📄 cmsresourcebroker.java
字号:
// check the rights and if the resource is not locked
do {
// is the resource locked?
if( resource.isLocked() && (resource.isLockedBy() != currentUser.getId() ||
(resource.getLockedInProject() != currentProject.getId() &&
currentProject.getFlags() != C_PROJECT_STATE_INVISIBLE)) ) {
// resource locked by anopther user, no creation allowed
return(false);
}
// read next resource
if(resource.getParent() != null) {
// readFolder without checking access
resource = m_dbAccess.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent());
}
} while(resource.getParent() != null);
// all checks are done positive
return(true);
}
/**
* Checks, if the user may lock this resource.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
*
* @return wether the user may lock this resource, or not.
*/
public boolean accessLock(CmsUser currentUser, CmsProject currentProject,
String resourceName) throws CmsException {
CmsResource resource = m_dbAccess.readFileHeader(currentProject.getId(), resourceName);
return accessLock(currentUser,currentProject,resource);
}
/**
* Checks, if others may access this resource.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
* @param flags The flags to check.
*
* @return wether the user has access, or not.
*/
protected boolean accessOther(CmsUser currentUser, CmsProject currentProject, CmsResource resource, int flags) throws CmsException
{
if ((resource.getAccessFlags() & flags) == flags)
{
return true;
}
else
{
return false;
}
}
/**
* Checks, if the owner may access this resource.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
* @param flags The flags to check.
*
* @return wether the user has access, or not.
*/
protected boolean accessOwner(CmsUser currentUser, CmsProject currentProject,
CmsResource resource, int flags)
throws CmsException {
// The Admin has always access
if( isAdmin(currentUser, currentProject) ) {
return(true);
}
// is the resource owned by this user?
if(resource.getOwnerId() == currentUser.getId()) {
if( (resource.getAccessFlags() & flags) == flags ) {
return true ;
}
}
// the resource isn't accesible by the user.
return false;
}
// Methods working with projects
/**
* Tests if the user can access the project.
*
* <B>Security:</B>
* All users are granted.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param projectId the id of the project.
* @return true, if the user has access, else returns false.
* @exception CmsException Throws CmsException if something goes wrong.
*/
public boolean accessProject(CmsUser currentUser, CmsProject currentProject,
int projectId)
throws CmsException {
CmsProject testProject = readProject(currentUser, currentProject, projectId);
if (projectId==C_PROJECT_ONLINE_ID) {
return true;
}
// is the project unlocked?
if( testProject.getFlags() != C_PROJECT_STATE_UNLOCKED &&
testProject.getFlags() != C_PROJECT_STATE_INVISIBLE) {
return(false);
}
// is the current-user admin, or the owner of the project?
if( (currentProject.getOwnerId() == currentUser.getId()) ||
isAdmin(currentUser, currentProject) ) {
return(true);
}
// get all groups of the user
Vector groups = getGroupsOfUser(currentUser, currentProject,
currentUser.getName());
// test, if the user is in the same groups like the project.
for(int i = 0; i < groups.size(); i++) {
int groupId = ((CmsGroup) groups.elementAt(i)).getId();
if( ( groupId == testProject.getGroupId() ) ||
( groupId == testProject.getManagerGroupId() ) ) {
return( true );
}
}
return( false );
}
/**
* Checks, if the user may read this resource.
* NOTE: If the ressource is in the project you never have to fallback.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
*
* @return weather the user has access, or not.
*/
public boolean accessRead(CmsUser currentUser, CmsProject currentProject, CmsResource resource) throws CmsException
{
Boolean access=(Boolean)m_accessCache.get(currentUser.getId()+":"+currentProject.getId()+":"+resource.getResourceName());
if (access != null) {
return access.booleanValue();
} else {
if ((resource == null) || !accessProject(currentUser, currentProject, resource.getProjectId()) ||
(!accessOther(currentUser, currentProject, resource, C_ACCESS_PUBLIC_READ) && !accessOwner(currentUser, currentProject, resource, C_ACCESS_OWNER_READ) && !accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_READ))) {
m_accessCache.put(currentUser.getId()+":"+currentProject.getId()+":"+resource.getResourceName(), new Boolean(false));
return false;
}
// check the rights for all
CmsResource res = resource; // save the original resource name to be used if an error occurs.
while (res.getParent() != null)
{
// readFolder without checking access
res = m_dbAccess.readFolder(currentProject.getId(), res.getRootName()+res.getParent());
if (res == null)
{
if(I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING && A_OpenCms.isLogging() ) {
A_OpenCms.log(A_OpenCms.C_OPENCMS_DEBUG, "Resource has no parent: " + resource.getAbsolutePath());
}
throw new CmsException(this.getClass().getName() + ".accessRead(): Cannot find \'" + resource.getName(), CmsException.C_NOT_FOUND);
}
if (!accessOther(currentUser, currentProject, res, C_ACCESS_PUBLIC_READ) && !accessOwner(currentUser, currentProject, res, C_ACCESS_OWNER_READ) && !accessGroup(currentUser, currentProject, res, C_ACCESS_GROUP_READ)) {
m_accessCache.put(currentUser.getId()+":"+currentProject.getId()+":"+resource.getResourceName(), new Boolean(false));
return false;
}
}
m_accessCache.put(currentUser.getId()+":"+currentProject.getId()+":"+resource.getResourceName(), new Boolean(true));
return true;
}
}
/**
* Checks, if the user may read this resource.
* NOTE: If the ressource is in the project you never have to fallback.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
*
* @return weather the user has access, or not.
*/
public boolean accessRead(CmsUser currentUser, CmsProject currentProject, String resourceName) throws CmsException {
CmsResource resource = m_dbAccess.readFileHeader(currentProject.getId(), resourceName);
return accessRead(currentUser, currentProject, resource);
}
/**
* Checks, if the user may unlock this resource.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
*
* @return wether the user may unlock this resource, or not.
*/
public boolean accessUnlock(CmsUser currentUser, CmsProject currentProject,
CmsResource resource)
throws CmsException {
// check, if this is the onlineproject
if(onlineProject(currentUser, currentProject).equals(currentProject)){
// the online-project is not writeable!
return(false);
}
// check the access to the project
if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) {
// no access to the project!
return(false);
}
// check if the resource belongs to the current project
if(resource.getProjectId() != currentProject.getId()) {
return false;
}
// read the parent folder
if(resource.getParent() != null) {
// readFolder without checking access
resource = m_dbAccess.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent());
} else {
// no parent folder!
return true;
}
// check if the resource is not locked
do {
// is the resource locked?
if( resource.isLocked() ) {
// resource locked by anopther user, no creation allowed
return(false);
}
// read next resource
if(resource.getParent() != null) {
// readFolder without checking access
resource = m_dbAccess.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent());
}
} while(resource.getParent() != null);
// all checks are done positive
return(true);
}
/**
* Checks, if the user may write this resource.
*
* @param currentUser The user who requested this method.
* @param currentProject The current project of the user.
* @param resource The resource to check.
*
* @return wether the user has access, or not.
*/
public boolean accessWrite(CmsUser currentUser, CmsProject currentProject,
CmsResource resource) throws CmsException {
// check, if this is the onlineproject
if(onlineProject(currentUser, currentProject).equals(currentProject)){
// the online-project is not writeable!
return(false);
}
// check the access to the project
if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) {
// no access to the project!
return(false);
}
// check if the resource belongs to the current project
if(resource.getProjectId() != currentProject.getId()) {
return false;
}
// check, if the resource is locked by the current user
if(resource.isLockedBy() != currentUser.getId()) {
// resource is not locked by the current user, no writing allowed
return(false);
} else {
//check if the project that has locked the resource is the current project
if((resource.getLockedInProject() != currentProject.getId())){
return (false);
}
}
// check the rights for the current resource
if( ! ( accessOther(currentUser, currentProject, resource, C_ACCESS_PUBLIC_WRITE) ||
accessOwner(currentUser, currentProject, resource, C_ACCESS_OWNER_WRITE) ||
accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_WRITE) ) ) {
// no write access to this resource!
return false;
}
// read the parent folder
if(resource.getParent() != null) {
// readFolder without checking access
resource = m_dbAccess.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent());
} else {
// no parent folder!
return true;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -