[HippoCMS-scm] [Git][cms-community/hippo-site-toolkit][feature/delete-channel-HSTTWO-3765] HSTTWO-3765 return 'canManageChanges' from security model instead of hardcoded

Fri, 26 Aug 2016 00:35:04 -0700 

Ard Schrijvers pushed to branch feature/delete-channel-HSTTWO-3765 at 
cms-community / hippo-site-toolkit


Commits:
5cc954bf by Ard Schrijvers at 2016-08-25T14:30:36+02:00
HSTTWO-3765 return 'canManageChanges' from security model instead of 
hardcoded

- - - - -


2 changed files:

- 
client-modules/page-composer/src/main/java/org/hippoecm/hst/pagecomposer/jaxrs/services/RootResource.java
- 
client-modules/page-composer/src/main/resources/org/hippoecm/hst/pagecomposer/SpringComponentManager-pagecomposer.xml


Changes:

=====================================
client-modules/page-composer/src/main/java/org/hippoecm/hst/pagecomposer/jaxrs/services/RootResource.java
=====================================
--- 
a/client-modules/page-composer/src/main/java/org/hippoecm/hst/pagecomposer/jaxrs/services/RootResource.java
+++ 
b/client-modules/page-composer/src/main/java/org/hippoecm/hst/pagecomposer/jaxrs/services/RootResource.java
@@ -48,11 +48,14 @@ import org.hippoecm.hst.core.jcr.RuntimeRepositoryException;
 import org.hippoecm.hst.core.request.HstRequestContext;
 import org.hippoecm.hst.pagecomposer.jaxrs.api.BeforeChannelDeleteEvent;
 import org.hippoecm.hst.pagecomposer.jaxrs.model.ChannelInfoDescription;
+import org.hippoecm.hst.pagecomposer.jaxrs.security.SecurityModel;
 import org.hippoecm.hst.pagecomposer.jaxrs.services.exceptions.ClientException;
 import org.hippoecm.hst.pagecomposer.jaxrs.util.HstConfigurationUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static 
org.hippoecm.hst.pagecomposer.jaxrs.security.SecurityModel.CHANNEL_MANAGER_ADMIN_ROLE;
+
 @Path("/rep:root/")
 public class RootResource extends AbstractConfigResource {
 
@@ -61,11 +64,16 @@ public class RootResource extends AbstractConfigResource {
     private boolean isCrossChannelPageCopySupported;
 
     private ChannelService channelService;
+    private SecurityModel securityModel;
 
     public void setChannelService(final ChannelService channelService) {
         this.channelService = channelService;
     }
 
+    public void setSecurityModel(final SecurityModel securityModel) {
+        this.securityModel = securityModel;
+    }
+
     public void setRootPath(final String rootPath) {
         this.rootPath = rootPath;
     }
@@ -200,9 +208,10 @@ public class RootResource extends AbstractConfigResource {
         session.setAttribute(ContainerConstants.COMPOSER_MODE_ATTR_NAME, 
Boolean.TRUE);
         
session.setAttribute(ContainerConstants.CMS_REQUEST_RENDERING_MOUNT_ID, 
mountId);
 
+        HstRequestContext requestContext = 
getPageComposerContextService().getRequestContext();
+
         boolean canWrite;
         try {
-            HstRequestContext requestContext = 
getPageComposerContextService().getRequestContext();
             canWrite = requestContext.getSession().hasPermission(rootPath + 
"/accesstest", Session.ACTION_SET_PROPERTY);
         } catch (RepositoryException e) {
             log.warn("Could not determine authorization", e);
@@ -211,9 +220,9 @@ public class RootResource extends AbstractConfigResource {
 
         final boolean channelDeletionSupported = 
isChannelDeletionSupported(mountId);
 
-        // TODO: test whether the user has admin privileges
         final boolean canDeleteChannel = channelDeletionSupported;
-        final boolean canManageChanges = true;
+
+        final boolean canManageChanges = 
securityModel.isUserInRule(requestContext, CHANNEL_MANAGER_ADMIN_ROLE);
 
         HandshakeResponse response = new HandshakeResponse();
         response.setCanWrite(canWrite);


=====================================
client-modules/page-composer/src/main/resources/org/hippoecm/hst/pagecomposer/SpringComponentManager-pagecomposer.xml
=====================================
--- 
a/client-modules/page-composer/src/main/resources/org/hippoecm/hst/pagecomposer/SpringComponentManager-pagecomposer.xml
+++ 
b/client-modules/page-composer/src/main/resources/org/hippoecm/hst/pagecomposer/SpringComponentManager-pagecomposer.xml
@@ -206,6 +206,7 @@
             <bean 
class="org.hippoecm.hst.pagecomposer.jaxrs.services.RootResource" 
parent="abstractConfigResource">
               <property name="rootPath" value="${hst.configuration.rootPath}"/>
               <property name="channelService" ref="channelService"/>
+              <property name="securityModel" 
ref="org.hippoecm.hst.pagecomposer.jaxrs.security.SecurityModel"/>
             </bean>
           </constructor-arg>
         </bean>



View it on GitLab: 
https://code.onehippo.org/cms-community/hippo-site-toolkit/commit/5cc954bfa85ed8d737f92f4de6b05f079b631a0e

_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn

Reply via email to