Author: bpapez
Date: Thu Jan 3 14:08:23 2008
New Revision: 19452
URL: https://svndev.jahia.net/websvn/listing.php?sc=3D1&rev=3D19452&repname=
=3Djahia
Log:
JAHIA-2654: DeleteContainer_Engine: Field or subcontainer rights are not ch=
ecked
- moved the new accessRights check (via ACL) to ContenPage as it is only va=
lid in this context
- restored the old accessRights version in ContentObject
- overwrote this accessRights method in ContentField, as the ACL from Conta=
inerListProperties need to be taken
- called accessRight on the container and not only on ContentPage objects i=
n DeleteContainer_Engine
- changed the error message to also include "Content objects" and not only =
pages
Modified:
trunk/core/src/conf/java/JahiaEnginesResources.properties
trunk/core/src/conf/java/JahiaEnginesResources_de.properties
trunk/core/src/conf/java/JahiaEnginesResources_en.properties
trunk/core/src/java/org/jahia/content/ContentObject.java
trunk/core/src/java/org/jahia/engines/deletecontainer/DeleteContainer_E=
ngine.java
trunk/core/src/java/org/jahia/services/fields/ContentField.java
trunk/core/src/java/org/jahia/services/pages/ContentPage.java
Modified: trunk/core/src/conf/java/JahiaEnginesResources.properties
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/conf/j=
ava/JahiaEnginesResources.properties&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/conf/java/JahiaEnginesResources.properties (original)
+++ trunk/core/src/conf/java/JahiaEnginesResources.properties Thu Jan 3 14=
:08:23 2008
@@ -644,7 +644,7 @@
org.jahia.engines.deletecontainer.DeleteContainer_Engine.subType.label =3D=
Sub-type
org.jahia.engines.deletecontainer.DeleteContainer_Engine.title.label =3D T=
itle
org.jahia.engines.deletecontainer.DeleteContainer_Engine.type.label =3D Ty=
pe
-org.jahia.engines.deletecontainer.errorMessage =3D You can not delete this=
content object because you do not have rights on all the subtree pages.
+org.jahia.engines.deletecontainer.errorMessage =3D You can not delete this=
content object because you do not have rights on all the pages or content =
objects in the subtree.
org.jahia.engines.EngineRenderer.alertAlreadySubmittedForm.label =3D You h=
ave already submitted this form.
org.jahia.engines.EngineRenderer.alertPleaseWaitSubmittingForm.label =3D P=
lease wait while submitting form...
org.jahia.engines.EngineRenderer.pleaseWaitTeleportingFlam.label =3D Pleas=
e wait while teleporting the Captain Flam...
Modified: trunk/core/src/conf/java/JahiaEnginesResources_de.properties
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/conf/j=
ava/JahiaEnginesResources_de.properties&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/conf/java/JahiaEnginesResources_de.properties (original)
+++ trunk/core/src/conf/java/JahiaEnginesResources_de.properties Thu Jan 3=
14:08:23 2008
@@ -643,7 +643,7 @@
org.jahia.engines.deletecontainer.DeleteContainer_Engine.subType.label =3D=
Untertyp
org.jahia.engines.deletecontainer.DeleteContainer_Engine.title.label =3D T=
itel
org.jahia.engines.deletecontainer.DeleteContainer_Engine.type.label =3D Typ
-org.jahia.engines.deletecontainer.errorMessage =3D Sie k\u00F6nnen dieses =
Content Objekt nicht l\u00F6schen, da Sie keine Rechte f\u00FCr alle unterg=
eordneten Seiten haben.
+org.jahia.engines.deletecontainer.errorMessage =3D Sie k\u00F6nnen dieses =
Content Objekt nicht l\u00F6schen, da Sie keine Rechte f\u00FCr alle unterg=
eordneten Seiten oder Content Objekte haben.
org.jahia.engines.EngineRenderer.alertAlreadySubmittedForm.label =3D Sie h=
aben dieses Formular bereits abgeschickt.
org.jahia.engines.EngineRenderer.alertPleaseWaitSubmittingForm.label =3D B=
itte warten Sie. Das Formular wird abgeschickt...
org.jahia.engines.EngineRenderer.pleaseWaitTeleportingFlam.label =3D Bitte=
warten Sie. Der Vorgang wird ausgef\u00FChrt ...
Modified: trunk/core/src/conf/java/JahiaEnginesResources_en.properties
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/conf/j=
ava/JahiaEnginesResources_en.properties&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/conf/java/JahiaEnginesResources_en.properties (original)
+++ trunk/core/src/conf/java/JahiaEnginesResources_en.properties Thu Jan 3=
14:08:23 2008
@@ -643,7 +643,7 @@
org.jahia.engines.deletecontainer.DeleteContainer_Engine.subType.label =3D=
Sub-type
org.jahia.engines.deletecontainer.DeleteContainer_Engine.title.label =3D T=
itle
org.jahia.engines.deletecontainer.DeleteContainer_Engine.type.label =3D Ty=
pe
-org.jahia.engines.deletecontainer.errorMessage =3D You can not delete this=
content object because you do not have rights on all the subtree pages.
+org.jahia.engines.deletecontainer.errorMessage =3D You can not delete this=
content object because you do not have rights on all the pages or content =
objects in the subtree.
org.jahia.engines.EngineRenderer.alertAlreadySubmittedForm.label =3D You h=
ave already submitted this form.
org.jahia.engines.EngineRenderer.alertPleaseWaitSubmittingForm.label =3D P=
lease wait while submitting form...
org.jahia.engines.EngineRenderer.pleaseWaitTeleportingFlam.label =3D Pleas=
e wait while teleporting the Captain Flam...
Modified: trunk/core/src/java/org/jahia/content/ContentObject.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/content/ContentObject.java&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/content/ContentObject.java (original)
+++ trunk/core/src/java/org/jahia/content/ContentObject.java Thu Jan 3 14:=
08:23 2008
@@ -19,7 +19,6 @@
=
import org.jahia.bin.Jahia;
import org.jahia.content.events.ContentActivationEvent;
-import org.jahia.data.containers.JahiaContainerStructure;
import org.jahia.data.fields.JahiaField;
import org.jahia.data.fields.LoadFlags;
import org.jahia.engines.EngineMessage;
@@ -30,12 +29,9 @@
import org.jahia.params.ProcessingContext;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.acl.JahiaBaseACL;
-import org.jahia.services.containers.JahiaContainersService;
import org.jahia.services.fields.ContentField;
import org.jahia.services.fields.ContentFieldTools;
import org.jahia.services.pages.ContentPage;
-import org.jahia.services.pages.JahiaPage;
-import org.jahia.services.pages.JahiaPageContentRights;
import org.jahia.services.pages.JahiaPageService;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.sites.SiteLanguageSettings;
@@ -46,7 +42,6 @@
import org.jahia.services.workflow.WorkflowService;
import org.jahia.services.workflow.ExternalWorkflow;
import org.apache.commons.lang.StringUtils;
-import org.apache.jetspeed.search.SearchResults;
=
import java.util.*;
import java.text.DateFormat;
@@ -800,153 +795,24 @@
* @return Return true if the user has the specified access to the spe=
cified
* object, or false in any other case.
*/
- public boolean checkAccess(JahiaUser user, int permission,
- boolean checkChilds, boolean forceChildRights) {
- boolean allowed =3D true;
- boolean allPositive =3D true;
+ public boolean checkAccess(JahiaUser user, int permission, boolean che=
ckChilds,boolean forceChildRights) {
+ boolean result =3D false;
try {
JahiaBaseACL acl =3D getACL();
- allowed =3D acl.getPermission(user, permission);
- if (allowed && forceChildRights) {
- Map deniedAclTree =3D new HashMap();
- allPositive =3D checkAllChildPermissionsPositive(user,
- permission, acl.getID(), deniedAclTree);
- if (!allPositive) {
- Set allAclIDs =3D new HashSet();
- allAclIDs.add(acl.getACL().getId());
- Set deniedAclIDs =3D new HashSet();
- getAllAclIdsFromMap(deniedAclTree, allAclIDs, deniedAc=
lIDs);
-
- Map children =3D convertPageListToMap(ServicesRegistry
- .getInstance().getJahiaPageService()
- .getPageIDsWithAclIDs(allAclIDs));
- JahiaPageContentRights pageRights =3D (JahiaPageConten=
tRights) children
- .get(new Integer(getPageID()));
- if (deniedAclIDs.contains(pageRights.getAclID())) {
- allowed =3D false;
- } else {
- allowed =3D isNegativeAclInPageTree(children, page=
Rights,
- deniedAclIDs);
- if (allowed) {
- allowed =3D isNegativeAclInListsOrContainersOr=
Fields(children, pageRights, deniedAclIDs);
- }
- }
+ result =3D acl.getPermission (user, permission);
+ if (result && forceChildRights) {
+ List childs =3D getChilds(user, Jahia.getThreadParamBean()=
.getEntryLoadRequest());
+ for (int i =3D 0; i < childs.size() && result; i++) {
+ ContentObject contentObject =3D (ContentObject) childs=
.get(i);
+ result =3D contentObject.checkAccess(user, permission,=
checkChilds, forceChildRights);
}
}
} catch (JahiaException ex) {
logger.debug("Cannot load ACL ID " + getAclID(), ex);
}
- return allowed;
- }
- =
- private boolean isNegativeAclInPageTree(Map children,
- JahiaPageContentRights currentPage, Set deniedAclIDs) {
- boolean allowed =3D true;
- for (Iterator it =3D currentPage.getChildrenPages().iterator(); it=
.hasNext()
- && allowed;) {
- Integer pageID =3D (Integer) it.next();
- JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
children
- .get(pageID);
- if (deniedAclIDs.contains(pageRights.getAclID())) {
- allowed =3D false;
- } else {
- allowed =3D isNegativeAclInPageTree(children, pageRights,
- deniedAclIDs);
- }
- }
- return allowed;
- }
- =
- private boolean isNegativeAclInListsOrContainersOrFields(Map children,
- JahiaPageContentRights currentPage, Set deniedAclIDs) {
- Set pageIDs =3D getAllPageIdsFromTree(children, currentPage,
- new HashSet());
- JahiaContainersService containerService =3D ServicesRegistry
- .getInstance().getJahiaContainersService();
- boolean allowed =3D containerService
- .getContainerListIDsOnPagesHavingAcls(pageIDs, deniedAclID=
s)
- .isEmpty();
- if (allowed) {
- allowed =3D containerService
- .getContainerIDsOnPagesHavingAcls(pageIDs, deniedAclID=
s)
- .isEmpty();
- }
- if (allowed) {
- allowed =3D ServicesRegistry.getInstance().getJahiaFieldServic=
e()
- .getFieldIDsOnPagesHavingAcls(pageIDs, deniedAclIDs)
- .isEmpty();
- }
- return allowed;
- } =
- =
- private Set getAllPageIdsFromTree(Map children,
- JahiaPageContentRights currentPage, Set pageIDs){
- pageIDs.add(currentPage.getPageID());
- =
- for (Iterator it =3D currentPage.getChildrenPages().iterator(); it=
.hasNext();) {
- Integer pageId =3D (Integer) it.next();
- JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
children.get(pageId);
- getAllPageIdsFromTree(children, pageRights, pageIDs);
- } =
- return pageIDs;
- }
- =
- private Map convertPageListToMap(List pages) {
- Map pageMap =3D new HashMap(pages.size());
- for (Iterator it =3D pages.iterator(); it.hasNext();) {
- JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
it
- .next();
- pageMap.put(pageRights.getPageID(), pageRights);
- }
- for (Iterator it =3D pages.iterator(); it.hasNext();) {
- JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
it
- .next();
- JahiaPageContentRights parentPageRights =3D (JahiaPageContentR=
ights) pageMap
- .get(pageRights.getParentPageID());
- if (parentPageRights !=3D null) {
- parentPageRights.getChildrenPages().add(pageRights.getPage=
ID());
- }
- }
- return pageMap;
- }
-
- private void getAllAclIdsFromMap(Map deniedAclTree, Set allAclIds,
- Set deniedAclIds) {
-
- allAclIds.addAll(deniedAclTree.keySet());
- for (Iterator it =3D deniedAclTree.entrySet().iterator(); it.hasNe=
xt();) {
- Map.Entry entry =3D (Map.Entry) it.next();
- if (entry.getValue() =3D=3D null) {
- deniedAclIds.add(entry.getKey());
- } else {
- getAllAclIdsFromMap((Map) entry.getValue(), allAclIds,
- deniedAclIds);
- }
- }
+ return result;
}
=
- private boolean checkAllChildPermissionsPositive(JahiaUser user,
- int permission, int parentAclId, Map deniedAclTree) {
- boolean allowed =3D true;
- List children =3D ServicesRegistry.getInstance()
- .getJahiaACLManagerService().getChildAcls(parentAclId);
- for (Iterator it =3D children.iterator(); it.hasNext();) {
- JahiaAcl childAcl =3D (JahiaAcl) it.next();
- boolean childAllowed =3D childAcl.getPermission(user, permissi=
on);
- Map deniedChildrenAclTree =3D null;
- if (childAllowed) {
- deniedChildrenAclTree =3D new HashMap();
- childAllowed =3D checkAllChildPermissionsPositive(user, permi=
ssion,
- childAcl.getAclID(), deniedChildrenAclTree);
- }
- if (!childAllowed) {
- allowed =3D false;
- deniedAclTree.put(childAcl.getId(), deniedChildrenAclTree);
- }
- }
- =
- return allowed;
- }
/**
* This method is used to determine if all the active entries of this
* field will be deleted once this object is activated.
Modified: trunk/core/src/java/org/jahia/engines/deletecontainer/DeleteConta=
iner_Engine.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/engines/deletecontainer/DeleteContainer_Engine.java&rev=3D19452&re=
pname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/engines/deletecontainer/DeleteContainer_E=
ngine.java (original)
+++ trunk/core/src/java/org/jahia/engines/deletecontainer/DeleteContainer_E=
ngine.java Thu Jan 3 14:08:23 2008
@@ -42,7 +42,6 @@
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.acl.JahiaBaseACL;
import org.jahia.services.cache.HtmlCache;
-import org.jahia.services.containers.ContainerFactoryProxy;
import org.jahia.services.containers.ContentContainer;
import org.jahia.services.fields.ContentField;
import org.jahia.services.lock.LockKey;
@@ -524,27 +523,10 @@
=
private boolean checkContainerAccessRights(JahiaContainer theContainer=
, int pageDefID,
Set objectKeysPointingToDeletedContent, ProcessingContext jPar=
ams, HashMap engineMap) throws JahiaException {
- boolean allowed =3D true;
- JahiaContainer currentContainer =3D (JahiaContainer) engineMap.get=
("theContainer");
- if (currentContainer !=3D null && currentContainer.getID() =3D=3D =
theContainer.getID()) {
- ContainerFactoryProxy cFactory =3D new ContainerFactoryProxy(C=
ontainerFactoryProxy.LOAD_SUBCONTAINER_LISTS,
- jParams, jParams.getEntryLoadRequest(), null, null, nu=
ll);
- theContainer.setFactoryProxy(cFactory);
- }
- Enumeration containerLists =3D theContainer.getContainerLists();
- while (allowed && containerLists.hasMoreElements()) {
- JahiaContainerList theList =3D (JahiaContainerList) containerL=
ists.nextElement();
- Enumeration subContainers =3D theList.getContainers();
- while (allowed && subContainers.hasMoreElements()) {
- JahiaContainer subContainer =3D (JahiaContainer) subContai=
ners.nextElement();
- if (subContainer !=3D null) {
- allowed =3D checkContainerAccessRights(subContainer, p=
ageDefID, objectKeysPointingToDeletedContent,
- jParams, engineMap);
- }
- }
- }
-
- if (allowed) {
+ boolean allowed =3D theContainer.getContentContainer().checkWriteA=
ccess(jParams.getUser(), true, true);
+ if (!allowed) {
+ engineMap.put("errorMessage", Boolean.TRUE);
+ } else {
Enumeration theFields =3D theContainer.getFields();
=
while (allowed && theFields.hasMoreElements()) {
@@ -556,12 +538,6 @@
if (fieldType =3D=3D FieldTypes.PAGE) {
JahiaPage thePage =3D (JahiaPage) theField.getObject();
if (thePage !=3D null) {
- if (!thePage.getContentPage().checkWriteAccess(jPa=
rams.getUser(), true, true)) {
- engineMap.put("errorMessage", Boolean.TRUE);
- allowed =3D false;
- break;
- }
-
objectKeysPointingToDeletedContent.addAll(contentO=
bjectPointingOnPage(thePage.getID()));
=
Set deletedPageIDs =3D pageService.getUncheckedPag=
eSubTreeIDs(thePage.getID(), true,
@@ -598,7 +574,6 @@
}
}
}
-
}
return allowed;
}
Modified: trunk/core/src/java/org/jahia/services/fields/ContentField.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/services/fields/ContentField.java&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/services/fields/ContentField.java (origin=
al)
+++ trunk/core/src/java/org/jahia/services/fields/ContentField.java Thu Jan=
3 14:08:23 2008
@@ -2085,6 +2085,33 @@
}
return super.checkAccess(user, permission,false);
}
+ =
+ /**
+ * Check if the user has a specified access to the specified content o=
bject.
+ * @param user Reference to the user.
+ * @param permission One of READ_RIGHTS, WRITE_RIGHTS or ADMIN_RIGHTS =
permission
+ * flag.
+ * @return Return true if the user has the specified access to the spe=
cified
+ * object, or false in any other case.
+ */
+ public boolean checkAccess(JahiaUser user, int permission, boolean che=
ckChilds,boolean forceChildRights) {
+ boolean result =3D false;
+ try {
+ result =3D checkAccess(user, permission, false);
+ =
+ if (result && forceChildRights) {
+ List childs =3D getChilds(user, Jahia.getThreadParamBean()=
.getEntryLoadRequest());
+ for (int i =3D 0; i < childs.size() && result; i++) {
+ ContentObject contentObject =3D (ContentObject) childs=
.get(i);
+ result =3D contentObject.checkAccess(user, permission,=
checkChilds,forceChildRights);
+ }
+ }
+ } catch (JahiaException ex) {
+ logger.debug("Cannot load ACL ID " + getAclID(), ex);
+ }
+ return result;
+ }
+ =
=
public String getPagePathString(ProcessingContext context,
boolean ignoreMetadata) {
Modified: trunk/core/src/java/org/jahia/services/pages/ContentPage.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/services/pages/ContentPage.java&rev=3D19452&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/services/pages/ContentPage.java (original)
+++ trunk/core/src/java/org/jahia/services/pages/ContentPage.java Thu Jan =
3 14:08:23 2008
@@ -31,6 +31,7 @@
import org.jahia.exceptions.JahiaPageNotFoundException;
import org.jahia.exceptions.JahiaTemplateNotFoundException;
import org.jahia.hibernate.manager.*;
+import org.jahia.hibernate.model.JahiaAcl;
import org.jahia.params.ParamBean;
import org.jahia.params.ProcessingContext;
import org.jahia.registries.ServicesRegistry;
@@ -40,6 +41,7 @@
import org.jahia.services.cache.HtmlCache;
import org.jahia.services.containers.ContentContainer;
import org.jahia.services.containers.ContentContainerList;
+import org.jahia.services.containers.JahiaContainersService;
import org.jahia.services.events.JahiaEventGeneratorBaseService;
import org.jahia.services.fields.ContentField;
import org.jahia.services.fields.ContentPageField;
@@ -226,6 +228,163 @@
=
return checkAccess(theUser, JahiaBaseACL.READ_RIGHTS,false);
}
+ =
+ /**
+ * Check if the user has a specified access to the specified content o=
bject.
+ * @param user Reference to the user.
+ * @param permission One of READ_RIGHTS, WRITE_RIGHTS or ADMIN_RIGHTS =
permission
+ * flag.
+ * @return Return true if the user has the specified access to the spe=
cified
+ * object, or false in any other case.
+ */
+ public boolean checkAccess(JahiaUser user, int permission,
+ boolean checkChilds, boolean forceChildRights) {
+ boolean allowed =3D true;
+ boolean allPositive =3D true;
+ try {
+ JahiaBaseACL acl =3D getACL();
+ allowed =3D acl.getPermission(user, permission);
+ if (allowed && forceChildRights) {
+ Map deniedAclTree =3D new HashMap();
+ allPositive =3D checkAllChildPermissionsPositive(user,
+ permission, acl.getID(), deniedAclTree);
+ if (!allPositive) {
+ Set allAclIDs =3D new HashSet();
+ allAclIDs.add(acl.getACL().getId());
+ Set deniedAclIDs =3D new HashSet();
+ getAllAclIdsFromMap(deniedAclTree, allAclIDs, deniedAc=
lIDs);
+
+ Map children =3D convertPageListToMap(ServicesRegistry
+ .getInstance().getJahiaPageService()
+ .getPageIDsWithAclIDs(allAclIDs));
+ JahiaPageContentRights pageRights =3D (JahiaPageConten=
tRights) children
+ .get(new Integer(getPageID()));
+ if (deniedAclIDs.contains(pageRights.getAclID())) {
+ allowed =3D false;
+ } else {
+ allowed =3D isNegativeAclInPageTree(children, page=
Rights,
+ deniedAclIDs);
+ if (allowed) {
+ allowed =3D isNegativeAclInListsOrContainersOr=
Fields(children, pageRights, deniedAclIDs);
+ }
+ }
+ }
+ }
+ } catch (JahiaException ex) {
+ logger.debug("Cannot load ACL ID " + getAclID(), ex);
+ }
+ return allowed;
+ }
+ =
+ private boolean isNegativeAclInPageTree(Map children,
+ JahiaPageContentRights currentPage, Set deniedAclIDs) {
+ boolean allowed =3D true;
+ for (Iterator it =3D currentPage.getChildrenPages().iterator(); it=
.hasNext()
+ && allowed;) {
+ Integer pageID =3D (Integer) it.next();
+ JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
children
+ .get(pageID);
+ if (deniedAclIDs.contains(pageRights.getAclID())) {
+ allowed =3D false;
+ } else {
+ allowed =3D isNegativeAclInPageTree(children, pageRights,
+ deniedAclIDs);
+ }
+ }
+ return allowed;
+ }
+ =
+ private boolean isNegativeAclInListsOrContainersOrFields(Map children,
+ JahiaPageContentRights currentPage, Set deniedAclIDs) {
+ Set pageIDs =3D getAllPageIdsFromTree(children, currentPage,
+ new HashSet());
+ JahiaContainersService containerService =3D ServicesRegistry
+ .getInstance().getJahiaContainersService();
+ boolean allowed =3D containerService
+ .getContainerListIDsOnPagesHavingAcls(pageIDs, deniedAclID=
s)
+ .isEmpty();
+ if (allowed) {
+ allowed =3D containerService
+ .getContainerIDsOnPagesHavingAcls(pageIDs, deniedAclID=
s)
+ .isEmpty();
+ }
+ if (allowed) {
+ allowed =3D ServicesRegistry.getInstance().getJahiaFieldServic=
e()
+ .getFieldIDsOnPagesHavingAcls(pageIDs, deniedAclIDs)
+ .isEmpty();
+ }
+ return allowed;
+ } =
+ =
+ private Set getAllPageIdsFromTree(Map children,
+ JahiaPageContentRights currentPage, Set pageIDs){
+ pageIDs.add(currentPage.getPageID());
+ =
+ for (Iterator it =3D currentPage.getChildrenPages().iterator(); it=
.hasNext();) {
+ Integer pageId =3D (Integer) it.next();
+ JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
children.get(pageId);
+ getAllPageIdsFromTree(children, pageRights, pageIDs);
+ } =
+ return pageIDs;
+ }
+ =
+ private Map convertPageListToMap(List pages) {
+ Map pageMap =3D new HashMap(pages.size());
+ for (Iterator it =3D pages.iterator(); it.hasNext();) {
+ JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
it
+ .next();
+ pageMap.put(pageRights.getPageID(), pageRights);
+ }
+ for (Iterator it =3D pages.iterator(); it.hasNext();) {
+ JahiaPageContentRights pageRights =3D (JahiaPageContentRights)=
it
+ .next();
+ JahiaPageContentRights parentPageRights =3D (JahiaPageContentR=
ights) pageMap
+ .get(pageRights.getParentPageID());
+ if (parentPageRights !=3D null) {
+ parentPageRights.getChildrenPages().add(pageRights.getPage=
ID());
+ }
+ }
+ return pageMap;
+ }
+
+ private void getAllAclIdsFromMap(Map deniedAclTree, Set allAclIds,
+ Set deniedAclIds) {
+
+ allAclIds.addAll(deniedAclTree.keySet());
+ for (Iterator it =3D deniedAclTree.entrySet().iterator(); it.hasNe=
xt();) {
+ Map.Entry entry =3D (Map.Entry) it.next();
+ if (entry.getValue() =3D=3D null) {
+ deniedAclIds.add(entry.getKey());
+ } else {
+ getAllAclIdsFromMap((Map) entry.getValue(), allAclIds,
+ deniedAclIds);
+ }
+ }
+ }
+ =
+ private boolean checkAllChildPermissionsPositive(JahiaUser user,
+ int permission, int parentAclId, Map deniedAclTree) {
+ boolean allowed =3D true;
+ List children =3D ServicesRegistry.getInstance()
+ .getJahiaACLManagerService().getChildAcls(parentAclId);
+ for (Iterator it =3D children.iterator(); it.hasNext();) {
+ JahiaAcl childAcl =3D (JahiaAcl) it.next();
+ boolean childAllowed =3D childAcl.getPermission(user, permissi=
on);
+ Map deniedChildrenAclTree =3D null;
+ if (childAllowed) {
+ deniedChildrenAclTree =3D new HashMap();
+ childAllowed =3D checkAllChildPermissionsPositive(user, pe=
rmission,
+ childAcl.getAclID(), deniedChildrenAclTree);
+ }
+ if (!childAllowed) {
+ allowed =3D false;
+ deniedAclTree.put(childAcl.getId(), deniedChildrenAclTree);
+ }
+ }
+ =
+ return allowed;
+ }
+ =
=
public void setACL(JahiaBaseACL mACL) {
try {
_______________________________________________
cvs_list mailing list
[email protected]
http://lists.jahia.org/cgi-bin/mailman/listinfo/cvs_list
