portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sg...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/customize CustomizePortlet.java
Date Mon, 28 Jan 2002 11:25:51 GMT
sgala       02/01/28 03:25:50

  Modified:    src/java/org/apache/jetspeed/portal/portlets
                        AbstractPortlet.java NewRSSPortlet.java
                        VelocityPortlet.java
               src/java/org/apache/jetspeed/portal/portlets/customize
                        CustomizePortlet.java
  Log:
  Clean security checks and minor things. It will require a clean build.
  
  Revision  Changes    Path
  1.51      +29 -57    jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/AbstractPortlet.java
  
  Index: AbstractPortlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/AbstractPortlet.java,v
  retrieving revision 1.50
  retrieving revision 1.51
  diff -u -r1.50 -r1.51
  --- AbstractPortlet.java	19 Jan 2002 03:51:43 -0000	1.50
  +++ AbstractPortlet.java	28 Jan 2002 11:25:49 -0000	1.51
  @@ -68,7 +68,6 @@
   import org.apache.jetspeed.portal.PortletState;
   import org.apache.jetspeed.portal.service.PersistenceService;
   import org.apache.jetspeed.portal.service.ServiceFactory;
  -import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.portletcache.Cacheable;
   import org.apache.jetspeed.services.portletcache.GlobalCache;
   import org.apache.jetspeed.services.Registry;
  @@ -106,7 +105,7 @@
   @author <A HREF="mailto:burton@apache.org">Kevin A. Burton</A>
   @author <A HREF="mailto:raphael@apache.org">RaphaŽl Luta</A>
   @author <A HREF="mailto:sgala@apache.org">Santiago Gala</A>
  -@version $Id: AbstractPortlet.java,v 1.50 2002/01/19 03:51:43 paulsp Exp $
  +@version $Id: AbstractPortlet.java,v 1.51 2002/01/28 11:25:49 sgala Exp $
   */
   public abstract class AbstractPortlet implements Portlet, PortletState, Cacheable
   {
  @@ -383,14 +382,6 @@
                                          CapabilityMap map, 
                                          boolean allowRecurse ) {
   
  -        if (!JetspeedSecurity.checkPermission(rundata, 
  -                                              JetspeedSecurity.PERMISSION_VIEW,
  -                                              this))
  -        {
  -            return new ClearElement("Sorry, you have no permission to see this portlet");
  -        }
  -
  -
           CapabilityMap mymap = map;
           if ( mymap == null ) mymap = CapabilityMapFactory.getCapabilityMap( rundata );
   
  @@ -564,21 +555,16 @@
        */
   
       /**
  -     * Implements the default close behavior: any authenticated user may
  -     * remove a portlet from his page
  +     * Implements the default close behavior:
  +     * security permissions will be checked.
        *
        * @param rundata The RunData object for the current request
        */
       public boolean allowClose( RunData rundata )
       {
  -        if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
  -        {
  -            return false; //No permission if user not logged in
  -        }
  -        return (JetspeedSecurity.checkPermission(rundata, 
  -                                                 JetspeedSecurity.PERMISSION_CLOSE,
  -                                                 this));
  -    
  +        //Security will not allow this call to succeed if there are
  +        //not enough permissions
  +        return !isClosed( rundata );
       }
   
       /**
  @@ -606,72 +592,55 @@
       }
   
       /**
  -     * Implements the default info behavior: any authenticated user may
  -     * get information on a portlet
  +     * Implements the default info behavior: 
  +     * security permissions will be checked.
        *
        * @param rundata The RunData object for the current request
        */
       public boolean allowInfo( RunData rundata )
       {
  -        if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
  -        {
  -            return false; //No permission if user not logged in
  -        }
  -        return (JetspeedSecurity.checkPermission(rundata, 
  -                                                 JetspeedSecurity.PERMISSION_INFO,
  -                                                 this));
  +        //Security will not allow this call to succeed if there are
  +        //not enough permissions
  +        return true;
       }
   
       /**
  -     * Implements the default customize behavior: any authenticated user may
  -     * customize a portlet
  +     * Implements the default customize behavior: 
  +     * security permissions will be checked.
        *
        * @param rundata The RunData object for the current request
        */
       public boolean allowCustomize( RunData rundata )
       {
  -        if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
  -        {
  -            return false; //No permission if user not logged in
  -        }
  -        return (JetspeedSecurity.checkPermission(rundata, 
  -                                                 JetspeedSecurity.PERMISSION_CUSTOMIZE,
  -                                                 this));
  +        //Security will not allow this call to succeed if there are
  +        //not enough permissions
  +        return true;
       }
   
       /**
  -     * Implements the default maximize behavior: any authenticated user may
  -     * maximize a portlet
  +     * Implements the default maximize behavior:
  +     * security permissions will be checked.
        *
        * @param rundata The RunData object for the current request
        */
       public boolean allowMaximize( RunData rundata )
       {
  -        if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
  -        {
  -            return false; //No permission if user not logged in
  -        }
  -        return (JetspeedSecurity.checkPermission(rundata, 
  -                                                 JetspeedSecurity.PERMISSION_MAXIMIZE,
  -                                                 this));
  +        //Security will not allow this call to succeed if there are
  +        //not enough permissions
  +        return true;
       }
   
       /**
  -     * Implements the default info behavior: any authenticated user may
  -     * minimize a portlet
  +     * Implements the default info behavior:
  +     * security permissions will be checked.
        *
        * @param rundata The RunData object for the current request
        */
       public boolean allowMinimize( RunData rundata )
       {
  -        if ( (rundata.getUser() == null) || !rundata.getUser().hasLoggedIn() )
  -        {
  -            return false; //No permission if user not logged in
  -        }
  -        return (JetspeedSecurity.checkPermission(rundata, 
  -                                                 JetspeedSecurity.PERMISSION_MINIMIZE,
  -                                                 this));
  -        
  +        //Security will not allow this call to succeed if there are
  +        //not enough permissions
  +        return true;
       }
   
       /**
  @@ -701,6 +670,9 @@
       /**
        * Returns TRUE if the title bar in should be displayed. The title bar includes
        * the portlet title and action buttons.  This
  +     * 
  +     * FIXME: this is used in jetspeed.vm to drive the title display, but
  +     * it is *not* in any public interface as of 20020123.
        *
        * @param rundata The RunData object for the current request
        */
  
  
  
  1.14      +1 -11     jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java
  
  Index: NewRSSPortlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- NewRSSPortlet.java	5 Dec 2001 18:47:25 -0000	1.13
  +++ NewRSSPortlet.java	28 Jan 2002 11:25:50 -0000	1.14
  @@ -69,8 +69,6 @@
   import org.apache.jetspeed.xml.JetspeedXMLEntityResolver;
   import org.apache.jetspeed.capability.*;
   
  -import org.apache.jetspeed.services.JetspeedSecurity;
  -
   //turbine
   import org.apache.turbine.util.*;
   
  @@ -100,7 +98,7 @@
   is only used for this mime-type</dd>
   </dl>
   @author <A HREF="mailto:raphael@apache.org">RaphaŽl Luta</A>
  -@version $Id: NewRSSPortlet.java,v 1.13 2001/12/05 18:47:25 sgala Exp $ 
  +@version $Id: NewRSSPortlet.java,v 1.14 2002/01/28 11:25:50 sgala Exp $ 
   */
   public class NewRSSPortlet extends FileWatchPortlet {
       
  @@ -231,14 +229,6 @@
               }
           }
   
  -        if (!JetspeedSecurity.checkPermission(data, 
  -                                              JetspeedSecurity.PERMISSION_VIEW,
  -                                              this))
  -        {
  -            return new ClearElement("Sorry, you have no permission to see this portlet");
  -        }
  -
  -        
           return content;
       }
       
  
  
  
  1.11      +5 -9      jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java
  
  Index: VelocityPortlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- VelocityPortlet.java	4 Dec 2001 17:00:31 -0000	1.10
  +++ VelocityPortlet.java	28 Jan 2002 11:25:50 -0000	1.11
  @@ -67,6 +67,8 @@
   import org.apache.jetspeed.services.TemplateLocator;
   import org.apache.jetspeed.util.template.PortletTemplateLink;
   import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.security.JetspeedSecurityService;
  +
   
   // Ecs stuff
   import org.apache.ecs.ConcreteElement;
  @@ -96,15 +98,6 @@
       public ConcreteElement getContent( RunData rundata )
       {
   
  -        //Are we allowed to see it?
  -        if (!JetspeedSecurity.checkPermission(rundata, 
  -                                              JetspeedSecurity.PERMISSION_VIEW,
  -                                              this))
  -        {
  -            return new ClearElement("Sorry, you have no permission to see this portlet");
  -        }
  -
  -
           // create a blank context and with all the global application
           // Pull Tools inside
           Context context = TurbineVelocity.getContext();
  @@ -112,6 +105,9 @@
           context.put( "portlet", this );
           context.put( "conf", this.getPortletConfig() );
           context.put( "skin", this.getPortletConfig().getPortletSkin() );
  +
  +        //add a tool for security information to the template.
  +        context.put( "security", (JetspeedSecurityService)JetspeedSecurity.getService()
);
           
           String template = getPortletConfig().getInitParameter("template");
           
  
  
  
  1.23      +19 -20    jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/customize/CustomizePortlet.java
  
  Index: CustomizePortlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/customize/CustomizePortlet.java,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- CustomizePortlet.java	17 Dec 2001 15:32:27 -0000	1.22
  +++ CustomizePortlet.java	28 Jan 2002 11:25:50 -0000	1.23
  @@ -145,28 +145,27 @@
            {
                PortletEntry portletEntry = ( PortletEntry )  entryEnumeration.nextElement(
);
                if ( portletEntry != null ) 
  -                // check for admin-Flag
  -//                if ( !portletEntry.isAdmin( ) ) 
  -                  if ( JetspeedSecurity.checkPermission(data, 
  -                                                        JetspeedSecurity.PERMISSION_PERSONALIZE,

  -                                                        portletEntry))
  -                   // check for hidden-Flag
  -                   if ( !portletEntry.isHidden( ) ) 
  -                      // check for application-Flag
  -                      if ( !portletEntry.isApplication( ) ) 
  -                         // check for type=abstract
  -                         if ( !portletEntry.getType( ).equals( PortletEntry.TYPE_ABSTRACT
)  ) 
  -                         {
  -                            // if anything is ok, add the entry to the Vector
  -                            portlets.add( portletEntry ) ;
  -                            i++;
  -                         }
  -        }
  -        else break;
  +                 //can we see it?
  +                 if ( JetspeedSecurity.checkPermission(data, 
  +                                                       JetspeedSecurity.PERMISSION_VIEW,

  +                                                       portletEntry))
  +                     // check for hidden-Flag
  +                     if ( !portletEntry.isHidden( ) ) 
  +                         // check for application-Flag
  +                         if ( !portletEntry.isApplication( ) ) 
  +                             // check for type=abstract
  +                             if ( !portletEntry.getType( ).equals( PortletEntry.TYPE_ABSTRACT
)  ) 
  +                             {
  +                                 // if anything is ok, add the entry to the Vector
  +                                 portlets.add( portletEntry ) ;
  +                                 i++;
  +                             }
  +         }
  +         else break;
         }
  -   }                           
  +   }
   
  -   /**
  +    /**
       * Has to be implemented; returns the content of the portlet
       * @return org.apache.ecs.ConcreteElement - the ECS element that contains the content
       * @param data org.apache.turbine.util.RunData - the data object generated by Turbine
  
  
  

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message