sgala 02/01/28 03:25:50
Modified: src/java/org/apache/jetspeed/portal/portlets
AbstractPortlet.java NewRSSPortlet.java
VelocityPortlet.java
src/java/org/apache/jetspeed/portal/portlets/customize
CustomizePortlet.java
Log:
Clean security checks and minor things. It will require a clean build.
Revision Changes Path
1.51 +29 -57
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/AbstractPortlet.java
Index: AbstractPortlet.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/AbstractPortlet.java,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- AbstractPortlet.java 19 Jan 2002 03:51:43 -0000 1.50
+++ AbstractPortlet.java 28 Jan 2002 11:25:49 -0000 1.51
@@ -68,7 +68,6 @@
import org.apache.jetspeed.portal.PortletState;
import org.apache.jetspeed.portal.service.PersistenceService;
import org.apache.jetspeed.portal.service.ServiceFactory;
-import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.portletcache.Cacheable;
import org.apache.jetspeed.services.portletcache.GlobalCache;
import org.apache.jetspeed.services.Registry;
@@ -106,7 +105,7 @@
@author <A HREF="mailto:[EMAIL PROTECTED]";>Kevin A. Burton</A>
@author <A HREF="mailto:[EMAIL PROTECTED]";>Rapha�l Luta</A>
@author <A HREF="mailto:[EMAIL PROTECTED]";>Santiago Gala</A>
-@version $Id: AbstractPortlet.java,v 1.50 2002/01/19 03:51:43 paulsp Exp $
+@version $Id: AbstractPortlet.java,v 1.51 2002/01/28 11:25:49 sgala Exp $
*/
public abstract class AbstractPortlet implements Portlet, PortletState, Cacheable
{
@@ -383,14 +382,6 @@
CapabilityMap map,
boolean allowRecurse ) {
- if (!JetspeedSecurity.checkPermission(rundata,
- JetspeedSecurity.PERMISSION_VIEW,
- this))
- {
- return new ClearElement("Sorry, you have no permission to see this
portlet");
- }
-
-
CapabilityMap mymap = map;
if ( mymap == null ) mymap = CapabilityMapFactory.getCapabilityMap( rundata
);
@@ -564,21 +555,16 @@
*/
/**
- * Implements the default close behavior: any authenticated user may
- * remove a portlet from his page
+ * Implements the default close behavior:
+ * security permissions will be checked.
*
* @param rundata The RunData object for the current request
*/
public boolean allowClose( RunData rundata )
{
- if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
- {
- return false; //No permission if user not logged in
- }
- return (JetspeedSecurity.checkPermission(rundata,
- JetspeedSecurity.PERMISSION_CLOSE,
- this));
-
+ //Security will not allow this call to succeed if there are
+ //not enough permissions
+ return !isClosed( rundata );
}
/**
@@ -606,72 +592,55 @@
}
/**
- * Implements the default info behavior: any authenticated user may
- * get information on a portlet
+ * Implements the default info behavior:
+ * security permissions will be checked.
*
* @param rundata The RunData object for the current request
*/
public boolean allowInfo( RunData rundata )
{
- if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
- {
- return false; //No permission if user not logged in
- }
- return (JetspeedSecurity.checkPermission(rundata,
- JetspeedSecurity.PERMISSION_INFO,
- this));
+ //Security will not allow this call to succeed if there are
+ //not enough permissions
+ return true;
}
/**
- * Implements the default customize behavior: any authenticated user may
- * customize a portlet
+ * Implements the default customize behavior:
+ * security permissions will be checked.
*
* @param rundata The RunData object for the current request
*/
public boolean allowCustomize( RunData rundata )
{
- if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
- {
- return false; //No permission if user not logged in
- }
- return (JetspeedSecurity.checkPermission(rundata,
-
JetspeedSecurity.PERMISSION_CUSTOMIZE,
- this));
+ //Security will not allow this call to succeed if there are
+ //not enough permissions
+ return true;
}
/**
- * Implements the default maximize behavior: any authenticated user may
- * maximize a portlet
+ * Implements the default maximize behavior:
+ * security permissions will be checked.
*
* @param rundata The RunData object for the current request
*/
public boolean allowMaximize( RunData rundata )
{
- if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
- {
- return false; //No permission if user not logged in
- }
- return (JetspeedSecurity.checkPermission(rundata,
-
JetspeedSecurity.PERMISSION_MAXIMIZE,
- this));
+ //Security will not allow this call to succeed if there are
+ //not enough permissions
+ return true;
}
/**
- * Implements the default info behavior: any authenticated user may
- * minimize a portlet
+ * Implements the default info behavior:
+ * security permissions will be checked.
*
* @param rundata The RunData object for the current request
*/
public boolean allowMinimize( RunData rundata )
{
- if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
- {
- return false; //No permission if user not logged in
- }
- return (JetspeedSecurity.checkPermission(rundata,
-
JetspeedSecurity.PERMISSION_MINIMIZE,
- this));
-
+ //Security will not allow this call to succeed if there are
+ //not enough permissions
+ return true;
}
/**
@@ -701,6 +670,9 @@
/**
* Returns TRUE if the title bar in should be displayed. The title bar includes
* the portlet title and action buttons. This
+ *
+ * FIXME: this is used in jetspeed.vm to drive the title display, but
+ * it is *not* in any public interface as of 20020123.
*
* @param rundata The RunData object for the current request
*/
1.14 +1 -11
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java
Index: NewRSSPortlet.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- NewRSSPortlet.java 5 Dec 2001 18:47:25 -0000 1.13
+++ NewRSSPortlet.java 28 Jan 2002 11:25:50 -0000 1.14
@@ -69,8 +69,6 @@
import org.apache.jetspeed.xml.JetspeedXMLEntityResolver;
import org.apache.jetspeed.capability.*;
-import org.apache.jetspeed.services.JetspeedSecurity;
-
//turbine
import org.apache.turbine.util.*;
@@ -100,7 +98,7 @@
is only used for this mime-type</dd>
</dl>
@author <A HREF="mailto:[EMAIL PROTECTED]";>Rapha�l Luta</A>
-@version $Id: NewRSSPortlet.java,v 1.13 2001/12/05 18:47:25 sgala Exp $
+@version $Id: NewRSSPortlet.java,v 1.14 2002/01/28 11:25:50 sgala Exp $
*/
public class NewRSSPortlet extends FileWatchPortlet {
@@ -231,14 +229,6 @@
}
}
- if (!JetspeedSecurity.checkPermission(data,
- JetspeedSecurity.PERMISSION_VIEW,
- this))
- {
- return new ClearElement("Sorry, you have no permission to see this
portlet");
- }
-
-
return content;
}
1.11 +5 -9
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java
Index: VelocityPortlet.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- VelocityPortlet.java 4 Dec 2001 17:00:31 -0000 1.10
+++ VelocityPortlet.java 28 Jan 2002 11:25:50 -0000 1.11
@@ -67,6 +67,8 @@
import org.apache.jetspeed.services.TemplateLocator;
import org.apache.jetspeed.util.template.PortletTemplateLink;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.security.JetspeedSecurityService;
+
// Ecs stuff
import org.apache.ecs.ConcreteElement;
@@ -96,15 +98,6 @@
public ConcreteElement getContent( RunData rundata )
{
- //Are we allowed to see it?
- if (!JetspeedSecurity.checkPermission(rundata,
- JetspeedSecurity.PERMISSION_VIEW,
- this))
- {
- return new ClearElement("Sorry, you have no permission to see this
portlet");
- }
-
-
// create a blank context and with all the global application
// Pull Tools inside
Context context = TurbineVelocity.getContext();
@@ -112,6 +105,9 @@
context.put( "portlet", this );
context.put( "conf", this.getPortletConfig() );
context.put( "skin", this.getPortletConfig().getPortletSkin() );
+
+ //add a tool for security information to the template.
+ context.put( "security",
(JetspeedSecurityService)JetspeedSecurity.getService() );
String template = getPortletConfig().getInitParameter("template");
1.23 +19 -20
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/customize/CustomizePortlet.java
Index: CustomizePortlet.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/customize/CustomizePortlet.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- CustomizePortlet.java 17 Dec 2001 15:32:27 -0000 1.22
+++ CustomizePortlet.java 28 Jan 2002 11:25:50 -0000 1.23
@@ -145,28 +145,27 @@
{
PortletEntry portletEntry = ( PortletEntry )
entryEnumeration.nextElement( );
if ( portletEntry != null )
- // check for admin-Flag
-// if ( !portletEntry.isAdmin( ) )
- if ( JetspeedSecurity.checkPermission(data,
-
JetspeedSecurity.PERMISSION_PERSONALIZE,
- portletEntry))
- // check for hidden-Flag
- if ( !portletEntry.isHidden( ) )
- // check for application-Flag
- if ( !portletEntry.isApplication( ) )
- // check for type=abstract
- if ( !portletEntry.getType( ).equals(
PortletEntry.TYPE_ABSTRACT ) )
- {
- // if anything is ok, add the entry to the Vector
- portlets.add( portletEntry ) ;
- i++;
- }
- }
- else break;
+ //can we see it?
+ if ( JetspeedSecurity.checkPermission(data,
+
JetspeedSecurity.PERMISSION_VIEW,
+ portletEntry))
+ // check for hidden-Flag
+ if ( !portletEntry.isHidden( ) )
+ // check for application-Flag
+ if ( !portletEntry.isApplication( ) )
+ // check for type=abstract
+ if ( !portletEntry.getType( ).equals(
PortletEntry.TYPE_ABSTRACT ) )
+ {
+ // if anything is ok, add the entry to the Vector
+ portlets.add( portletEntry ) ;
+ i++;
+ }
+ }
+ else break;
}
- }
+ }
- /**
+ /**
* Has to be implemented; returns the content of the portlet
* @return org.apache.ecs.ConcreteElement - the ECS element that contains the
content
* @param data org.apache.turbine.util.RunData - the data object generated by
Turbine
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
