You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ha...@apache.org on 2008/12/25 15:38:57 UTC
svn commit: r729424 - in /ofbiz/trunk/framework/common:
entitydef/entitymodel.xml
webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
widget/PortalPageScreens.xml
Author: hansbak
Date: Thu Dec 25 06:38:57 2008
New Revision: 729424
URL: http://svn.apache.org/viewvc?rev=729424&view=rev
Log:
add security checking to portlet list
Added:
ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy (with props)
Modified:
ofbiz/trunk/framework/common/entitydef/entitymodel.xml
ofbiz/trunk/framework/common/widget/PortalPageScreens.xml
Modified: ofbiz/trunk/framework/common/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/entitydef/entitymodel.xml?rev=729424&r1=729423&r2=729424&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/entitydef/entitymodel.xml (original)
+++ ofbiz/trunk/framework/common/entitydef/entitymodel.xml Thu Dec 25 06:38:57 2008
@@ -568,6 +568,7 @@
<field name="description" type="description"></field>
<field name="screenshot" type="url"></field>
<field name="securityServiceName" type="long-varchar"><description>The service named here is used to see if current user can see the portlet on the list of available portlets; the screen that the portlet calls should also call this service to check permission and not render; the service named here must implement the "permissionInterface" service just like services used for service permissions</description></field>
+ <field name="securityMainAction" type="short-varchar"><description>The main action which can be done with this portlet, possible values: CREATE UPDATE VIEW DELETE</description></field>
<prim-key field="portalPortletId"/>
</entity>
<entity entity-name="PortalPage" package-name="org.ofbiz.common.portal" title="Defines a Portal Page">
Added: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy?rev=729424&view=auto
==============================================================================
--- ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy (added)
+++ ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy Thu Dec 25 06:38:57 2008
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.ofbiz.entity.*;
+import org.ofbiz.entity.condition.*;
+
+
+ppIter = delegator.find("PortalPortlet", null, null, null, null, null);
+
+portalPortlets = [];
+inMap = [:];
+while (portlet = ppIter.next()) {
+
+ if (portlet.securityServiceName && portlet.securityMainAction) {
+ inMap.mainAction = portlet.securityMainAction;
+ inMap.userLogin = context.userLogin;
+ result = dispatcher.runSync(portlet.securityServiceName, inMap)
+ hasPermission = result.hasPermission;
+ } else {
+ hasPermission = true;
+ }
+
+ if (hasPermission) {
+ portalPortlets.add(portlet);
+ }
+}
+context.portalPortlets = portalPortlets;
+
Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: ofbiz/trunk/framework/common/widget/PortalPageScreens.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/widget/PortalPageScreens.xml?rev=729424&r1=729423&r2=729424&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/widget/PortalPageScreens.xml (original)
+++ ofbiz/trunk/framework/common/widget/PortalPageScreens.xml Thu Dec 25 06:38:57 2008
@@ -82,7 +82,7 @@
<actions>
<set field="originalPortalPageId" from-field="parameters.originalPortalPageId"/>
<set field="mainPortalPageId" from-field="parameters.mainPortalPageId"/>
- <entity-condition entity-name="PortalPortlet" list-name="portalPortlets"/>
+ <script location="component://common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy"/>
</actions>
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">