cmsobject.java
来自「找了很久才找到到源代码」· Java 代码 · 共 1,624 行 · 第 1/5 页
JAVA
1,624 行
/*
* File : $Source: /usr/local/cvs/opencms/src/org/opencms/file/CmsObject.java,v $
* Date : $Date: 2007-09-07 09:02:57 $
* Version: $Revision: 1.154 $
*
* This library is part of OpenCms -
* the Open Source Content Management System
*
* Copyright (c) 2002 - 2007 Alkacon Software GmbH (http://www.alkacon.com)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* For further information about Alkacon Software GmbH, please see the
* company website: http://www.alkacon.com
*
* For further information about OpenCms, please see the
* project website: http://www.opencms.org
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package org.opencms.file;
import org.opencms.db.CmsDbEntryNotFoundException;
import org.opencms.db.CmsPublishList;
import org.opencms.db.CmsResourceState;
import org.opencms.db.CmsSecurityManager;
import org.opencms.db.CmsUserSettings;
import org.opencms.file.history.CmsHistoryPrincipal;
import org.opencms.file.history.CmsHistoryProject;
import org.opencms.file.history.I_CmsHistoryResource;
import org.opencms.file.types.I_CmsResourceType;
import org.opencms.lock.CmsLock;
import org.opencms.lock.CmsLockFilter;
import org.opencms.lock.CmsLockType;
import org.opencms.main.CmsException;
import org.opencms.main.CmsIllegalArgumentException;
import org.opencms.main.I_CmsEventListener;
import org.opencms.main.OpenCms;
import org.opencms.relations.CmsRelationFilter;
import org.opencms.relations.CmsRelationType;
import org.opencms.report.CmsShellReport;
import org.opencms.report.I_CmsReport;
import org.opencms.security.CmsAccessControlEntry;
import org.opencms.security.CmsAccessControlList;
import org.opencms.security.CmsOrganizationalUnit;
import org.opencms.security.CmsPermissionSet;
import org.opencms.security.CmsPrincipal;
import org.opencms.security.CmsRole;
import org.opencms.security.CmsRoleViolationException;
import org.opencms.security.CmsSecurityException;
import org.opencms.security.I_CmsPermissionHandler;
import org.opencms.security.I_CmsPrincipal;
import org.opencms.util.CmsUUID;
import org.opencms.workplace.CmsWorkplace;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* This pivotal class provides all authorized access to the OpenCms VFS resources.<p>
*
* It encapsulates user identification and permissions.
* Think of it as an initialized "shell" to access the OpenCms VFS.
* Every call to a method here will be checked for user permissions
* according to the <code>{@link org.opencms.file.CmsRequestContext}</code> this CmsObject instance was created with.<p>
*
* From a JSP page running in OpenCms, use <code>{@link org.opencms.jsp.CmsJspBean#getCmsObject()}</code> to gain
* access to the current users CmsObject. Usually this is done with a <code>{@link org.opencms.jsp.CmsJspActionElement}</code>.<p>
*
* To generate a new instance of this class in your application, use
* <code>{@link org.opencms.main.OpenCms#initCmsObject(String)}</code>. The argument String should be
* the name of the guest user, usually "Guest" and more formally obtained by <code>{@link org.opencms.db.CmsDefaultUsers#getUserGuest()}</code>.
* This will give you an initialized context with guest user permissions.
* Then use <code>{@link CmsObject#loginUser(String, String)}</code> to log in the user you want.
* Obviously you need the password for the new user.
* You should never try to create an instance of this class using the constructor,
* this is reserved for internal operation only.<p>
*
* @author Alexander Kandzior
* @author Thomas Weckert
* @author Carsten Weinholz
* @author Andreas Zahner
* @author Michael Moossen
*
* @version $Revision: 1.154 $
*
* @since 6.0.0
*/
public final class CmsObject {
/** The request context. */
protected CmsRequestContext m_context;
/** The security manager to access the cms. */
protected CmsSecurityManager m_securityManager;
/**
* Connects an OpenCms user context to a running database.<p>
*
* <b>Please note:</b> This constructor is internal to OpenCms and not for public use.
* If you want to create a new instance of a <code>{@link CmsObject}</code> in your application,
* use <code>{@link org.opencms.main.OpenCms#initCmsObject(String)}</code>.<p>
*
* @param securityManager the security manager
* @param context the request context that contains the user authentication
*/
public CmsObject(CmsSecurityManager securityManager, CmsRequestContext context) {
init(securityManager, context);
}
/**
* Adds a new relation to the given resource.<p>
*
* @param resourceName the name of the source resource
* @param targetPath the path of the target resource
* @param type the type of the relation
*
* @throws CmsException if something goes wrong
*/
public void addRelationToResource(String resourceName, String targetPath, String type) throws CmsException {
createRelation(resourceName, targetPath, type, false);
}
/**
* Adds a user to a group.<p>
*
* @param username the name of the user that is to be added to the group
* @param groupname the name of the group
*
* @throws CmsException if something goes wrong
*/
public void addUserToGroup(String username, String groupname) throws CmsException {
m_securityManager.addUserToGroup(m_context, username, groupname, false);
}
/**
* Creates a new web user.<p>
*
* A web user has no access to the workplace but is able to access personalized
* functions controlled by the OpenCms.<br>
*
* Moreover, a web user can be created by any user, the intention being that
* a "Guest" user can create a personalized account for himself.<p>
*
* @param name the name for the new web user
* @param password the password for the user
* @param group the default group name for the user
* @param description the description for the user
* @param additionalInfos a <code>{@link Map}</code> with additional infos for the user
*
* @return the newly created user
*
* @throws CmsException if something goes wrong
*
* @deprecated there are no more web users, use a user without any role!
*/
public CmsUser addWebUser(String name, String password, String group, String description, Map additionalInfos)
throws CmsException {
CmsUser user = m_securityManager.createUser(m_context, name, password, description, additionalInfos);
addUserToGroup(name, group);
return user;
}
/**
* Creates a backup of the current project.<p>
*
* @param versionId the version of the backup
* @param publishDate the date of publishing
*
* @throws CmsException if operation was not successful
*
* @deprecated Use {@link #writeHistoryProject(int,long)} instead
*/
public void backupProject(int versionId, long publishDate) throws CmsException {
writeHistoryProject(versionId, publishDate);
}
/**
* Changes the access control for a given resource and a given principal(user/group).<p>
*
* @param resourceName name of the resource
* @param principalType the type of the principal (currently group or user):
* <ul>
* <li><code>{@link I_CmsPrincipal#PRINCIPAL_USER}</code></li>
* <li><code>{@link I_CmsPrincipal#PRINCIPAL_GROUP}</code></li>
* </ul>
* @param principalName name of the principal
* @param allowedPermissions bit set of allowed permissions
* @param deniedPermissions bit set of denied permissions
* @param flags additional flags of the access control entry
*
* @throws CmsException if something goes wrong
*/
public void chacc(
String resourceName,
String principalType,
String principalName,
int allowedPermissions,
int deniedPermissions,
int flags) throws CmsException {
CmsResource res = readResource(resourceName, CmsResourceFilter.ALL);
CmsAccessControlEntry acEntry = null;
try {
I_CmsPrincipal principal = CmsPrincipal.readPrincipal(this, principalType, principalName);
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
principal.getId(),
allowedPermissions,
deniedPermissions,
flags);
acEntry.setFlagsForPrincipal(principal);
} catch (CmsDbEntryNotFoundException e) {
// check for special ids
if (principalName.equalsIgnoreCase(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME)) {
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID,
allowedPermissions,
deniedPermissions,
flags);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS);
} else if (principalName.equalsIgnoreCase(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME)) {
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID,
allowedPermissions,
deniedPermissions,
flags);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL);
} else if (principalType.equalsIgnoreCase(CmsRole.PRINCIPAL_ROLE)) {
// only vfs managers can set role based permissions
m_securityManager.checkRoleForResource(m_context, CmsRole.VFS_MANAGER, res);
// check for role
CmsRole role = CmsRole.valueOfRoleName(principalName);
// role based permissions can only be set in the system folder
if ((role == null) || (!res.getRootPath().startsWith(CmsWorkplace.VFS_PATH_SYSTEM))) {
throw e;
}
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
role.getId(),
allowedPermissions,
deniedPermissions,
flags);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_ROLE);
} else {
throw e;
}
}
m_securityManager.writeAccessControlEntry(m_context, res, acEntry);
}
/**
* Changes the access control for a given resource and a given principal(user/group).<p>
*
* @param resourceName name of the resource
* @param principalType the type of the principal (group or user):
* <ul>
* <li><code>{@link I_CmsPrincipal#PRINCIPAL_USER}</code></li>
* <li><code>{@link I_CmsPrincipal#PRINCIPAL_GROUP}</code></li>
* </ul>
* @param principalName name of the principal
* @param permissionString the permissions in the format ((+|-)(r|w|v|c|i|o))*
*
* @throws CmsException if something goes wrong
*/
public void chacc(String resourceName, String principalType, String principalName, String permissionString)
throws CmsException {
CmsResource res = readResource(resourceName, CmsResourceFilter.ALL);
CmsAccessControlEntry acEntry = null;
try {
I_CmsPrincipal principal = CmsPrincipal.readPrincipal(this, principalType, principalName);
acEntry = new CmsAccessControlEntry(res.getResourceId(), principal.getId(), permissionString);
acEntry.setFlagsForPrincipal(principal);
} catch (CmsDbEntryNotFoundException e) {
// check for special ids
if (principalName.equalsIgnoreCase(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME)) {
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID,
permissionString);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS);
} else if (principalName.equalsIgnoreCase(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME)) {
acEntry = new CmsAccessControlEntry(
res.getResourceId(),
CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID,
permissionString);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL);
} else if (principalType.equalsIgnoreCase(CmsRole.PRINCIPAL_ROLE)) {
// only vfs managers can set role based permissions
m_securityManager.checkRoleForResource(m_context, CmsRole.VFS_MANAGER, res);
// check for role
CmsRole role = CmsRole.valueOfRoleName(principalName);
// role based permissions can only be set in the system folder
if ((role == null)
|| (!res.getRootPath().startsWith(CmsWorkplace.VFS_PATH_SYSTEM) && !res.getRootPath().equals("/") && !res.getRootPath().equals(
"/system"))) {
throw e;
}
acEntry = new CmsAccessControlEntry(res.getResourceId(), role.getId(), permissionString);
acEntry.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_ROLE);
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?