cmssecuritymanager.java
来自「找了很久才找到到源代码」· Java 代码 · 共 1,525 行 · 第 1/5 页
JAVA
1,525 行
boolean recursive) throws CmsException, CmsVfsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
List result = null;
try {
result = m_driverManager.changeResourcesInFolderWithProperty(
dbc,
resource,
propertyDefinition,
oldValue,
newValue,
recursive);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_CHANGE_RESOURCES_IN_FOLDER_WITH_PROP_4,
new Object[] {propertyDefinition, oldValue, newValue, context.getSitePath(resource)}), e);
} finally {
dbc.clear();
}
return result;
}
/**
* Checks if the current user has management access to the given project.<p>
*
* @param dbc the current database context
* @param project the project to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkManagerOfProjectRole(CmsDbContext dbc, CmsProject project) throws CmsRoleViolationException {
boolean hasRole = false;
try {
hasRole = m_driverManager.getAllManageableProjects(dbc).contains(project);
} catch (CmsException e) {
// should never happen
if (LOG.isErrorEnabled()) {
LOG.error(e.getLocalizedMessage(), e);
}
}
if (!hasRole) {
throw new CmsRoleViolationException(org.opencms.security.Messages.get().container(
org.opencms.security.Messages.ERR_NOT_MANAGER_OF_PROJECT_2,
dbc.currentUser().getName(),
dbc.currentProject().getName()));
}
}
/**
* Checks if the project in the given database context is not the "Online" project,
* and throws an Exception if this is the case.<p>
*
* This is used to ensure a user is in an "Offline" project
* before write access to VFS resources is granted.<p>
*
* @param dbc the current OpenCms users database context
*
* @throws CmsVfsException if the project in the given database context is the "Online" project
*/
public void checkOfflineProject(CmsDbContext dbc) throws CmsVfsException {
if (dbc.currentProject().isOnlineProject()) {
throw new CmsVfsException(org.opencms.file.Messages.get().container(
org.opencms.file.Messages.ERR_NOT_ALLOWED_IN_ONLINE_PROJECT_0));
}
}
/**
* Performs a blocking permission check on a resource.<p>
*
* If the required permissions are not satisfied by the permissions the user has on the resource,
* an exception is thrown.<p>
*
* @param context the current request context
* @param resource the resource on which permissions are required
* @param requiredPermissions the set of permissions required to access the resource
* @param checkLock if true, the lock status of the resource is also checked
* @param filter the filter for the resource
*
* @throws CmsException in case of any i/o error
* @throws CmsSecurityException if the required permissions are not satisfied
*
* @see #checkPermissions(CmsRequestContext, CmsResource, CmsPermissionSet, I_CmsPermissionHandler.CmsPermissionCheckResult)
*/
public void checkPermissions(
CmsRequestContext context,
CmsResource resource,
CmsPermissionSet requiredPermissions,
boolean checkLock,
CmsResourceFilter filter) throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
// check the access permissions
checkPermissions(dbc, resource, requiredPermissions, checkLock, filter);
} finally {
dbc.clear();
}
}
/**
* Checks if the current user has the permissions to publish the given publish list
* (which contains the information about the resources / project to publish).<p>
*
* @param dbc the current OpenCms users database context
* @param publishList the publish list to check (contains the information about the resources / project to publish)
*
* @throws CmsException if the user does not have the required permissions because of project lock state
* @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
* whose parent folder is new or deleted in the offline project,
* or if the current user has no management access to the current project
*/
public void checkPublishPermissions(CmsDbContext dbc, CmsPublishList publishList)
throws CmsException, CmsMultiException {
// is the current project an "offline" project?
checkOfflineProject(dbc);
// check if this is a "direct publish" attempt
if (!publishList.isDirectPublish()) {
// check if the user is a manager of the current project, in this case he has publish permissions
checkManagerOfProjectRole(dbc, dbc.getRequestContext().currentProject());
} else {
// direct publish, create exception containers
CmsMultiException resourceIssues = new CmsMultiException();
CmsMultiException permissionIssues = new CmsMultiException();
// iterate all resources in the direct publish list
Iterator it = publishList.getDirectPublishResources().iterator();
List parentFolders = new ArrayList();
while (it.hasNext()) {
CmsResource res = (CmsResource)it.next();
// the parent folder must not be new or deleted
String parentFolder = CmsResource.getParentFolder(res.getRootPath());
if ((parentFolder != null) && !parentFolders.contains(parentFolder)) {
// check each parent folder only once
CmsResource parent = readResource(dbc, parentFolder, CmsResourceFilter.ALL);
if (parent.getState().isDeleted()) {
// parent folder is deleted - direct publish not allowed
resourceIssues.addException(new CmsVfsException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_PARENT_DELETED_2,
dbc.getRequestContext().removeSiteRoot(res.getRootPath()),
parentFolder)));
}
if (parent.getState().isNew()) {
// parent folder is new - direct publish not allowed
resourceIssues.addException(new CmsVfsException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_PARENT_NEW_2,
dbc.removeSiteRoot(res.getRootPath()),
parentFolder)));
}
// add checked parent folder to prevent duplicate checks
parentFolders.add(parentFolder);
}
// check if the user has the explicit permission to direct publish the selected resource
if (I_CmsPermissionHandler.PERM_ALLOWED != hasPermissions(
dbc.getRequestContext(),
res,
CmsPermissionSet.ACCESS_DIRECT_PUBLISH,
true,
CmsResourceFilter.ALL)) {
// the user has no "direct publish" permissions on the resource
permissionIssues.addException(new CmsSecurityException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_NO_PERMISSIONS_1,
dbc.removeSiteRoot(res.getRootPath()))));
}
}
if (resourceIssues.hasExceptions() || permissionIssues.hasExceptions()) {
// there are issues, permission check has failed
resourceIssues.addExceptions(permissionIssues.getExceptions());
throw resourceIssues;
}
}
// no issues have been found , permissions are granted
}
/**
* Checks if the current user has the permissions to publish the given publish list
* (which contains the information about the resources / project to publish).<p>
*
* @param context the current request context
* @param publishList the publish list to check (contains the information about the resources / project to publish)
*
* @throws CmsException if the user does not have the required permissions becasue of project lock state
* @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
* whose parent folder is new or deleted in the offline project,
* or if the current user has no management access to the current project
*
* @deprecated notice that checking is no longer possible at this way
*/
public void checkPublishPermissions(CmsRequestContext context, CmsPublishList publishList)
throws CmsException, CmsMultiException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
// check the access permissions
checkPublishPermissions(dbc, publishList);
} finally {
dbc.clear();
}
}
/**
* Checks if the user of the current database context has permissions to impersonate the given role
* in the given organizational unit.<p>
*
* If the organizational unit is <code>null</code>, this method will check if the
* given user has the given role for at least one organizational unit.<p>
*
* @param dbc the current OpenCms users database context
* @param role the role to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*
* @see org.opencms.security.CmsRoleManager#checkRole(CmsObject, CmsRole)
*/
public void checkRole(CmsDbContext dbc, CmsRole role) throws CmsRoleViolationException {
if (!hasRole(dbc, dbc.currentUser(), role)) {
if (role.getOuFqn() != null) {
throw role.createRoleViolationExceptionForOrgUnit(dbc.getRequestContext(), role.getOuFqn());
} else {
throw role.createRoleViolationException(dbc.getRequestContext());
}
}
}
/**
* Checks if the user of the current context has permissions to impersonate the given role.<p>
*
* If the organizational unit is <code>null</code>, this method will check if the
* given user has the given role for at least one organizational unit.<p>
*
* @param context the current request context
* @param role the role to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkRole(CmsRequestContext context, CmsRole role) throws CmsRoleViolationException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRole(dbc, role);
} finally {
dbc.clear();
}
}
/**
* Checks if the user of the current database context has permissions to impersonate the given role
* for the given resource.<p>
*
* @param dbc the current OpenCms users database context
* @param role the role to check
* @param resource the resource to check the role for
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*
* @see org.opencms.security.CmsRoleManager#checkRole(CmsObject, CmsRole)
*/
public void checkRoleForResource(CmsDbContext dbc, CmsRole role, CmsResource resource)
throws CmsRoleViolationException {
if (!hasRoleForResource(dbc, dbc.currentUser(), role, resource)) {
throw role.createRoleViolationExceptionForResource(dbc.getRequestContext(), resource);
}
}
/**
* Checks if the user of the current context has permissions to impersonate the given role
* for the given resource.<p>
*
* @param context the current request context
* @param role the role to check
* @param resource the resource to check the role for
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkRoleForResource(CmsRequestContext context, CmsRole role, CmsResource resource)
throws CmsRoleViolationException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRoleForResource(dbc, role, resource);
} finally {
dbc.clear();
}
}
/**
* Changes the resource flags of a resource.<p>
*
* The resource flags are used to indicate various "special" conditions
* for a resource. Most notably, the "internal only" setting which signals
* that a resource can not be directly requested with it's URL.<p>
*
* @param context the current request context
* @param resource the resource to change the flags for
* @param flags the new resource flags for this resource
* @throws CmsException if something goes wrong
* @throws CmsSecurityException if the user has insufficient permission for the given resource (({@link CmsPermissionSet#ACCESS_WRITE} required).
* @see org.opencms.file.types.I_CmsResourceType#chflags(CmsObject, CmsSecurityManager, CmsResource, int)
*/
public void chflags(CmsRequestContext context, CmsResource resource, int flags)
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?