JBoss Portal SVN: r10730 - in branches/JBoss_Portal_Branch_2_6: core-cms/src/main/org/jboss/portal/core/cms/ui/admin and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2008-05-01 16:29:35 -0400 (Thu, 01 May 2008)
New Revision: 10730
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
[JBPORTAL-1997] - Fixing the Security Logic issue with the accessibility of the CMSAdminPortlet
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2008-04-30 17:53:26 UTC (rev 10729)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2008-05-01 20:29:35 UTC (rev 10730)
@@ -30,7 +30,6 @@
import org.jboss.portal.identity.IdentityContext;
import org.jboss.portal.identity.IdentityServiceController;
import org.jboss.portal.identity.IdentityConfiguration;
-import org.jboss.portal.identity.IdentityContext;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.Role;
Modified: branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2008-04-30 17:53:26 UTC (rev 10729)
+++ branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2008-05-01 20:29:35 UTC (rev 10730)
@@ -1510,6 +1510,12 @@
if (portletRequest.getUserPrincipal() != null)
{
+ if(portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
+ {
+ return true;
+ }
+
+ //Not the Root User. so now make sure the Portlet is accessible to the User that is logged in
User user = this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
String uri = this.authorizationManager.getProvider().getUserURI(user.getUserName());
Collection permissions = this.authorizationManager.getProvider().getSecurityBindings(uri);
@@ -1527,6 +1533,25 @@
}
}
}
+ else
+ {
+ //Make sure based on permissions if the resources are accessible to the Anonymous user
+ String uri = this.authorizationManager.getProvider().getRoleURI(AuthorizationManager.Anonymous);
+ Collection permissions = this.authorizationManager.getProvider().getSecurityBindings(uri);
+ if (permissions != null)
+ {
+ for (Iterator itr = permissions.iterator(); itr.hasNext();)
+ {
+ Permission permission = (Permission)itr.next();
+ if ((permission.getService().equals("cms")) &&
+ (permission.getAction().equals("write") || permission.getAction().equals("manage"))
+ )
+ {
+ isPortletAccessible = true;
+ }
+ }
+ }
+ }
return isPortletAccessible;
}
16 years