inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

. WCM role and permissions fixes

Browse Source 
- All users can now Read/Browse content in the Staging Area
 - None of the user roles (including Content Managers!) can create/edit/delete directly in the Staging Area
    - The only exception to this rule is the system admin user - who can do anything anywhere in the app…
 - Content Publisher roles can now view other users sandboxes - but in Read mode only
 - http://issues.alfresco.com/browse/WCM-211

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4803 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2007-01-12 11:21:16 +00:00
parent 0b0f1da94f
commit ee824633b7
7 changed files with 80 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/alfresco/web-client-config-wcm-actions.xml
View File

@@ -80,7 +80,7 @@
<!-- Submit AVM node -->
<action id="submit">
<permissions>
<permission allow="true">Read</permission>
<permission allow="true">Write</permission>
</permissions>
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
<label-id>submit</label-id>
@@ -95,7 +95,7 @@
<!-- Revert AVM node -->
<action id="revert">
<permissions>
<permission allow="true">Read</permission>
<permission allow="true">Write</permission>
</permissions>
<evaluator>org.alfresco.web.action.evaluator.WCMWorkflowEvaluator</evaluator>
<label-id>revert</label-id>

4
source/java/org/alfresco/web/bean/wcm/AVMConstants.java
View File

@@ -751,6 +751,10 @@ public final class AVMConstants
public final static String SPACE_ICON_WEBSITE = "space-icon-website";
// web user role permissions
public final static String ROLE_CONTENT_MANAGER = "ContentManager";
public final static String ROLE_CONTENT_PUBLISHER = "ContentPublisher";
// virtualisation server MBean registry
private static final String BEAN_VIRT_SERVER_REGISTRY = "VirtServerRegistry";

7
source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
View File

@@ -182,14 +182,13 @@ public class CreateWebsiteWizard extends BaseWizardBean
if (outcome != null)
{
// create the AVM staging store to represent the newly created location website
SandboxFactory.createStagingSandbox(avmStore, nodeRef, wiz.getManagers());
SandboxFactory.createStagingSandbox(avmStore, nodeRef);
// create the default webapp folder under the hidden system folders
final String stagingStore = AVMConstants.buildStagingStoreName(avmStore);
final String stagingStoreRoot = AVMConstants.buildSandboxRootPath(stagingStore);
this.avmService.createDirectory(stagingStoreRoot, webapp);
this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot,
webapp),
this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot, webapp),
WCMAppModel.ASPECT_WEBAPP);
// set the property on the node to reference the root AVM store
@@ -453,7 +452,7 @@ public class CreateWebsiteWizard extends BaseWizardBean
if (foundCurrentUser == false)
{
buf.append(getInviteUsersWizard().buildLabelForUserAuthorityRole(
currentUser, SandboxFactory.ROLE_CONTENT_MANAGER));
currentUser, AVMConstants.ROLE_CONTENT_MANAGER));
}
return buildSummary(

10
source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
View File

@@ -114,7 +114,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
{
foundCurrentUser = true;
}
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
{
this.managers.add(userAuth);
}
@@ -123,7 +123,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
if (foundCurrentUser == false)
{
this.userGroupRoles.add(new UserGroupRole(currentUser, SandboxFactory.ROLE_CONTENT_MANAGER, null));
this.userGroupRoles.add(new UserGroupRole(currentUser, AVMConstants.ROLE_CONTENT_MANAGER, null));
this.managers.add(currentUser);
}
}
@@ -135,7 +135,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
{
for (String userAuth : findNestedUserAuthorities(userRole.getAuthority()))
{
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole()))
{
this.managers.add(userAuth);
}
@@ -150,7 +150,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userrole) &&
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole) &&
this.managers.contains(username) == false)
{
this.managers.add(username);
@@ -266,7 +266,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
if (foundCurrentUser == false)
{
buf.append(buildLabelForUserAuthorityRole(
currentUser, SandboxFactory.ROLE_CONTENT_MANAGER));
currentUser, AVMConstants.ROLE_CONTENT_MANAGER));
}
return buildSummary(

39
source/java/org/alfresco/web/bean/wcm/SandboxFactory.java
View File

@@ -20,15 +20,16 @@ import java.util.List;
import java.util.Map;
import javax.faces.context.FacesContext;
import org.alfresco.config.JNDIConstants;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.domain.PropertyValue;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.util.GUID;
import org.alfresco.web.bean.repository.Repository;
import org.apache.commons.logging.Log;
@@ -43,8 +44,6 @@ public final class SandboxFactory
{
private static Log logger = LogFactory.getLog(SandboxFactory.class);
public static final String ROLE_CONTENT_MANAGER = "ContentManager";
/**
* Private constructor
*/
@@ -66,11 +65,9 @@ public final class SandboxFactory
*
* @param storeId The store name to create the sandbox for
* @param webProjectNodeRef The noderef for the webproject.
* @param managers The list of authorities who have ContentManager role in the website
*/
public static SandboxInfo createStagingSandbox(final String storeId,
final NodeRef webProjectNodeRef,
final List<String> managers)
final NodeRef webProjectNodeRef)
{
final ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance());
final AVMService avmService = services.getAVMService();
@@ -84,11 +81,10 @@ public final class SandboxFactory
// create the system directories 'www' and 'avm_webapps'
avmService.createDirectory(stagingStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW);
// apply READ permissions for all users
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(stagingStoreName));
for (String manager : managers)
{
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
}
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
avmService.createDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
JNDIConstants.DIR_DEFAULT_APPBASE);
@@ -115,15 +111,12 @@ public final class SandboxFactory
" above " + stagingStoreName);
// create a layered directory pointing to 'www' in the staging area
avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(stagingStoreName),
previewStoreName + ":/",
JNDIConstants.DIR_DEFAULT_WWW);
// apply READ permissions for all users
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
for (String manager : managers)
{
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
}
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
// tag the store with the store type
avmService.setStoreProperty(previewStoreName,
@@ -207,10 +200,13 @@ public final class SandboxFactory
userStoreName + ":/",
JNDIConstants.DIR_DEFAULT_WWW);
NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(userStoreName));
// apply the user role permissions to the sandbox
permissionService.setPermission(dirRef, username, role, true);
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
// apply the manager role permission for each manager in the web project
for (String manager : managers)
{
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true);
}
// tag the store with the store type
@@ -248,10 +244,13 @@ public final class SandboxFactory
previewStoreName + ":/",
JNDIConstants.DIR_DEFAULT_WWW);
dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName));
// apply the user role permissions to the sandbox
permissionService.setPermission(dirRef, username, role, true);
permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
// apply the manager role permission for each manager in the web project
for (String manager : managers)
{
permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true);
permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true);
}
// tag the store with the store type
@@ -289,11 +288,7 @@ public final class SandboxFactory
}
/**
* Create a user sandbox for the named store.
*
* A user sandbox is comprised of two stores, the first
* named 'storename--username' layered over the staging store with a preview store
* named 'storename--username--preview' layered over the main store.
* Create a workflow sandbox for the named store.
*
* Various store meta-data properties are set including:
* Identifier for store-types: .sandbox.author.main and .sandbox.author.preview

5
source/java/org/alfresco/web/bean/wcm/WebProject.java
View File

@@ -163,9 +163,6 @@ public class WebProject
/////////////////////////////////////////////////////////////////////////////
/** Content Manager role name */
private static final String ROLE_CONTENT_MANAGER = "ContentManager";
private final NodeRef nodeRef;
public WebProject(final NodeRef nodeRef)
@@ -268,7 +265,7 @@ public class WebProject
final NodeRef userInfoRef = ref.getChildRef();
final String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
final String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole))
if (currentUser.equals(username) && AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole))
{
return true;
}

48
source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java
View File

@@ -34,7 +34,6 @@ import javax.faces.context.ResponseWriter;
import javax.faces.el.ValueBinding;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
@@ -52,7 +51,6 @@ import org.alfresco.web.app.Application;
import org.alfresco.web.app.servlet.DownloadContentServlet;
import org.alfresco.web.bean.BrowseBean;
import org.alfresco.web.bean.repository.Repository;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.bean.wcm.AVMConstants;
import org.alfresco.web.bean.wcm.AVMNode;
import org.alfresco.web.bean.wcm.WebProject;
@@ -111,9 +109,6 @@ public class UIUserSandboxes extends SelfRenderingComponent
private static final String MSG_NO_MODIFIED_ITEMS = "sandbox_no_modified_items";
private static final String MSG_NO_WEB_FORMS = "sandbox_no_web_forms";
/** Content Manager role name */
private static final String ROLE_CONTENT_MANAGER = "ContentManager";
private static final String REQUEST_FORM_REF = "formref";
private static final String REQUEST_PREVIEW_REF = "prevhref";
@@ -266,7 +261,6 @@ public class UIUserSandboxes extends SelfRenderingComponent
ResourceBundle bundle = Application.getBundle(context);
AVMService avmService = getAVMService(context);
NodeService nodeService = getNodeService(context);
PermissionService permissionService = getPermissionService(context);
UserTransaction tx = null;
try
{
@@ -280,8 +274,9 @@ public class UIUserSandboxes extends SelfRenderingComponent
}
String storeRoot = (String)nodeService.getProperty(websiteRef, WCMAppModel.PROP_AVMSTORE);
// find out if this user is a Content Manager
boolean isManager = isManagerRole(context, nodeService, websiteRef);
// find out the current user role in the web project
String currentUserName = Application.getCurrentUser(context).getUserName();
String currentUserRole = getWebProjectUserRole(currentUserName, nodeService, websiteRef);
// get the list of users who have a sandbox in the website
int index = 0;
@@ -305,10 +300,10 @@ public class UIUserSandboxes extends SelfRenderingComponent
{
// check the permissions on this store for the current user
if (logger.isDebugEnabled())
logger.debug("Checking user permissions for store: " + mainStore);
if (permissionService.hasPermission(
AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(mainStore)),
PermissionService.READ) == AccessStatus.ALLOWED)
logger.debug("Checking user role to view store: " + mainStore);
if (currentUserName.equals(username) ||
AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole) ||
AVMConstants.ROLE_CONTENT_PUBLISHER.equals(currentUserRole))
{
if (logger.isDebugEnabled())
logger.debug("Building sandbox view for user store: " + mainStore);
@@ -365,7 +360,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
"#{AVMBrowseBean.setupAllItemsAction}", "dialog:revertAllItems"));
out.write("&nbsp;&nbsp;");
if (isManager)
if (AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole))
{
Utils.encodeRecursive(context, aquireAction(
context, mainStore, username, ACT_REMOVE_SANDBOX, "/images/icons/delete_sandbox.gif",
@@ -440,30 +435,27 @@ public class UIUserSandboxes extends SelfRenderingComponent
}
/**
* @return true if the current user is a Content Manager, false otherwise
* @return the role of this user in the current Web Project, or null for no assigned role
*/
private static boolean isManagerRole(FacesContext context, NodeService nodeService, NodeRef websiteRef)
private static String getWebProjectUserRole(String currentUser, NodeService nodeService, NodeRef websiteRef)
{
User user = Application.getCurrentUser(context);
boolean isManager = user.isAdmin();
if (isManager == false)
{
String currentUser = user.getUserName();
String userrole = null;
List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(
websiteRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef ref : userInfoRefs)
{
NodeRef userInfoRef = ref.getChildRef();
String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME);
String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole))
String role = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE);
if (currentUser.equals(username))
{
isManager = true;
userrole = role;
break;
}
}
}
return isManager;
return userrole;
}
/**
@@ -483,6 +475,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
{
AVMSyncService avmSyncService = getAVMSyncService(fc);
AVMService avmService = getAVMService(fc);
PermissionService permissionService = getPermissionService(fc);
DateFormat df = Utils.getDateTimeFormat(fc);
ResourceBundle bundle = Application.getBundle(fc);
@@ -680,6 +673,10 @@ public class UIUserSandboxes extends SelfRenderingComponent
out.write("<tr><td colspan=8>");
out.write(bundle.getString(MSG_SELECTED));
out.write(":&nbsp;&nbsp;");
if (permissionService.hasPermission(
AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(userStore)),
PermissionService.WRITE) == AccessStatus.ALLOWED)
{
Utils.encodeRecursive(fc, aquireAction(
fc, userStore, username, ACT_SANDBOX_SUBMITSELECTED, "/images/icons/submit_all.gif",
"#{AVMBrowseBean.setupSandboxAction}", "dialog:submitSandboxItems"));
@@ -687,6 +684,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
Utils.encodeRecursive(fc, aquireAction(
fc, userStore, username, ACT_SANDBOX_REVERTSELECTED, "/images/icons/revert_all.gif",
"#{AVMBrowseBean.setupSandboxAction}", "dialog:revertSelectedItems"));
}
out.write("</td></tr>");
// end table