Search in sources :

Example 31 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ContentManagementEvents method updatePublishLinks.

public static String updatePublishLinks(HttpServletRequest request, HttpServletResponse response) {
    HttpSession session = request.getSession();
    Security security = (Security) request.getAttribute("security");
    GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
    String webSiteId = WebSiteWorker.getWebSiteId(request);
    Delegator delegator = (Delegator) request.getAttribute("delegator");
    LocalDispatcher dispatcher = (LocalDispatcher) request.getAttribute("dispatcher");
    Map<String, Object> paramMap = UtilHttp.getParameterMap(request);
    // The content to be linked to one or more sites
    String targContentId = (String) paramMap.get("contentId");
    String roles = null;
    String authorId = null;
    GenericValue authorContent = ContentManagementWorker.getAuthorContent(delegator, targContentId);
    if (authorContent != null) {
        authorId = authorContent.getString("contentId");
    } else {
        request.setAttribute("_ERROR_MESSAGE_", "authorContent is empty.");
        return "error";
    }
    // Determine if user is owner of target content
    String userLoginId = userLogin.getString("userLoginId");
    List<String> roleTypeList = null;
    if (authorId != null && userLoginId != null && authorId.equals(userLoginId)) {
        roles = "OWNER";
        roleTypeList = StringUtil.split(roles, "|");
    }
    List<String> targetOperationList = UtilMisc.<String>toList("CONTENT_PUBLISH");
    // TODO check the purpose of this list and if we want to make use of it. Else remove
    // UtilMisc.toList("ARTICLE");
    List<String> contentPurposeList = null;
    // The content to be linked to one or more sites
    String permittedAction = (String) paramMap.get("permittedAction");
    // The content to be linked to one or more sites
    String permittedOperations = (String) paramMap.get("permittedOperations");
    if (UtilValidate.isEmpty(targContentId)) {
        request.setAttribute("_ERROR_MESSAGE_", "targContentId is empty.");
        return "error";
    }
    // Get all the subSites that the user is permitted to link to
    List<Object[]> origPublishedLinkList = null;
    try {
        // TODO: this needs to be given author userLogin
        EntityQuery.use(delegator).from("UserLogin").where("userLoginId", authorId).cache().queryOne();
        origPublishedLinkList = ContentManagementWorker.getPublishedLinks(delegator, targContentId, webSiteId, userLogin, security, permittedAction, permittedOperations, roles);
    } catch (GenericEntityException e) {
        request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
        return "error";
    } catch (GeneralException e2) {
        request.setAttribute("_ERROR_MESSAGE_", e2.getMessage());
        return "error";
    }
    // make a map of the values that are passed in using the top subSite as the key.
    // Content can only be linked to one subsite under a top site (ends with "_MASTER")
    Map<String, String> siteIdLookup = new HashMap<String, String>();
    for (Entry<String, Object> entry : paramMap.entrySet()) {
        String param = entry.getKey();
        int pos = param.indexOf("select_");
        if (pos >= 0) {
            String siteId = param.substring(7);
            String subSiteVal = (String) paramMap.get(param);
            siteIdLookup.put(siteId, subSiteVal);
        }
    }
    // Loop thru all the possible subsites
    Timestamp nowTimestamp = UtilDateTime.nowTimestamp();
    boolean statusIdUpdated = false;
    Map<String, Object> result = new HashMap<>();
    for (Object[] arr : origPublishedLinkList) {
        // main (2nd level) site id
        String contentId = (String) arr[0];
        String origSubContentId = null;
        List<Object[]> origSubList = UtilGenerics.checkList(arr[1]);
        Timestamp origFromDate = null;
        for (Object[] pubArr : origSubList) {
            Timestamp fromDate = (Timestamp) pubArr[2];
            origSubContentId = null;
            if (fromDate != null) {
                origSubContentId = (String) pubArr[0];
                origFromDate = fromDate;
                break;
            }
        }
        String currentSubContentId = siteIdLookup.get(contentId);
        try {
            if (UtilValidate.isNotEmpty(currentSubContentId)) {
                if (!currentSubContentId.equals(origSubContentId)) {
                    // disable existing link
                    if (UtilValidate.isNotEmpty(origSubContentId) && origFromDate != null) {
                        List<GenericValue> oldActiveValues = EntityQuery.use(delegator).from("ContentAssoc").where("contentId", targContentId, "contentIdTo", origSubContentId, "contentAssocTypeId", "PUBLISH_LINK", "thruDate", null).queryList();
                        for (GenericValue cAssoc : oldActiveValues) {
                            cAssoc.set("thruDate", nowTimestamp);
                            cAssoc.store();
                        }
                    }
                    // create new link
                    Map<String, Object> serviceIn = new HashMap<String, Object>();
                    serviceIn.put("userLogin", userLogin);
                    serviceIn.put("contentId", targContentId);
                    serviceIn.put("contentAssocTypeId", "PUBLISH_LINK");
                    serviceIn.put("fromDate", nowTimestamp);
                    serviceIn.put("contentIdTo", currentSubContentId);
                    serviceIn.put("roleTypeList", roleTypeList);
                    serviceIn.put("targetOperationList", targetOperationList);
                    // TODO check if this should be removed (see above)
                    serviceIn.put("contentPurposeList", contentPurposeList);
                    result = dispatcher.runSync("createContentAssoc", serviceIn);
                    if (ServiceUtil.isError(result)) {
                        String errorMessage = ServiceUtil.getErrorMessage(result);
                        request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                        Debug.logError(errorMessage, module);
                        return "error";
                    }
                    serviceIn = new HashMap<String, Object>();
                    serviceIn.put("userLogin", userLogin);
                    serviceIn.put("contentId", targContentId);
                    serviceIn.put("contentAssocTypeId", "PUBLISH_LINK");
                    serviceIn.put("fromDate", nowTimestamp);
                    serviceIn.put("contentIdTo", contentId);
                    serviceIn.put("roleTypeList", roleTypeList);
                    serviceIn.put("targetOperationList", targetOperationList);
                    // TODO check if this should be removed (see above)
                    serviceIn.put("contentPurposeList", contentPurposeList);
                    result = dispatcher.runSync("createContentAssoc", serviceIn);
                    if (ServiceUtil.isError(result)) {
                        String errorMessage = ServiceUtil.getErrorMessage(result);
                        request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                        Debug.logError(errorMessage, module);
                        return "error";
                    }
                    if (!statusIdUpdated) {
                        try {
                            GenericValue targContent = EntityQuery.use(delegator).from("Content").where("contentId", targContentId).queryOne();
                            targContent.set("statusId", "CTNT_PUBLISHED");
                            targContent.store();
                            statusIdUpdated = true;
                        } catch (GenericEntityException e) {
                            Debug.logError(e.getMessage(), module);
                            request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
                            return "error";
                        }
                    }
                }
            } else if (UtilValidate.isNotEmpty(origSubContentId)) {
                // if no current link is passed in, look to see if there is an existing link(s) that must be disabled
                List<GenericValue> oldActiveValues = EntityQuery.use(delegator).from("ContentAssoc").where("contentId", targContentId, "contentIdTo", origSubContentId, "contentAssocTypeId", "PUBLISH_LINK", "thruDate", null).queryList();
                for (GenericValue cAssoc : oldActiveValues) {
                    cAssoc.set("thruDate", nowTimestamp);
                    cAssoc.store();
                }
            }
        } catch (GenericEntityException e) {
            Debug.logError(e.getMessage(), module);
            request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
            return "error";
        } catch (GenericServiceException e2) {
            Debug.logError(e2, module);
            request.setAttribute("_ERROR_MESSAGE_", e2.getMessage());
            return "error";
        }
    }
    return "success";
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) LocalDispatcher(org.apache.ofbiz.service.LocalDispatcher) GeneralException(org.apache.ofbiz.base.util.GeneralException) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) Security(org.apache.ofbiz.security.Security) Timestamp(java.sql.Timestamp) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) List(java.util.List) GenericServiceException(org.apache.ofbiz.service.GenericServiceException)

Example 32 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ContentManagementEvents method updateStaticValues.

public static String updateStaticValues(HttpServletRequest request, HttpServletResponse response) {
    HttpSession session = request.getSession();
    Security security = (Security) request.getAttribute("security");
    GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
    String webSiteId = WebSiteWorker.getWebSiteId(request);
    Delegator delegator = (Delegator) request.getAttribute("delegator");
    LocalDispatcher dispatcher = (LocalDispatcher) request.getAttribute("dispatcher");
    Map<String, Object> paramMap = UtilHttp.getParameterMap(request);
    Map<String, Object> result = new HashMap<>();
    String parentPlaceholderId = (String) paramMap.get("ph");
    if (UtilValidate.isEmpty(parentPlaceholderId)) {
        request.setAttribute("_ERROR_MESSAGE_", "ParentPlaceholder is empty.");
        return "error";
    }
    List<GenericValue> allPublishPointList = null;
    List<String[]> permittedPublishPointList = null;
    List<Map<String, Object>> valueList = null;
    try {
        allPublishPointList = ContentManagementWorker.getAllPublishPoints(delegator, webSiteId);
        permittedPublishPointList = ContentManagementWorker.getPermittedPublishPoints(delegator, allPublishPointList, userLogin, security, "_ADMIN", null, null);
        valueList = ContentManagementWorker.getStaticValues(delegator, parentPlaceholderId, permittedPublishPointList);
    } catch (GeneralException e) {
        Debug.logError(e.getMessage(), module);
        request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
        return "error";
    }
    int counter = 0;
    for (Map<String, Object> map : valueList) {
        String contentId = (String) map.get("contentId");
        for (String[] pubArr : permittedPublishPointList) {
            String pubContentId = pubArr[0];
            String pubValue = (String) map.get(pubContentId);
            String paramName = Integer.toString(counter) + "_" + pubContentId;
            String paramValue = (String) paramMap.get(paramName);
            Map<String, Object> serviceIn = new HashMap<String, Object>();
            serviceIn.put("userLogin", userLogin);
            serviceIn.put("contentIdTo", contentId);
            serviceIn.put("contentId", pubContentId);
            serviceIn.put("contentAssocTypeId", "SUBSITE");
            try {
                if (UtilValidate.isNotEmpty(paramValue)) {
                    if (!paramValue.equals(pubValue)) {
                        if ("Y".equalsIgnoreCase(paramValue)) {
                            serviceIn.put("fromDate", UtilDateTime.nowTimestamp());
                            result = dispatcher.runSync("createContentAssoc", serviceIn);
                            if (ServiceUtil.isError(result)) {
                                String errorMessage = ServiceUtil.getErrorMessage(result);
                                request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                                Debug.logError(errorMessage, module);
                                return "error";
                            }
                        } else if ("N".equalsIgnoreCase(paramValue) && "Y".equalsIgnoreCase(pubValue)) {
                            serviceIn.put("thruDate", UtilDateTime.nowTimestamp());
                            Timestamp fromDate = (Timestamp) map.get(pubContentId + "FromDate");
                            serviceIn.put("fromDate", fromDate);
                            result = dispatcher.runSync("updateContentAssoc", serviceIn);
                            if (ServiceUtil.isError(result)) {
                                String errorMessage = ServiceUtil.getErrorMessage(result);
                                request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                                Debug.logError(errorMessage, module);
                                return "error";
                            }
                        }
                    }
                } else if (UtilValidate.isNotEmpty(pubValue)) {
                    if ("Y".equalsIgnoreCase(pubValue)) {
                        serviceIn.put("thruDate", UtilDateTime.nowTimestamp());
                        Timestamp fromDate = (Timestamp) map.get(pubContentId + "FromDate");
                        serviceIn.put("fromDate", fromDate);
                        result = dispatcher.runSync("updateContentAssoc", serviceIn);
                        if (ServiceUtil.isError(result)) {
                            String errorMessage = ServiceUtil.getErrorMessage(result);
                            request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                            Debug.logError(errorMessage, module);
                            return "error";
                        }
                    }
                }
            } catch (GenericServiceException e) {
                Debug.logError(e.getMessage(), module);
                request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
                return "error";
            }
        }
        counter++;
    }
    return "success";
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) LocalDispatcher(org.apache.ofbiz.service.LocalDispatcher) GeneralException(org.apache.ofbiz.base.util.GeneralException) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) Security(org.apache.ofbiz.security.Security) Timestamp(java.sql.Timestamp) Delegator(org.apache.ofbiz.entity.Delegator) GenericServiceException(org.apache.ofbiz.service.GenericServiceException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 33 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ContentEvents method updateAllContentKeywords.

/**
 * Updates/adds keywords for all contents
 *
 * @param request HTTPRequest object for the current request
 * @param response HTTPResponse object for the current request
 * @return String specifying the exit status of this event
 */
public static String updateAllContentKeywords(HttpServletRequest request, HttpServletResponse response) {
    Delegator delegator = (Delegator) request.getAttribute("delegator");
    Security security = (Security) request.getAttribute("security");
    String updateMode = "CREATE";
    String errMsg = null;
    String doAll = request.getParameter("doAll");
    // check permissions before moving on...
    if (!security.hasEntityPermission("CONTENTMGR", "_" + updateMode, request.getSession())) {
        Map<String, String> messageMap = UtilMisc.toMap("updateMode", updateMode);
        errMsg = UtilProperties.getMessage(resource, "contentevents.not_sufficient_permissions", messageMap, UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        return "error";
    }
    int numConts = 0;
    int errConts = 0;
    boolean beganTx = false;
    EntityQuery contentQuery = EntityQuery.use(delegator).from("Content");
    try {
        // begin the transaction
        beganTx = TransactionUtil.begin(7200);
        if (Debug.infoOn()) {
            long count = contentQuery.queryCount();
            Debug.logInfo("========== Found " + count + " contents to index ==========", module);
        }
        GenericValue content;
        try (EntityListIterator entityListIterator = contentQuery.queryIterator()) {
            while ((content = entityListIterator.next()) != null) {
                ContentKeywordIndex.indexKeywords(content, "Y".equals(doAll));
                numConts++;
                if (numConts % 500 == 0) {
                    Debug.logInfo("Keywords indexed for " + numConts + " so far", module);
                }
            }
        } catch (GenericEntityException e) {
            errMsg = "[ContentEvents.updateAllContentKeywords] Could not create content-keyword (write error); message: " + e.getMessage();
            Debug.logWarning(errMsg, module);
            errConts++;
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
        }
    } catch (GenericEntityException gee) {
        Debug.logWarning(gee, gee.getMessage(), module);
        Map<String, String> messageMap = UtilMisc.toMap("gee", gee.toString());
        errMsg = UtilProperties.getMessage(resource, "contentevents.error_getting_content_list", messageMap, UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        try {
            TransactionUtil.rollback(beganTx, gee.getMessage(), gee);
        } catch (GenericTransactionException e1) {
            Debug.logError(e1, module);
        }
        return "error";
    }
    // commit the transaction
    try {
        TransactionUtil.commit(beganTx);
    } catch (GenericTransactionException e) {
        Debug.logError(e, module);
    }
    if (errConts == 0) {
        Map<String, String> messageMap = UtilMisc.toMap("numConts", Integer.toString(numConts));
        errMsg = UtilProperties.getMessage(resource, "contentevents.keyword_creation_complete_for_contents", messageMap, UtilHttp.getLocale(request));
        request.setAttribute("_EVENT_MESSAGE_", errMsg);
        return "success";
    } else {
        Map<String, String> messageMap = UtilMisc.toMap("numConts", Integer.toString(numConts));
        messageMap.put("errConts", Integer.toString(errConts));
        errMsg = UtilProperties.getMessage(resource, "contentevents.keyword_creation_complete_for_contents_with_errors", messageMap, UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        return "error";
    }
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security) EntityQuery(org.apache.ofbiz.entity.util.EntityQuery) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) GenericTransactionException(org.apache.ofbiz.entity.transaction.GenericTransactionException) EntityListIterator(org.apache.ofbiz.entity.util.EntityListIterator) Map(java.util.Map)

Example 34 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ContentPermissionServices method checkContentPermission.

/**
 * checkContentPermission
 *
 *@param dctx The DispatchContext that this service is operating in
 *@param context Map containing the input parameters
 *@return Map with the result of the service, the output parameters
 *
 * This service goes thru a series of test to determine if the user has
 * authority to performed anyone of the passed in target operations.
 *
 * It expects a Content entity in "currentContent"
 * It expects a list of contentOperationIds in "targetOperationList" rather
 * than a scalar because it is thought that sometimes more than one operation
 * would fit the situation.
 * Similarly, it expects a list of contentPurposeTypeIds in "contentPurposeList".
 * Again, normally there will just be one, but it is possible that a Content
 * entity could have multiple purposes associated with it.
 * The userLogin GenericValue is also required.
 * A list of roleTypeIds is also possible.
 *
 * The basic sequence of testing events is:
 * First the ContentPurposeOperation table is checked to see if there are any
 * entries with matching purposes (and operations) with no roleTypeId (ie. _NA_).
 * This is done because it would be the most common scenario and is quick to check.
 *
 * Secondly, the CONTENTMGR permission is checked.
 *
 * Thirdly, the ContentPurposeOperation table is rechecked to see if there are
 * any conditions with roleTypeIds that match associated ContentRoles tied to the
 * user.
 * If a Party of "PARTY_GROUP" type is found, the PartyRelationship table is checked
 * to see if the current user is linked to that group.
 *
 * If no match is found to this point and the current Content entity has a value for
 * ownerContentId, then the last step is recusively applied, using the ContentRoles
 * associated with the ownerContent entity.
 */
public static Map<String, Object> checkContentPermission(DispatchContext dctx, Map<String, ? extends Object> context) {
    Debug.logWarning(new Exception(), "This service has been depricated in favor of [genericContentPermission]", module);
    Security security = dctx.getSecurity();
    Delegator delegator = dctx.getDelegator();
    // TODO this parameters is still not used but this service need to be replaced by genericContentPermission
    // String statusId = (String) context.get("statusId");
    // TODO this parameters is still not used but this service need to be replaced by genericContentPermission
    // String privilegeEnumId = (String) context.get("privilegeEnumId");
    GenericValue content = (GenericValue) context.get("currentContent");
    Boolean bDisplayFailCond = (Boolean) context.get("displayFailCond");
    boolean displayFailCond = false;
    if (bDisplayFailCond != null && bDisplayFailCond.booleanValue()) {
        displayFailCond = true;
    }
    Debug.logInfo("displayFailCond(0):" + displayFailCond, "");
    Boolean bDisplayPassCond = (Boolean) context.get("displayPassCond");
    boolean displayPassCond = false;
    if (bDisplayPassCond != null && bDisplayPassCond.booleanValue()) {
        displayPassCond = true;
    }
    Debug.logInfo("displayPassCond(0):" + displayPassCond, "");
    Map<String, Object> results = new HashMap<String, Object>();
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    String partyId = (String) context.get("partyId");
    if (UtilValidate.isEmpty(partyId)) {
        String passedUserLoginId = (String) context.get("userLoginId");
        if (UtilValidate.isNotEmpty(passedUserLoginId)) {
            try {
                userLogin = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", passedUserLoginId).cache().queryOne();
                if (userLogin != null) {
                    partyId = userLogin.getString("partyId");
                }
            } catch (GenericEntityException e) {
                return ServiceUtil.returnError(e.getMessage());
            }
        }
    }
    if (UtilValidate.isEmpty(partyId) && userLogin != null) {
        partyId = userLogin.getString("partyId");
    }
    // Do entity permission check. This will pass users with administrative permissions.
    boolean passed = false;
    // I realized, belatedly, that I wanted to be able to pass parameters in as
    // strings so this service could be used in an action event directly,
    // so I had to write this code to handle both list and strings
    List<String> passedPurposes = UtilGenerics.checkList(context.get("contentPurposeList"));
    String contentPurposeString = (String) context.get("contentPurposeString");
    if (UtilValidate.isNotEmpty(contentPurposeString)) {
        List<String> purposesFromString = StringUtil.split(contentPurposeString, "|");
        if (passedPurposes == null) {
            passedPurposes = new LinkedList<String>();
        }
        passedPurposes.addAll(purposesFromString);
    }
    EntityPermissionChecker.StdAuxiliaryValueGetter auxGetter = new EntityPermissionChecker.StdAuxiliaryValueGetter("ContentPurpose", "contentPurposeTypeId", "contentId");
    // Sometimes permissions need to be checked before an entity is created, so
    // there needs to be a method for setting a purpose list
    auxGetter.setList(passedPurposes);
    List<String> targetOperations = UtilGenerics.checkList(context.get("targetOperationList"));
    String targetOperationString = (String) context.get("targetOperationString");
    if (UtilValidate.isNotEmpty(targetOperationString)) {
        List<String> operationsFromString = StringUtil.split(targetOperationString, "|");
        if (targetOperations == null) {
            targetOperations = new LinkedList<String>();
        }
        targetOperations.addAll(operationsFromString);
    }
    EntityPermissionChecker.StdPermissionConditionGetter permCondGetter = new EntityPermissionChecker.StdPermissionConditionGetter("ContentPurposeOperation", "contentOperationId", "roleTypeId", "statusId", "contentPurposeTypeId", "privilegeEnumId");
    permCondGetter.setOperationList(targetOperations);
    EntityPermissionChecker.StdRelatedRoleGetter roleGetter = new EntityPermissionChecker.StdRelatedRoleGetter("Content", "roleTypeId", "contentId", "partyId", "ownerContentId", "ContentRole");
    List<String> passedRoles = UtilGenerics.checkList(context.get("roleTypeList"));
    if (passedRoles == null)
        passedRoles = new LinkedList<String>();
    String roleTypeString = (String) context.get("roleTypeString");
    if (UtilValidate.isNotEmpty(roleTypeString)) {
        List<String> rolesFromString = StringUtil.split(roleTypeString, "|");
        passedRoles.addAll(rolesFromString);
    }
    roleGetter.setList(passedRoles);
    String entityAction = (String) context.get("entityOperation");
    if (entityAction == null)
        entityAction = "_ADMIN";
    if (userLogin != null) {
        passed = security.hasEntityPermission("CONTENTMGR", entityAction, userLogin);
    }
    StringBuilder errBuf = new StringBuilder();
    String permissionStatus = null;
    List<Object> entityIds = new LinkedList<Object>();
    if (passed) {
        results.put("permissionStatus", "granted");
        permissionStatus = "granted";
        if (displayPassCond) {
            errBuf.append("\n    hasEntityPermission(" + entityAction + "): PASSED");
        }
    } else {
        if (displayFailCond) {
            errBuf.append("\n    hasEntityPermission(" + entityAction + "): FAILED");
        }
        if (content != null)
            entityIds.add(content);
        String quickCheckContentId = (String) context.get("quickCheckContentId");
        if (UtilValidate.isNotEmpty(quickCheckContentId)) {
            List<String> quickList = StringUtil.split(quickCheckContentId, "|");
            if (UtilValidate.isNotEmpty(quickList))
                entityIds.addAll(quickList);
        }
        try {
            boolean check = EntityPermissionChecker.checkPermissionMethod(delegator, partyId, "Content", entityIds, auxGetter, roleGetter, permCondGetter);
            if (check) {
                results.put("permissionStatus", "granted");
            } else {
                results.put("permissionStatus", "rejected");
            }
        } catch (GenericEntityException e) {
            return ServiceUtil.returnError(e.getMessage());
        }
        permissionStatus = (String) results.get("permissionStatus");
        errBuf.append("\n    permissionStatus:");
        errBuf.append(permissionStatus);
    }
    if (("granted".equals(permissionStatus) && displayPassCond) || ("rejected".equals(permissionStatus) && displayFailCond)) {
        // Don't show this if passed on 'hasEntityPermission'
        if (displayFailCond || displayPassCond) {
            if (!passed) {
                errBuf.append("\n    targetOperations:");
                errBuf.append(targetOperations);
                String errMsg = permCondGetter.dumpAsText();
                errBuf.append("\n");
                errBuf.append(errMsg);
                errBuf.append("\n    partyId:");
                errBuf.append(partyId);
                errBuf.append("\n    entityIds:");
                errBuf.append(entityIds);
                errBuf.append("\n    auxList:");
                errBuf.append(auxGetter.getList());
                errBuf.append("\n    roleList:");
                errBuf.append(roleGetter.getList());
            }
        }
    }
    Debug.logInfo("displayPass/FailCond(0), errBuf:" + errBuf.toString(), "");
    results.put(ModelService.ERROR_MESSAGE, errBuf.toString());
    return results;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) HashMap(java.util.HashMap) Security(org.apache.ofbiz.security.Security) GenericServiceException(org.apache.ofbiz.service.GenericServiceException) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) LinkedList(java.util.LinkedList) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) EntityPermissionChecker(org.apache.ofbiz.entityext.permission.EntityPermissionChecker)

Example 35 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class PortalPageWorker method userIsAllowedToConfigure.

/**
 * Checks if the user is allowed to configure the PortalPage.
 * PortalPage configuration is allowed if he is the PortalPage owner or he has got the PORTALPAGE_ADMIN permission
 */
public static Boolean userIsAllowedToConfigure(String portalPageId, Map<String, Object> context) {
    Boolean userIsAllowed = false;
    if (UtilValidate.isNotEmpty(portalPageId)) {
        GenericValue userLogin = (GenericValue) context.get("userLogin");
        if (userLogin != null) {
            String userLoginId = (String) userLogin.get("userLoginId");
            Security security = (Security) context.get("security");
            Boolean hasPortalAdminPermission = security.hasPermission("PORTALPAGE_ADMIN", userLogin);
            try {
                Delegator delegator = WidgetWorker.getDelegator(context);
                GenericValue portalPage = EntityQuery.use(delegator).from("PortalPage").where("portalPageId", portalPageId).queryOne();
                if (portalPage != null) {
                    String ownerUserLoginId = (String) portalPage.get("ownerUserLoginId");
                    // Users with PORTALPAGE_ADMIN permission can configure every Portal Page
                    userIsAllowed = (ownerUserLoginId.equals(userLoginId) || hasPortalAdminPermission);
                }
            } catch (GenericEntityException e) {
                return false;
            }
        }
    }
    return userIsAllowed;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) Security(org.apache.ofbiz.security.Security)

Aggregations

Security (org.apache.ofbiz.security.Security)79 GenericValue (org.apache.ofbiz.entity.GenericValue)69 Delegator (org.apache.ofbiz.entity.Delegator)60 Locale (java.util.Locale)56 GenericEntityException (org.apache.ofbiz.entity.GenericEntityException)54 HashMap (java.util.HashMap)36 Timestamp (java.sql.Timestamp)27 LinkedList (java.util.LinkedList)27 LocalDispatcher (org.apache.ofbiz.service.LocalDispatcher)20 GenericServiceException (org.apache.ofbiz.service.GenericServiceException)18 Map (java.util.Map)12 HttpSession (javax.servlet.http.HttpSession)7 GeneralException (org.apache.ofbiz.base.util.GeneralException)7 BigDecimal (java.math.BigDecimal)6 List (java.util.List)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 Date (java.util.Date)4 GenericTransactionException (org.apache.ofbiz.entity.transaction.GenericTransactionException)4 File (java.io.File)3