paulsp 2002/08/25 12:52:08
Modified: src/java/org/apache/jetspeed/portal BasePortletSet.java
src/java/org/apache/jetspeed/portal/controls
VelocityPortletSetControl.java
src/java/org/apache/jetspeed/portal/security/portlets
PortletWrapper.java
Log:
o Use checkPermission(JetspeedUser, PortalResource, action)
o Set the owner in PortalResource
Revision Changes Path
1.26 +28 -13
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/BasePortletSet.java
Index: BasePortletSet.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/BasePortletSet.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- BasePortletSet.java 15 Aug 2002 02:17:53 -0000 1.25
+++ BasePortletSet.java 25 Aug 2002 19:52:07 -0000 1.26
@@ -61,20 +61,22 @@
//Jetspeed stuff
import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.services.persistence.PersistenceManager;
+import org.apache.jetspeed.services.persistence.PortalPersistenceException;
+import org.apache.jetspeed.services.portletcache.Cacheable;
+import org.apache.jetspeed.services.resources.JetspeedResources;
+import org.apache.jetspeed.services.rundata.JetspeedRunData;
+import org.apache.jetspeed.services.security.PortalResource;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.util.template.JetspeedLink;
+import org.apache.jetspeed.util.template.JetspeedLinkFactory;
import org.apache.jetspeed.util.MetaData;
import org.apache.jetspeed.util.MimeType;
-import org.apache.turbine.services.localization.Localization;
-
-import org.apache.jetspeed.services.persistence.PersistenceManager;
-import org.apache.jetspeed.services.persistence.PortalPersistenceException;
//turbine stuff
+import org.apache.turbine.services.localization.Localization;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
-import org.apache.jetspeed.services.resources.JetspeedResources;
-import org.apache.jetspeed.services.rundata.JetspeedRunData;
-import org.apache.jetspeed.services.portletcache.Cacheable;
//ECS stuff
import org.apache.ecs.ConcreteElement;
@@ -319,12 +321,25 @@
public ConcreteElement getContent(RunData rundata)
{
ConcreteElement content = null;
- PortletController controller = getController();
+ PortletController controller = getController();
+ PortalResource portalResource = new PortalResource(this);
+
+ try
+ {
+ JetspeedLink jsLink = JetspeedLinkFactory.getInstance(rundata);
+ portalResource.setOwner(jsLink.getUserName());
+ JetspeedLinkFactory.putInstance(jsLink);
+ }
+ catch (Exception e)
+ {
+ Log.warn(e.toString());
+ portalResource.setOwner(null);
+ }
- if(!JetspeedSecurity.checkPermission((JetspeedRunData) rundata,
- JetspeedSecurity.PERMISSION_VIEW, this))
+ if(!JetspeedSecurity.checkPermission((JetspeedUser) rundata.getUser(),
+ portalResource, JetspeedSecurity.PERMISSION_VIEW))
{
- Log.debug("Unauthorized access by user
\""+rundata.getUser().getUserName()+"+\"");
+ Log.debug("Unauthorized access by user \"" +
rundata.getUser().getUserName() + "\"");
// Clear any portlets that exist in this set
if(this.portlets != null)
{
@@ -334,7 +349,7 @@
}
else
{
- Log.debug("User \""+rundata.getUser().getUserName()+" is authorized to
portlet set "+getID());
+ Log.debug("User \"" + rundata.getUser().getUserName() + "\" is
authorized to portlet set " + getID());
}
if ( controller == null )
1.10 +21 -4
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/controls/VelocityPortletSetControl.java
Index: VelocityPortletSetControl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/controls/VelocityPortletSetControl.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- VelocityPortletSetControl.java 20 Jul 2002 05:03:57 -0000 1.9
+++ VelocityPortletSetControl.java 25 Aug 2002 19:52:08 -0000 1.10
@@ -57,15 +57,19 @@
// Turbine stuff
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.DynamicURI;
// Jetspeed stuff
+import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.portal.PortletSet;
import org.apache.jetspeed.portal.PortletState;
import org.apache.jetspeed.portal.PanedPortletController;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
-import org.apache.turbine.util.DynamicURI;
+import org.apache.jetspeed.services.security.PortalResource;
+import org.apache.jetspeed.util.template.JetspeedLink;
+import org.apache.jetspeed.util.template.JetspeedLinkFactory;
// Velocity Stuff
import org.apache.velocity.context.Context;
@@ -129,9 +133,22 @@
for ( Enumeration en = portlets.getPortlets(); en.hasMoreElements();
count++ )
{
Portlet p = (Portlet)en.nextElement();
- // STW Secure the tabs
+ PortalResource portalResource = new PortalResource(p);
+
+ // Secure the tabs
+ try
+ {
+ JetspeedLink jsLink = JetspeedLinkFactory.getInstance(rundata);
+ portalResource.setOwner(jsLink.getUserName());
+ JetspeedLinkFactory.putInstance(jsLink);
+ }
+ catch (Exception e)
+ {
+ Log.warn(e.toString());
+ portalResource.setOwner(null);
+ }
JetspeedRunData jdata = (JetspeedRunData)rundata;
- boolean hasView = JetspeedSecurity.checkPermission(jdata,
JetspeedSecurity.PERMISSION_VIEW, p);
+ boolean hasView = JetspeedSecurity.checkPermission((JetspeedUser)
jdata.getUser(), portalResource, JetspeedSecurity.PERMISSION_VIEW);
if(!hasView)
{
continue;
1.9 +23 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/PortletWrapper.java
Index: PortletWrapper.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/PortletWrapper.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- PortletWrapper.java 24 Jul 2002 03:21:18 -0000 1.8
+++ PortletWrapper.java 25 Aug 2002 19:52:08 -0000 1.9
@@ -65,7 +65,11 @@
import org.apache.jetspeed.services.portletcache.Cacheable;
+import org.apache.jetspeed.services.security.PortalResource;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.util.template.JetspeedLink;
+import org.apache.jetspeed.util.template.JetspeedLinkFactory;
+
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
@@ -92,10 +96,12 @@
* The portlet we are wrapping
*/
private Portlet wrappedPortlet = null;
+ private PortalResource portalResource = null;
public PortletWrapper( Portlet inner )
{
wrappedPortlet = inner;
+ portalResource = new PortalResource(wrappedPortlet);
}
/**
@@ -290,12 +296,26 @@
protected boolean checkPermission( RunData rundata,
String permissionName )
{
+ try
+ {
+ JetspeedLink jsLink = JetspeedLinkFactory.getInstance(rundata);
+ portalResource.setOwner(jsLink.getUserName());
+ JetspeedLinkFactory.putInstance(jsLink);
+ }
+ catch (Exception e)
+ {
+ Log.warn(e.toString());
+ portalResource.setOwner(null);
+ }
+
Log.debug( "checking for Portlet permission: " +
permissionName +
" for portlet: " +
- wrappedPortlet.getName() );
+ wrappedPortlet.getName() +
+ " Owner = " + portalResource.getOwner());
+
return JetspeedSecurity.checkPermission( (JetspeedUser) rundata.getUser(),
- wrappedPortlet,
+ portalResource,
permissionName);
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
