JBoss Portal SVN: r10858 - branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin. - portal-commits

Friday, 30 May 2008


Author: thomas.heute(a)jboss.com
Date: 2008-05-30 06:40:00 -0400 (Fri, 30 May 2008)
New Revision: 10858

Modified:
  
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
[JBPORTAL-1997] - Fixing the Security Logic issue with the accessibility of the
CMSAdminPortlet (merge missing from 2.6)

Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java	2008-05-30
10:28:35 UTC (rev 10857)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java	2008-05-30
10:40:00 UTC (rev 10858)
@@ -1510,6 +1510,12 @@
 
          if (portletRequest.getUserPrincipal() != null)
          {
+           
if(portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
+            {
+               return true;
+            }
+            
+            //Not the Root User. so now make sure the Portlet is accessible to the User
that is logged in
             User user =
this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
             String uri =
this.authorizationManager.getProvider().getUserURI(user.getUserName());
             Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
@@ -1527,6 +1533,25 @@
                }
             }
          }
+         else
+         {
+            //Make sure based on permissions if the resources are accessible to the
Anonymous user
+            String uri =
this.authorizationManager.getProvider().getRoleURI(AuthorizationManager.Anonymous);
+            Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
+            if (permissions != null)
+            {
+               for (Iterator itr = permissions.iterator(); itr.hasNext();)
+               {
+                  Permission permission = (Permission)itr.next();
+                  if ((permission.getService().equals("cms")) &&
+                     (permission.getAction().equals("write") ||
permission.getAction().equals("manage"))
+                     )
+                  {
+                     isPortletAccessible = true;
+                  }
+               }
+            }
+         }
 
          return isPortletAccessible;
       }


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBoss Portal SVN: r10858 - branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.