You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2016/01/15 02:12:00 UTC

svn commit: r1724715 - /portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java

Author: taylor
Date: Fri Jan 15 01:11:59 2016
New Revision: 1724715

URL: http://svn.apache.org/viewvc?rev=1724715&view=rev
Log:
fixing backward compatibility issue with migrating from version 2.1.3, which allowed more lenient delegated security assignments. Note this feature should be turned off by default

Modified:
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1724715&r1=1724714&r2=1724715&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java (original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java Fri Jan 15 01:11:59 2016
@@ -689,7 +689,7 @@ public class JetspeedPrincipalManagement
             final String requiredRole = preferences.getValue(REQUIRED_ROLE, "");
             final String defaultProfile = preferences.getValue(DEFAULT_PROFILE ,"");
             final String defaultSubsite = preferences.getValue(DEFAULT_SUBSITE ,"");
-            final String templateFolder = preferences.getValue(NEW_USER_TEMPLATE_DIR, "/_user/template/");
+            final String templateFolder = preferences.getValue(NEW_USER_TEMPLATE_DIR, "");
             final String subsiteRoot = preferences.getValue(SUB_SITE_ROOT,"");
             profilingRule = defaultProfile.toString();
             
@@ -1593,6 +1593,7 @@ public class JetspeedPrincipalManagement
         protected boolean associationsFrom;
         
         protected boolean admin;
+        protected boolean allowDelegateRoles = false;
         protected boolean modificationAllowed = true;
         
         /**
@@ -1657,7 +1658,8 @@ public class JetspeedPrincipalManagement
             this.associationType = AssociationType;
             associationName = AssociationType.getAssociationName();
             final String assoctionName = AssociationType.getAssociationName();
-            String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);            
+            String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+            allowDelegateRoles = getServiceLocator().getPortalConfiguration().getBoolean(PortalConfigurationConstants.ALLOW_DELEGATE_ASSIGN_ROLES, false);
             admin = getPortletRequest().isUserInRole(adminRole);
             if (!admin && !principal.getType().getName().equals(JetspeedPrincipalType.USER))
             {
@@ -1849,7 +1851,7 @@ public class JetspeedPrincipalManagement
                     }
                 }
         	}
-            if (names.size() > 0 && !admin)
+            if (names.size() > 0 && !admin && !allowDelegateRoles)
             {
                 // restrict creating new associations to only those the user itself belongs to
                 String jptName = associationsFrom ? associationType.getToPrincipalType().getName() : associationType.getFromPrincipalType().getName();
@@ -1885,6 +1887,17 @@ public class JetspeedPrincipalManagement
                     }
                 }
             }
+            else if (!admin && allowDelegateRoles && associationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.ROLE)) {
+                // never allow admin role to delegates
+                String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+                for (int index = names.size() - 1; index > -1; index--) {
+                    JetspeedPrincipal listPrincipal = (JetspeedPrincipal) names.get(index);
+                    if (listPrincipal.getName().equals(adminRole)) {
+                        names.remove(index);
+                        break;
+                    }
+                }
+            }
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org