Author: woonsan
Date: Fri Mar 19 19:07:10 2010
New Revision: 925380
URL: http://svn.apache.org/viewvc?rev=925380&view=rev
Log:
JS2-1131: Fixing the NPE problem when a user tries to edit the user's own
space. (Caused because of looking up the system spaces only by name.)
Adding flexibility to configure space admin roles preference.
Also, adding security access check in space manager portlet.
Added:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
(with props)
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
Fri Mar 19 19:07:10 2010
@@ -17,7 +17,6 @@
package org.apache.jetspeed.portlets.spaces;
import java.io.IOException;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -162,13 +161,10 @@ public class PageNavigator extends Gener
request.setAttribute("spaceLinkElements",
getSpaceLinkMenuElements(spaceBean, request));
request.setAttribute("templatePages", getTemplatePageNodes(request));
- boolean pageEditable = false;
- Principal principal = request.getUserPrincipal();
- if (principal != null)
+ if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) ||
SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
{
- pageEditable = (admin.isUserInAdminRole(request) ||
admin.isAdminUser(request) || principal.getName().equals(spaceBean.getOwner()));
+ request.setAttribute("pageEditable", Boolean.TRUE);
}
- request.setAttribute("pageEditable", pageEditable ? Boolean.TRUE :
Boolean.FALSE);
super.doView(request, response);
}
Added:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java?rev=925380&view=auto
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
(added)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
Fri Mar 19 19:07:10 2010
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.portlets.spaces;
+
+import java.security.Principal;
+
+import javax.portlet.PortletRequest;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.administration.PortalAdministration;
+
+/**
+ * SpaceAdminUtils
+ *
+ * @version $Id$
+ */
+public class SpaceAdminUtils
+{
+ public static final String SPACE_ADMIN_ROLES_PARAM_NAME =
"spaceAdminRoles";
+
+ private SpaceAdminUtils()
+ {
+
+ }
+
+ public static boolean isUserSpaceOwner(SpaceBean spaceBean, PortletRequest
request)
+ {
+ Principal principal = request.getUserPrincipal();
+
+ if (principal != null &&
principal.getName().equals(spaceBean.getOwner()))
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+ public static boolean isUserSpaceAdmin(SpaceBean spaceBean,
PortalAdministration portalAdmin, PortletRequest request)
+ {
+ String spaceAdminRolesPref =
request.getPreferences().getValue(SPACE_ADMIN_ROLES_PARAM_NAME, null);
+
+ if (spaceAdminRolesPref != null)
+ {
+ String [] spaceAdminRoles = StringUtils.split(spaceAdminRolesPref,
", \t\r\n");
+
+ for (String role : spaceAdminRoles)
+ {
+ if (request.isUserInRole(role))
+ {
+ return true;
+ }
+ }
+ }
+
+ return portalAdmin.isAdminUser(request) ||
portalAdmin.isUserInAdminRole(request);
+ }
+
+}
Propchange:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
Fri Mar 19 19:07:10 2010
@@ -17,7 +17,6 @@
package org.apache.jetspeed.portlets.spaces;
import java.io.IOException;
-import java.security.Principal;
import java.util.LinkedList;
import java.util.List;
@@ -93,22 +92,15 @@ public class SpaceNavigator extends Gene
request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACE, spaceBean);
request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACES, spaceBeans);
- boolean spaceCreatable = false;
- boolean spaceEditable = false;
- Principal principal = request.getUserPrincipal();
- if (principal != null)
+ if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) ||
SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
{
- if (admin.isUserInAdminRole(request) || admin.isAdminUser(request))
- {
- spaceCreatable = spaceEditable = true;
- }
- else if (principal.getName().equals(spaceBean.getOwner()))
- {
- spaceEditable = true;
- }
+ request.setAttribute("spaceEditable", Boolean.TRUE);
+ }
+
+ if (SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
+ {
+ request.setAttribute("spaceCreatable", Boolean.TRUE);
}
- request.setAttribute("spaceEditable", spaceEditable ? Boolean.TRUE :
Boolean.FALSE);
- request.setAttribute("spaceCreatable", spaceCreatable ? Boolean.TRUE :
Boolean.FALSE);
super.doView(request, response);
}
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
Fri Mar 19 19:07:10 2010
@@ -102,6 +102,7 @@ public class SpacesList extends GenericS
if (spaceName != null)
{
Space space =
spacesService.lookupSpace(spaceName);
+
if (space != null)
{
try
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
Fri Mar 19 19:07:10 2010
@@ -116,20 +116,43 @@ public class SpacesManager extends Gener
String current = (String)PortletMessaging.receive(request,
SpacesManager.MSG_TOPIC_SPACE_LIST, SpacesManager.MSG_SPACE_CHANGE);
if (current != null)
{
+ // FIXME: lookupSpace() can find system spaces only, not user
space.
+ // So, what if a system space name is as same as a user
space name?
space = spacesService.lookupSpace(current);
- spaceBean = new SpaceBean(space);
+
+ if (space == null)
+ {
+ space = spacesService.lookupUserSpace(current);
+ }
+ }
+
+ if (space != null)
+ {
+ spaceBean = new SpaceBean(space);
}
- if (space == null)
+ else
{
spaceBean = new SpaceBean("", "");
spaceBean.setDescription("");
spaceBean.setTitle("");
spaceBean.setSecurityConstraint("");
spaceBean.setTheme(ThemeBean.getDefaultTheme(request,
decorationFactory));
- }
+ }
+
request.setAttribute("constraints", retrieveConstraints(request));
request.setAttribute("themes", ThemeBean.retrieveThemes(request,
decorationFactory, spaceBean.getTheme()));
request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACE, spaceBean);
+
+ if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) ||
SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
+ {
+ request.setAttribute("spaceEditable", Boolean.TRUE);
+ }
+
+ if (SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
+ {
+ request.setAttribute("spaceCreatable", Boolean.TRUE);
+ }
+
super.doView(request, response);
}
@@ -174,7 +197,18 @@ public class SpacesManager extends Gener
{
try
{
- Space space = (!"".equals(name) ?
spacesService.lookupSpace(name) : null);
+ Space space = null;
+
+ if (!"".equals(name))
+ {
+ space = spacesService.lookupSpace(name);
+
+ if (space == null)
+ {
+ space = spacesService.lookupUserSpace(name);
+ }
+ }
+
String path = admin.getPortalURL(actionRequest,
actionResponse, (space != null ? space.getPath() : "/"));
actionResponse.sendRedirect(path);
return;
@@ -229,7 +263,15 @@ public class SpacesManager extends Gener
else
{
String owner = scrapeParameter(actionRequest, "spaceOwner");
+ // FIXME: lookupSpace() can find system spaces only, not user
space.
+ // So, what if a system space name is as same as a user
space name?
Space space = spacesService.lookupSpace(name);
+
+ if (space == null)
+ {
+ space = spacesService.lookupUserSpace(name);
+ }
+
if (space != null)
{
space.setDescription(description);
@@ -266,6 +308,7 @@ public class SpacesManager extends Gener
spacesService.storeSpace(space);
}
+
// redirect
String path = admin.getPortalURL(actionRequest,
actionResponse, space.getPath());
actionResponse.sendRedirect(path);
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = Add Space
spaces.label.edit.current = Edit Current Space
spaces.label.save = Save
spaces.label.cancel = Cancel
+spaces.message.forbidden = You are not allowed to edit the current space.
spaces.pages.label.folder = Folder
spaces.pages.label.page = Page
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = Add Space
spaces.label.edit.current = Edit Current Space
spaces.label.save = Save
spaces.label.cancel = Cancel
+spaces.message.forbidden = You are not allowed to edit the current space.
spaces.pages.label.folder = Folder
spaces.pages.label.page = Page
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = \ucd94\uac00
spaces.label.edit.current = \uc2a4\ud398\uc774\uc2a4 \ud3b8\uc9d1
spaces.label.save = \uc800\uc7a5
spaces.label.cancel = \ucde8\uc18c
+spaces.message.forbidden = \ud574\ub2f9 \uc2a4\ud398\uc774\uc2a4\ub97c
\ud3b8\uc9d1\ud560 \uad8c\ud55c\uc774 \uc5c6\uc2b5\ub2c8\ub2e4.
spaces.pages.label.folder = \ud3f4\ub354
spaces.pages.label.page = \ud398\uc774\uc9c0
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
Fri Mar 19 19:07:10 2010
@@ -33,7 +33,21 @@ limitations under the License.
<c:set var="portalContextPath" value="/"/>
</c:if>
-<form method="POST" action='<portlet:actionURL/>'>
+<c:set var="formDisplayble" value="false" />
+<c:choose>
+ <c:when test="${spaceCreatable}">
+ <c:set var="formDisplayble" value="true" />
+ </c:when>
+ <c:when test="${spaceEditable and not empty space.name}">
+ <c:set var="formDisplayble" value="true" />
+ </c:when>
+</c:choose>
+
+<c:choose>
+
+<c:when test="${formDisplayble}">
+
+ <form method="POST" action='<portlet:actionURL/>'>
<input type='hidden' name='spacePersisted' value='${space.persisted}'/>
<table width="100%">
<tr>
@@ -96,4 +110,14 @@ limitations under the License.
<th class="portlet-section-header" colspan="2"></th>
</tr>
</table>
-</form>
+ </form>
+
+</c:when>
+
+<c:otherwise>
+
+<p><em><fmt:message key='spaces.message.forbidden'/></em></p>
+
+</c:otherwise>
+
+</c:choose>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
