taylor 2002/12/11 19:17:50
Modified: src/java/org/apache/jetspeed/modules/actions/portlets
CustomizeSetAction.java
src/java/org/apache/jetspeed/portal/security/portlets
PortletWrapper.java
Log:
bug fix 15000, passed on security ref to reference from referred portlets set
Revision Changes Path
1.35 +53 -4
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java
Index: CustomizeSetAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- CustomizeSetAction.java 14 Nov 2002 20:21:51 -0000 1.34
+++ CustomizeSetAction.java 12 Dec 2002 03:17:50 -0000 1.35
@@ -68,6 +68,8 @@
import org.apache.jetspeed.om.BaseSecurityReference;
import org.apache.jetspeed.om.SecurityReference;
import org.apache.jetspeed.om.profile.Profile;
+import org.apache.jetspeed.om.profile.ProfileLocator;
+import org.apache.jetspeed.om.profile.ProfileException;
import org.apache.jetspeed.om.profile.QueryLocator;
import org.apache.jetspeed.om.registry.RegistryEntry;
import org.apache.jetspeed.om.registry.PortletEntry;
@@ -87,6 +89,7 @@
import org.apache.jetspeed.om.profile.psml.PsmlController;
import org.apache.jetspeed.om.profile.Control;
import org.apache.jetspeed.om.profile.psml.PsmlControl;
+import org.apache.jetspeed.om.profile.PSMLDocument;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.services.idgenerator.JetspeedIdGenerator;
import org.apache.jetspeed.services.JetspeedSecurity;
@@ -707,13 +710,59 @@
for (int i = 0; i < refNames.length; i++)
{
- Reference ref = new PsmlReference();
- ref.setPath(refNames[i]);
- portlets.addReference(ref);
+ SecurityReference sref = getSecurityReference(rundata, refNames[i]);
+ if (sref != null)
+ {
+ Reference ref = new PsmlReference();
+ ref.setPath(refNames[i]);
+ ref.setSecurityRef(sref);
+ portlets.addReference(ref);
+ }
}
}
SessionState customizationState = ((JetspeedRunData)
rundata).getPageSessionState();
customizationState.setAttribute("customize-mode", "layout");
+ }
+
+ /**
+ * Get the security reference from the outer portlet set
+ *
+ * @param path the psml locator path
+ * @return the security reference of the referenced resource
+ */
+ protected SecurityReference getSecurityReference(RunData rundata, String path)
+ {
+ try
+ {
+ ProfileLocator locator = Profiler.createLocator();
+ locator.createFromPath(path);
+ Profile profile = Profiler.getProfile(locator);
+ if (profile != null)
+ {
+ PSMLDocument doc = profile.getDocument();
+ if (doc != null)
+ {
+ Portlets rootSet = doc.getPortlets();
+ /*
+ There is no way to do a check on a Portlets element, only a
Entry element.
+ This can easily be added, but Im just under a release right now
and it
+ could be perceived as too destabilizing -- david
+
+ if (JetspeedSecurity.checkPermission((JetspeedUser)
rundata.getUser(),
+ rootSet,
+
JetspeedSecurity.PERMISSION_VIEW))
+ {
+ */
+ return rootSet.getSecurityRef();
+ // }
+ }
+ }
+ }
+ catch (ProfileException e)
+ {
+ Log.error(e);
+ }
+ return null;
}
/** Sets the metainfo for this entry */
1.15 +12 -9
jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/PortletWrapper.java
Index: PortletWrapper.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/PortletWrapper.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- PortletWrapper.java 27 Sep 2002 19:54:27 -0000 1.14
+++ PortletWrapper.java 12 Dec 2002 03:17:50 -0000 1.15
@@ -231,7 +231,7 @@
*/
public boolean getAllowEdit(RunData rundata)
{
- return checkPermission(rundata, JetspeedSecurity.PERMISSION_INFO);
+ return checkPermission(rundata, JetspeedSecurity.PERMISSION_CUSTOMIZE);
}
/**
@@ -308,13 +308,16 @@
portalResource.setOwner(null);
}
- Log.debug("checking for Portlet permission: "
- + permissionName
- + " for portlet: "
- + wrappedPortlet.getName()
- + " Owner = "
- + portalResource.getOwner());
-
+ if (Log.getLogger().isDebugEnabled())
+ {
+ Log.debug("checking for Portlet permission: "
+ + permissionName
+ + " for portlet: "
+ + wrappedPortlet.getName()
+ + " Owner = "
+ + portalResource.getOwner());
+ }
+
return JetspeedSecurity.checkPermission((JetspeedUser) rundata.getUser(),
portalResource,
permissionName);
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
