JBoss Portal SVN: r10730 - in branches/JBoss_Portal_Branch_2_6: core-cms/src/main/org/jboss/portal/core/cms/ui/admin and 1 other directory. - portal-commits

Thursday, 1 May 2008


Author: sohil.shah(a)jboss.com
Date: 2008-05-01 16:29:35 -0400 (Thu, 01 May 2008)
New Revision: 10730

Modified:
  
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
  
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
[JBPORTAL-1997] - Fixing the Security Logic issue with the accessibility of the
CMSAdminPortlet

Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java	2008-04-30
17:53:26 UTC (rev 10729)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java	2008-05-01
20:29:35 UTC (rev 10730)
@@ -30,7 +30,6 @@
 import org.jboss.portal.identity.IdentityContext;
 import org.jboss.portal.identity.IdentityServiceController;
 import org.jboss.portal.identity.IdentityConfiguration;
-import org.jboss.portal.identity.IdentityContext;
 import org.jboss.portal.identity.IdentityException;
 import org.jboss.portal.identity.MembershipModule;
 import org.jboss.portal.identity.Role;

Modified:
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java	2008-04-30
17:53:26 UTC (rev 10729)
+++
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java	2008-05-01
20:29:35 UTC (rev 10730)
@@ -1510,6 +1510,12 @@
 
          if (portletRequest.getUserPrincipal() != null)
          {
+           
if(portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
+            {
+               return true;
+            }
+            
+            //Not the Root User. so now make sure the Portlet is accessible to the User
that is logged in
             User user =
this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
             String uri =
this.authorizationManager.getProvider().getUserURI(user.getUserName());
             Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
@@ -1527,6 +1533,25 @@
                }
             }
          }
+         else
+         {
+            //Make sure based on permissions if the resources are accessible to the
Anonymous user
+            String uri =
this.authorizationManager.getProvider().getRoleURI(AuthorizationManager.Anonymous);
+            Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
+            if (permissions != null)
+            {
+               for (Iterator itr = permissions.iterator(); itr.hasNext();)
+               {
+                  Permission permission = (Permission)itr.next();
+                  if ((permission.getService().equals("cms")) &&
+                     (permission.getAction().equals("write") ||
permission.getAction().equals("manage"))
+                     )
+                  {
+                     isPortletAccessible = true;
+                  }
+               }
+            }
+         }
 
          return isPortletAccessible;
       }


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBoss Portal SVN: r10730 - in branches/JBoss_Portal_Branch_2_6: core-cms/src/main/org/jboss/portal/core/cms/ui/admin and 1 other directory.