xlawrence 2005/07/15 17:23:55 CEST
Modified files:
core/src/java/org/jahia/engines EngineMessage.java
core/src/java/org/jahia/engines/rights ManageRights.java
core/src/java/org/jahia/engines/validation
ValidationError.java
core/src/java/org/jahia/services/acl JahiaBaseACL.java
Log:
integritiy checks are now also performed on sub-pages in case ACL inheritance
is cut
Revision Changes Path
1.3 +12 -3 jahia/core/src/java/org/jahia/engines/EngineMessage.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/engines/EngineMessage.java.diff?r1=1.2&r2=1.3&f=h
1.7 +172 -90
jahia/core/src/java/org/jahia/engines/rights/ManageRights.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/engines/rights/ManageRights.java.diff?r1=1.6&r2=1.7&f=h
1.4 +11 -2
jahia/core/src/java/org/jahia/engines/validation/ValidationError.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/engines/validation/ValidationError.java.diff?r1=1.3&r2=1.4&f=h
1.6 +4 -0
jahia/core/src/java/org/jahia/services/acl/JahiaBaseACL.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/services/acl/JahiaBaseACL.java.diff?r1=1.5&r2=1.6&f=h
Index: EngineMessage.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/engines/EngineMessage.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- EngineMessage.java 21 Jun 2005 14:11:37 -0000 1.2
+++ EngineMessage.java 15 Jul 2005 15:23:54 -0000 1.3
@@ -12,8 +12,8 @@
public class EngineMessage {
- private String key;
- private Object[] values;
+ private final String key;
+ private final Object[] values;
public EngineMessage () {
this (null, null);
@@ -32,11 +32,20 @@
public EngineMessage (String key, Object value1, Object value2) {
this.key = key;
- Object[] objectArray = new Object[2];
+ final Object[] objectArray = new Object[2];
objectArray[0] = value1;
objectArray[1] = value2;
this.values = objectArray;
}
+
+ public EngineMessage (String key, Object value1, Object value2, Object
value3) {
+ this.key = key;
+ final Object[] objectArray = new Object[3];
+ objectArray[0] = value1;
+ objectArray[1] = value2;
+ objectArray[2] = value3;
+ this.values = objectArray;
+ }
public EngineMessage (String key, Object[] values) {
this.key = key;
Index: ManageRights.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/engines/rights/ManageRights.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ManageRights.java 6 Jul 2005 09:44:59 -0000 1.6
+++ ManageRights.java 15 Jul 2005 15:23:54 -0000 1.7
@@ -20,12 +20,15 @@
import java.util.Iterator;
import java.util.List;
import java.util.Collection;
+import java.util.ArrayList;
+import java.util.Map;
import java.security.Principal;
import org.jahia.content.ContentObject;
import org.jahia.content.ContentPageKey;
import org.jahia.content.JahiaObject;
import org.jahia.content.ObjectKey;
import org.jahia.content.ObjectLink;
+import org.jahia.data.fields.LoadFlags;
import org.jahia.engines.JahiaEngine;
import org.jahia.engines.users.SelectUG_Engine;
import org.jahia.exceptions.JahiaException;
@@ -50,6 +53,7 @@
import org.jahia.engines.validation.EngineValidationHelper;
import org.jahia.engines.validation.ValidationError;
+import org.jahia.services.pages.JahiaPage;
/**
* <p>Title: Jahia right management</p> <p>Description: CMS Enterprise
Portal</p> <p>Copyright:
@@ -66,16 +70,15 @@
private static ManageRights instance = null;
public static final String JSP_FILE =
"/jsp/jahia/engines/rights/manage_rights.jsp";
// Contains groups which have read access to the current ACL
- private final Vector readGroups;
+ private final Set readGroups;
// Variable used to store the ACL entries submitted by the user, when a
// refresh is performed due to warnings.
private final HashMap currentAclEntries;
+ private final Set currentAclEntriesToRemove;
private int currentInheritance;
- private int currentCutRestInherit;
-
/**
* @return a single instance of the object
*/
@@ -88,17 +91,19 @@
// Don't let anyone instantiate this class
private ManageRights() {
- readGroups = new Vector();
+ readGroups = new HashSet();
currentAclEntries = new HashMap();
+ currentAclEntriesToRemove = new HashSet();
}
/**
*/
public void resetCacheVariables() {
currentAclEntries.clear();
+ currentAclEntriesToRemove.clear();
readGroups.clear();
- currentInheritance = currentCutRestInherit = 0;
- logger.debug("Cache has been emptied");
+ currentInheritance = 0;
+ logger.debug("Cache variables have been emptied");
}
/**
@@ -107,7 +112,6 @@
* @param engineMap the engine parameters stored in a HashMap
* @param aclID the ACL DB identifier from "jahia_acl" table
*
- *
* @throws JahiaException
* @throws JahiaSessionExpirationException
*
@@ -212,7 +216,11 @@
aclEntries = new HashMap();
currentInheritance = acl.getInheritance();
- currentCutRestInherit = acl.getInheritance();
+
+ final JahiaAclEntry aclEntry = new JahiaAclEntry();
+ aclEntry.setPermission(JahiaBaseACL.READ_RIGHTS,
JahiaAclEntry.ACL_YES);
+ readGroups.addAll(acl.getGroupnameListNoAdmin(aclEntry));
+ logger.debug("Loaded readGroups: " + readGroups);
// Lookup for user ACL entries and inherited ACL
final Vector userList = acl.getUsernameList(null);
@@ -221,8 +229,10 @@
final String userKey = (String) userListEnum.nextElement();
final JahiaUser user = ServicesRegistry.getInstance().
getJahiaUserManagerService().lookupUser(userKey);
- Integer[] value = {new Integer(getPermissions(user,
+ final Integer[] value = {new Integer(getPermissions(user,
new Integer(acl.getID())))};
+ logger.debug("Loaded value: "+value[0]+ " for user "+
+ user);
aclEntries.put(user, value);
}
// Look up group
@@ -232,8 +242,10 @@
final String groupKey = (String) groupListEnum.nextElement();
final JahiaGroup group = ServicesRegistry.getInstance().
getJahiaGroupManagerService().lookupGroup(groupKey);
- Integer[] value = {new Integer(getPermissions(group,
+ final Integer[] value = {new Integer(getPermissions(group,
new Integer(acl.getID())))};
+ logger.debug("Loaded value: "+value[0]+ " for group "+
+ group);
aclEntries.put(group, value);
}
currentAclEntries.putAll(aclEntries);
@@ -246,9 +258,7 @@
logger.debug("aclEntries: "+ aclEntries);
logger.debug("inheritance: "+ inheritance);
- logger.debug("cutRestInherit: "+ currentCutRestInherit);
-
- engineMap.put("cutRestInherit", new Integer(currentCutRestInherit));
+
engineMap.put("aclEntries", aclEntries);
engineMap.put("selectUsrGrp", SelectUG_Engine.getInstance().
renderLink(jParams, ""));
@@ -278,12 +288,14 @@
return 0;
}
try {
+
final JahiaAclEntry aclEntry = (p instanceof JahiaUser) ?
acl.getUserEntry((JahiaUser) p) :
acl.getGroupEntry((JahiaGroup) p);
if (aclEntry != null) {
// Look up permissions in the local ACL entry; forget the
partial inheritance.
int permissions = aclEntry.getEntryState() ;
+ logger.debug("Returning EntryState: " + permissions);
return permissions;
} else { // Look up permissions; pur inheritance
int permissions = 8;
@@ -304,6 +316,7 @@
JahiaBaseACL.ADMIN_RIGHTS) ?
4 : 0;
}
+ logger.debug("Returning inherited permissions: " +
permissions);
return permissions;
}
} catch (JahiaACLException jae) {
@@ -318,53 +331,66 @@
private boolean validate(final ProcessingContext jParams, final HashMap
engineMap,
final JahiaBaseACL theACL) throws JahiaException {
- logger.debug("Validating: "+theACL.getID());
- if (! processUserValues(jParams, engineMap, theACL)) {
- return false;
- }
-
- logger.debug("Read Groups: "+readGroups);
+ logger.debug("Validating: "+theACL.getID());
if (jParams.getParameter("ignoreWarnings") == null &&
theACL.getID() == jParams.getPage().getAclID()) {
// this means that we are updating the ACL of the page, not one
// of its content objects...
- final Set possibleFuture403 = contentObjectsPointingOnPage(
- jParams.getPageID() );
+ final Map possibleFuture403 = contentObjectsPointingOnPage(
+ jParams );
final StringBuffer buff = new StringBuffer();
if (possibleFuture403.size() > 0 ) {
try {
final EngineMessages result = new EngineMessages();
- final Iterator ite = possibleFuture403.iterator();
- while (ite.hasNext()) {
- // key = key of the BigText field (ContentFieldKey)
- final ObjectKey key = (ObjectKey)ite.next();
- final JahiaObject jahiaObject =
JahiaObject.getInstance(key);
- final ContentObject curContentObject =
(ContentObject)jahiaObject;
-
- final int pageID = (curContentObject instanceof
ContentField) ?
- ((ContentField)curContentObject).getPageID() :
-1;
-
- final Collection c =
getFieldGroupsNotHavingAccessOnPage(
- jParams.getPageID(), curContentObject);
+
+ // Keys are Integers representing the pageID
+ final Iterator keysIte =
possibleFuture403.keySet().iterator();
+
+ while (keysIte.hasNext()) {
+ final Integer pageIDObj = (Integer)keysIte.next();
+ final Set set = (Set)
possibleFuture403.get(pageIDObj);
+ // Set values are ObjectKeys
+ final Iterator ite = set.iterator();
- if (c.size() > 0) {
- final Iterator iteC = c.iterator();
+ while (ite.hasNext()) {
+ // key = key of the BigText field
(ContentFieldKey)
+ final ObjectKey key = (ObjectKey)ite.next();
+ final JahiaObject jahiaObject =
JahiaObject.getInstance(key);
+ final ContentObject curContentObject =
(ContentObject)jahiaObject;
- while (iteC.hasNext()) {
- final String groupID = (String)iteC.next();
- buff.append(groupID).append(",");
- }
+ final int pageID = (curContentObject instanceof
ContentField) ?
+ ((ContentField)curContentObject).getPageID()
: -1;
- if (buff.length() > 0) {
- buff.deleteCharAt(buff.length() - 1);
- }
+ final Collection c =
getFieldGroupsNotHavingAccessOnPage(
+ jParams.getPageID(), curContentObject);
- final EngineMessage msg = new EngineMessage(
-
"org.jahia.engines.rights.ManageRights.future403warning",
- buff.toString(),
Integer.toString(pageID));
- result.add("manageRights.future403", msg);
+ if (c.size() > 0) {
+ final Iterator iteC = c.iterator();
+
+ while (iteC.hasNext()) {
+ final String groupID =
(String)iteC.next();
+ buff.append(groupID).append(",");
+ }
+
+ if (buff.length() > 0) {
+ buff.deleteCharAt(buff.length() - 1);
+ }
+
+ final EngineMessage msg;
+ if (pageIDObj.intValue() ==
jParams.getPageID()) {
+ msg = new EngineMessage(
+
"org.jahia.engines.rights.ManageRights.future403warning",
+ buff.toString(),
Integer.toString(pageID));
+ } else {
+ msg = new EngineMessage(
+
"org.jahia.engines.rights.ManageRights.futureChild403warning",
+ buff.toString(),
Integer.toString(pageID), pageIDObj.toString());
+ }
+ result.add("manageRights.future403", msg);
+ buff.delete(0, buff.length());
+ }
}
}
@@ -403,6 +429,11 @@
}
logger.debug("Update (aclID = "+theACL.getID()+")");
+ if (! processUserValues(jParams, engineMap, theACL)) {
+ return false;
+ }
+ logger.debug("Read Groups: "+readGroups);
+
if ( validate(jParams, engineMap, theACL) ) {
engineMap.put("rightsUpdated", Boolean.TRUE);
return true;
@@ -437,22 +468,18 @@
// Check if the inheritance has to be permanently prevent or not.
logger.debug("processUserValues: "+acl.getID());
- if (jParams.getParameter("cutRestInherit") == null) {
- currentCutRestInherit = 0;
- } else {
- currentCutRestInherit = 1;
- }
-
- final String cutRestAllInherit = jParams.
- getParameter("cutRestAllInherit");
+ final String cutRestAllInherit =
jParams.getParameter("cutRestAllInherit");
+ logger.debug("cutRestAllInherit: "+ cutRestAllInherit);
if (cutRestAllInherit != null) { // Is the check box checked ?
if (acl.getInheritance() == ACLInfo.INHERITANCE) { // Has it
changed ?
+ logger.debug("currentInheritance = ACLInfo.NO_INHERITANCE");
currentInheritance = ACLInfo.NO_INHERITANCE;
}
} else {
if (acl.getInheritance() == ACLInfo.NO_INHERITANCE) { // Has the
checkbox changed ?
+ logger.debug("currentInheritance = ACLInfo.INHERITANCE");
currentInheritance = ACLInfo.INHERITANCE;
}
}
@@ -463,10 +490,7 @@
getAttribute("userNameWidth");
if (submitedACLEntries == null || submitedACLEntries[0].substring(0,
4).
equals("null")) {
- final JahiaAclEntry aclEntry = new JahiaAclEntry();
- aclEntry.setPermission(JahiaBaseACL.READ_RIGHTS,
- JahiaAclEntry.ACL_YES);
- readGroups.addAll(acl.getGroupnameListNoAdmin(aclEntry));
+ readGroups.clear();
return true;
}
@@ -474,53 +498,75 @@
if ("00000000".equals(submitedACLEntries[i].substring(0, 8))) {
logger.debug("No change to AclEntry:
"+submitedACLEntries[i]);
- if (currentAclEntries.size() == 0) {
- final JahiaAclEntry aclEntry = new JahiaAclEntry();
- aclEntry.setPermission(JahiaBaseACL.READ_RIGHTS,
- JahiaAclEntry.ACL_YES);
- final Vector v = acl.getGroupnameListNoAdmin(aclEntry);
-
- readGroups.addAll(v);
- }
-
continue; // Don't do anything if no changes to the ACL
entry.
}
// What kind of object has to be saved : user or group ?
final Object usr_grp;
final String usr_grpName;
+ final boolean isUser; // Only used for clearer log messages
logger.debug("Submited ACL entry : " + submitedACLEntries[i]);
if (submitedACLEntries[i].charAt(12 + userNameWidth.intValue())
== 'u') {
usr_grp =
ServicesRegistry.getInstance().getJahiaUserManagerService().
lookupUser(
submitedACLEntries[i].substring(
13 + userNameWidth.intValue()));
- usr_grpName = ((JahiaUser) usr_grp).getUsername();
+ usr_grpName = ((JahiaUser) usr_grp).getName();
+ isUser = true;
} else {
usr_grp =
ServicesRegistry.getInstance().getJahiaGroupManagerService().
lookupGroup(
submitedACLEntries[i].substring(
13 + userNameWidth.intValue()));
- usr_grpName = ((JahiaGroup) usr_grp).getGroupname();
+ usr_grpName = ((JahiaGroup) usr_grp).getName();
+ isUser = false;
}
// Decode the select box value parameters
final String permissions = submitedACLEntries[i].substring(8,
11);
if (submitedACLEntries[i].charAt(0) == '1') {
- logger.debug("Added ACL entry for user : " + usr_grpName);
+ if (isUser) {
+ logger.debug("Added ACL entry for user : " +
usr_grpName);
+ } else {
+ logger.debug("Added ACL entry for group : " +
usr_grpName);
+ }
setACLEntry(usr_grp, permissions, acl);
} else if (submitedACLEntries[i].charAt(11) == '%') {
- logger.debug("Cut inheritance for user : " + usr_grpName);
+ if (isUser) {
+ logger.debug("Cut inheritance for user : " +
usr_grpName);
+ } else {
+ logger.debug("Cut inheritance for group : " +
usr_grpName);
+ }
setACLEntry(usr_grp, permissions, acl);
+ currentInheritance = ACLInfo.NO_INHERITANCE;
} else if (submitedACLEntries[i].charAt(2) == '1') {
- logger.debug("Remove ACL for user : " + usr_grpName);
+ if (isUser) {
+ logger.debug("Remove ACL entry for user : " +
usr_grpName);
+ if (acl.getParent().getPermission((JahiaUser) usr_grp,
+ JahiaBaseACL.READ_RIGHTS)) {
+ readGroups.add(usr_grpName);
+ }
+ } else {
+ logger.debug("Remove ACL entry for group : " +
usr_grpName);
+ if (acl.getParent().getPermission((JahiaGroup) usr_grp,
+ JahiaBaseACL.READ_RIGHTS)) {
+ readGroups.add(usr_grpName);
+ }
+ }
+
currentAclEntries.remove(usr_grp);
-
+ currentAclEntriesToRemove.add(usr_grp);
+
} else if (submitedACLEntries[i].charAt(3) == '1') {
- logger.debug("Permissions have changed to " +
- permissions + " for user : " + usr_grpName);
+ if (isUser) {
+ logger.debug("Permissions have changed to " +
+ permissions + " for user : " + usr_grpName);
+ } else {
+ logger.debug("Permissions have changed to " +
+ permissions + " for group : " + usr_grpName);
+ }
setACLEntry(usr_grp, permissions, acl);
}
@@ -536,8 +582,11 @@
*
*/
private boolean saveACLEntries(final JahiaBaseACL acl) {
- logger.debug("currentAclEntries: "+currentAclEntries);
+ logger.debug("saveACLEntries: currentAclEntries: "+currentAclEntries
+
+ "\ncurrentAclEntriesToRemove" + currentAclEntriesToRemove +
+ "\ncurrentInheritance: " + currentInheritance);
try {
+ // Add or update all current entries
final Iterator ite = currentAclEntries.keySet().iterator();
while (ite.hasNext()) {
final Object usr_grp = ite.next();
@@ -553,11 +602,24 @@
} else {
acl.setGroupEntry((JahiaGroup) usr_grp, entry);
- }
-
- acl.setInheritance(currentInheritance);
+ }
+ }
+
+ // Don't forget to remove the local entries.
+ final Iterator ite2 = currentAclEntriesToRemove.iterator();
+ while (ite2.hasNext()) {
+ final Object usr_grp = ite2.next();
+ if (usr_grp instanceof JahiaUser) {
+ acl.removeUserEntry((JahiaUser) usr_grp);
+ } else {
+ acl.removeGroupEntry((JahiaGroup) usr_grp);
+ }
}
+
+ acl.setInheritance(currentInheritance);
+
+ resetCacheVariables();
return true;
} catch (Exception e) {
@@ -589,35 +651,57 @@
new Integer(permissions.getEntryTri())};
if (usr_grp instanceof JahiaUser) {
final JahiaUser user = (JahiaUser) usr_grp;
- name = user.getUsername();
+ name = user.getName();
currentAclEntries.put(user, value);
} else {
final JahiaGroup group = (JahiaGroup) usr_grp;
- name = group.getGroupname();
+ name = group.getName();
currentAclEntries.put(group, value);
}
if (permissions.getPermission (
JahiaBaseACL.READ_RIGHTS) == JahiaAclEntry.ACL_YES) {
if (! readGroups.contains(name)) {
- readGroups.addElement(name);
+ readGroups.add(name);
+ logger.debug("Read Group Added: " + name);
}
+ } else {
+ readGroups.remove(name);
}
logger.debug("setACLEntry: " + permissions);
}
/**
* Finds all the ContentObjects which point to the current BigText.
- * @param pageID The page nesting the BigText.
+ * @param jParams
* @return A Set of ObjectKey Objects
*/
- private Set contentObjectsPointingOnPage(final int pageID)
+ private Map contentObjectsPointingOnPage(final ProcessingContext jParams)
throws JahiaException {
+ final int pageID = jParams.getPageID();
+ final Vector childs =
ServicesRegistry.getInstance().getJahiaPageService().
+ getPageSubTree(pageID, LoadFlags.ALL, jParams);
+ final Map result = new HashMap();
+
+ goForIt(pageID, result);
+
+ if (childs.size() > 0) {
+ for (int i=0; i<childs.size(); i++) {
+ final int tmpPageID = ((JahiaPage)childs.get(i)).getID();
+ goForIt(tmpPageID, result);
+ }
+ }
+
+ logger.debug("Found: "+result+ " ContentObjects referencing this
page or its subPages");
+ return result;
+ }
+
+ private void goForIt(final int pageID, final Map result) throws
JahiaException {
final List objectLinks = ObjectLink.findByTypeAndRightObjectKey(
"hardcodedLink", new ContentPageKey(pageID));
final Iterator objectLinkIter = objectLinks.iterator();
- final Set result = new HashSet();
+ final Set set = new HashSet();
while (objectLinkIter.hasNext()) {
final ObjectLink curLink = (ObjectLink) objectLinkIter.next();
final ObjectKey objectKey = curLink.getLeftObjectKey();
@@ -625,8 +709,8 @@
final ContentObject contentObject = (ContentObject)
JahiaObject.
getInstance(objectKey);
if (contentObject != null) {
- if
(!contentObject.getActiveAndStagingEntryStates().isEmpty()) {
- result.add(objectKey);
+ if (!
contentObject.getActiveAndStagingEntryStates().isEmpty()) {
+ set.add(objectKey);
} else {
logger.debug(
"No active or staging entries found for
objectKey=" +
@@ -644,8 +728,7 @@
objectKey, cnfe);
}
}
- logger.debug("Found: "+result+ " ContentObjects referencing this
page");
- return result;
+ result.put(new Integer(pageID), set);
}
/**
@@ -694,7 +777,6 @@
}
}
}
-
return result;
}
}
Index: ValidationError.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/engines/validation/ValidationError.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ValidationError.java 11 Jul 2005 15:01:21 -0000 1.3
+++ ValidationError.java 15 Jul 2005 15:23:54 -0000 1.4
@@ -57,25 +57,29 @@
// Used to link a ValidationError to a RessourceBundle message, so we can
// easily use it in an EngineMessage.
private final String ressourceBundleProp;
+ private final String[] values;
// Disable default constructor
private ValidationError() {
this.source = null;
this.msgError = null;
this.ressourceBundleProp = null;
+ this.values = null;
}
public ValidationError(Object newSource, String newMsgError) {
this.source = newSource;
this.msgError = newMsgError;
this.ressourceBundleProp = null;
+ this.values = null;
}
public ValidationError(Object newSource, String newMsgError,
- String ressourceBundleProp) {
+ String ressourceBundleProp, String[] values) {
this.source = newSource;
this.msgError = newMsgError;
this.ressourceBundleProp = ressourceBundleProp;
+ this.values = values;
}
public Object getSource() {
@@ -90,11 +94,16 @@
return ressourceBundleProp;
}
+ public String[] getValues() {
+ return values;
+ }
+
public String toString() {
final StringBuffer buff = new StringBuffer();
buff.append(ValidationError.class.getName()).
append(": Source: " + source).
- append(", Message: " + msgError);
+ append(", Message: " + msgError).
+ append(", RessourceBundleProp: " + ressourceBundleProp);
return buff.toString();
}
}
Index: JahiaBaseACL.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/services/acl/JahiaBaseACL.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- JahiaBaseACL.java 15 Jul 2005 10:10:45 -0000 1.5
+++ JahiaBaseACL.java 15 Jul 2005 15:23:55 -0000 1.6
@@ -83,6 +83,10 @@
return 3;
}
+ public JahiaBaseACL getParent() {
+ return super.mACL.getParent().getACL();
+ }
+
/**
* Clone the current ACL.
*