Package com.dotmarketing.business

Examples of com.dotmarketing.business.PermissionAPI

367
368
369
370
371
372
373
374
375
376
377
   * @throws DotDataException
   * @throws DotStateException
   */
  public List searchContentlet(String structureInode, List<String> fields, List<String> categories, boolean showDeleted, boolean filterSystemHost, int page, int perPage, String orderBy) throws DotStateException, DotDataException, DotSecurityException {

    PermissionAPI perAPI = APILocator.getPermissionAPI();
    HttpSession sess = WebContextFactory.get().getSession();
    HttpServletRequest req = WebContextFactory.get().getHttpServletRequest();

    // User info
    User currentUser = null;
View Full Code Here
417
418
419
420
421
422
423
424
425
426
427
  public List searchContentlets(String structureInode, List<String> fields, List<String> categories, boolean showDeleted,
          boolean filterSystemHost,  boolean filterUnpublish, boolean filterLocked, int page, int perPage,String orderBy, String modDateFrom,
          String modDateTo) throws DotStateException, DotDataException, DotSecurityException {

    PermissionAPI perAPI = APILocator.getPermissionAPI();
    HttpSession sess = WebContextFactory.get().getSession();
    HttpServletRequest req = WebContextFactory.get().getHttpServletRequest();

    // User info
    User currentUser = null;
View Full Code Here
933
934
935
936
937
938
939
940
941
942
943
944
945
946
      if (contentEditor.getFirstName() == null || contentEditor.getLastName() == null) {
        user =con.getModUser();
      } else {
        user = contentEditor.getFullName();
      }
      PermissionAPI permissionAPI = APILocator.getPermissionAPI();
      List<Permission> permissions = null;
      try {
        permissions = permissionAPI.getPermissions(con);
      } catch (DotDataException e) {
      }
      StringBuffer permissionsSt = new StringBuffer();
      Boolean ownerCanRead = false;
      Boolean ownerCanWrite = false;
View Full Code Here
60
61
62
63
64
65
66
67
68
69
70
71
72
73
      if (!InodeUtils.isSet(structureId)) {
        structureId = "";
      }

      //Checking if the user can add templates to a host
      PermissionAPI perAPI = APILocator.getPermissionAPI();
      List<Host> hosts = APILocator.getHostAPI().findAll(user, false);
      hosts.remove(APILocator.getHostAPI().findSystemHost(user, false));
      hosts = perAPI.filterCollection(hosts, PermissionAPI.PERMISSION_CAN_ADD_CHILDREN, false, user);
      if(hosts.size() == 0) {
        req.setAttribute(WebKeys.CONTAINER_CAN_ADD, false);
      } else {
        req.setAttribute(WebKeys.CONTAINER_CAN_ADD, true);
      }
View Full Code Here
627
628
629
630
631
632
633
634
635
636
637
638
639
      SessionMessages.add(req, "message", "message.campaign.copied.no.resend");
  }

  public void _deleteCampaign(ActionRequest req, ActionResponse res,PortletConfig config,ActionForm form, User user)
  throws Exception {
    PermissionAPI perAPI = APILocator.getPermissionAPI();
    Campaign c = (Campaign) req.getAttribute(WebKeys.CAMPAIGN_EDIT);
    boolean UserHasWriteCampPerms = perAPI.doesUserHavePermission(c,PERMISSION_WRITE,user);
    if(c.getUserId().equalsIgnoreCase(user.getUserId()) || UserHasWriteCampPerms)
    {
      //Ending Quartz Job
      if ((c.getIsRecurrent() && !InodeUtils.isSet(c.getParentCampaign())) && c.getUserId().equalsIgnoreCase(user.getUserId()) || UserHasWriteCampPerms)
      {
View Full Code Here
163
164
165
166
167
168
169
170
171
172
173
174
      while(!done) {
        dh.setFirstResult(internalOffset);
        dh.setMaxResults(internalLimit);
        resultList = dh.list();
        PermissionAPI permAPI = APILocator.getPermissionAPI();
        toReturn.addAll(permAPI.filterCollection(resultList, PermissionAPI.PERMISSION_READ, false, user));
        if(countLimit > 0 && toReturn.size() >= countLimit + offset)
          done = true;
        else if(resultList.size() < internalLimit)
          done = true;
View Full Code Here
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
      UserWebAPI uWebAPI = WebAPILocator.getUserWebAPI();
      WebContext ctx = WebContextFactory.get();
      HttpServletRequest request = ctx.getHttpServletRequest();
      UserAPI uAPI = APILocator.getUserAPI();
      PermissionAPI perAPI = APILocator.getPermissionAPI();
      UserProxyAPI upAPI = APILocator.getUserProxyAPI();
      User userToSave;
      User loggedInUser = uWebAPI.getLoggedInUser(request);

      try {
        userToSave = (User)uAPI.loadUserById(userId,uAPI.getSystemUser(),false).clone();
        userToSave.setModified(false);
      } catch (Exception e) {
        Logger.error(this, e.getMessage(), e);
        return null;
      }
      userToSave.setFirstName(firstName);
      userToSave.setLastName(lastName);
      if(email != null)
        userToSave.setEmailAddress(email);
      if(password != null) {
        userToSave.setPassword(Encryptor.digest(password));
      }

      if(userToSave.getUserId().equalsIgnoreCase(loggedInUser.getUserId())){
        uAPI.save(userToSave, uAPI.getSystemUser(), !uWebAPI.isLoggedToBackend(request));
      }else if(perAPI.doesUserHavePermission(upAPI.getUserProxy(userToSave,uAPI.getSystemUser(), false), PermissionAPI.PERMISSION_EDIT,loggedInUser, false)){
        uAPI.save(userToSave, loggedInUser, !uWebAPI.isLoggedToBackend(request));
      }else{
        throw new DotSecurityException("User doesn't have permission to save the user which is trying to be saved");
      }
View Full Code Here
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
   */
  @Test
  public void issue5197() throws DotDataException, IOException, DotSecurityException{
    HttpServletRequest req=ServletTestRunner.localRequest.get();
    User systemUser = APILocator.getUserAPI().getSystemUser();
    PermissionAPI perAPI = APILocator.getPermissionAPI();
    RoleAPI roleAPI = APILocator.getRoleAPI();
    Host host = APILocator.getHostAPI().findDefaultHost(systemUser, true);

    User adminUser = APILocator.getUserAPI().loadByUserByEmail("admin@dotcms.com", systemUser, false);
    Role role = roleAPI.getUserRole(adminUser);
    /*
     * Create workflow scheme
     */
    String schemeName = "issue5197-"+UtilMethods.dateToHTMLDate(new Date(), "MM-dd-yyyy-HHmmss");
    String baseURL = "http://"+req.getServerName()+":"+req.getServerPort()+"/DotAjaxDirector/com.dotmarketing.portlets.workflows.business.TestableWfSchemeAjax?cmd=save&schemeId=&schemeName="+schemeName;
    URL testUrl = new URL(baseURL);
    IOUtils.toString(testUrl.openStream(),"UTF-8");
    WorkflowAPI wapi = APILocator.getWorkflowAPI();
    WorkflowScheme ws = wapi.findSchemeByName(schemeName);
    Assert.assertTrue(UtilMethods.isSet(ws));

    /*
     * Create scheme step1
     */
    baseURL = "http://"+req.getServerName()+":"+req.getServerPort()+"/DotAjaxDirector/com.dotmarketing.portlets.workflows.business.TestableWfStepAjax?cmd=add&stepName=Edit&schemeId=" +  ws.getId();
    testUrl = new URL(baseURL);
    IOUtils.toString(testUrl.openStream(),"UTF-8");
    List<WorkflowStep> steps = wapi.findSteps(ws);
    Assert.assertTrue(steps.size()==1);
    WorkflowStep step1 = steps.get(0);

    /*
     * Create scheme step2
     */
    baseURL = "http://"+req.getServerName()+":"+req.getServerPort()+"/DotAjaxDirector/com.dotmarketing.portlets.workflows.business.TestableWfStepAjax?cmd=add&stepName=Publish&schemeId=" +  ws.getId();
    testUrl = new URL(baseURL);
    IOUtils.toString(testUrl.openStream(),"UTF-8");
    steps = wapi.findSteps(ws);
    Assert.assertTrue(steps.size()==2);
    WorkflowStep step2 = steps.get(1);

    /*
     * Add action to scheme step1
     */
    baseURL = "http://"+req.getServerName()+":"+req.getServerPort()+"/DotAjaxDirector/com.dotmarketing.portlets.workflows.business.TestableWfActionAjax?cmd=save&stepId="+step1.getId()+"&schemeId="+UtilMethods.webifyString(ws.getId())+"&actionName=Edit&whoCanUse=";
    baseURL+=role.getId()+",&actionIconSelect=workflowIcon&actionAssignable=true&actionCommentable=true&actionRequiresCheckout=false&actionRoleHierarchyForAssign=false";
    baseURL+="&actionAssignToSelect="+role.getId()+"&actionNextStep="+step2.getId()+"&actionCondition=";
    testUrl = new URL(baseURL);
    IOUtils.toString(testUrl.openStream(),"UTF-8");
    List<WorkflowAction> actions1= wapi.findActions(step1, systemUser);
    Assert.assertTrue(actions1.size()==1);
    WorkflowAction action1 = actions1.get(0);

    /*
     * Add action to scheme step2
     */
    baseURL = "http://"+req.getServerName()+":"+req.getServerPort()+"/DotAjaxDirector/com.dotmarketing.portlets.workflows.business.TestableWfActionAjax?cmd=save&stepId="+step2.getId()+"&schemeId="+UtilMethods.webifyString(ws.getId())+"&actionName=Publish&whoCanUse=";
    baseURL+=role.getId()+",&actionIconSelect=workflowIcon&actionAssignable=true&actionCommentable=true&actionRequiresCheckout=false&actionRoleHierarchyForAssign=false";
    baseURL+="&actionAssignToSelect="+role.getId()+"&actionNextStep="+step2.getId()+"&actionCondition=";

    testUrl = new URL(baseURL);
    IOUtils.toString(testUrl.openStream(),"UTF-8");
    List<WorkflowAction> actions2= wapi.findActions(step2, systemUser);
    Assert.assertTrue(actions2.size()==1);
    WorkflowAction action2 = actions2.get(0);

    /*
     * Create structure and add workflow scheme
     */
    Structure st = StructureCache.getStructureByVelocityVarName("Issue5197Structure");
    if(!UtilMethods.isSet(st) || !UtilMethods.isSet(st.getInode())){
      st = new Structure();
      st.setHost(host.getIdentifier());
      st.setDescription("Testing issue 5197");
      st.setName("Issue5197Structure");
      st.setVelocityVarName("Issue5197Structure");
      st.setStructureType(Structure.STRUCTURE_TYPE_CONTENT);
      st.setFixed(false);
      st.setOwner(systemUser.getUserId());
      st.setExpireDateVar("");
      st.setPublishDateVar("");
      StructureFactory.saveStructure(st);

      Permission p = new Permission();
      p.setInode(st.getPermissionId());
      p.setRoleId(roleAPI.loadCMSAnonymousRole().getId());
      p.setPermission(PermissionAPI.PERMISSION_READ);
      perAPI.save(p, st, systemUser, true);

      p = new Permission();
      p.setInode(st.getPermissionId());
      p.setRoleId(roleAPI.loadCMSAnonymousRole().getId());
      p.setPermission(PermissionAPI.PERMISSION_EDIT);
      perAPI.save(p, st, systemUser, true);

      p = new Permission();
      p.setInode(st.getPermissionId());
      p.setRoleId(roleAPI.loadCMSAnonymousRole().getId());
      p.setPermission(PermissionAPI.PERMISSION_PUBLISH);
      perAPI.save(p, st, systemUser, true)

      Field title = new Field("Title",Field.FieldType.TEXT,Field.DataType.TEXT,st,true,true,true,1,"", "", "", false, false, true);
      title.setVelocityVarName("title");
      FieldFactory.saveField(title);
      FieldsCache.addField(title);
    }
    APILocator.getWorkflowAPI().saveSchemeForStruct(st, ws);
    /*
     * Create test content and set it up in scheme step
     */
    Contentlet contentlet1 = new Contentlet();
    contentlet1.setStructureInode(st.getInode());
    contentlet1.setHost(host.getIdentifier());
    contentlet1.setLanguageId(APILocator.getLanguageAPI().getDefaultLanguage().getId());
    contentlet1.setStringProperty("title", "test5197-1"+UtilMethods.dateToHTMLDate(new Date(), "MM-dd-yyyy-HHmmss"));
    contentlet1.setHost(host.getIdentifier());

    contentlet1 = APILocator.getContentletAPI().checkin(contentlet1, systemUser,false);
    if(perAPI.doesUserHavePermission(contentlet1, PermissionAPI.PERMISSION_PUBLISH, systemUser))
      APILocator.getVersionableAPI().setLive(contentlet1);

    /*
     * Test that delete is not possible for step2
     * while has associated step or content
View Full Code Here
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
        List<Permission> newSetOfPermissions = new ArrayList<Permission>();
        newSetOfPermissions.add(new Permission(HTMLPage.class.getCanonicalName(), folderWithPerms.getPermissionId(), role.getId(),
            PermissionAPI.PERMISSION_READ, true));

        PermissionAPI permAPI = APILocator.getPermissionAPI();
        permAPI.assignPermissions(newSetOfPermissions, folderWithPerms, sysuser, false);

        APILocator.getHTMLPageAPI().movePage(page, folderWithPerms, sysuser, false);

        List<Permission> assetPermissions = permAPI.getPermissions(page, true);

        assertNotNull(assetPermissions);
        assertTrue(!assetPermissions.isEmpty());

        Permission pageReadPerm = assetPermissions.get(0);
View Full Code Here
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
    if(user == null){
      return path;
    }

    PermissionAPI pAPI = APILocator.getPermissionAPI();
    HostAPI hostAPI = APILocator.getHostAPI();

    Host host = null;
    // if someone is changing hosts as a parameter, check permissions
    if(UtilMethods.isSet(req.getParameter("host_id"))){
      try{
        host = hostAPI.find(req.getParameter("host_id"), user, false);

        if(host != null && pAPI.doesUserHavePermission(host, PermissionAPI.PERMISSION_READ, user, false)){
          req.getSession().setAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID, req.getParameter("host_id"));
          UserUtil.setLastHost(user, host);
        }
        else{
          UserUtil.setLastHost(user, null);
          req.getSession().removeAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID);
          Logger.info(this.getClass(), "user " + user.getUserId() + " does not have permission to host " +req.getParameter("host_id"));
        }
      }
      catch(Exception e){
        req.getSession().removeAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID);
        Logger.error(this.getClass(), "user " + user.getUserId() + " does not have permission to host " +req.getParameter("host_id"));
      }
    }
    // else check if the user as permissions to the host in their session (can change, login as, etc..)
    else if(UtilMethods.isSet(req.getSession().getAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID)) ){
      String x = (String) req.getSession().getAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID);
      try{
        host = hostAPI.find(x, user, false);
        if(host != null && pAPI.doesUserHavePermission(host, PermissionAPI.PERMISSION_READ, user, false)){
          req.getSession().setAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID, host.getIdentifier());
        }
        else{
          Logger.error(this.getClass(), "user " + user.getUserId() + " does not have permission to host " +req.getSession().getAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID));
          req.getSession().removeAttribute(com.dotmarketing.util.WebKeys.CMS_SELECTED_HOST_ID);
View Full Code Here
TOP

Related Classes of com.dotmarketing.business.PermissionAPI

  • com.dotcms.content.elasticsearch.business.ESContentFactoryImpl
  • com.dotcms.content.elasticsearch.business.ESContentletIndexAPITest
  • com.dotcms.content.elasticsearch.business.ESMappingAPIImpl
  • com.dotcms.publisher.business.PublisherAPIImpl
  • com.dotmarketing.business.ajax.HostAjax
  • com.dotmarketing.business.ajax.PermissionAjax
  • com.dotmarketing.business.ajax.RoleAjax
  • com.dotmarketing.business.query.QueryUtil
  • com.dotmarketing.cms.comment.action.CommentsAction
  • com.dotmarketing.factories.WebAssetFactory
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.