All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.opencms.ui.dialogs.permissions.CmsPermissionDialog Maven / Gradle / Ivy

Go to download

OpenCms is an enterprise-ready, easy to use website content management system based on Java and XML technology. Offering a complete set of features, OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.

There is a newer version: 18.0
Show newest version
/*
 * This library is part of OpenCms -
 * the Open Source Content Management System
 *
 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * For further information about Alkacon Software, please see the
 * company website: http://www.alkacon.com
 *
 * For further information about OpenCms, please see the
 * project website: http://www.opencms.org
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package org.opencms.ui.dialogs.permissions;

import org.opencms.file.CmsObject;
import org.opencms.file.CmsResource;
import org.opencms.file.CmsResourceFilter;
import org.opencms.file.CmsUser;
import org.opencms.lock.CmsLockActionRecord;
import org.opencms.lock.CmsLockActionRecord.LockChange;
import org.opencms.lock.CmsLockException;
import org.opencms.lock.CmsLockUtil;
import org.opencms.main.CmsException;
import org.opencms.main.CmsLog;
import org.opencms.security.CmsAccessControlEntry;
import org.opencms.security.CmsAccessControlList;
import org.opencms.security.CmsPermissionSet;
import org.opencms.security.CmsPrincipal;
import org.opencms.security.CmsRole;
import org.opencms.security.I_CmsPrincipal;
import org.opencms.ui.CmsVaadinUtils;
import org.opencms.ui.I_CmsDialogContext;
import org.opencms.ui.components.CmsBasicDialog;
import org.opencms.ui.components.CmsOkCancelActionHandler;
import org.opencms.ui.contextmenu.CmsStandardVisibilityCheck;
import org.opencms.ui.dialogs.permissions.CmsPermissionView.PermissionChangeHandler;
import org.opencms.ui.dialogs.permissions.CmsPrincipalSelect.PrincipalSelectHandler;
import org.opencms.util.CmsStringUtil;
import org.opencms.util.CmsUUID;
import org.opencms.workplace.CmsWorkplace;
import org.opencms.workplace.commons.Messages;
import org.opencms.workplace.explorer.CmsResourceUtil;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import org.apache.commons.logging.Log;

import com.vaadin.ui.Accordion;
import com.vaadin.ui.Button;
import com.vaadin.ui.Button.ClickEvent;
import com.vaadin.ui.Button.ClickListener;
import com.vaadin.ui.Component;
import com.vaadin.ui.TabSheet.SelectedTabChangeEvent;
import com.vaadin.ui.TabSheet.SelectedTabChangeListener;
import com.vaadin.ui.VerticalLayout;

/**
 * The permission dialog.

*/ public class CmsPermissionDialog extends CmsBasicDialog implements PermissionChangeHandler, PrincipalSelectHandler { /** The possible types of new access control entries. */ protected static final String[] PRINCIPAL_TYPES = { I_CmsPrincipal.PRINCIPAL_GROUP, I_CmsPrincipal.PRINCIPAL_USER, CmsRole.PRINCIPAL_ROLE, CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME, CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME}; /** The possible type values of access control entries. */ protected static final int[] PRINCIPAL_TYPES_INT = { CmsAccessControlEntry.ACCESS_FLAGS_GROUP, CmsAccessControlEntry.ACCESS_FLAGS_USER, CmsAccessControlEntry.ACCESS_FLAGS_ROLE, CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS, CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL}; /** The logger instance for this class. */ private static final Log LOG = CmsLog.getLog(CmsPermissionDialog.class); /** The serial version id. */ private static final long serialVersionUID = 2397141190651779325L; /** The permission view accordion. */ private Accordion m_accordion; /** The close button. */ private Button m_closeButton; /** The cms context. */ private CmsObject m_cms; /** The dialog context. */ private I_CmsDialogContext m_context; /** The editable flag. */ private boolean m_editable = true; /** The inherited permissions panel. */ private VerticalLayout m_inheritedPermissions; /** The lock action record. */ private CmsLockActionRecord m_lockActionRecord; /** main layout. */ private VerticalLayout m_main; /** The principal select widget. */ private CmsPrincipalSelect m_principalSelect; /** The resource. */ private CmsResource m_resource; /** The resource permissions panel. */ private VerticalLayout m_resourcePermissions; /** The tab for setting permissions. */ private VerticalLayout m_setPermissionTab; /** The user permission panel. */ private VerticalLayout m_userPermissions; /** * Constructor.

* * @param context the dialog context.

*/ public CmsPermissionDialog(I_CmsDialogContext context) { m_context = context; m_cms = context.getCms(); m_editable = CmsStandardVisibilityCheck.PERMISSIONS.getVisibility(context).isActive(); m_resource = context.getResources().get(0); boolean editRoles = CmsWorkplace.canEditPermissionsForRoles(m_cms, m_resource.getRootPath()); CmsVaadinUtils.readAndLocalizeDesign(this, CmsVaadinUtils.getWpMessagesForCurrentLocale(), null); m_main.setHeightUndefined(); if (m_editable) { m_principalSelect.setMargin(true); m_principalSelect.setSelectHandler(this); m_principalSelect.setRoleSelectionAllowed(editRoles); } else { m_principalSelect.setVisible(false); } displayResourceInfo(Collections.singletonList(m_resource)); displayUserPermissions(m_cms.getRequestContext().getCurrentUser()); displayInheritedPermissions(); displayResourcePermissions(); m_closeButton.addClickListener(new ClickListener() { private static final long serialVersionUID = 1L; public void buttonClick(ClickEvent event) { close(); } }); m_accordion.addSelectedTabChangeListener(new SelectedTabChangeListener() { private static final long serialVersionUID = 1L; public void selectedTabChange(SelectedTabChangeEvent event) { onViewChange(); } }); setActionHandler(new CmsOkCancelActionHandler() { private static final long serialVersionUID = 1L; @Override protected void cancel() { close(); } @Override protected void ok() { // nothing to do } }); m_accordion.setSelectedTab(m_setPermissionTab); m_principalSelect.setPrincipalType(I_CmsPrincipal.PRINCIPAL_GROUP); } /** * @see org.opencms.ui.dialogs.permissions.CmsPermissionView.PermissionChangeHandler#deletePermissionSet(java.lang.String, java.lang.String) */ public void deletePermissionSet(String principalType, String principalName) { try { ensureLock(); m_cms.rmacc(m_cms.getSitePath(m_resource), principalType, principalName); refreshOwnEntries(); } catch (CmsException e) { m_context.error(e); } } /** * @see org.opencms.ui.dialogs.permissions.CmsPrincipalSelect.PrincipalSelectHandler#onPrincipalSelect(java.lang.String, java.lang.String) */ public void onPrincipalSelect(String principalType, String principalName) { if (CmsStringUtil.isNotEmptyOrWhitespaceOnly(principalName)) { String permissionString = ""; if (m_resource.isFolder()) { permissionString = "+i"; } try { // lock resource if autolock is enabled ensureLock(); if (principalName.equals(CmsVaadinUtils.getMessageText(Messages.GUI_LABEL_ALLOTHERS_0))) { m_cms.chacc( m_cms.getSitePath(m_resource), principalType, CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME, permissionString); } else if (principalName.equals(CmsVaadinUtils.getMessageText(Messages.GUI_LABEL_OVERWRITEALL_0))) { m_cms.chacc( m_cms.getSitePath(m_resource), principalType, CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME, permissionString); } else { if (principalType.equalsIgnoreCase(CmsRole.PRINCIPAL_ROLE)) { // if role, first check if we have to translate the role name CmsRole role = CmsRole.valueOfRoleName(principalName); if (role == null) { // we need translation Iterator it = CmsRole.getSystemRoles().iterator(); while (it.hasNext()) { role = it.next(); if (role.getName(getLocale()).equalsIgnoreCase(principalName)) { principalName = role.getRoleName(); break; } } } } m_cms.chacc(m_cms.getSitePath(m_resource), principalType, principalName, permissionString); } refreshOwnEntries(); onViewChange(); } catch (CmsException e) { m_context.error(e); } } } /** * @see org.opencms.ui.dialogs.permissions.CmsPermissionView.PermissionChangeHandler#onViewChange() */ public void onViewChange() { m_context.onViewChange(); } /** * @see org.opencms.ui.dialogs.permissions.CmsPermissionView.PermissionChangeHandler#setPermissions(java.lang.String, java.lang.String, int, int, int) */ public void setPermissions(String principalType, String principalName, int allowed, int denied, int flags) { try { ensureLock(); m_cms.chacc(m_cms.getSitePath(m_resource), principalType, principalName, allowed, denied, flags); } catch (CmsException e) { m_context.error(e); } } /** * Returns the resource on which the specified access control entry was set.

* * @param entry the current access control entry * @param parents the parent resources to determine the connected resource * @return the resource name of the corresponding resource */ protected String getConnectedResource(CmsAccessControlEntry entry, Map parents) { CmsUUID resId = entry.getResource(); String resName = parents.get(resId); if (CmsStringUtil.isNotEmptyOrWhitespaceOnly(resName)) { return resName; } return resId.toString(); } /** * Closes the dialog.

*/ void close() { try { clearLock(); m_context.finish(Collections.singletonList(m_resource.getStructureId())); } catch (CmsException e) { m_context.error(e); } } /** * Displays the inherited permissions.

*/ void displayInheritedPermissions() { // store all parent folder ids together with path in a map Map parents = new HashMap(); String sitePath = m_cms.getSitePath(m_resource); String path = CmsResource.getParentFolder(sitePath); List parentResources = new ArrayList(); try { // get all parent folders of the current file parentResources = m_cms.readPath(path, CmsResourceFilter.IGNORE_EXPIRATION); } catch (CmsException e) { // can usually be ignored if (LOG.isInfoEnabled()) { LOG.info(e.getLocalizedMessage()); } } Iterator k = parentResources.iterator(); while (k.hasNext()) { // add the current folder to the map CmsResource curRes = k.next(); parents.put(curRes.getResourceId(), curRes.getRootPath()); } ArrayList inheritedEntries = new ArrayList(); try { Iterator itAces = m_cms.getAccessControlEntries(path, true).iterator(); while (itAces.hasNext()) { CmsAccessControlEntry curEntry = itAces.next(); inheritedEntries.add(curEntry); } } catch (CmsException e) { // can usually be ignored if (LOG.isInfoEnabled()) { LOG.info(e.getLocalizedMessage()); } } buildInheritedList(inheritedEntries, parents); } /** * Displays the resource permissions.

*/ void displayResourcePermissions() { refreshOwnEntries(); } /** * Displays the user permissions.

* * @param user the selected user */ void displayUserPermissions(CmsUser user) { CmsPermissionView view = buildPermissionEntryForm(user.getId(), buildPermissionsForCurrentUser(), false, false); view.hideDeniedColumn(); m_userPermissions.addComponent(view); } /** * Builds a StringBuffer with HTML code to show a list of all inherited access control entries.

* * @param entries ArrayList with all entries to show for the long view * @param parents Map of parent resources needed to get the connected resources for the detailed view */ private void buildInheritedList(ArrayList entries, Map parents) { String view = "long"; // display the long view if ("long".equals(view)) { Iterator i = entries.iterator(); while (i.hasNext()) { CmsAccessControlEntry curEntry = i.next(); // build the list with enabled extended view and resource name Component permissionView = buildPermissionEntryForm( curEntry, false, true, getConnectedResource(curEntry, parents)); if (permissionView != null) { m_inheritedPermissions.addComponent(permissionView); } } } else { // show the short view, use an ACL to build the list try { // get the inherited ACL of the parent folder CmsAccessControlList acList = m_cms.getAccessControlList( CmsResource.getParentFolder(m_cms.getSitePath(m_resource)), false); Iterator i = acList.getPrincipals().iterator(); while (i.hasNext()) { CmsUUID principalId = i.next(); if (!principalId.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { CmsPermissionSet permissions = acList.getPermissions(principalId); // build the list with enabled extended view only Component permissionView = buildPermissionEntryForm(principalId, permissions, false, true); if (permissionView != null) { m_inheritedPermissions.addComponent(permissionView); } } } } catch (CmsException e) { // can usually be ignored if (LOG.isInfoEnabled()) { LOG.info(e.getLocalizedMessage()); } } } } /** * Creates an HTML input form for the current access control entry.

* * @param entry the current access control entry * @param editable boolean to determine if the form is editable * @param extendedView boolean to determine if the view is selectable with DHTML * @param inheritRes the resource name from which the ace is inherited * @return StringBuffer with HTML code of the form */ private CmsPermissionView buildPermissionEntryForm( CmsAccessControlEntry entry, boolean editable, boolean extendedView, String inheritRes) { return new CmsPermissionView(entry, editable, m_resource.isFolder(), inheritRes, this); } /** * @see #buildPermissionEntryForm(CmsAccessControlEntry, boolean, boolean, String) * * @param id the UUID of the principal of the permission set * @param curSet the current permission set * @param editable boolean to determine if the form is editable * @param extendedView boolean to determine if the view is selectable with DHTML * @return String with HTML code of the form */ private CmsPermissionView buildPermissionEntryForm( CmsUUID id, CmsPermissionSet curSet, boolean editable, boolean extendedView) { String fileName = m_cms.getSitePath(m_resource); int flags = 0; try { I_CmsPrincipal p; try { p = CmsPrincipal.readPrincipalIncludingHistory(m_cms, id); } catch (CmsException e) { p = null; } if ((p != null) && p.isGroup()) { flags = CmsAccessControlEntry.ACCESS_FLAGS_GROUP; } else if ((p != null) && p.isUser()) { flags = CmsAccessControlEntry.ACCESS_FLAGS_USER; } else if ((p == null) && id.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID)) { flags = CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS; } else if ((p == null) && id.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { flags = CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL; } else { // check if it is the case of a role CmsRole role = CmsRole.valueOfId(id); if (role != null) { flags = CmsAccessControlEntry.ACCESS_FLAGS_ROLE; } } CmsResource res = m_cms.readResource(fileName, CmsResourceFilter.ALL); CmsAccessControlEntry entry = new CmsAccessControlEntry(res.getResourceId(), id, curSet, flags); return buildPermissionEntryForm(entry, editable, extendedView, null); } catch (CmsException e) { // can usually be ignored if (LOG.isInfoEnabled()) { LOG.info(e.getLocalizedMessage()); } return null; } } /** * Returns the actual real permissions (including role, and any other special check) for the current user.

* * @return the actual real permissions for the current user */ private CmsPermissionSet buildPermissionsForCurrentUser() { CmsResourceUtil resUtil = new CmsResourceUtil(m_cms, m_resource); return resUtil.getPermissionSet(); } /** * Clears the resource lock.

* * @throws CmsException in case reading the resource fails */ private void clearLock() throws CmsException { if ((m_lockActionRecord != null) && (m_lockActionRecord.getChange() == LockChange.locked)) { CmsResource updatedRes = m_cms.readResource(m_resource.getStructureId(), CmsResourceFilter.ALL); try { m_cms.unlockResource(updatedRes); } catch (CmsLockException e) { LOG.warn(e.getLocalizedMessage(), e); } m_lockActionRecord = null; } } /** * Locks the current resource.

* * @throws CmsException in case locking the resource fails */ private void ensureLock() throws CmsException { if (m_lockActionRecord == null) { m_lockActionRecord = CmsLockUtil.ensureLock(m_cms, m_resource); } } /** * Refreshes the display of the resource permission display.

*/ private void refreshOwnEntries() { m_resourcePermissions.removeAllComponents(); String sitePath = m_cms.getSitePath(m_resource); // create new ArrayLists in which inherited and non inherited entries are stored ArrayList ownEntries = new ArrayList(); try { Iterator itAces = m_cms.getAccessControlEntries(sitePath, false).iterator(); while (itAces.hasNext()) { CmsAccessControlEntry curEntry = itAces.next(); if (!curEntry.isInherited()) { // add the entry to the own rights list ownEntries.add(curEntry); } } } catch (CmsException e) { // can usually be ignored if (LOG.isInfoEnabled()) { LOG.info(e.getLocalizedMessage()); } } Iterator i = ownEntries.iterator(); boolean hasEntries = i.hasNext(); if (hasEntries) { // list all entries while (i.hasNext()) { CmsAccessControlEntry curEntry = i.next(); Component permissionView = buildPermissionEntryForm(curEntry, m_editable, false, null); if (permissionView != null) { m_resourcePermissions.addComponent(permissionView); } } } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy