📄 cmssecuritymanager.java
字号:
parentFolder)));
}
// add checked parent folder to prevent duplicate checks
parentFolders.add(parentFolder);
}
// check if the user has the explicit permission to direct publish the selected resource
if (PERM_ALLOWED != hasPermissions(
dbc.getRequestContext(),
res,
CmsPermissionSet.ACCESS_DIRECT_PUBLISH,
true,
CmsResourceFilter.ALL)) {
// the user has no "direct publish" permissions on the resource
permissionIssues.addException(new CmsSecurityException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_NO_PERMISSIONS_1,
dbc.removeSiteRoot(res.getRootPath()))));
}
}
if (permissionIssues.hasExceptions()) {
// there have been permission issues
if (hasManagerOfProjectRole(dbc, dbc.getRequestContext().currentProject())) {
// if user is a manager of the project, permission issues are void because he can publish anyway
permissionIssues = new CmsMultiException();
}
}
if (resourceIssues.hasExceptions() || permissionIssues.hasExceptions()) {
// there are issues, permission check has failed
resourceIssues.addExceptions(permissionIssues.getExceptions());
throw resourceIssues;
}
}
// no issues have been found , permissions are granted
}
/**
* Checks if the current user has the permissions to publish the given publish list
* (which contains the information about the resources / project to publish).<p>
*
* @param context the current request context
* @param publishList the publish list to check (contains the information about the resources / project to publish)
*
* @throws CmsException if the user does not have the required permissions becasue of project lock state
* @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
* whose parent folder is new or deleted in the offline project,
* or if the current user has no management access to the current project
*/
public void checkPublishPermissions(CmsRequestContext context, CmsPublishList publishList)
throws CmsException, CmsMultiException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
// check the access permissions
checkPublishPermissions(dbc, publishList);
} finally {
dbc.clear();
}
}
/**
* Checks if the user of the current database context
* has permissions to impersonate the given role.<p>
*
* @param dbc the current OpenCms users database context
* @param role the role to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkRole(CmsDbContext dbc, CmsRole role) throws CmsRoleViolationException {
if (!hasRole(dbc, role)) {
throw role.createRoleViolationException(dbc.getRequestContext());
}
}
/**
* Checks if the user of the current database context
* has permissions to impersonate the given role.<p>
*
* @param context the current request context
* @param role the role to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkRole(CmsRequestContext context, CmsRole role) throws CmsRoleViolationException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRole(dbc, role);
} finally {
dbc.clear();
}
}
/**
* Changes the resource flags of a resource.<p>
*
* The resource flags are used to indicate various "special" conditions
* for a resource. Most notably, the "internal only" setting which signals
* that a resource can not be directly requested with it's URL.<p>
*
* @param context the current request context
* @param resource the resource to change the flags for
* @param flags the new resource flags for this resource
* @throws CmsException if something goes wrong
* @throws CmsSecurityException if the user has insufficient permission for the given resource (({@link CmsPermissionSet#ACCESS_WRITE} required).
* @see org.opencms.file.types.I_CmsResourceType#chflags(CmsObject, CmsSecurityManager, CmsResource, int)
*/
public void chflags(CmsRequestContext context, CmsResource resource, int flags)
throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkOfflineProject(dbc);
checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL);
m_driverManager.chflags(dbc, resource, flags);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_CHANGE_RESOURCE_FLAGS_1,
context.getSitePath(resource)), e);
} finally {
dbc.clear();
}
}
/**
* Changes the resource type of a resource.<p>
*
* OpenCms handles resources according to the resource type,
* not the file suffix. This is e.g. why a JSP in OpenCms can have the
* suffix ".html" instead of ".jsp" only. Changing the resource type
* makes sense e.g. if you want to make a plain text file a JSP resource,
* or a binary file an image, etc.<p>
*
* @param context the current request context
* @param resource the resource to change the type for
* @param type the new resource type for this resource
*
* @throws CmsException if something goes wrong
* @throws CmsSecurityException if the user has insufficient permission for the given resource (({@link CmsPermissionSet#ACCESS_WRITE} required)).
*
* @see org.opencms.file.types.I_CmsResourceType#chtype(CmsObject, CmsSecurityManager, CmsResource, int)
* @see CmsObject#chtype(String, int)
*/
public void chtype(CmsRequestContext context, CmsResource resource, int type)
throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkOfflineProject(dbc);
checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL);
m_driverManager.chtype(dbc, resource, type);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_CHANGE_RESOURCE_TYPE_1,
context.getSitePath(resource)), e);
} finally {
dbc.clear();
}
}
/**
* Copies the access control entries of a given resource to a destination resorce.<p>
*
* Already existing access control entries of the destination resource are removed.<p>
*
* @param context the current request context
* @param source the resource to copy the access control entries from
* @param destination the resource to which the access control entries are copied
*
* @throws CmsException if something goes wrong
* @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_CONTROL} required).
*/
public void copyAccessControlEntries(CmsRequestContext context, CmsResource source, CmsResource destination)
throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkOfflineProject(dbc);
checkPermissions(dbc, source, CmsPermissionSet.ACCESS_READ, true, CmsResourceFilter.ALL);
checkPermissions(dbc, destination, CmsPermissionSet.ACCESS_CONTROL, true, CmsResourceFilter.ALL);
m_driverManager.copyAccessControlEntries(dbc, source, destination, true);
} catch (Exception e) {
CmsRequestContext rc = context;
dbc.report(null, Messages.get().container(
Messages.ERR_COPY_ACE_2,
rc.removeSiteRoot(source.getRootPath()),
rc.removeSiteRoot(destination.getRootPath())), e);
} finally {
dbc.clear();
}
}
/**
* Copies a resource.<p>
*
* You must ensure that the destination path is an absolute, valid and
* existing VFS path. Relative paths from the source are currently not supported.<p>
*
* The copied resource will always be locked to the current user
* after the copy operation.<p>
*
* In case the target resource already exists, it is overwritten with the
* source resource.<p>
*
* The <code>siblingMode</code> parameter controls how to handle siblings
* during the copy operation.<br>
* Possible values for this parameter are: <br>
* <ul>
* <li><code>{@link org.opencms.file.CmsResource#COPY_AS_NEW}</code></li>
* <li><code>{@link org.opencms.file.CmsResource#COPY_AS_SIBLING}</code></li>
* <li><code>{@link org.opencms.file.CmsResource#COPY_PRESERVE_SIBLING}</code></li>
* </ul><p>
*
* @param context the current request context
* @param source the resource to copy
* @param destination the name of the copy destination with complete path
* @param siblingMode indicates how to handle siblings during copy
*
* @throws CmsException if something goes wrong
* @throws CmsSecurityException if resource could not be copied
*
* @see CmsObject#copyResource(String, String, int)
* @see org.opencms.file.types.I_CmsResourceType#copyResource(CmsObject, CmsSecurityManager, CmsResource, String, int)
*/
public void copyResource(CmsRequestContext context, CmsResource source, String destination, int siblingMode)
throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
CmsRequestContext rc = context;
try {
checkOfflineProject(dbc);
checkPermissions(dbc, source, CmsPermissionSet.ACCESS_READ, true, CmsResourceFilter.ALL);
// target permissions will be checked later
m_driverManager.copyResource(dbc, source, destination, siblingMode);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_COPY_RESOURCE_2,
rc.removeSiteRoot(source.getRootPath()),
rc.removeSiteRoot(destination)), e);
} finally {
dbc.clear();
}
}
/**
* Copies a resource to the current project of the user.<p>
*
* @param context the current request context
* @param resource the resource to apply this operation to
* @throws CmsException if something goes wrong
* @throws CmsRoleViolationException if the current user does not have management access to the project.
* @see org.opencms.file.types.I_CmsResourceType#copyResourceToProject(CmsObject, CmsSecurityManager, CmsResource)
*/
public void copyResourceToProject(CmsRequestContext context, CmsResource resource)
throws CmsException, CmsRoleViolationException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkOfflineProject(dbc);
checkManagerOfProjectRole(dbc, context.currentProject());
if (dbc.currentProject().getFlags() != CmsProject.PROJECT_STATE_UNLOCKED) {
throw new CmsLockException(org.opencms.lock.Messages.get().container(
org.opencms.lock.Messages.ERR_RESOURCE_LOCKED_1,
dbc.currentProject().getName()));
}
m_driverManager.copyResourceToProject(dbc, resource);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_COPY_RESOURCE_TO_PROJECT_2,
context.getSitePath(resource),
context.currentProject().getName()), e);
} finally {
dbc.clear();
}
}
/**
* Counts the locked resources in this project.<p>
*
* @param context the current request context
* @param id the id of the project
*
* @return the amount of locked resources in this project
*
* @throws CmsException if something goes wrong
* @throws CmsRoleViolationException if the current user does not have management access to the project.
*/
public int countLockedResources(CmsRequestContext context, int id) throws CmsException, CmsRoleViolationException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
CmsProject project = null;
int result = 0;
try {
project = m_driverManager.readProject(dbc, id);
checkManagerOfProjectRole(dbc, project);
result = m_driverManager.countLockedResources(project);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_COUNT_LOCKED_RESOURCES_PROJECT_2,
(project == null) ? "<failed to read>" : project.getName(),
new Integer(id)), e);
} finally {
dbc.clear();
}
return result;
}
/**
* Counts the locked resources in a given folder.<p>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -