📄 contentpermissionservices.java
字号:
/*
* $Id: ContentPermissionServices.java,v 1.9 2004/01/17 03:57:46 byersa Exp $
*
* Copyright (c) 2001-2003 The Open For Business Project - www.ofbiz.org
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
* OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
* THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
*/
package org.ofbiz.content.content;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilDateTime;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.condition.EntityCondition;
import org.ofbiz.entity.condition.EntityConditionList;
import org.ofbiz.entity.condition.EntityExpr;
import org.ofbiz.entity.condition.EntityOperator;
import org.ofbiz.security.Security;
import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.ServiceUtil;
/**
* ContentPermissionServices Class
*
* @author <a href="mailto:byersa@automationgroups.com">Al Byers</a>
* @version $Revision: 1.9 $
* @since 2.2
*
* Services for granting operation permissions on Content entities in a data-driven manner.
*/
public class ContentPermissionServices {
public static final String module = ContentPermissionServices.class.getName();
public ContentPermissionServices() {}
/**
* checkContentPermission
*
*@param dctx The DispatchContext that this service is operating in
*@param context Map containing the input parameters
*@return Map with the result of the service, the output parameters
*
* This service goes thru a series of test to determine if the user has
* authority to performed anyone of the passed in target operations.
*
* It expects a Content entity in "currentContent"
* It expects a list of contentOperationIds in "targetOperationList" rather
* than a scalar because it is thought that sometimes more than one operation
* would fit the situation.
* Similarly, it expects a list of contentPurposeTypeIds in "contentPurposeList".
* Again, normally there will just be one, but it is possible that a Content
* entity could have multiple purposes associated with it.
* The userLogin GenericValue is also required.
* A list of roleTypeIds is also possible.
*
* The basic sequence of testing events is:
* First the ContentPurposeOperation table is checked to see if there are any
* entries with matching purposes (and operations) with no roleTypeId (ie. _NA_).
* This is done because it would be the most common scenario and is quick to check.
*
* Secondly, the CONTENTMGR permission is checked.
*
* Thirdly, the ContentPurposeOperation table is rechecked to see if there are
* any conditions with roleTypeIds that match associated ContentRoles tied to the
* user.
* If a Party of "PARTY_GROUP" type is found, the PartyRelationship table is checked
* to see if the current user is linked to that group.
*
* If no match is found to this point and the current Content entity has a value for
* ownerContentId, then the last step is recusively applied, using the ContentRoles
* associated with the ownerContent entity.
*/
public static Map checkContentPermission(DispatchContext dctx, Map context) {
Security security = dctx.getSecurity();
GenericDelegator delegator = dctx.getDelegator();
String statusId = (String) context.get("statusId");
GenericValue content = (GenericValue) context.get("currentContent");
GenericValue userLogin = (GenericValue) context.get("userLogin");
List passedPurposes = (List) context.get("contentPurposeList");
List targetOperations = (List) context.get("targetOperationList");
List passedRoles = (List) context.get("roleTypeList");
if (passedRoles == null) passedRoles = new ArrayList();
// If the current user created the content, then add "_OWNER_" as one of
// the contentRoles that is in effect.
if (content != null && content.get("createdByUserLogin") != null
&& userLogin != null) {
String userLoginId = (String)userLogin.get("userLoginId");
String userLoginIdCB = (String)content.get("createdByUserLogin");
if (userLoginIdCB.equals(userLoginId)) {
passedRoles.add("_OWNER_");
}
}
String entityAction = (String) context.get("entityOperation");
if (entityAction == null) entityAction = "_ADMIN";
if (Debug.verboseOn()) Debug.logVerbose("targetOperations(0):" + targetOperations, null);
if (Debug.verboseOn()) Debug.logVerbose("content:" + content, null);
Map results = checkPermission( content, statusId,
userLogin, passedPurposes,
targetOperations, passedRoles,
delegator, security, entityAction);
return results;
}
public static Map checkPermission(GenericValue content, String statusId,
GenericValue userLogin, List passedPurposes,
List targetOperations, List passedRoles,
GenericDelegator delegator ,
Security security, String entityAction
) {
List roleIds = null;
Map result = new HashMap();
String permissionStatus = null;
result.put("roleTypeList", passedRoles);
// Get the ContentPurposeOperation table and save the result to be reused.
List purposeOperations = null;
try {
purposeOperations = delegator.findAllCache("ContentPurposeOperation");
} catch (GenericEntityException e) {
return ServiceUtil.returnError("Error in retrieving ContentPurposeOperations. " + e.getMessage());
}
if (Debug.verboseOn()) Debug.logVerbose("purposeOperations:" + purposeOperations, null);
if (Debug.verboseOn()) Debug.logVerbose("targetOperations:" + targetOperations, null);
// Combine any passed purposes with those linked to the Content entity
// Note that purposeIds is a list of contentPurposeTypeIds, not GenericValues
List purposeIds = getRelatedPurposes(content, passedPurposes );
if (Debug.verboseOn()) Debug.logVerbose("purposeIds:" + purposeIds, null);
// Do check of non-RoleType conditions
boolean isMatch = publicMatches(purposeOperations, targetOperations, purposeIds, passedRoles, statusId);
if( isMatch ) {
result.put("permissionStatus", "granted");
return result;
}
if (userLogin != null ) {
isMatch = security.hasEntityPermission("CONTENTMGR", entityAction, userLogin);
}
if( isMatch ) {
result.put("permissionStatus", "granted");
return result;
}
if (content == null || content.isEmpty() ) {
return result;
}
if (Debug.verboseOn()) Debug.logVerbose("userLogin:" + userLogin, null);
if (userLogin != null ) {
// Get all roles associated with this Content and the user,
// including groups.
if (Debug.verboseOn()) Debug.logVerbose("before getUserRoles, content(1):" + content, null);
roleIds = getUserRoles(content, userLogin, passedRoles, delegator);
if (Debug.verboseOn()) Debug.logVerbose("roleIds:" + roleIds, null);
if (passedRoles == null) {
passedRoles = roleIds;
} else {
passedRoles.addAll(roleIds);
}
result.put("roleTypeList", passedRoles);
// This is a recursive query that looks for any "owner" content in the
// ancestoral path that might have ContentRole associations that
// make a ContentPurposeOperation condition match.
Map thisResult = checkPermissionWithRoles(content, purposeIds, passedRoles,
targetOperations, purposeOperations, userLogin, delegator, statusId );
result.put("roleTypeList", thisResult.get("roleTypeList"));
result.put("permissionStatus", thisResult.get("permissionStatus"));
}
return result;
}
/**
* checkContentPermission
*
*@param content The content GenericValue to be checked
*@param passedPurposes The list of contentPurposeTypeIds to be used in the test
*@param passedRoles The list of roleTypeIds to be used in the test
*@param targetOperatons The list of contentOperationIds that must be matched
*@param purposeOperations The list of contentPurposeOperation GenericValues that will
* be used to find matches
*@param userLogin
*@param delegator
*@return boolean True if a match is found, else false.
*
*/
public static Map checkPermissionWithRoles( GenericValue content, List passedPurposes,
List passedRoles,
List targetOperations, List purposeOperations,
GenericValue userLogin, GenericDelegator delegator,
String statusId){
String permissionStatus = null;
Map result = new HashMap();
result.put("permissionStatus", permissionStatus);
result.put("roleTypeList", passedRoles);
List roleIds = null;
boolean isMatch = publicMatches(purposeOperations, targetOperations,
passedPurposes, passedRoles, statusId);
if (isMatch) {
result.put("permissionStatus", "granted");
return result;
}
// recursively try if the "owner" Content has ContentRoles that allow a match
String ownerContentId = (String)content.get("ownerContentId");
if (Debug.verboseOn()) Debug.logVerbose("ownerContentId:" + ownerContentId, null);
if (ownerContentId != null && ownerContentId.length() > 0 ) {
GenericValue ownerContent = null;
try {
ownerContent = delegator.findByPrimaryKey("Content",
UtilMisc.toMap("contentId", ownerContentId) );
if (Debug.verboseOn()) Debug.logVerbose("ownerContent:" + ownerContent, null);
} catch (GenericEntityException e) {
Debug.logError(e, "Owner content not found. ", module);
}
if (ownerContent != null) {
if (Debug.verboseOn()) Debug.logVerbose("before getUserRoles, ownerContent(2):" + ownerContent, null);
roleIds = getUserRoles(ownerContent, userLogin, null, delegator);
if (passedRoles == null) {
passedRoles = roleIds;
} else {
passedRoles.addAll(roleIds);
}
if (Debug.verboseOn()) Debug.logVerbose("after getUserRoles, passedRoles(2):" + passedRoles, null);
Map result2 = checkPermissionWithRoles(ownerContent, passedPurposes, roleIds,
targetOperations, purposeOperations, userLogin, delegator, statusId );
result.put("roleTypeList", result2.get("roleTypeList"));
result.put("permissionStatus", result2.get("permissionStatus"));
}
}
return result;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -