Author: taylor
Date: Fri Jan 15 01:11:59 2016
New Revision: 1724715
URL: http://svn.apache.org/viewvc?rev=1724715&view=rev
Log:
fixing backward compatibility issue with migrating from version 2.1.3, which
allowed more lenient delegated security assignments. Note this feature should
be turned off by default
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1724715&r1=1724714&r2=1724715&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Fri Jan 15 01:11:59 2016
@@ -689,7 +689,7 @@ public class JetspeedPrincipalManagement
final String requiredRole = preferences.getValue(REQUIRED_ROLE,
"");
final String defaultProfile = preferences.getValue(DEFAULT_PROFILE
,"");
final String defaultSubsite = preferences.getValue(DEFAULT_SUBSITE
,"");
- final String templateFolder =
preferences.getValue(NEW_USER_TEMPLATE_DIR, "/_user/template/");
+ final String templateFolder =
preferences.getValue(NEW_USER_TEMPLATE_DIR, "");
final String subsiteRoot = preferences.getValue(SUB_SITE_ROOT,"");
profilingRule = defaultProfile.toString();
@@ -1593,6 +1593,7 @@ public class JetspeedPrincipalManagement
protected boolean associationsFrom;
protected boolean admin;
+ protected boolean allowDelegateRoles = false;
protected boolean modificationAllowed = true;
/**
@@ -1657,7 +1658,8 @@ public class JetspeedPrincipalManagement
this.associationType = AssociationType;
associationName = AssociationType.getAssociationName();
final String assoctionName = AssociationType.getAssociationName();
- String adminRole =
getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ String adminRole =
getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ allowDelegateRoles =
getServiceLocator().getPortalConfiguration().getBoolean(PortalConfigurationConstants.ALLOW_DELEGATE_ASSIGN_ROLES,
false);
admin = getPortletRequest().isUserInRole(adminRole);
if (!admin &&
!principal.getType().getName().equals(JetspeedPrincipalType.USER))
{
@@ -1849,7 +1851,7 @@ public class JetspeedPrincipalManagement
}
}
}
- if (names.size() > 0 && !admin)
+ if (names.size() > 0 && !admin && !allowDelegateRoles)
{
// restrict creating new associations to only those the user
itself belongs to
String jptName = associationsFrom ?
associationType.getToPrincipalType().getName() :
associationType.getFromPrincipalType().getName();
@@ -1885,6 +1887,17 @@ public class JetspeedPrincipalManagement
}
}
}
+ else if (!admin && allowDelegateRoles &&
associationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.ROLE))
{
+ // never allow admin role to delegates
+ String adminRole =
getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
+ for (int index = names.size() - 1; index > -1; index--) {
+ JetspeedPrincipal listPrincipal = (JetspeedPrincipal)
names.get(index);
+ if (listPrincipal.getName().equals(adminRole)) {
+ names.remove(index);
+ break;
+ }
+ }
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
