Example 11 with RepositoryEntrySecurity
use of org.olat.repository.model.RepositoryEntrySecurity in project openolat by klemens.
the class ImsCPHandler method createLaunchController.
@Override
public MainLayoutController createLaunchController(RepositoryEntry re, RepositoryEntrySecurity reSecurity, UserRequest ureq, WindowControl wControl) {
OLATResource res = re.getOlatResource();
File cpRoot = FileResourceManager.getInstance().unzipFileResource(res);
final LocalFolderImpl vfsWrapper = new LocalFolderImpl(cpRoot);
CPPackageConfig packageConfig = CPManager.getInstance().getCPPackageConfig(res);
final DeliveryOptions deliveryOptions = (packageConfig == null ? null : packageConfig.getDeliveryOptions());
return new CPRuntimeController(ureq, wControl, re, reSecurity, new RuntimeControllerCreator() {
@Override
public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry entry, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
boolean activateFirstPage = true;
String initialUri = null;
CoreSpringFactory.getImpl(UserCourseInformationsManager.class).updateUserCourseInformations(entry.getOlatResource(), uureq.getIdentity());
CPDisplayController cpCtr = new CPDisplayController(uureq, wwControl, vfsWrapper, true, true, activateFirstPage, true, deliveryOptions, initialUri, entry.getOlatResource(), "", false);
MainLayout3ColumnsController ctr = new LayoutMain3ColsController(uureq, wwControl, cpCtr.getMenuComponent(), cpCtr.getInitialComponent(), vfsWrapper.getName());
ctr.addDisposableChildController(cpCtr);
return ctr;
}
});
}
Also used :
TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel)
AssessmentMode(org.olat.course.assessment.AssessmentMode)
MainLayout3ColumnsController(org.olat.core.gui.control.generic.layout.MainLayout3ColumnsController)
CPDisplayController(org.olat.modules.cp.CPDisplayController)
OLATResource(org.olat.resource.OLATResource)
RepositoryEntry(org.olat.repository.RepositoryEntry)
WindowControl(org.olat.core.gui.control.WindowControl)
MainLayout3ColumnsController(org.olat.core.gui.control.generic.layout.MainLayout3ColumnsController)
CPContentController(org.olat.ims.cp.ui.CPContentController)
LayoutMain3ColsController(org.olat.core.commons.fullWebApp.LayoutMain3ColsController)
CPDisplayController(org.olat.modules.cp.CPDisplayController)
StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController)
MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController)
CPRuntimeController(org.olat.ims.cp.ui.CPRuntimeController)
CPEditMainController(org.olat.ims.cp.ui.CPEditMainController)
Controller(org.olat.core.gui.control.Controller)
LocalFolderImpl(org.olat.core.util.vfs.LocalFolderImpl)
RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator)
CPRuntimeController(org.olat.ims.cp.ui.CPRuntimeController)
RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)
LayoutMain3ColsController(org.olat.core.commons.fullWebApp.LayoutMain3ColsController)
CPPackageConfig(org.olat.ims.cp.ui.CPPackageConfig)
File(java.io.File)
DeliveryOptions(org.olat.core.gui.control.generic.iframe.DeliveryOptions)
UserRequest(org.olat.core.gui.UserRequest)
Example 12 with RepositoryEntrySecurity
use of org.olat.repository.model.RepositoryEntrySecurity in project openolat by klemens.
the class PodcastHandler method createLaunchController.
@Override
public MainLayoutController createLaunchController(RepositoryEntry re, RepositoryEntrySecurity reSecurity, UserRequest ureq, WindowControl wControl) {
boolean isAdmin = ureq.getUserSession().getRoles().isOLATAdmin();
boolean isOwner = reSecurity.isOwner();
final FeedSecurityCallback callback = new FeedResourceSecurityCallback(isAdmin, isOwner);
SubscriptionContext subsContext = new SubscriptionContext(re.getOlatResource(), re.getSoftkey());
callback.setSubscriptionContext(subsContext);
return new FeedRuntimeController(ureq, wControl, re, reSecurity, new RuntimeControllerCreator() {
@Override
public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry entry, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
CoreSpringFactory.getImpl(UserCourseInformationsManager.class).updateUserCourseInformations(entry.getOlatResource(), uureq.getIdentity());
return new FeedMainController(entry.getOlatResource(), uureq, wwControl, null, null, PodcastUIFactory.getInstance(uureq.getLocale()), callback, null);
}
});
}
Also used :
TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel)
AssessmentMode(org.olat.course.assessment.AssessmentMode)
FeedMainController(org.olat.modules.webFeed.ui.FeedMainController)
FeedSecurityCallback(org.olat.modules.webFeed.FeedSecurityCallback)
RepositoryEntry(org.olat.repository.RepositoryEntry)
FeedResourceSecurityCallback(org.olat.modules.webFeed.FeedResourceSecurityCallback)
WindowControl(org.olat.core.gui.control.WindowControl)
FeedMainController(org.olat.modules.webFeed.ui.FeedMainController)
StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController)
MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController)
Controller(org.olat.core.gui.control.Controller)
FeedRuntimeController(org.olat.modules.webFeed.ui.FeedRuntimeController)
FeedRuntimeController(org.olat.modules.webFeed.ui.FeedRuntimeController)
RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator)
RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)
SubscriptionContext(org.olat.core.commons.services.notifications.SubscriptionContext)
UserRequest(org.olat.core.gui.UserRequest)
Example 13 with RepositoryEntrySecurity
use of org.olat.repository.model.RepositoryEntrySecurity in project openolat by klemens.
the class WikiHandler method createLaunchController.
@Override
public MainLayoutController createLaunchController(RepositoryEntry re, RepositoryEntrySecurity reSecurity, UserRequest ureq, WindowControl wControl) {
// first handle special case: disabled wiki for security (XSS Attacks) reasons
BaseSecurityModule securityModule = CoreSpringFactory.getImpl(BaseSecurityModule.class);
if (!securityModule.isWikiEnabled()) {
return RepositoyUIFactory.createRepoEntryDisabledDueToSecurityMessageController(ureq, wControl);
}
// check role
boolean isOLatAdmin = ureq.getUserSession().getRoles().isOLATAdmin();
boolean isGuestOnly = ureq.getUserSession().getRoles().isGuestOnly();
boolean isResourceOwner = false;
if (isOLatAdmin) {
isResourceOwner = true;
} else {
isResourceOwner = reSecurity.isOwner();
}
OLATResource res = re.getOlatResource();
BusinessControl bc = wControl.getBusinessControl();
final ContextEntry ce = bc.popLauncherContextEntry();
SubscriptionContext subsContext = new SubscriptionContext(res, WikiManager.WIKI_RESOURCE_FOLDER_NAME);
final WikiSecurityCallback callback = new WikiSecurityCallbackImpl(null, isOLatAdmin, isGuestOnly, false, isResourceOwner, subsContext);
RepositoryEntryRuntimeController runtime = new RepositoryEntryRuntimeController(ureq, wControl, re, reSecurity, new RuntimeControllerCreator() {
@Override
public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry entry, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
CoreSpringFactory.getImpl(UserCourseInformationsManager.class).updateUserCourseInformations(entry.getOlatResource(), uureq.getIdentity());
Controller controller;
if (ce != null) {
// jump to a certain context
OLATResourceable ores = ce.getOLATResourceable();
String typeName = ores.getResourceableTypeName();
String page = typeName.substring("page=".length());
controller = new WikiMainController(uureq, wwControl, entry.getOlatResource(), callback, page);
} else {
controller = new WikiMainController(uureq, wwControl, entry.getOlatResource(), callback, null);
}
return new OLATResourceableListeningWrapperController(uureq, wwControl, entry.getOlatResource(), controller, null, uureq.getIdentity());
}
});
return runtime;
}
Also used :
TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel)
AssessmentMode(org.olat.course.assessment.AssessmentMode)
OLATResourceable(org.olat.core.id.OLATResourceable)
WikiMainController(org.olat.modules.wiki.WikiMainController)
BusinessControl(org.olat.core.id.context.BusinessControl)
BaseSecurityModule(org.olat.basesecurity.BaseSecurityModule)
OLATResource(org.olat.resource.OLATResource)
RepositoryEntry(org.olat.repository.RepositoryEntry)
WindowControl(org.olat.core.gui.control.WindowControl)
OLATResourceableListeningWrapperController(org.olat.core.util.controller.OLATResourceableListeningWrapperController)
StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController)
MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController)
RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController)
Controller(org.olat.core.gui.control.Controller)
WikiMainController(org.olat.modules.wiki.WikiMainController)
ContextEntry(org.olat.core.id.context.ContextEntry)
RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController)
RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator)
WikiSecurityCallbackImpl(org.olat.modules.wiki.WikiSecurityCallbackImpl)
RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)
OLATResourceableListeningWrapperController(org.olat.core.util.controller.OLATResourceableListeningWrapperController)
SubscriptionContext(org.olat.core.commons.services.notifications.SubscriptionContext)
WikiSecurityCallback(org.olat.modules.wiki.WikiSecurityCallback)
UserRequest(org.olat.core.gui.UserRequest)
Example 14 with RepositoryEntrySecurity
use of org.olat.repository.model.RepositoryEntrySecurity in project openolat by klemens.
the class SharedFolderWebService method getVFSWebservice.
/**
* This retrieves the files in the shared folder and give full access to
* the folder, read, write, delete.
*
* @response.representation.200.doc The list of files
* @response.representation.401.doc The roles of the authenticated user are not sufficient
* @response.representation.404.doc The course or the file not found
* @param repoEntryKey The course resourceable's id
* @param httpRequest The HTTP request
* @return
*/
@Path("{repoEntryKey}/files")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_HTML, MediaType.APPLICATION_OCTET_STREAM })
public VFSWebservice getVFSWebservice(@PathParam("repoEntryKey") Long repoEntryKey, @Context HttpServletRequest httpRequest) {
RepositoryEntry re = repositoryManager.lookupRepositoryEntry(repoEntryKey);
if (re == null) {
throw new WebApplicationException(Response.serverError().status(Status.NOT_FOUND).build());
}
VFSContainer container = SharedFolderManager.getInstance().getNamedSharedFolder(re, true);
if (container == null) {
throw new WebApplicationException(Response.serverError().status(Status.NOT_FOUND).build());
}
Roles roles = getRoles(httpRequest);
if (roles.isOLATAdmin()) {
// all ok
} else {
RepositoryEntrySecurity reSecurity = repositoryManager.isAllowed(RestSecurityHelper.getIdentity(httpRequest), RestSecurityHelper.getRoles(httpRequest), re);
if (reSecurity.isEntryAdmin()) {
// all ok
} else if (reSecurity.isMember()) {
container.setLocalSecurityCallback(new ReadOnlyCallback());
} else {
throw new WebApplicationException(Response.serverError().status(Status.UNAUTHORIZED).build());
}
}
return new VFSWebservice(container);
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
ReadOnlyCallback(org.olat.core.util.vfs.callbacks.ReadOnlyCallback)
RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)
VFSContainer(org.olat.core.util.vfs.VFSContainer)
RestSecurityHelper.getRoles(org.olat.restapi.security.RestSecurityHelper.getRoles)
Roles(org.olat.core.id.Roles)
RepositoryEntry(org.olat.repository.RepositoryEntry)
VFSWebservice(org.olat.core.util.vfs.restapi.VFSWebservice)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Example 15 with RepositoryEntrySecurity
use of org.olat.repository.model.RepositoryEntrySecurity in project openolat by klemens.
the class MergedCourseContainer method init.
protected void init(PersistingCourseImpl persistingCourse) {
super.init();
RepositoryEntry courseRe = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
courseReadOnly = !overrideReadOnly && (courseRe.getRepositoryEntryStatus().isClosed() || courseRe.getRepositoryEntryStatus().isUnpublished());
if (courseReadOnly) {
setLocalSecurityCallback(new ReadOnlyCallback());
}
if (identityEnv == null || identityEnv.getRoles().isOLATAdmin()) {
VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
if (courseReadOnly) {
courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
}
addContainersChildren(courseContainer, true);
} else {
RepositoryEntry re = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
RepositoryEntrySecurity reSecurity = RepositoryManager.getInstance().isAllowed(identityEnv.getIdentity(), identityEnv.getRoles(), re);
if (reSecurity.isEntryAdmin()) {
VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
if (courseReadOnly) {
courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
}
addContainersChildren(courseContainer, true);
}
}
initSharedFolder(persistingCourse);
// add all course building blocks of type BC to a virtual folder
MergeSource nodesContainer = new MergeSource(null, "_courseelementdata");
if (identityEnv == null) {
CourseNode rootNode = persistingCourse.getRunStructure().getRootNode();
addFoldersForAdmin(persistingCourse, nodesContainer, rootNode);
} else {
TreeEvaluation treeEval = new TreeEvaluation();
GenericTreeModel treeModel = new GenericTreeModel();
UserCourseEnvironment userCourseEnv = new UserCourseEnvironmentImpl(identityEnv, persistingCourse.getCourseEnvironment());
CourseNode rootCn = userCourseEnv.getCourseEnvironment().getRunStructure().getRootNode();
NodeEvaluation rootNodeEval = rootCn.eval(userCourseEnv.getConditionInterpreter(), treeEval, new VisibleTreeFilter());
TreeNode treeRoot = rootNodeEval.getTreeNode();
treeModel.setRootNode(treeRoot);
addFolders(persistingCourse, nodesContainer, treeRoot);
}
if (nodesContainer.getItems().size() > 0) {
addContainer(nodesContainer);
}
}
Also used :
ReadOnlyCallback(org.olat.core.util.vfs.callbacks.ReadOnlyCallback)
UserCourseEnvironment(org.olat.course.run.userview.UserCourseEnvironment)
VisibleTreeFilter(org.olat.course.run.userview.VisibleTreeFilter)
VFSContainer(org.olat.core.util.vfs.VFSContainer)
RepositoryEntry(org.olat.repository.RepositoryEntry)
MergeSource(org.olat.core.util.vfs.MergeSource)
UserCourseEnvironmentImpl(org.olat.course.run.userview.UserCourseEnvironmentImpl)
RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)
TreeNode(org.olat.core.gui.components.tree.TreeNode)
TreeEvaluation(org.olat.course.run.userview.TreeEvaluation)
GenericTreeModel(org.olat.core.gui.components.tree.GenericTreeModel)
PFCourseNode(org.olat.course.nodes.PFCourseNode)
CourseNode(org.olat.course.nodes.CourseNode)
BCCourseNode(org.olat.course.nodes.BCCourseNode)
NodeEvaluation(org.olat.course.run.userview.NodeEvaluation)
Aggregations
RepositoryEntrySecurity (org.olat.repository.model.RepositoryEntrySecurity)22
RepositoryEntry (org.olat.repository.RepositoryEntry)16
WindowControl (org.olat.core.gui.control.WindowControl)14
MainLayoutController (org.olat.core.gui.control.generic.layout.MainLayoutController)12
UserRequest (org.olat.core.gui.UserRequest)10
TooledStackedPanel (org.olat.core.gui.components.stack.TooledStackedPanel)10
Controller (org.olat.core.gui.control.Controller)10
AssessmentMode (org.olat.course.assessment.AssessmentMode)10
RuntimeControllerCreator (org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator)10
StepsMainRunController (org.olat.core.gui.control.generic.wizard.StepsMainRunController)8
SubscriptionContext (org.olat.core.commons.services.notifications.SubscriptionContext)6
Roles (org.olat.core.id.Roles)6
ContextEntry (org.olat.core.id.context.ContextEntry)6
RepositoryManager (org.olat.repository.RepositoryManager)6
RepositoryService (org.olat.repository.RepositoryService)6
LayoutMain3ColsController (org.olat.core.commons.fullWebApp.LayoutMain3ColsController)4
OLATResourceable (org.olat.core.id.OLATResourceable)4
UserSession (org.olat.core.util.UserSession)4
VFSContainer (org.olat.core.util.vfs.VFSContainer)4
ReadOnlyCallback (org.olat.core.util.vfs.callbacks.ReadOnlyCallback)4
