📄 cmssecuritymanager.java
字号:
new Integer(tagId),
dbc.currentProject().getName(),
new Integer(dbc.currentProject().getId()),
new Long(publishDate)}), e);
} finally {
dbc.clear();
}
}
/**
* Changes the project id of the resource to the current project, indicating that
* the resource was last modified in this project.<p>
*
* @param context the current request context
* @param resource theresource to apply this operation to
* @throws CmsException if something goes wrong
* @see org.opencms.file.types.I_CmsResourceType#changeLastModifiedProjectId(CmsObject, CmsSecurityManager, CmsResource)
*/
public void changeLastModifiedProjectId(CmsRequestContext context, CmsResource resource) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkOfflineProject(dbc);
checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL);
m_driverManager.changeLastModifiedProjectId(dbc, resource);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_CHANGE_LAST_MODIFIED_RESOURCE_IN_PROJECT_1,
context.getSitePath(resource)), e);
} finally {
dbc.clear();
}
}
/**
* Changes the lock of a resource to the current user, that is "steals" the lock from another user.<p>
*
* @param context the current request context
* @param resource the resource to change the lock for
* @throws CmsException if something goes wrong
* @see org.opencms.file.types.I_CmsResourceType#changeLock(CmsObject, CmsSecurityManager, CmsResource)
*/
public void changeLock(CmsRequestContext context, CmsResource resource) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
checkOfflineProject(dbc);
try {
m_driverManager.changeLock(dbc, resource);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_CHANGE_LOCK_OF_RESOURCE_1,
context.getSitePath(resource)), e);
} finally {
dbc.clear();
}
}
/**
* Returns a list with all sub resources of a given folder that have set the given property,
* matching the current property's value with the given old value and replacing it by a given new value.<p>
*
* @param context the current request context
* @param resource the resource on which property definition values are changed
* @param propertyDefinition the name of the propertydefinition to change the value
* @param oldValue the old value of the propertydefinition
* @param newValue the new value of the propertydefinition
* @param recursive if true, change recursively all property values on sub-resources (only for folders)
*
* @return a list with the <code>{@link CmsResource}</code>'s where the property value has been changed
*
* @throws CmsVfsException for now only when the search for the oldvalue failed.
* @throws CmsException if operation was not successful
*/
public synchronized List changeResourcesInFolderWithProperty(
CmsRequestContext context,
CmsResource resource,
String propertyDefinition,
String oldValue,
String newValue,
boolean recursive) throws CmsException, CmsVfsException {
int todo = 0;
// check if this belongs here - should be in driver manager (?)
// collect the resources to look up
List resources = new ArrayList();
if (recursive) {
resources = readResourcesWithProperty(context, resource.getRootPath(), propertyDefinition);
} else {
resources.add(resource);
}
Pattern oldPattern;
try {
// compile regular expression pattern
oldPattern = Pattern.compile(oldValue);
} catch (PatternSyntaxException e) {
throw new CmsVfsException(Messages.get().container(
Messages.ERR_CHANGE_RESOURCES_IN_FOLDER_WITH_PROP_4,
new Object[] {propertyDefinition, oldValue, newValue, context.getSitePath(resource)}), e);
}
List changedResources = new ArrayList(resources.size());
// create permission set and filter to check each resource
CmsPermissionSet perm = CmsPermissionSet.ACCESS_WRITE;
CmsResourceFilter filter = CmsResourceFilter.IGNORE_EXPIRATION;
for (int i = 0; i < resources.size(); i++) {
// loop through found resources and check property values
CmsResource res = (CmsResource)resources.get(i);
// check resource state and permissions
try {
checkPermissions(context, res, perm, true, filter);
} catch (Exception e) {
// resource is deleted or not writable for current user
continue;
}
CmsProperty property = readPropertyObject(context, res, propertyDefinition, false);
String structureValue = property.getStructureValue();
String resourceValue = property.getResourceValue();
boolean changed = false;
if (structureValue != null && oldPattern.matcher(structureValue).matches()) {
// change structure value
property.setStructureValue(newValue);
changed = true;
}
if (resourceValue != null && oldPattern.matcher(resourceValue).matches()) {
// change resource value
property.setResourceValue(newValue);
changed = true;
}
if (changed) {
// write property object if something has changed
writePropertyObject(context, res, property);
changedResources.add(res);
}
}
return changedResources;
}
/**
* Changes the user type of the user.<p>
*
* @param context the current request context
* @param userId the id of the user to change
* @param userType the new usertype of the user
*
* @throws CmsException if something goes wrong
*/
public void changeUserType(CmsRequestContext context, CmsUUID userId, int userType) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRole(dbc, CmsRole.ACCOUNT_MANAGER);
m_driverManager.changeUserType(dbc, userId, userType);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_CHANGE_USER_TYPE_WITH_ID_1, userId.toString()), e);
} finally {
dbc.clear();
}
}
/**
* Changes the user type of the user.<p>
* Only the administrator can change the type.<p>
*
* @param context the current request context
* @param username the name of the user to change
* @param userType the new usertype of the user
* @throws CmsException if something goes wrong
*/
public void changeUserType(CmsRequestContext context, String username, int userType) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRole(dbc, CmsRole.ACCOUNT_MANAGER);
m_driverManager.changeUserType(dbc, username, userType);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_CHANGE_USER_TYPE_WITH_NAME_1, username), e);
} finally {
dbc.clear();
}
}
/**
* Checks if the current user has management access to the given project.<p>
*
* @param dbc the current database context
* @param project the project to check
*
* @throws CmsRoleViolationException if the user does not have the required role permissions
*/
public void checkManagerOfProjectRole(CmsDbContext dbc, CmsProject project) throws CmsRoleViolationException {
if (!hasManagerOfProjectRole(dbc, project)) {
throw new CmsRoleViolationException(org.opencms.security.Messages.get().container(
org.opencms.security.Messages.ERR_NOT_MANAGER_OF_PROJECT_2,
dbc.currentUser().getName(),
dbc.currentProject().getName()));
}
}
/**
* Checks if the project in the given database context is not the "Online" project,
* and throws an Exception if this is the case.<p>
*
* This is used to ensure a user is in an "Offline" project
* before write access to VFS resources is granted.<p>
*
* @param dbc the current OpenCms users database context
*
* @throws CmsVfsException if the project in the given database context is the "Online" project
*/
public void checkOfflineProject(CmsDbContext dbc) throws CmsVfsException {
if (dbc.currentProject().isOnlineProject()) {
throw new CmsVfsException(org.opencms.file.Messages.get().container(
org.opencms.file.Messages.ERR_NOT_ALLOWED_IN_ONLINE_PROJECT_0));
}
}
/**
* Performs a blocking permission check on a resource.<p>
*
* If the required permissions are not satisfied by the permissions the user has on the resource,
* an exception is thrown.<p>
*
* @param context the current request context
* @param resource the resource on which permissions are required
* @param requiredPermissions the set of permissions required to access the resource
* @param checkLock if true, the lock status of the resource is also checked
* @param filter the filter for the resource
*
* @throws CmsException in case of any i/o error
* @throws CmsSecurityException if the required permissions are not satisfied
*
* @see #checkPermissions(CmsRequestContext, CmsResource, CmsPermissionSet, int)
*/
public void checkPermissions(
CmsRequestContext context,
CmsResource resource,
CmsPermissionSet requiredPermissions,
boolean checkLock,
CmsResourceFilter filter) throws CmsException, CmsSecurityException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
// check the access permissions
checkPermissions(dbc, resource, requiredPermissions, checkLock, filter);
} finally {
dbc.clear();
}
}
/**
* Checks if the current user has the permissions to publish the given publish list
* (which contains the information about the resources / project to publish).<p>
*
* @param dbc the current OpenCms users database context
* @param publishList the publish list to check (contains the information about the resources / project to publish)
*
* @throws CmsException if the user does not have the required permissions becasue of project lock state
* @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
* whose parent folder is new or deleted in the offline project,
* or if the current user has no management access to the current project
*/
public void checkPublishPermissions(CmsDbContext dbc, CmsPublishList publishList)
throws CmsException, CmsMultiException {
// is the current project an "offline" project?
checkOfflineProject(dbc);
// check if the current project is unlocked
if (dbc.currentProject().getFlags() != CmsProject.PROJECT_STATE_UNLOCKED) {
CmsMessageContainer errMsg = org.opencms.security.Messages.get().container(
org.opencms.security.Messages.ERR_RESOURCE_LOCKED_1,
dbc.currentProject().getName());
throw new CmsLockException(errMsg);
}
// check if this is a "direct publish" attempt
if (!publishList.isDirectPublish()) {
// check if the user is a manager of the current project, in this case he has publish permissions
checkManagerOfProjectRole(dbc, dbc.getRequestContext().currentProject());
} else {
// direct publish, create exception containers
CmsMultiException resourceIssues = new CmsMultiException();
CmsMultiException permissionIssues = new CmsMultiException();
// iterate all resources in the direct publish list
Iterator it = publishList.getDirectPublishResources().iterator();
List parentFolders = new ArrayList();
while (it.hasNext()) {
CmsResource res = (CmsResource)it.next();
// the parent folder must not be new or deleted
String parentFolder = CmsResource.getParentFolder(res.getRootPath());
if ((parentFolder != null) && !parentFolders.contains(parentFolder)) {
// check each parent folder only once
CmsResource parent = readResource(dbc, parentFolder, CmsResourceFilter.ALL);
if (parent.getState() == CmsResource.STATE_DELETED) {
// parent folder is deleted - direct publish not allowed
resourceIssues.addException(new CmsVfsException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_PARENT_DELETED_2,
dbc.getRequestContext().removeSiteRoot(res.getRootPath()),
parentFolder)));
}
if (parent.getState() == CmsResource.STATE_NEW) {
// parent folder is new - direct publish not allowed
resourceIssues.addException(new CmsVfsException(Messages.get().container(
Messages.ERR_DIRECT_PUBLISH_PARENT_NEW_2,
dbc.removeSiteRoot(res.getRootPath()),
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -