You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2016/01/15 02:12:00 UTC
svn commit: r1724715 -
/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Author: taylor
Date: Fri Jan 15 01:11:59 2016
New Revision: 1724715
URL: http://svn.apache.org/viewvc?rev=1724715&view=rev
Log:
fixing backward compatibility issue with migrating from version 2.1.3, which allowed more lenient delegated security assignments. Note this feature should be turned off by default
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1724715&r1=1724714&r2=1724715&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java (original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java Fri Jan 15 01:11:59 2016
@@ -689,7 +689,7 @@ public class JetspeedPrincipalManagement
final String requiredRole = preferences.getValue(REQUIRED_ROLE, "");
final String defaultProfile = preferences.getValue(DEFAULT_PROFILE ,"");
final String defaultSubsite = preferences.getValue(DEFAULT_SUBSITE ,"");
- final String templateFolder = preferences.getValue(NEW_USER_TEMPLATE_DIR, "/_user/template/");
+ final String templateFolder = preferences.getValue(NEW_USER_TEMPLATE_DIR, "");
final String subsiteRoot = preferences.getValue(SUB_SITE_ROOT,"");
profilingRule = defaultProfile.toString();
@@ -1593,6 +1593,7 @@ public class JetspeedPrincipalManagement
protected boolean associationsFrom;
protected boolean admin;
+ protected boolean allowDelegateRoles = false;
protected boolean modificationAllowed = true;
/**
@@ -1657,7 +1658,8 @@ public class JetspeedPrincipalManagement
this.associationType = AssociationType;
associationName = AssociationType.getAssociationName();
final String assoctionName = AssociationType.getAssociationName();
- String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ allowDelegateRoles = getServiceLocator().getPortalConfiguration().getBoolean(PortalConfigurationConstants.ALLOW_DELEGATE_ASSIGN_ROLES, false);
admin = getPortletRequest().isUserInRole(adminRole);
if (!admin && !principal.getType().getName().equals(JetspeedPrincipalType.USER))
{
@@ -1849,7 +1851,7 @@ public class JetspeedPrincipalManagement
}
}
}
- if (names.size() > 0 && !admin)
+ if (names.size() > 0 && !admin && !allowDelegateRoles)
{
// restrict creating new associations to only those the user itself belongs to
String jptName = associationsFrom ? associationType.getToPrincipalType().getName() : associationType.getFromPrincipalType().getName();
@@ -1885,6 +1887,17 @@ public class JetspeedPrincipalManagement
}
}
}
+ else if (!admin && allowDelegateRoles && associationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.ROLE)) {
+ // never allow admin role to delegates
+ String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ for (int index = names.size() - 1; index > -1; index--) {
+ JetspeedPrincipal listPrincipal = (JetspeedPrincipal) names.get(index);
+ if (listPrincipal.getName().equals(adminRole)) {
+ names.remove(index);
+ break;
+ }
+ }
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org