shuber 2004/10/28 15:05:54 CEST
Modified files:
core/src/conf/java JahiaEnginesResources.properties
JahiaEnginesResources_en.properties
JahiaEnginesResources_fr.properties
core/src/java/org/jahia/engines/shared Page_Field.java
Added files:
core/src/webapp/jsp/jahia/engines/shared
accessdenied_page_field.jsp
Log:
Fix for JAHIA-213 :
- If a user sets restrictive rights to a page in the "page properties" screen, the
behavior when editing the parent container has changed. We are now able to edit it but
the update container engine will display a "Access to this page has been denied"
message instead of allowing page access (this also degenerated to the case where we
could create a new page, removing the previous one, which was the problem that this
bug identified).
Revision Changes Path
1.7 +1 -0 jahia/core/src/conf/java/JahiaEnginesResources.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/conf/java/JahiaEnginesResources.properties.diff?r1=1.6&r2=1.7&f=h
1.6 +1 -0 jahia/core/src/conf/java/JahiaEnginesResources_en.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/conf/java/JahiaEnginesResources_en.properties.diff?r1=1.5&r2=1.6&f=h
1.7 +1 -0 jahia/core/src/conf/java/JahiaEnginesResources_fr.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/conf/java/JahiaEnginesResources_fr.properties.diff?r1=1.6&r2=1.7&f=h
1.10 +47 -3 jahia/core/src/java/org/jahia/engines/shared/Page_Field.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/engines/shared/Page_Field.java.diff?r1=1.9&r2=1.10&f=h
1.1 +27 -0
jahia/core/src/webapp/jsp/jahia/engines/shared/accessdenied_page_field.jsp (new)
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/jsp/jahia/engines/shared/accessdenied_page_field.jsp?rev=1.1&content-type=text/plain
Index: JahiaEnginesResources.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/conf/java/JahiaEnginesResources.properties,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- JahiaEnginesResources.properties 7 Oct 2004 13:49:14 -0000 1.6
+++ JahiaEnginesResources.properties 28 Oct 2004 13:05:53 -0000 1.7
@@ -795,6 +795,7 @@
org.jahia.engines.shared.File_Field.unknownFile.label
= Unknown file
org.jahia.engines.shared.fileNotModified.label
= The field content cannot be modified.
org.jahia.engines.shared.Float_Field.valueMustBeNumber.label
= The value must be a number
+org.jahia.engines.shared.Page_Field.accessDenied.label
= Access to
this page has been denied
org.jahia.engines.shared.Page_Field.changePageTemplate.label
= <b>Change</b> the
existing Jahia page template
org.jahia.engines.shared.Page_Field.choosePageOperations.label
= Please
choose one of the following Jahia page operations
org.jahia.engines.shared.Page_Field.multiLingualNB.label
= The page title is the only object which can be
multi-lingual
Index: JahiaEnginesResources_en.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/conf/java/JahiaEnginesResources_en.properties,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- JahiaEnginesResources_en.properties 7 Oct 2004 13:49:14 -0000 1.5
+++ JahiaEnginesResources_en.properties 28 Oct 2004 13:05:53 -0000 1.6
@@ -794,6 +794,7 @@
org.jahia.engines.shared.File_Field.unknownFile.label
= Unknown file
org.jahia.engines.shared.fileNotModified.label
= The field content cannot be modified.
org.jahia.engines.shared.Float_Field.valueMustBeNumber.label
= The value must be a number
+org.jahia.engines.shared.Page_Field.accessDenied.label
= Access to
this page has been denied
org.jahia.engines.shared.Page_Field.changePageTemplate.label
= <b>Change</b> the
existing Jahia page template
org.jahia.engines.shared.Page_Field.choosePageOperations.label
= Please
choose one of the following Jahia page operations
org.jahia.engines.shared.Page_Field.multiLingualNB.label
= The page title is the only object which can be
multi-lingual
Index: JahiaEnginesResources_fr.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/conf/java/JahiaEnginesResources_fr.properties,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- JahiaEnginesResources_fr.properties 7 Oct 2004 13:49:14 -0000 1.6
+++ JahiaEnginesResources_fr.properties 28 Oct 2004 13:05:53 -0000 1.7
@@ -458,6 +458,7 @@
org.jahia.engines.shared.File_Field.unknownFile.label
= Fichier inconnu
org.jahia.engines.shared.fileNotModified.label
= Le contenu de ce champ n'est pas modifiable
org.jahia.engines.shared.Float_Field.valueMustBeNumber.label
= La valeur doit être un nombre
+org.jahia.engines.shared.Page_Field.accessDenied.label
=
L'accès à cette page a été refusé
org.jahia.engines.shared.Page_Field.changePageTemplate.label
= <b>Modifier</b>
le chablon de la page existante
org.jahia.engines.shared.Page_Field.choosePageOperations.label
= Veuillez
choisir l'une des opérations suivantes
org.jahia.engines.shared.Page_Field.multiLingualNB.label
= Un titre de page est le seul élément pouvant
être multilingue
Index: Page_Field.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/engines/shared/Page_Field.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Page_Field.java 27 Oct 2004 13:35:16 -0000 1.9
+++ Page_Field.java 28 Oct 2004 13:05:53 -0000 1.10
@@ -84,6 +84,7 @@
public class Page_Field {
public static final String READONLY_JSP =
"/jsp/jahia/engines/shared/readonly_page_field.jsp";
+ public static final String ACCESSDENIED_JSP =
"/jsp/jahia/engines/shared/accessdenied_page_field.jsp";
public static final String CREATE_PAGE = "createPage";
// Page update consists to change templae, change title or change (if possible)
// page type.
@@ -220,6 +221,13 @@
String output = "";
if (editable) {
JahiaPageEngineTempBean pageBean = composePage(jParams, engineMap,
theField);
+ if (pageBean == null) {
+ // this can happen if we don't have the rights to the page
+ // or if the page field has a corrupted value.
+ output =
ServicesRegistry.getInstance().getJahiaFetcherService().fetchServlet( jParams,
ACCESSDENIED_JSP );
+ engineMap.put( "fieldForm", output );
+ return true;
+ }
int selectedPageID = pageBean.getPageLinkID();
if (jParams.getRequest().getParameter("shouldSetPageLinkID") != null) {
selectedPageID =
SelectPage_Engine.getInstance().getSelectedPageID(jParams.getSession());
@@ -344,6 +352,13 @@
JahiaPageEngineTempBean pageBean =
(JahiaPageEngineTempBean)pageBeans.get(theField.getDefinition().getName());
+ if (pageBean == null) {
+ // this can happen if we are processing a page field for a page
+ // that denies access to it or in the case of a page field that
+ // has a value to an invalid page ID.
+ return true;
+ }
+
String operation = jParams.getParameter("operation"); // Value from FORM
// Invalidate the last seleted page when operatin change.
if (!operation.equals(pageBean.getOperation())) {
@@ -456,7 +471,10 @@
}
if ( pageBean == null ){
- // In the case we never went to the page_field engine.
+ // In the case we never went to the page_field engine or if we
+ // are processing a field for a page we don't have access to or
+ // even in the case where the page field points to an invalid
+ // page ID.
return true;
}
@@ -743,7 +761,31 @@
if (pageBean == null) {
// First call or recall of engine.
jParams.getSession().removeAttribute(SelectPage_Engine.SESSION_PARAMS);
- if (theField.getObject() == null) { // Is it a new page ?
+ if (theField.getObject() == null) {
+ // Is it a new page ?
+
+ // Is there a valid page ID in the field value ? If yes,
+ // this could mean we are denied access to the page.
+ int testPageID = -1;
+ try {
+ testPageID = Integer.parseInt(theField.getValue());
+ } catch (NumberFormatException nfe) {
+ testPageID = -1;
+ }
+ if (testPageID > 0) {
+ ContentPage contentPage = null;
+ try {
+ contentPage = ContentPage.getPage(testPageID);
+ } catch (JahiaException je) {
+ ;
+ }
+ if (contentPage != null) {
+ // if we reach this case, the page ID is valid,
+ // which means we are dealing with a page we do
+ // not have access to.
+ return null;
+ }
+ }
logger.debug("New temp page... (theField.getObject() was null)");
boolean isLinkOnly =
theField.getValue().toLowerCase().indexOf("jahia_linkonly") != -1;
pageBean = new JahiaPageEngineTempBean(
@@ -759,7 +801,9 @@
theField.getID()); // value should be < 0 if new field.
// pageBean.setOperation(isLinkOnly ? LINK_URL : CREATE_PAGE);
pageBean.setOperation(RESET_LINK);
- } else { // We've got something in theField.object ! A page exists !
+ } else {
+ // We've got something in theField.object
+
logger.debug("Get existing field page... (We've got something in
theField.object())");
JahiaPage jahiaPage = (JahiaPage)theField.getObject();
Index: accessdenied_page_field.jsp
====================================================================
<%@ page language="java" %>
<%@ page import="org.jahia.params.*" %>
<%@ page import="org.jahia.engines.*" %>
<%@ page import="org.jahia.engines.shared.*" %>
<%@ page import="org.jahia.data.*" %>
<%@ page import="org.jahia.data.fields.*" %>
<%@ page import="org.jahia.services.pages.*" %>
<%@ page import="org.jahia.engines.shared.*" %>
<%@ page import="org.jahia.services.usermanager.*" %>
<%@ page import="org.jahia.services.acl.*" %>
<%@ page import="org.jahia.services.sites.*" %>
<%@ page import="org.jahia.exceptions.*" %>
<%@ page import="java.util.*" %>
<%@ taglib uri="JahiaLib" prefix="jahia" %>
<%
// get engine context and all data we need from it...
HashMap engineMap = (HashMap) request.getAttribute(
"org.jahia.engines.EngineHashMap" );
ParamBean jParams = (ParamBean) request.getAttribute(
"org.jahia.params.ParamBean" );
JahiaField theField = (JahiaField) engineMap.get( "theField" );
%>
<table border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td class="text" align="left" nowrap><strong><jahia:engineResourceBundle
resourceName="org.jahia.engines.shared.Page_Field.accessDenied.label"/></strong></td>
</tr>
</table>
