.Page_Field.multiLingualNB.label                            
                          = The page title is the only object which can be 
multi-lingual
  
  
  
  Index: JahiaEnginesResources_en.properties
  ===================================================================
  RCS file: 
/home/cvs/repository/jahia/src/java/Attic/JahiaEnginesResources_en.properties,v
  retrieving revision 1.26.2.4
  retrieving revision 1.26.2.5
  diff -u -r1.26.2.4 -r1.26.2.5
  --- JahiaEnginesResources_en.properties       7 Oct 2004 13:46:11 -0000       
1.26.2.4
  +++ JahiaEnginesResources_en.properties       28 Oct 2004 12:54:12 -0000      
1.26.2.5
  @@ -789,6 +789,7 @@
   org.jahia.engines.shared.File_Field.unknownFile.label                               
                          = Unknown file
   org.jahia.engines.shared.fileNotModified.label                                      
                          = The field content cannot be modified.
   org.jahia.engines.shared.Float_Field.valueMustBeNumber.label                        
                          = The value must be a number
  +org.jahia.engines.shared.Page_Field.accessDenied.label                              
                                                                           = Access to 
this page has been denied
   org.jahia.engines.shared.Page_Field.changePageTemplate.label                        
                                                                   = <b>Change</b> the 
existing Jahia page template
   org.jahia.engines.shared.Page_Field.choosePageOperations.label                      
                                                                           = Please 
choose one of the following Jahia page operations
   org.jahia.engines.shared.Page_Field.multiLingualNB.label                            
                          = The page title is the only object which can be 
multi-lingual
  
  
  
  Index: JahiaEnginesResources_fr.properties
  ===================================================================
  RCS file: 
/home/cvs/repository/jahia/src/java/Attic/JahiaEnginesResources_fr.properties,v
  retrieving revision 1.35.2.5
  retrieving revision 1.35.2.6
  diff -u -r1.35.2.5 -r1.35.2.6
  --- JahiaEnginesResources_fr.properties       7 Oct 2004 13:46:11 -0000       
1.35.2.5
  +++ JahiaEnginesResources_fr.properties       28 Oct 2004 12:54:12 -0000      
1.35.2.6
  @@ -452,6 +452,7 @@
   org.jahia.engines.shared.File_Field.unknownFile.label                               
                          = Fichier inconnu
   org.jahia.engines.shared.fileNotModified.label                                      
                          = Le contenu de ce champ n'est pas modifiable
   org.jahia.engines.shared.Float_Field.valueMustBeNumber.label                        
                          = La valeur doit &ecirc;tre un nombre
  +org.jahia.engines.shared.Page_Field.accessDenied.label                              
                                                                           = 
L'acc&egrave;s &agrave; cette page a &eacute;t&eacute; refus&eacute;
   org.jahia.engines.shared.Page_Field.changePageTemplate.label                        
                                                                   = <b>Modifier</b> 
le chablon de la page existante
   org.jahia.engines.shared.Page_Field.choosePageOperations.label                      
                                                                           = Veuillez 
choisir l'une des op&eacute;rations suivantes
   org.jahia.engines.shared.Page_Field.multiLingualNB.label                            
                          = Un titre de page est le seul &eacute;l&eacute;ment pouvant 
&ecirc;tre multilingue
  
  
  
  Index: Page_Field.java
  ===================================================================
  RCS file: 
/home/cvs/repository/jahia/src/java/org/jahia/engines/shared/Attic/Page_Field.java,v
  retrieving revision 1.72.4.11
  retrieving revision 1.72.4.12
  diff -u -r1.72.4.11 -r1.72.4.12
  --- Page_Field.java   27 Oct 2004 13:24:58 -0000      1.72.4.11
  +++ Page_Field.java   28 Oct 2004 12:54:12 -0000      1.72.4.12
  @@ -82,6 +82,7 @@
   public class Page_Field {
   
       public static final String READONLY_JSP = 
"/jsp/jahia/engines/shared/readonly_page_field.jsp";
  +    public static final String ACCESSDENIED_JSP = 
"/jsp/jahia/engines/shared/accessdenied_page_field.jsp";
       public static final String CREATE_PAGE = "createPage";
       // Page update consists to change templae, change title or change (if possible)
       // page type.
  @@ -211,6 +212,13 @@
           String output = "";
           if (editable) {
               JahiaPageEngineTempBean pageBean = composePage(jParams, engineMap, 
theField);
  +            if (pageBean == null) {
  +                // this can happen if we don't have the rights to the page
  +                // or if the page field has a corrupted value.
  +                output = 
ServicesRegistry.getInstance().getJahiaFetcherService().fetchServlet( jParams, 
ACCESSDENIED_JSP );
  +                engineMap.put( "fieldForm", output );
  +                return true;
  +            }
               int selectedPageID = pageBean.getPageLinkID();
               if (jParams.getRequest().getParameter("shouldSetPageLinkID") != null) {
                   selectedPageID = 
SelectPage_Engine.getInstance().getSelectedPageID(jParams.getSession());
  @@ -340,6 +348,13 @@
           JahiaPageEngineTempBean pageBean =
                   
(JahiaPageEngineTempBean)pageBeans.get(theField.getDefinition().getName());
   
  +        if (pageBean == null) {
  +            // this can happen if we are processing a page field for a page
  +            // that denies access to it or in the case of a page field that
  +            // has a value to an invalid page ID.
  +            return true;
  +        }
  +
           String operation = jParams.getParameter("operation"); // Value from FORM
           // Invalidate the last seleted page when operatin change.
           if (!operation.equals(pageBean.getOperation())) {
  @@ -458,7 +473,10 @@
           }
   
           if ( pageBean == null ){
  -            // In the case we never went to the page_field engine.
  +            // In the case we never went to the page_field engine or if we
  +            // are processing a field for a page we don't have access to or
  +            // even in the case where the page field points to an invalid
  +            // page ID.
               return true;
           }
   
  @@ -773,7 +791,31 @@
           if (pageBean == null) {
               // First call or recall of engine.
               jParams.getSession().removeAttribute(SelectPage_Engine.SESSION_PARAMS);
  -            if (theField.getObject() == null) { // Is it a new page ?
  +            if (theField.getObject() == null) {
  +                // Is it a new page ?
  +
  +                // Is there a valid page ID in the field value ? If yes,
  +                // this could mean we are denied access to the page.
  +                int testPageID = -1;
  +                try {
  +                    testPageID = Integer.parseInt(theField.getValue());
  +                } catch (NumberFormatException nfe) {
  +                    testPageID = -1;
  +                }
  +                if (testPageID > 0) {
  +                    ContentPage contentPage = null;
  +                    try {
  +                        contentPage = ContentPage.getPage(testPageID);
  +                    } catch (JahiaException je) {
  +                        ;
  +                    }
  +                    if (contentPage != null) {
  +                        // if we reach this case, the page ID is valid,
  +                        // which means we are dealing with a page we do
  +                        // not have access to.
  +                        return null;
  +                    }
  +                }
                   logger.debug("New temp page... (theField.getObject() was null)");
                   boolean isLinkOnly = 
theField.getValue().toLowerCase().indexOf("jahia_linkonly") != -1;
                   pageBean = new JahiaPageEngineTempBean(
  @@ -789,7 +831,9 @@
                           theField.getID()); // value should be < 0 if new field.
                   // pageBean.setOperation(isLinkOnly ? LINK_URL : CREATE_PAGE);
                   pageBean.setOperation(RESET_LINK);
  -            } else {  // We've got something in theField.object ! A page exists !
  +            } else {
  +                // We've got something in theField.object
  +
                   logger.debug("Get existing field page... (We've got something in 
theField.object())");
                   JahiaPage jahiaPage = (JahiaPage)theField.getObject();

cvs commit: jahia/src/java JahiaEnginesResources.properties JahiaEnginesResources_en.properties JahiaEnginesResources_fr.properties jahia/src/java/org/jahia/engines/shared Page_Field.java jahia/src/views/jsp/jahia/engines/shared accessdenied_page_field.jsp

Reply via email to