mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
. WCM role and permissions fixes
- All users can now Read/Browse content in the Staging Area
- None of the user roles (including Content Managers!) can create/edit/delete directly in the Staging Area
- The only exception to this rule is the system admin user - who can do anything anywhere in the app…
- Content Publisher roles can now view other users sandboxes - but in Read mode only
- http://issues.alfresco.com/browse/WCM-211
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4803 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
@@ -80,7 +80,7 @@
|
|||||||
<!-- Submit AVM node -->
|
<!-- Submit AVM node -->
|
||||||
<action id="submit">
|
<action id="submit">
|
||||||
<permissions>
|
<permissions>
|
||||||
<permission allow="true">Read</permission>
|
<permission allow="true">Write</permission>
|
||||||
</permissions>
|
</permissions>
|
||||||
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
|
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
|
||||||
<label-id>submit</label-id>
|
<label-id>submit</label-id>
|
||||||
@@ -95,7 +95,7 @@
|
|||||||
<!-- Revert AVM node -->
|
<!-- Revert AVM node -->
|
||||||
<action id="revert">
|
<action id="revert">
|
||||||
<permissions>
|
<permissions>
|
||||||
<permission allow="true">Read</permission>
|
<permission allow="true">Write</permission>
|
||||||
</permissions>
|
</permissions>
|
||||||
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
|
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
|
||||||
<label-id>revert</label-id>
|
<label-id>revert</label-id>
|
||||||
|
|||||||
@@ -751,6 +751,10 @@ public final class AVMConstants
|
|||||||
|
|
||||||
public final static String SPACE_ICON_WEBSITE = "space-icon-website";
|
public final static String SPACE_ICON_WEBSITE = "space-icon-website";
|
||||||
|
|
||||||
|
// web user role permissions
|
||||||
|
public final static String ROLE_CONTENT_MANAGER = "ContentManager";
|
||||||
|
public final static String ROLE_CONTENT_PUBLISHER = "ContentPublisher";
|
||||||
|
|
||||||
// virtualisation server MBean registry
|
// virtualisation server MBean registry
|
||||||
private static final String BEAN_VIRT_SERVER_REGISTRY = "VirtServerRegistry";
|
private static final String BEAN_VIRT_SERVER_REGISTRY = "VirtServerRegistry";
|
||||||
|
|
||||||
|
|||||||
@@ -182,14 +182,13 @@ public class CreateWebsiteWizard extends BaseWizardBean
|
|||||||
if (outcome != null)
|
if (outcome != null)
|
||||||
{
|
{
|
||||||
// create the AVM staging store to represent the newly created location website
|
// create the AVM staging store to represent the newly created location website
|
||||||
SandboxFactory.createStagingSandbox(avmStore, nodeRef, wiz.getManagers());
|
SandboxFactory.createStagingSandbox(avmStore, nodeRef);
|
||||||
|
|
||||||
// create the default webapp folder under the hidden system folders
|
// create the default webapp folder under the hidden system folders
|
||||||
final String stagingStore = AVMConstants.buildStagingStoreName(avmStore);
|
final String stagingStore = AVMConstants.buildStagingStoreName(avmStore);
|
||||||
final String stagingStoreRoot = AVMConstants.buildSandboxRootPath(stagingStore);
|
final String stagingStoreRoot = AVMConstants.buildSandboxRootPath(stagingStore);
|
||||||
this.avmService.createDirectory(stagingStoreRoot, webapp);
|
this.avmService.createDirectory(stagingStoreRoot, webapp);
|
||||||
this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot,
|
this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot, webapp),
|
||||||
webapp),
|
|
||||||
WCMAppModel.ASPECT_WEBAPP);
|
WCMAppModel.ASPECT_WEBAPP);
|
||||||
|
|
||||||
// set the property on the node to reference the root AVM store
|
// set the property on the node to reference the root AVM store
|
||||||
@@ -453,7 +452,7 @@ public class CreateWebsiteWizard extends BaseWizardBean
|
|||||||
if (foundCurrentUser == false)
|
if (foundCurrentUser == false)
|
||||||
{
|
{
|
||||||
buf.append(getInviteUsersWizard().buildLabelForUserAuthorityRole(
|
buf.append(getInviteUsersWizard().buildLabelForUserAuthorityRole(
|
||||||
currentUser, SandboxFactory.ROLE_CONTENT_MANAGER));
|
currentUser, AVMConstants.ROLE_CONTENT_MANAGER));
|
||||||
}
|
}
|
||||||
|
|
||||||
return buildSummary(
|
return buildSummary(
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
|
|||||||
{
|
{
|
||||||
foundCurrentUser = true;
|
foundCurrentUser = true;
|
||||||
}
|
}
|
||||||
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
|
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
|
||||||
{
|
{
|
||||||
this.managers.add(userAuth);
|
this.managers.add(userAuth);
|
||||||
}
|
}
|
||||||
@@ -123,7 +123,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
|
|||||||
|
|
||||||
if (foundCurrentUser == false)
|
if (foundCurrentUser == false)
|
||||||
{
|
{
|
||||||
this.userGroupRoles.add(new UserGroupRole(currentUser, SandboxFactory.ROLE_CONTENT_MANAGER, null));
|
this.userGroupRoles.add(new UserGroupRole(currentUser, AVMConstants.ROLE_CONTENT_MANAGER, null));
|
||||||
this.managers.add(currentUser);
|
this.managers.add(currentUser);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -135,7 +135,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
|
|||||||
{
|
{
|
||||||
for (String userAuth : findNestedUserAuthorities(userRole.getAuthority()))
|
for (String userAuth : findNestedUserAuthorities(userRole.getAuthority()))
|
||||||
{
|
{
|
||||||
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
|
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
|
||||||
{
|
{
|
||||||
this.managers.add(userAuth);
|
this.managers.add(userAuth);
|
||||||
}
|
}
|
||||||
@@ -150,7 +150,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
|
|||||||
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
||||||
String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
||||||
|
|
||||||
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userrole) &&
|
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole) &&
|
||||||
this.managers.contains(username) == false)
|
this.managers.contains(username) == false)
|
||||||
{
|
{
|
||||||
this.managers.add(username);
|
this.managers.add(username);
|
||||||
@@ -266,7 +266,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
|
|||||||
if (foundCurrentUser == false)
|
if (foundCurrentUser == false)
|
||||||
{
|
{
|
||||||
buf.append(buildLabelForUserAuthorityRole(
|
buf.append(buildLabelForUserAuthorityRole(
|
||||||
currentUser, SandboxFactory.ROLE_CONTENT_MANAGER));
|
currentUser, AVMConstants.ROLE_CONTENT_MANAGER));
|
||||||
}
|
}
|
||||||
|
|
||||||
return buildSummary(
|
return buildSummary(
|
||||||
|
|||||||
@@ -20,15 +20,16 @@ import java.util.List;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import javax.faces.context.FacesContext;
|
import javax.faces.context.FacesContext;
|
||||||
|
|
||||||
import org.alfresco.config.JNDIConstants;
|
import org.alfresco.config.JNDIConstants;
|
||||||
import org.alfresco.repo.avm.AVMNodeConverter;
|
import org.alfresco.repo.avm.AVMNodeConverter;
|
||||||
import org.alfresco.repo.domain.PropertyValue;
|
import org.alfresco.repo.domain.PropertyValue;
|
||||||
|
import org.alfresco.service.ServiceRegistry;
|
||||||
import org.alfresco.service.cmr.avm.AVMService;
|
import org.alfresco.service.cmr.avm.AVMService;
|
||||||
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
|
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.service.namespace.QName;
|
import org.alfresco.service.namespace.QName;
|
||||||
import org.alfresco.service.ServiceRegistry;
|
|
||||||
import org.alfresco.util.GUID;
|
import org.alfresco.util.GUID;
|
||||||
import org.alfresco.web.bean.repository.Repository;
|
import org.alfresco.web.bean.repository.Repository;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
@@ -43,8 +44,6 @@ public final class SandboxFactory
|
|||||||
{
|
{
|
||||||
private static Log logger = LogFactory.getLog(SandboxFactory.class);
|
private static Log logger = LogFactory.getLog(SandboxFactory.class);
|
||||||
|
|
||||||
public static final String ROLE_CONTENT_MANAGER = "ContentManager";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Private constructor
|
* Private constructor
|
||||||
*/
|
*/
|
||||||
@@ -64,13 +63,11 @@ public final class SandboxFactory
|
|||||||
* DNS: .dns.<store> = <path-to-webapps-root>
|
* DNS: .dns.<store> = <path-to-webapps-root>
|
||||||
* Website Name: .website.name = website name
|
* Website Name: .website.name = website name
|
||||||
*
|
*
|
||||||
* @param storeId The store name to create the sandbox for
|
* @param storeId The store name to create the sandbox for
|
||||||
* @param webProjectNodeRef The noderef for the webproject.
|
* @param webProjectNodeRef The noderef for the webproject.
|
||||||
* @param managers The list of authorities who have ContentManager role in the website
|
|
||||||
*/
|
*/
|
||||||
public static SandboxInfo createStagingSandbox(final String storeId,
|
public static SandboxInfo createStagingSandbox(final String storeId,
|
||||||
final NodeRef webProjectNodeRef,
|
final NodeRef webProjectNodeRef)
|
||||||
final List<String> managers)
|
|
||||||
{
|
{
|
||||||
final ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance());
|
final ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance());
|
||||||
final AVMService avmService = services.getAVMService();
|
final AVMService avmService = services.getAVMService();
|
||||||
@@ -84,11 +81,10 @@ public final class SandboxFactory
|
|||||||
|
|
||||||
// create the system directories 'www' and 'avm_webapps'
|
// create the system directories 'www' and 'avm_webapps'
|
||||||
avmService.createDirectory(stagingStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW);
|
avmService.createDirectory(stagingStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW);
|
||||||
|
// apply READ permissions for all users
|
||||||
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(stagingStoreName));
|
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(stagingStoreName));
|
||||||
for (String manager : managers)
|
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
|
||||||
{
|
|
||||||
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
|
|
||||||
}
|
|
||||||
avmService.createDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
|
avmService.createDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
|
||||||
JNDIConstants.DIR_DEFAULT_APPBASE);
|
JNDIConstants.DIR_DEFAULT_APPBASE);
|
||||||
|
|
||||||
@@ -115,15 +111,12 @@ public final class SandboxFactory
|
|||||||
" above " + stagingStoreName);
|
" above " + stagingStoreName);
|
||||||
|
|
||||||
// create a layered directory pointing to 'www' in the staging area
|
// create a layered directory pointing to 'www' in the staging area
|
||||||
|
|
||||||
avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
|
avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
|
||||||
previewStoreName + ":/",
|
previewStoreName + ":/",
|
||||||
JNDIConstants.DIR_DEFAULT_WWW);
|
JNDIConstants.DIR_DEFAULT_WWW);
|
||||||
|
// apply READ permissions for all users
|
||||||
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
|
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
|
||||||
for (String manager : managers)
|
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
|
||||||
{
|
|
||||||
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
// tag the store with the store type
|
// tag the store with the store type
|
||||||
avmService.setStoreProperty(previewStoreName,
|
avmService.setStoreProperty(previewStoreName,
|
||||||
@@ -186,7 +179,7 @@ public final class SandboxFactory
|
|||||||
// create the user 'main' store
|
// create the user 'main' store
|
||||||
final String userStoreName = AVMConstants.buildUserMainStoreName(storeId, username);
|
final String userStoreName = AVMConstants.buildUserMainStoreName(storeId, username);
|
||||||
final String previewStoreName = AVMConstants.buildUserPreviewStoreName(storeId, username);
|
final String previewStoreName = AVMConstants.buildUserPreviewStoreName(storeId, username);
|
||||||
|
|
||||||
if (avmService.getStore(userStoreName) != null)
|
if (avmService.getStore(userStoreName) != null)
|
||||||
{
|
{
|
||||||
if (logger.isDebugEnabled())
|
if (logger.isDebugEnabled())
|
||||||
@@ -195,7 +188,7 @@ public final class SandboxFactory
|
|||||||
}
|
}
|
||||||
return new SandboxInfo( new String[] { userStoreName, previewStoreName } );
|
return new SandboxInfo( new String[] { userStoreName, previewStoreName } );
|
||||||
}
|
}
|
||||||
|
|
||||||
avmService.createStore(userStoreName);
|
avmService.createStore(userStoreName);
|
||||||
final String stagingStoreName = AVMConstants.buildStagingStoreName(storeId);
|
final String stagingStoreName = AVMConstants.buildStagingStoreName(storeId);
|
||||||
if (logger.isDebugEnabled())
|
if (logger.isDebugEnabled())
|
||||||
@@ -207,23 +200,26 @@ public final class SandboxFactory
|
|||||||
userStoreName + ":/",
|
userStoreName + ":/",
|
||||||
JNDIConstants.DIR_DEFAULT_WWW);
|
JNDIConstants.DIR_DEFAULT_WWW);
|
||||||
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(userStoreName));
|
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(userStoreName));
|
||||||
|
// apply the user role permissions to the sandbox
|
||||||
permissionService.setPermission(dirRef, username, role, true);
|
permissionService.setPermission(dirRef, username, role, true);
|
||||||
|
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
|
||||||
|
// apply the manager role permission for each manager in the web project
|
||||||
for (String manager : managers)
|
for (String manager : managers)
|
||||||
{
|
{
|
||||||
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
|
permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// tag the store with the store type
|
// tag the store with the store type
|
||||||
avmService.setStoreProperty(userStoreName,
|
avmService.setStoreProperty(userStoreName,
|
||||||
AVMConstants.PROP_SANDBOX_AUTHOR_MAIN,
|
AVMConstants.PROP_SANDBOX_AUTHOR_MAIN,
|
||||||
new PropertyValue(DataTypeDefinition.TEXT, null));
|
new PropertyValue(DataTypeDefinition.TEXT, null));
|
||||||
|
|
||||||
// tag the store with the base name of the website so that corresponding
|
// tag the store with the base name of the website so that corresponding
|
||||||
// staging areas can be found.
|
// staging areas can be found.
|
||||||
avmService.setStoreProperty(userStoreName,
|
avmService.setStoreProperty(userStoreName,
|
||||||
AVMConstants.PROP_WEBSITE_NAME,
|
AVMConstants.PROP_WEBSITE_NAME,
|
||||||
new PropertyValue(DataTypeDefinition.TEXT, storeId));
|
new PropertyValue(DataTypeDefinition.TEXT, storeId));
|
||||||
|
|
||||||
// tag the store, oddly enough, with its own store name for querying.
|
// tag the store, oddly enough, with its own store name for querying.
|
||||||
// when will the madness end.
|
// when will the madness end.
|
||||||
avmService.setStoreProperty(userStoreName,
|
avmService.setStoreProperty(userStoreName,
|
||||||
@@ -232,33 +228,36 @@ public final class SandboxFactory
|
|||||||
|
|
||||||
// tag the store with the DNS name property
|
// tag the store with the DNS name property
|
||||||
tagStoreDNSPath(avmService, userStoreName, storeId, username);
|
tagStoreDNSPath(avmService, userStoreName, storeId, username);
|
||||||
|
|
||||||
// snapshot the store
|
// snapshot the store
|
||||||
avmService.createSnapshot(userStoreName, null, null);
|
avmService.createSnapshot(userStoreName, null, null);
|
||||||
|
|
||||||
|
|
||||||
// create the user 'preview' store
|
// create the user 'preview' store
|
||||||
avmService.createStore(previewStoreName);
|
avmService.createStore(previewStoreName);
|
||||||
if (logger.isDebugEnabled())
|
if (logger.isDebugEnabled())
|
||||||
logger.debug("Created user preview sandbox store: " + previewStoreName +
|
logger.debug("Created user preview sandbox store: " + previewStoreName +
|
||||||
" above " + userStoreName);
|
" above " + userStoreName);
|
||||||
|
|
||||||
// create a layered directory pointing to 'www' in the user 'main' store
|
// create a layered directory pointing to 'www' in the user 'main' store
|
||||||
avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(userStoreName),
|
avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(userStoreName),
|
||||||
previewStoreName + ":/",
|
previewStoreName + ":/",
|
||||||
JNDIConstants.DIR_DEFAULT_WWW);
|
JNDIConstants.DIR_DEFAULT_WWW);
|
||||||
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
|
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
|
||||||
|
// apply the user role permissions to the sandbox
|
||||||
permissionService.setPermission(dirRef, username, role, true);
|
permissionService.setPermission(dirRef, username, role, true);
|
||||||
|
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
|
||||||
|
// apply the manager role permission for each manager in the web project
|
||||||
for (String manager : managers)
|
for (String manager : managers)
|
||||||
{
|
{
|
||||||
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
|
permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// tag the store with the store type
|
// tag the store with the store type
|
||||||
avmService.setStoreProperty(previewStoreName,
|
avmService.setStoreProperty(previewStoreName,
|
||||||
AVMConstants.PROP_SANDBOX_AUTHOR_PREVIEW,
|
AVMConstants.PROP_SANDBOX_AUTHOR_PREVIEW,
|
||||||
new PropertyValue(DataTypeDefinition.TEXT, null));
|
new PropertyValue(DataTypeDefinition.TEXT, null));
|
||||||
|
|
||||||
// tag the store with its own store name for querying.
|
// tag the store with its own store name for querying.
|
||||||
avmService.setStoreProperty(previewStoreName,
|
avmService.setStoreProperty(previewStoreName,
|
||||||
QName.createQName(null, AVMConstants.PROP_SANDBOX_STORE_PREFIX + previewStoreName),
|
QName.createQName(null, AVMConstants.PROP_SANDBOX_STORE_PREFIX + previewStoreName),
|
||||||
@@ -266,7 +265,7 @@ public final class SandboxFactory
|
|||||||
|
|
||||||
// tag the store with the DNS name property
|
// tag the store with the DNS name property
|
||||||
tagStoreDNSPath(avmService, previewStoreName, storeId, username, "preview");
|
tagStoreDNSPath(avmService, previewStoreName, storeId, username, "preview");
|
||||||
|
|
||||||
// snapshot the store
|
// snapshot the store
|
||||||
avmService.createSnapshot(previewStoreName, null, null);
|
avmService.createSnapshot(previewStoreName, null, null);
|
||||||
|
|
||||||
@@ -289,11 +288,7 @@ public final class SandboxFactory
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a user sandbox for the named store.
|
* Create a workflow sandbox for the named store.
|
||||||
*
|
|
||||||
* A user sandbox is comprised of two stores, the first
|
|
||||||
* named 'storename--username' layered over the staging store with a preview store
|
|
||||||
* named 'storename--username--preview' layered over the main store.
|
|
||||||
*
|
*
|
||||||
* Various store meta-data properties are set including:
|
* Various store meta-data properties are set including:
|
||||||
* Identifier for store-types: .sandbox.author.main and .sandbox.author.preview
|
* Identifier for store-types: .sandbox.author.main and .sandbox.author.preview
|
||||||
|
|||||||
@@ -163,9 +163,6 @@ public class WebProject
|
|||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
/** Content Manager role name */
|
|
||||||
private static final String ROLE_CONTENT_MANAGER = "ContentManager";
|
|
||||||
|
|
||||||
private final NodeRef nodeRef;
|
private final NodeRef nodeRef;
|
||||||
|
|
||||||
public WebProject(final NodeRef nodeRef)
|
public WebProject(final NodeRef nodeRef)
|
||||||
@@ -268,7 +265,7 @@ public class WebProject
|
|||||||
final NodeRef userInfoRef = ref.getChildRef();
|
final NodeRef userInfoRef = ref.getChildRef();
|
||||||
final String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
final String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
||||||
final String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
final String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
||||||
if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole))
|
if (currentUser.equals(username) && AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole))
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -34,7 +34,6 @@ import javax.faces.context.ResponseWriter;
|
|||||||
import javax.faces.el.ValueBinding;
|
import javax.faces.el.ValueBinding;
|
||||||
import javax.transaction.UserTransaction;
|
import javax.transaction.UserTransaction;
|
||||||
|
|
||||||
import org.alfresco.model.ContentModel;
|
|
||||||
import org.alfresco.model.WCMAppModel;
|
import org.alfresco.model.WCMAppModel;
|
||||||
import org.alfresco.repo.avm.AVMNodeConverter;
|
import org.alfresco.repo.avm.AVMNodeConverter;
|
||||||
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
|
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
|
||||||
@@ -52,7 +51,6 @@ import org.alfresco.web.app.Application;
|
|||||||
import org.alfresco.web.app.servlet.DownloadContentServlet;
|
import org.alfresco.web.app.servlet.DownloadContentServlet;
|
||||||
import org.alfresco.web.bean.BrowseBean;
|
import org.alfresco.web.bean.BrowseBean;
|
||||||
import org.alfresco.web.bean.repository.Repository;
|
import org.alfresco.web.bean.repository.Repository;
|
||||||
import org.alfresco.web.bean.repository.User;
|
|
||||||
import org.alfresco.web.bean.wcm.AVMConstants;
|
import org.alfresco.web.bean.wcm.AVMConstants;
|
||||||
import org.alfresco.web.bean.wcm.AVMNode;
|
import org.alfresco.web.bean.wcm.AVMNode;
|
||||||
import org.alfresco.web.bean.wcm.WebProject;
|
import org.alfresco.web.bean.wcm.WebProject;
|
||||||
@@ -111,9 +109,6 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
private static final String MSG_NO_MODIFIED_ITEMS = "sandbox_no_modified_items";
|
private static final String MSG_NO_MODIFIED_ITEMS = "sandbox_no_modified_items";
|
||||||
private static final String MSG_NO_WEB_FORMS = "sandbox_no_web_forms";
|
private static final String MSG_NO_WEB_FORMS = "sandbox_no_web_forms";
|
||||||
|
|
||||||
/** Content Manager role name */
|
|
||||||
private static final String ROLE_CONTENT_MANAGER = "ContentManager";
|
|
||||||
|
|
||||||
private static final String REQUEST_FORM_REF = "formref";
|
private static final String REQUEST_FORM_REF = "formref";
|
||||||
private static final String REQUEST_PREVIEW_REF = "prevhref";
|
private static final String REQUEST_PREVIEW_REF = "prevhref";
|
||||||
|
|
||||||
@@ -266,7 +261,6 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
ResourceBundle bundle = Application.getBundle(context);
|
ResourceBundle bundle = Application.getBundle(context);
|
||||||
AVMService avmService = getAVMService(context);
|
AVMService avmService = getAVMService(context);
|
||||||
NodeService nodeService = getNodeService(context);
|
NodeService nodeService = getNodeService(context);
|
||||||
PermissionService permissionService = getPermissionService(context);
|
|
||||||
UserTransaction tx = null;
|
UserTransaction tx = null;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@@ -280,8 +274,9 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
}
|
}
|
||||||
String storeRoot = (String)nodeService.getProperty(websiteRef, WCMAppModel.PROP_AVMSTORE);
|
String storeRoot = (String)nodeService.getProperty(websiteRef, WCMAppModel.PROP_AVMSTORE);
|
||||||
|
|
||||||
// find out if this user is a Content Manager
|
// find out the current user role in the web project
|
||||||
boolean isManager = isManagerRole(context, nodeService, websiteRef);
|
String currentUserName = Application.getCurrentUser(context).getUserName();
|
||||||
|
String currentUserRole = getWebProjectUserRole(currentUserName, nodeService, websiteRef);
|
||||||
|
|
||||||
// get the list of users who have a sandbox in the website
|
// get the list of users who have a sandbox in the website
|
||||||
int index = 0;
|
int index = 0;
|
||||||
@@ -305,10 +300,10 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
{
|
{
|
||||||
// check the permissions on this store for the current user
|
// check the permissions on this store for the current user
|
||||||
if (logger.isDebugEnabled())
|
if (logger.isDebugEnabled())
|
||||||
logger.debug("Checking user permissions for store: " + mainStore);
|
logger.debug("Checking user role to view store: " + mainStore);
|
||||||
if (permissionService.hasPermission(
|
if (currentUserName.equals(username) ||
|
||||||
AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(mainStore)),
|
AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole) ||
|
||||||
PermissionService.READ) == AccessStatus.ALLOWED)
|
AVMConstants.ROLE_CONTENT_PUBLISHER.equals(currentUserRole))
|
||||||
{
|
{
|
||||||
if (logger.isDebugEnabled())
|
if (logger.isDebugEnabled())
|
||||||
logger.debug("Building sandbox view for user store: " + mainStore);
|
logger.debug("Building sandbox view for user store: " + mainStore);
|
||||||
@@ -365,7 +360,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
"#{AVMBrowseBean.setupAllItemsAction}", "dialog:revertAllItems"));
|
"#{AVMBrowseBean.setupAllItemsAction}", "dialog:revertAllItems"));
|
||||||
out.write(" ");
|
out.write(" ");
|
||||||
|
|
||||||
if (isManager)
|
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole))
|
||||||
{
|
{
|
||||||
Utils.encodeRecursive(context, aquireAction(
|
Utils.encodeRecursive(context, aquireAction(
|
||||||
context, mainStore, username, ACT_REMOVE_SANDBOX, "/images/icons/delete_sandbox.gif",
|
context, mainStore, username, ACT_REMOVE_SANDBOX, "/images/icons/delete_sandbox.gif",
|
||||||
@@ -440,30 +435,27 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return true if the current user is a Content Manager, false otherwise
|
* @return the role of this user in the current Web Project, or null for no assigned role
|
||||||
*/
|
*/
|
||||||
private static boolean isManagerRole(FacesContext context, NodeService nodeService, NodeRef websiteRef)
|
private static String getWebProjectUserRole(String currentUser, NodeService nodeService, NodeRef websiteRef)
|
||||||
{
|
{
|
||||||
User user = Application.getCurrentUser(context);
|
String userrole = null;
|
||||||
boolean isManager = user.isAdmin();
|
|
||||||
if (isManager == false)
|
List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(
|
||||||
|
websiteRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
|
||||||
|
for (ChildAssociationRef ref : userInfoRefs)
|
||||||
{
|
{
|
||||||
String currentUser = user.getUserName();
|
NodeRef userInfoRef = ref.getChildRef();
|
||||||
List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(
|
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
||||||
websiteRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
|
String role = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
||||||
for (ChildAssociationRef ref : userInfoRefs)
|
if (currentUser.equals(username))
|
||||||
{
|
{
|
||||||
NodeRef userInfoRef = ref.getChildRef();
|
userrole = role;
|
||||||
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
|
break;
|
||||||
String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
|
|
||||||
if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole))
|
|
||||||
{
|
|
||||||
isManager = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return isManager;
|
|
||||||
|
return userrole;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -483,6 +475,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
{
|
{
|
||||||
AVMSyncService avmSyncService = getAVMSyncService(fc);
|
AVMSyncService avmSyncService = getAVMSyncService(fc);
|
||||||
AVMService avmService = getAVMService(fc);
|
AVMService avmService = getAVMService(fc);
|
||||||
|
PermissionService permissionService = getPermissionService(fc);
|
||||||
|
|
||||||
DateFormat df = Utils.getDateTimeFormat(fc);
|
DateFormat df = Utils.getDateTimeFormat(fc);
|
||||||
ResourceBundle bundle = Application.getBundle(fc);
|
ResourceBundle bundle = Application.getBundle(fc);
|
||||||
@@ -680,13 +673,18 @@ public class UIUserSandboxes extends SelfRenderingComponent
|
|||||||
out.write("<tr><td colspan=8>");
|
out.write("<tr><td colspan=8>");
|
||||||
out.write(bundle.getString(MSG_SELECTED));
|
out.write(bundle.getString(MSG_SELECTED));
|
||||||
out.write(": ");
|
out.write(": ");
|
||||||
Utils.encodeRecursive(fc, aquireAction(
|
if (permissionService.hasPermission(
|
||||||
fc, userStore, username, ACT_SANDBOX_SUBMITSELECTED, "/images/icons/submit_all.gif",
|
AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(userStore)),
|
||||||
"#{AVMBrowseBean.setupSandboxAction}", "dialog:submitSandboxItems"));
|
PermissionService.WRITE) == AccessStatus.ALLOWED)
|
||||||
out.write(" ");
|
{
|
||||||
Utils.encodeRecursive(fc, aquireAction(
|
Utils.encodeRecursive(fc, aquireAction(
|
||||||
fc, userStore, username, ACT_SANDBOX_REVERTSELECTED, "/images/icons/revert_all.gif",
|
fc, userStore, username, ACT_SANDBOX_SUBMITSELECTED, "/images/icons/submit_all.gif",
|
||||||
"#{AVMBrowseBean.setupSandboxAction}", "dialog:revertSelectedItems"));
|
"#{AVMBrowseBean.setupSandboxAction}", "dialog:submitSandboxItems"));
|
||||||
|
out.write(" ");
|
||||||
|
Utils.encodeRecursive(fc, aquireAction(
|
||||||
|
fc, userStore, username, ACT_SANDBOX_REVERTSELECTED, "/images/icons/revert_all.gif",
|
||||||
|
"#{AVMBrowseBean.setupSandboxAction}", "dialog:revertSelectedItems"));
|
||||||
|
}
|
||||||
out.write("</td></tr>");
|
out.write("</td></tr>");
|
||||||
|
|
||||||
// end table
|
// end table
|
||||||
|
|||||||
Reference in New Issue
Block a user