portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r925380 - in /portals/jetspeed-2/applications/j2-admin/trunk/src/main: java/org/apache/jetspeed/portlets/spaces/ resources/org/apache/jetspeed/portlets/spaces/resources/ webapp/WEB-INF/view/spaces/
Date Fri, 19 Mar 2010 19:07:11 GMT
Author: woonsan
Date: Fri Mar 19 19:07:10 2010
New Revision: 925380

URL: http://svn.apache.org/viewvc?rev=925380&view=rev
Log:
JS2-1131: Fixing the NPE problem when a user tries to edit the user's own space. (Caused because
of looking up the system spaces only by name.)
Adding flexibility to configure space admin roles preference.
Also, adding security access check in space manager portlet.

Added:
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
  (with props)
Modified:
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/PageNavigator.java
Fri Mar 19 19:07:10 2010
@@ -17,7 +17,6 @@
 package org.apache.jetspeed.portlets.spaces;
 
 import java.io.IOException;
-import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -162,13 +161,10 @@ public class PageNavigator extends Gener
         request.setAttribute("spaceLinkElements", getSpaceLinkMenuElements(spaceBean, request));
         request.setAttribute("templatePages", getTemplatePageNodes(request));
         
-        boolean pageEditable = false;
-        Principal principal = request.getUserPrincipal();
-        if (principal != null)
+        if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) || SpaceAdminUtils.isUserSpaceAdmin(spaceBean,
admin, request))
         {
-            pageEditable = (admin.isUserInAdminRole(request) || admin.isAdminUser(request)
|| principal.getName().equals(spaceBean.getOwner()));
+            request.setAttribute("pageEditable", Boolean.TRUE);
         }
-        request.setAttribute("pageEditable", pageEditable ? Boolean.TRUE : Boolean.FALSE);
         
         super.doView(request, response);
     }

Added: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java?rev=925380&view=auto
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
(added)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
Fri Mar 19 19:07:10 2010
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.portlets.spaces;
+
+import java.security.Principal;
+
+import javax.portlet.PortletRequest;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.administration.PortalAdministration;
+
+/**
+ * SpaceAdminUtils
+ * 
+ * @version $Id$
+ */
+public class SpaceAdminUtils
+{
+    public static final String SPACE_ADMIN_ROLES_PARAM_NAME = "spaceAdminRoles";
+
+    private SpaceAdminUtils()
+    {
+        
+    }
+    
+    public static boolean isUserSpaceOwner(SpaceBean spaceBean, PortletRequest request) 
+    {
+        Principal principal = request.getUserPrincipal();
+        
+        if (principal != null && principal.getName().equals(spaceBean.getOwner()))
+        {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    public static boolean isUserSpaceAdmin(SpaceBean spaceBean, PortalAdministration portalAdmin,
PortletRequest request) 
+    {
+        String spaceAdminRolesPref = request.getPreferences().getValue(SPACE_ADMIN_ROLES_PARAM_NAME,
null);
+        
+        if (spaceAdminRolesPref != null)
+        {
+            String [] spaceAdminRoles = StringUtils.split(spaceAdminRolesPref, ", \t\r\n");
+            
+            for (String role : spaceAdminRoles)
+            {
+                if (request.isUserInRole(role))
+                {
+                    return true;
+                }
+            }
+        }
+        
+        return portalAdmin.isAdminUser(request) || portalAdmin.isUserInAdminRole(request);
+    }
+    
+}

Propchange: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceAdminUtils.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpaceNavigator.java
Fri Mar 19 19:07:10 2010
@@ -17,7 +17,6 @@
 package org.apache.jetspeed.portlets.spaces;
 
 import java.io.IOException;
-import java.security.Principal;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -93,22 +92,15 @@ public class SpaceNavigator extends Gene
         request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACE, spaceBean);
         request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACES, spaceBeans);
         
-        boolean spaceCreatable = false;
-        boolean spaceEditable = false;
-        Principal principal = request.getUserPrincipal();
-        if (principal != null)
+        if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) || SpaceAdminUtils.isUserSpaceAdmin(spaceBean,
admin, request))
         {
-            if (admin.isUserInAdminRole(request) || admin.isAdminUser(request))
-            {
-                spaceCreatable = spaceEditable = true;
-            }
-            else if (principal.getName().equals(spaceBean.getOwner()))
-            {
-                spaceEditable = true;
-            }
+            request.setAttribute("spaceEditable", Boolean.TRUE);
+        }
+        
+        if (SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
+        {
+            request.setAttribute("spaceCreatable", Boolean.TRUE);
         }
-        request.setAttribute("spaceEditable", spaceEditable ? Boolean.TRUE : Boolean.FALSE);
-        request.setAttribute("spaceCreatable", spaceCreatable ? Boolean.TRUE : Boolean.FALSE);
 
         super.doView(request, response);
     }

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesList.java
Fri Mar 19 19:07:10 2010
@@ -102,6 +102,7 @@ public class SpacesList extends GenericS
 			if (spaceName != null)
 			{
 				Space space = spacesService.lookupSpace(spaceName);
+				
 				if (space != null)
 				{
 					try

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/spaces/SpacesManager.java
Fri Mar 19 19:07:10 2010
@@ -116,20 +116,43 @@ public class SpacesManager extends Gener
         String current = (String)PortletMessaging.receive(request, SpacesManager.MSG_TOPIC_SPACE_LIST,
SpacesManager.MSG_SPACE_CHANGE);                
         if (current != null)
         {
+            // FIXME: lookupSpace() can find system spaces only, not user space.
+            //        So, what if a system space name is as same as a user space name?
         	space = spacesService.lookupSpace(current);
-        	spaceBean = new SpaceBean(space);
+        	
+        	if (space == null)
+        	{
+        	    space = spacesService.lookupUserSpace(current);
+        	}
+        }
+        
+        if (space != null)
+        {
+            spaceBean = new SpaceBean(space);
         }
-        if (space == null)
+        else
         {
         	spaceBean = new SpaceBean("", "");
     		spaceBean.setDescription("");
     		spaceBean.setTitle("");
     		spaceBean.setSecurityConstraint("");
     		spaceBean.setTheme(ThemeBean.getDefaultTheme(request, decorationFactory));
-        }        
+        }
+        
         request.setAttribute("constraints", retrieveConstraints(request));
         request.setAttribute("themes", ThemeBean.retrieveThemes(request, decorationFactory,
spaceBean.getTheme()));
         request.setAttribute(SpaceNavigator.ATTRIBUTE_SPACE, spaceBean);
+        
+        if (SpaceAdminUtils.isUserSpaceOwner(spaceBean, request) || SpaceAdminUtils.isUserSpaceAdmin(spaceBean,
admin, request))
+        {
+            request.setAttribute("spaceEditable", Boolean.TRUE);
+        }
+        
+        if (SpaceAdminUtils.isUserSpaceAdmin(spaceBean, admin, request))
+        {
+            request.setAttribute("spaceCreatable", Boolean.TRUE);
+        }
+        
         super.doView(request, response);        
     }
     
@@ -174,7 +197,18 @@ public class SpacesManager extends Gener
         {
             try
             {
-                Space space = (!"".equals(name) ? spacesService.lookupSpace(name) : null);
+                Space space = null;
+                
+                if (!"".equals(name))
+                {
+                    space = spacesService.lookupSpace(name);
+                    
+                    if (space == null)
+                    {
+                        space = spacesService.lookupUserSpace(name);
+                    }
+                }
+                
                 String path = admin.getPortalURL(actionRequest, actionResponse, (space !=
null ? space.getPath() : "/"));
                 actionResponse.sendRedirect(path);
                 return;
@@ -229,7 +263,15 @@ public class SpacesManager extends Gener
         	else
         	{
                 String owner = scrapeParameter(actionRequest, "spaceOwner");
+                // FIXME: lookupSpace() can find system spaces only, not user space.
+                //        So, what if a system space name is as same as a user space name?
                 Space space = spacesService.lookupSpace(name);
+                
+                if (space == null)
+                {
+                    space = spacesService.lookupUserSpace(name);
+                }
+                
                 if (space != null)
                 {
             		space.setDescription(description);
@@ -266,6 +308,7 @@ public class SpacesManager extends Gener
 	                
 	                spacesService.storeSpace(space);
                 }
+                
                 // redirect
                 String path = admin.getPortalURL(actionRequest, actionResponse, space.getPath());
                 actionResponse.sendRedirect(path);

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = Add Space
 spaces.label.edit.current = Edit Current Space
 spaces.label.save = Save
 spaces.label.cancel = Cancel
+spaces.message.forbidden = You are not allowed to edit the current space.
 
 spaces.pages.label.folder = Folder
 spaces.pages.label.page = Page

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_en.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = Add Space
 spaces.label.edit.current = Edit Current Space
 spaces.label.save = Save
 spaces.label.cancel = Cancel
+spaces.message.forbidden = You are not allowed to edit the current space.
 
 spaces.pages.label.folder = Folder
 spaces.pages.label.page = Page

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/resources/org/apache/jetspeed/portlets/spaces/resources/SpacesResources_ko.properties
Fri Mar 19 19:07:10 2010
@@ -29,6 +29,7 @@ spaces.label.add = \ucd94\uac00
 spaces.label.edit.current = \uc2a4\ud398\uc774\uc2a4 \ud3b8\uc9d1
 spaces.label.save = \uc800\uc7a5
 spaces.label.cancel = \ucde8\uc18c
+spaces.message.forbidden = \ud574\ub2f9 \uc2a4\ud398\uc774\uc2a4\ub97c \ud3b8\uc9d1\ud560
\uad8c\ud55c\uc774 \uc5c6\uc2b5\ub2c8\ub2e4.
 
 spaces.pages.label.folder = \ud3f4\ub354
 spaces.pages.label.page = \ud398\uc774\uc9c0

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp?rev=925380&r1=925379&r2=925380&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/spaces-manager.jsp
Fri Mar 19 19:07:10 2010
@@ -33,7 +33,21 @@ limitations under the License.
   <c:set var="portalContextPath" value="/"/>
 </c:if>
 
-<form method="POST" action='<portlet:actionURL/>'>
+<c:set var="formDisplayble" value="false" />
+<c:choose>
+  <c:when test="${spaceCreatable}">
+    <c:set var="formDisplayble" value="true" />
+  </c:when>
+  <c:when test="${spaceEditable and not empty space.name}">
+    <c:set var="formDisplayble" value="true" />
+  </c:when>
+</c:choose>
+
+<c:choose>
+
+<c:when test="${formDisplayble}">
+
+  <form method="POST" action='<portlet:actionURL/>'>
   <input type='hidden' name='spacePersisted' value='${space.persisted}'/>
   <table width="100%">
     <tr>
@@ -96,4 +110,14 @@ limitations under the License.
       <th class="portlet-section-header" colspan="2"></th>
     </tr>
   </table>
-</form>
+  </form>
+
+</c:when>
+
+<c:otherwise>
+
+<p><em><fmt:message key='spaces.message.forbidden'/></em></p>
+
+</c:otherwise>
+
+</c:choose>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message