You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2006/01/22 23:24:57 UTC
svn commit: r371407 - in /portals/jetspeed-2/trunk:
components/portal/src/java/org/apache/jetspeed/layout/impl/
etc/import/assembly/
Author: taylor
Date: Sun Jan 22 14:24:53 2006
New Revision: 371407
URL: http://svn.apache.org/viewcvs?rev=371407&view=rev
Log:
Abstracted out PortletActionSecurityBehavior for specialized handling
of creation of new pages when you don't have access to shared (role) pages
on live edit
add tx support for create* functions on PM
Added:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityConstraintsBehavior.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java
portals/jetspeed-2/trunk/etc/import/assembly/import-page-manager.xml
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java Sun Jan 22 14:24:53 2006
@@ -23,6 +23,7 @@
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
import org.apache.jetspeed.layout.Coordinate;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.layout.PortletPlacementContext;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.page.Fragment;
@@ -48,90 +49,80 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants
{
- private PageManager pageManager = null;
-
- /** Logger */
protected Log log = LogFactory.getLog(AddPortletAction.class);
public AddPortletAction(String template, String errorTemplate)
{
- this(template, errorTemplate, null);
+ this(template, errorTemplate, null, null);
}
public AddPortletAction(String template,
String errorTemplate,
- PageManager pageManager)
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
}
public boolean run(RequestContext requestContext, Map resultMap)
throws AJAXException
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, "add");
// Get the necessary parameters off of the request
String portletId = requestContext.getRequestParameter(PORTLETID);
-
if (portletId == null)
{
throw new RuntimeException("portlet id not provided");
}
resultMap.put(PORTLETID, portletId);
-
if (false == checkAccess(requestContext, SecuredResource.EDIT_ACTION))
{
- success = false;
- resultMap.put(REASON, "Insufficient access to edit page");
- return success;
- }
-
+ if (!createNewPageOnEdit(requestContext))
+ {
+ success = false;
+ resultMap.put(REASON, "Insufficient access to edit page");
+ return success;
+ }
+ status = "refresh";
+ }
// These are optional parameters
String col = requestContext.getRequestParameter(COL);
String row = requestContext.getRequestParameter(ROW);
-
// Convert the col and row into integers
int iCol = 0;
int iRow = 0;
-
if (col != null)
{
iCol = Integer.parseInt(col);
resultMap.put(NEWCOL, new Integer(iCol));
}
-
if (row != null)
{
iRow = Integer.parseInt(row);
resultMap.put(NEWROW, new Integer(iRow));
}
-
// Use the Portlet Placement Manager to accomplish the removal
PortletPlacementContext placement = new PortletPlacementContextImpl(requestContext);
Fragment fragment = pageManager.newFragment();
fragment.setType(Fragment.PORTLET);
fragment.setName(portletId);
fragment.setLayoutColumn(iCol);
- fragment.setLayoutRow(iRow);
-
+ fragment.setLayoutRow(iRow);
Coordinate coordinate = placement.add(fragment, new CoordinateImpl(iCol, iRow, iCol, iRow));
- Page page = placement.syncPageFragments();
-
+ Page page = placement.syncPageFragments();
// TODO: this does not handle nested layouts
Fragment root = requestContext.getPage().getRootFragment();
root.getFragments().add(fragment);
pageManager.updatePage(page);
-
- resultMap.put(STATUS, "success");
+ resultMap.put(STATUS, status);
resultMap.put(NEWCOL, String.valueOf(coordinate
.getNewCol()));
resultMap.put(NEWROW, String.valueOf(coordinate
- .getNewRow()));
-
+ .getNewRow()));
}
catch (Exception e)
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java Sun Jan 22 14:24:53 2006
@@ -15,12 +15,17 @@
*/
package org.apache.jetspeed.layout.impl;
+import java.util.Iterator;
import java.util.Map;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
+import org.apache.jetspeed.om.page.Fragment;
import org.apache.jetspeed.om.page.Page;
+import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.request.RequestContext;
/**
@@ -33,14 +38,21 @@
public abstract class BasePortletAction
implements AjaxAction, AjaxBuilder, Constants
{
+ protected Log log = LogFactory.getLog(BasePortletAction.class);
protected String template = null;
-
+ protected PageManager pageManager = null;
protected String errorTemplate = null;
-
- public BasePortletAction(String template, String errorTemplate)
+ protected PortletActionSecurityBehavior securityBehavior;
+
+ public BasePortletAction(String template,
+ String errorTemplate,
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
{
this.template = template;
this.errorTemplate = errorTemplate;
+ this.pageManager = pageManager;
+ this.securityBehavior = securityBehavior;
}
public boolean buildContext(RequestContext requestContext, Map responseContext)
@@ -79,17 +91,28 @@
public boolean checkAccess(RequestContext context, String action)
{
- Page page = context.getPage();
- try
+ return securityBehavior.checkAccess(context, action);
+ }
+
+ public boolean createNewPageOnEdit(RequestContext context)
+ {
+ return securityBehavior.createNewPageOnEdit(context);
+ }
+
+ // TODO: support nested fragments
+ public Fragment getFragmentIdFromLocation(int row, int column, Page page)
+ {
+ Fragment root = page.getRootFragment();
+ Iterator fragments = root.getFragments().iterator();
+ while (fragments.hasNext())
{
- page.checkAccess(action);
-
+ Fragment fragment = (Fragment)fragments.next();
+ if (fragment.getLayoutColumn() == column &&
+ fragment.getLayoutRow() == row)
+ {
+ return fragment;
+ }
}
- catch (SecurityException e)
- {
- return false;
- }
- return true;
+ return null;
}
-
}
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java Sun Jan 22 14:24:53 2006
@@ -21,6 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.page.Page;
import org.apache.jetspeed.page.PageManager;
@@ -39,42 +40,33 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants
{
- /** Logger */
protected Log log = LogFactory.getLog(GetPageAction.class);
-
- private PageManager pageManager = null;
public GetPageAction(String template,
String errorTemplate,
- PageManager pageManager)
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
}
public boolean run(RequestContext requestContext, Map resultMap)
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, "getpage");
-
if (false == checkAccess(requestContext, SecuredResource.VIEW_ACTION))
{
- success = false;
resultMap.put(REASON, "Insufficient access to view page");
+ success = false;
return success;
- }
-
- String filter = requestContext.getRequestParameter(FILTER);
-
- Page page = requestContext.getPage();
-
- resultMap.put(STATUS, "success");
-
+ }
+ //String filter = requestContext.getRequestParameter(FILTER);
+ Page page = requestContext.getPage();
+ resultMap.put(STATUS, status);
resultMap.put(PAGE, page);
-
}
catch (Exception e)
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java Sun Jan 22 14:24:53 2006
@@ -26,6 +26,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.page.Page;
@@ -45,40 +46,36 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants, Comparator
{
- /** Logger */
protected Log log = LogFactory.getLog(GetPortletsAction.class);
-
- private PageManager pageManager = null;
public GetPagesAction(String template,
String errorTemplate,
- PageManager pageManager)
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
}
public boolean run(RequestContext requestContext, Map resultMap)
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, "getpages");
-
- if (false == checkAccess(requestContext, SecuredResource.EDIT_ACTION))
+ if (false == checkAccess(requestContext, SecuredResource.VIEW_ACTION))
{
- success = false;
- resultMap.put(REASON, "Insufficient access to edit page");
- return success;
- }
-
- List pages = retrievePages(requestContext);
-
- resultMap.put(STATUS, "success");
-
+// if (!createNewPageOnEdit(requestContext))
+// {
+ success = false;
+ resultMap.put(REASON, "Insufficient access to get portlets");
+ return success;
+// }
+// status = "refresh";
+ }
+ List pages = retrievePages(requestContext);
+ resultMap.put(STATUS, status);
resultMap.put(PAGES, pages);
-
}
catch (Exception e)
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java Sun Jan 22 14:24:53 2006
@@ -31,6 +31,7 @@
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
import org.apache.jetspeed.components.portletregistry.PortletRegistry;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
@@ -55,10 +56,7 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants, Comparator
{
- /** Logger */
protected Log log = LogFactory.getLog(GetPortletsAction.class);
-
- private PageManager pageManager = null;
private PortletRegistry registry = null;
private SearchEngine searchEngine = null;
private PermissionManager permissionManager = null;
@@ -68,10 +66,10 @@
PageManager pageManager,
PortletRegistry registry,
SearchEngine searchEngine,
- PermissionManager permissionManager)
+ PermissionManager permissionManager,
+ PortletActionSecurityBehavior securityBehavior)
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
this.registry = registry;
this.searchEngine = searchEngine;
this.permissionManager = permissionManager;
@@ -80,26 +78,24 @@
public boolean run(RequestContext requestContext, Map resultMap)
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, "getportlets");
-
- if (false == checkAccess(requestContext, SecuredResource.EDIT_ACTION))
+ if (false == checkAccess(requestContext, SecuredResource.VIEW_ACTION))
{
- success = false;
- resultMap.put(REASON, "Insufficient access to edit page");
- return success;
- }
-
- String filter = requestContext.getRequestParameter(FILTER);
-
- List portlets = retrievePortlets(requestContext, filter);
-
- resultMap.put(STATUS, "success");
-
+// if (!createNewPageOnEdit(requestContext))
+// {
+ success = false;
+ resultMap.put(REASON, "Insufficient access to edit page");
+ return success;
+// }
+// status = "refresh";
+ }
+ String filter = requestContext.getRequestParameter(FILTER);
+ List portlets = retrievePortlets(requestContext, filter);
+ resultMap.put(STATUS, status);
resultMap.put(PORTLETS, portlets);
-
}
catch (Exception e)
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java Sun Jan 22 14:24:53 2006
@@ -23,6 +23,7 @@
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
import org.apache.jetspeed.layout.Coordinate;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.layout.PortletPlacementContext;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.page.Fragment;
@@ -50,31 +51,26 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants
{
- /** Logger */
protected Log log = LogFactory.getLog(MovePortletAction.class);
-
private int iMoveType = -1;
-
private String sMoveType = null;
-
- private PageManager pageManager = null;
public MovePortletAction(String template,
String errorTemplate,
String sMoveType)
throws AJAXException
{
- this(template, errorTemplate, sMoveType, null);
+ this(template, errorTemplate, sMoveType, null, null);
}
public MovePortletAction(String template,
String errorTemplate,
String sMoveType,
- PageManager pageManager)
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
throws AJAXException
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
setMoveType(sMoveType);
}
@@ -107,32 +103,49 @@
public boolean run(RequestContext requestContext, Map resultMap)
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, sMoveType);
-
// Get the necessary parameters off of the request
- String portletId = requestContext
- .getRequestParameter(PORTLETID);
+ String portletId = requestContext.getRequestParameter(PORTLETID);
if (portletId == null)
{
throw new Exception("portlet id not provided");
- }
-
- resultMap.put(PORTLETID, portletId);
-
+ }
+ resultMap.put(PORTLETID, portletId);
if (false == checkAccess(requestContext, SecuredResource.EDIT_ACTION))
{
- success = false;
- resultMap.put(REASON, "Insufficient access to edit page");
- return success;
- }
-
+ Page page = requestContext.getPage();
+ Fragment fragment = page.getFragmentById(portletId);
+ if (fragment == null)
+ {
+ success = false;
+ resultMap.put(REASON, "Fragment not found");
+ return success;
+ }
+ int column = fragment.getLayoutColumn();
+ int row = fragment.getLayoutRow();
+ if (!createNewPageOnEdit(requestContext))
+ {
+ success = false;
+ resultMap.put(REASON, "Insufficient access to edit page");
+ return success;
+ }
+ status = "refresh";
+ // translate old portlet id to new portlet id
+ Fragment newFragment = getFragmentIdFromLocation(row, column, requestContext.getPage());
+ if (newFragment == null)
+ {
+ success = false;
+ resultMap.put(REASON, "Failed to find new fragment");
+ return success;
+ }
+ portletId = newFragment.getId();
+ }
PortletPlacementContext placement = new PortletPlacementContextImpl(requestContext);
Fragment fragment = placement.getFragmentById(portletId);
Coordinate returnCoordinate = null;
-
// Only required for moveabs
if (iMoveType == ABS)
{
@@ -170,27 +183,23 @@
if (pageManager != null)
pageManager.updatePage(page);
- // Use dummy values for now
- resultMap.put(STATUS, "success");
-
+ resultMap.put(STATUS, status);
+ resultMap.put(PORTLETID, portletId);
// Need to determine what the old col and row were
resultMap.put(OLDCOL, String.valueOf(returnCoordinate
.getOldCol()));
resultMap.put(OLDROW, String.valueOf(returnCoordinate
.getOldRow()));
-
// Need to determine what the new col and row were
resultMap.put(NEWCOL, String.valueOf(returnCoordinate
.getNewCol()));
resultMap.put(NEWROW, String.valueOf(returnCoordinate
- .getNewRow()));
-
-
+ .getNewRow()));
}
catch (Exception e)
{
// Log the exception
- log.error("exception while adding a portlet", e);
+ log.error("exception while moving a portlet", e);
resultMap.put(REASON, e.toString());
// Return a failure indicator
success = false;
Added: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityConstraintsBehavior.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityConstraintsBehavior.java?rev=371407&view=auto
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityConstraintsBehavior.java (added)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityConstraintsBehavior.java Sun Jan 22 14:24:53 2006
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2000-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.layout.impl;
+
+import java.security.Principal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
+import org.apache.jetspeed.om.page.Page;
+import org.apache.jetspeed.page.PageManager;
+import org.apache.jetspeed.request.RequestContext;
+
+/**
+ * Abstracted behavior of security checks for portlet actions
+ *
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ */
+public class PortletActionSecurityConstraintsBehavior
+ extends PortletActionSecurityPathBehavior
+ implements PortletActionSecurityBehavior
+{
+ protected Log log = LogFactory.getLog(PortletActionSecurityConstraintsBehavior.class);
+
+ public PortletActionSecurityConstraintsBehavior(PageManager pageManager)
+ {
+ super(pageManager);
+ }
+
+ public boolean checkAccess(RequestContext context, String action)
+ {
+ Page page = context.getPage();
+ try
+ {
+ page.checkAccess(action);
+ }
+ catch (Exception e)
+ {
+ Principal principal = context.getRequest().getUserPrincipal();
+ String userName = "guest";
+ if (principal != null)
+ userName = principal.getName();
+ log.warn("Insufficient access to page " + page.getPath() + " by user " + userName);
+ return false;
+ }
+ return true;
+ }
+}
Added: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java?rev=371407&view=auto
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java (added)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java Sun Jan 22 14:24:53 2006
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2000-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.layout.impl;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
+import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.om.folder.Folder;
+import org.apache.jetspeed.om.page.ContentPageImpl;
+import org.apache.jetspeed.om.page.Page;
+import org.apache.jetspeed.page.PageManager;
+import org.apache.jetspeed.request.RequestContext;
+
+/**
+ * Abstracted behavior of security checks for portlet actions
+ *
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ */
+public class PortletActionSecurityPathBehavior implements PortletActionSecurityBehavior
+{
+ protected Log log = LogFactory.getLog(PortletActionSecurityPathBehavior.class);
+ protected PageManager pageManager;
+
+ public PortletActionSecurityPathBehavior(PageManager pageManager)
+ {
+ this.pageManager = pageManager;
+ }
+
+ public boolean checkAccess(RequestContext context, String action)
+ {
+ Page page = context.getPage();
+ String path = page.getPath();
+ if (path == null)
+ return false;
+ if (path.indexOf(Folder.ROLE_FOLDER) > -1 || path.indexOf(Folder.GROUP_FOLDER) > -1)
+ {
+ if (action.equals(SecuredResource.VIEW_ACTION))
+ return true;
+ return false;
+ }
+ return true;
+ }
+
+ public boolean createNewPageOnEdit(RequestContext context)
+ {
+ Page page = context.getPage();
+ String path = page.getPath();
+ try
+ {
+ if (path == null)
+ return false;
+ // make sure we are not copying from user area
+ if (path.indexOf(Folder.USER_FOLDER) == -1)
+ {
+ System.out.println("Changing ROLE Folder");
+ this.pageManager.createUserHomePagesFromRoles(context.getSubject());
+ page = this.pageManager.getPage(Folder.USER_FOLDER
+ + context.getRequest().getUserPrincipal().getName()
+ + Folder.PATH_SEPARATOR
+ + "default-page.psml"); // FIXME: dont hard code
+ context.setPage(new ContentPageImpl(page));
+ System.out.println("new page set: Changing ROLE Folder " + page.getPath());
+ }
+ }
+ catch (Exception e)
+ {
+ // already logged error
+ return false;
+ }
+ return true;
+ }
+}
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java Sun Jan 22 14:24:53 2006
@@ -21,7 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
-import org.apache.jetspeed.layout.Coordinate;
+import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.layout.PortletPlacementContext;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.page.Fragment;
@@ -46,32 +46,30 @@
extends BasePortletAction
implements AjaxAction, AjaxBuilder, Constants
{
- private PageManager pageManager = null;
-
- /** Logger */
protected Log log = LogFactory.getLog(RemovePortletAction.class);
public RemovePortletAction(String template, String errorTemplate)
throws PipelineException
{
- this(template, errorTemplate, null);
+ this(template, errorTemplate, null, null);
}
- public RemovePortletAction(String template, String errorTemplate, PageManager pageManager)
+ public RemovePortletAction(String template,
+ String errorTemplate,
+ PageManager pageManager,
+ PortletActionSecurityBehavior securityBehavior)
throws PipelineException
{
- super(template, errorTemplate);
- this.pageManager = pageManager;
+ super(template, errorTemplate, pageManager, securityBehavior);
}
public boolean run(RequestContext requestContext, Map resultMap)
{
boolean success = true;
-
+ String status = "success";
try
{
resultMap.put(ACTION, "remove");
-
// Get the necessary parameters off of the request
String portletId = requestContext.getRequestParameter(PORTLETID);
if (portletId == null)
@@ -80,14 +78,35 @@
resultMap.put(REASON, "Portlet ID not provided");
return success;
}
-
resultMap.put(PORTLETID, portletId);
-
if (false == checkAccess(requestContext, SecuredResource.EDIT_ACTION))
{
- success = false;
- resultMap.put(REASON, "Insufficient access to edit page");
- return success;
+ Page page = requestContext.getPage();
+ Fragment fragment = page.getFragmentById(portletId);
+ if (fragment == null)
+ {
+ success = false;
+ resultMap.put(REASON, "Fragment not found");
+ return success;
+ }
+ int column = fragment.getLayoutColumn();
+ int row = fragment.getLayoutRow();
+ if (!createNewPageOnEdit(requestContext))
+ {
+ success = false;
+ resultMap.put(REASON, "Insufficient access to edit page");
+ return success;
+ }
+ status = "refresh";
+ // translate old portlet id to new portlet id
+ Fragment newFragment = getFragmentIdFromLocation(row, column, requestContext.getPage());
+ if (newFragment == null)
+ {
+ success = false;
+ resultMap.put(REASON, "Failed to find new fragment");
+ return success;
+ }
+ portletId = newFragment.getId();
}
// Use the Portlet Placement Manager to accomplish the removal
@@ -102,10 +121,10 @@
//Coordinate coordinate = placement.remove(fragment);
Page page = requestContext.getPage();
page.removeFragmentById(fragment.getId());
- pageManager.updatePage(page);
-
+ pageManager.updatePage(page);
// Build the results for the response
- resultMap.put(STATUS, "success");
+ resultMap.put(PORTLETID, portletId);
+ resultMap.put(STATUS, status);
resultMap.put(OLDCOL, String.valueOf(fragment.getLayoutColumn()));
resultMap.put(OLDROW, String.valueOf(fragment.getLayoutRow()));
}
Modified: portals/jetspeed-2/trunk/etc/import/assembly/import-page-manager.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/etc/import/assembly/import-page-manager.xml?rev=371407&r1=371406&r2=371407&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/etc/import/assembly/import-page-manager.xml (original)
+++ portals/jetspeed-2/trunk/etc/import/assembly/import-page-manager.xml Sun Jan 22 14:24:53 2006
@@ -47,6 +47,7 @@
<prop key="get*">PROPAGATION_REQUIRED,-org.apache.jetspeed.page.document.NodeException</prop>
<prop key="update*">PROPAGATION_REQUIRED,-org.apache.jetspeed.page.document.NodeException</prop>
<prop key="remove*">PROPAGATION_REQUIRED,-org.apache.jetspeed.page.document.NodeException</prop>
+ <prop key="create*">PROPAGATION_REQUIRED,-org.apache.jetspeed.page.PageNotUpdatedException</prop>
</props>
</property>
</bean>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org