You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by wo...@apache.org on 2007/09/28 09:59:33 UTC
svn commit: r580244 - in /portals/jetspeed-2/branches/JETSPEED-2.1.3:
components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java
src/webapp/WEB-INF/assembly/theme-engine.xml
src/webapp/WEB-INF/pages/page.security
Author: woonsan
Date: Fri Sep 28 00:59:32 2007
New Revision: 580244
URL: http://svn.apache.org/viewvc?rev=580244&view=rev
Log:
[JS2-634] edit_defaults custom portlet mode
We can also use constraints and permissions to deny/constrain access to the edit_defaults action. So, non-admin user can use edit_defaults actions if proper constraints or permissions are delegated to the user.
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java
portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/theme-engine.xml
portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/pages/page.security
Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java?rev=580244&r1=580243&r2=580244&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/components/portal/src/java/org/apache/jetspeed/decoration/CustomDecoratorActionsFactory.java Fri Sep 28 00:59:32 2007
@@ -26,6 +26,7 @@
import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.common.portlet.PortletApplication;
import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
+import org.apache.jetspeed.om.page.ContentPage;
import org.apache.jetspeed.om.page.ContentFragment;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.SecurityAccessController;
@@ -44,17 +45,30 @@
private final List supportedActions;
private final List supportedSoloActions;
+ private boolean adminRightsDelegatable = true;
private PortalConfiguration configuration;
+ private String adminRoleName = "admin";
public CustomDecoratorActionsFactory()
{
- this(null);
+ this(true);
}
- public CustomDecoratorActionsFactory(PortalConfiguration configuration)
+ public CustomDecoratorActionsFactory(boolean adminRightsDelegatable)
{
+ this(adminRightsDelegatable, null);
+ }
+
+ public CustomDecoratorActionsFactory(boolean adminRightsDelegatable, PortalConfiguration configuration)
+ {
+ this.adminRightsDelegatable = adminRightsDelegatable;
this.configuration = configuration;
+ if (this.configuration != null)
+ {
+ this.adminRoleName = this.configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN, this.adminRoleName);
+ }
+
ArrayList list = new ArrayList(JetspeedActions.getStandardPortletModes());
list.add(JetspeedActions.ABOUT_MODE);
list.add(JetspeedActions.EDIT_DEFAULTS_MODE);
@@ -99,18 +113,22 @@
// else if (printModeIndex != -1)
// support switching to different modes once in "solo" state, even back to "print"
- String adminRoleName = "admin";
-
- if (this.configuration != null)
- {
- adminRoleName = this.configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN, adminRoleName);
- }
-
- // Remove editDefaultsMode if the user does not have admin role.
int editDefaultsModeIndex = actionTemplates.indexOf(EDIT_DEFAULTS_MODE_TEMPLATE);
if (editDefaultsModeIndex != -1)
{
- if (!rc.getRequest().isUserInRole(adminRoleName))
+ if (this.adminRightsDelegatable)
+ {
+ try
+ {
+ ContentPage page = rc.getPage();
+ page.checkAccess(JetspeedActions.EDIT_DEFAULTS);
+ }
+ catch (SecurityException e)
+ {
+ actionTemplates.remove(editDefaultsModeIndex);
+ }
+ }
+ else if (!rc.getRequest().isUserInRole(this.adminRoleName))
{
actionTemplates.remove(editDefaultsModeIndex);
}
Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/theme-engine.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/theme-engine.xml?rev=580244&r1=580243&r2=580244&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/theme-engine.xml (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/theme-engine.xml Fri Sep 28 00:59:32 2007
@@ -35,7 +35,14 @@
<bean id="CustomDecoratorActionsAdapter"
class="org.apache.jetspeed.decoration.CustomDecoratorActionsFactory">
+ <!--
+ If true, admin rights can be delegated to others based on constraints and permissions.
+ Otherwise, only users with the admin role can use admin actions such as edit_defaults.
+ -->
<constructor-arg index="0">
+ <value>true</value>
+ </constructor-arg>
+ <constructor-arg index="1">
<ref bean="PortalConfiguration"/>
</constructor-arg>
</bean>
Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/pages/page.security
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/pages/page.security?rev=580244&r1=580243&r2=580244&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/pages/page.security (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/pages/page.security Fri Sep 28 00:59:32 2007
@@ -23,7 +23,7 @@
<security-constraints-def name="admin">
<security-constraint>
<roles>admin</roles>
- <permissions>view, edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
</security-constraints-def>
<global-security-constraints-ref>admin</global-security-constraints-ref>
@@ -52,7 +52,7 @@
</security-constraint>
<security-constraint>
<roles>admin</roles>
- <permissions>view, edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
</security-constraints-def>
<security-constraints-def name="public-edit">
@@ -64,7 +64,7 @@
<security-constraints-def name="AEUV">
<security-constraint>
<roles>admin</roles>
- <permissions>view, edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
<security-constraint>
<roles>user</roles>
@@ -79,7 +79,7 @@
</security-constraint>
<security-constraint>
<roles>devmgr,admin</roles>
- <permissions>view, edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
</security-constraints-def>
@@ -90,14 +90,14 @@
</security-constraint>
<security-constraint>
<roles>admin</roles>
- <permissions>view, edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
</security-constraints-def>
<security-constraints-def name="delegated">
<security-constraint>
<roles>devmgr</roles>
- <permissions>view,edit</permissions>
+ <permissions>view, edit, edit_defaults</permissions>
</security-constraint>
</security-constraints-def>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org