portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r929345 - /portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Date Wed, 31 Mar 2010 00:21:40 GMT
Author: taylor
Date: Wed Mar 31 00:21:39 2010
New Revision: 929345

URL: http://svn.apache.org/viewvc?rev=929345&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-1100
only allow delegated user managers to assign roles and groups in which they already belong
exception is administrator, who can assign all regardless

Modified:
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=929345&r1=929344&r2=929345&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Wed Mar 31 00:21:39 2010
@@ -17,6 +17,7 @@
 package org.apache.jetspeed.portlets.security;
 
 import java.io.Serializable;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
@@ -29,6 +30,8 @@ import java.util.Map;
 import javax.portlet.PortletPreferences;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.administration.PortalConfiguration;
+import org.apache.jetspeed.administration.PortalConfigurationConstants;
 import org.apache.jetspeed.audit.AuditActivity;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.folder.FolderNotFoundException;
@@ -1533,7 +1536,7 @@ public class JetspeedPrincipalManagement
 
         protected JetspeedPrincipal associationPrincipal;
 
-        protected JetspeedPrincipalAssociationType assoicationType;
+        protected JetspeedPrincipalAssociationType associationType;
 
         protected boolean associationsFrom;
 
@@ -1593,12 +1596,12 @@ public class JetspeedPrincipalManagement
         }
 
         public AssociationTypePanel(String id,
-                JetspeedPrincipalAssociationType assoicationType)
+                JetspeedPrincipalAssociationType AssociationType)
         {
             super(id);
-            this.assoicationType = assoicationType;
-            associationName = assoicationType.getAssociationName();
-            final String assoctionName = assoicationType.getAssociationName();
+            this.associationType = AssociationType;
+            associationName = AssociationType.getAssociationName();
+            final String assoctionName = AssociationType.getAssociationName();
             refreshList();
             ListView commentListView = new ListView("comments",
                     new PropertyModel(this, "associations"))
@@ -1639,11 +1642,11 @@ public class JetspeedPrincipalManagement
                     listItem.add(deleteLink);
                 }
             };
-            if(assoicationType.getFromPrincipalType().equals(principalType))
+            if(AssociationType.getFromPrincipalType().equals(principalType))
             {
-                add(new Label("principalReleation",new ResourceModel(assoicationType.getToPrincipalType().getName())));
   
+                add(new Label("principalReleation",new ResourceModel(AssociationType.getToPrincipalType().getName())));
   
             }else{
-                add(new Label("principalReleation",new ResourceModel(assoicationType.getFromPrincipalType().getName())));
+                add(new Label("principalReleation",new ResourceModel(AssociationType.getFromPrincipalType().getName())));
             }
             add(commentListView);
             add(new FeedbackPanel("feedback"));
@@ -1697,17 +1700,33 @@ public class JetspeedPrincipalManagement
 
         private void refreshList()
         {
-            names.clear();
-            if (!principal.getType().equals(
-                    assoicationType.getFromPrincipalType()))
+            List filter = null;
+        	names.clear();
+        	String adminRole = getServiceLocator().getPortalConfiguration().getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN);
       	
+        	if (associationType.getFromPrincipalType().getName().equals(JetspeedPrincipalType.USER)
&&
+        			(associationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.ROLE)
||
+        		     associationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.GROUP)))
+        	{
+            	if (!getPortletRequest().isUserInRole(adminRole))
+            	{
+                	Principal currentUser = getPortletRequest().getUserPrincipal();
+                   	filter = getBaseManager(
+                            associationType.getToPrincipalType())
+                            	.getAssociatedFrom(currentUser.getName(),
+                                principal.getType(),
+                                associationType.getAssociationName());
+            	}
+        	}
+        	if (!principal.getType().equals(
+                    associationType.getFromPrincipalType()))
             {
-                associations = getBaseManager(
-                        assoicationType.getFromPrincipalType())
+            	associations = getBaseManager(
+                        associationType.getFromPrincipalType())
                         .getAssociatedTo(principal.getName(),
                                 principal.getType(),
-                                assoicationType.getAssociationName());
+                                associationType.getAssociationName());
                 List tempNames = getBaseManager(
-                        assoicationType.getFromPrincipalType()).getPrincipals(
+                        associationType.getFromPrincipalType()).getPrincipals(
                         "");
                 for (int index = 0; index < tempNames.size(); index++)
                 {
@@ -1716,13 +1735,13 @@ public class JetspeedPrincipalManagement
                 associationsFrom = false;
             } else
             {
-                associations = getBaseManager(
-                        assoicationType.getToPrincipalType())
+            	associations = getBaseManager(
+                        associationType.getToPrincipalType())
                         .getAssociatedFrom(principal.getName(),
                                 principal.getType(),
-                                assoicationType.getAssociationName());
+                                associationType.getAssociationName());
                 List tempNames = getBaseManager(
-                        assoicationType.getToPrincipalType()).getPrincipals("");
+                        associationType.getToPrincipalType()).getPrincipals("");
                 for (int index = 0; index < tempNames.size(); index++)
                 {
                     names.add(tempNames.get(index));
@@ -1743,6 +1762,24 @@ public class JetspeedPrincipalManagement
                     }
                 }
             }
+            if (filter != null)
+            {
+            	List copy = new ArrayList();
+                for (int index = 0; index < names.size(); index++)
+                {
+                    JetspeedPrincipal listPrincipal = (JetspeedPrincipal) names.get(index);
+                	for (int count = 0; count < filter.size(); count++)
+                	{
+                        JetspeedPrincipal tmpPrincipal = (JetspeedPrincipal) filter.get(count);
+                		if (listPrincipal.getName().equals(tmpPrincipal.getName()))
+                		{
+                			copy.add(listPrincipal);
+                			break;
+                		}
+                	}
+                }
+                names = copy;       	
+            }
         }
     }
 
@@ -1768,61 +1805,61 @@ public class JetspeedPrincipalManagement
             this.selectedAssociationType = selectedAssociationType;
         }
 
-        private List<JetspeedPrincipalAssociationType> assoicationTypes;
+        private List<JetspeedPrincipalAssociationType> associationTypes;
 
         private String selectedAssociationType;
 
         /**
-         * @return the assoicationTypes
+         * @return the associationTypes
          */
-        public List<JetspeedPrincipalAssociationType> getAssoicationTypes()
+        public List<JetspeedPrincipalAssociationType> getAssociationTypes()
         {
-            return assoicationTypes;
+            return associationTypes;
         }
 
         public PrincipalAssociationsPanel(String id)
         {
             super(id);
             tabs = new ArrayList();
-            this.assoicationTypes = ((JetspeedPrincipalManager) getManager())
+            this.associationTypes = ((JetspeedPrincipalManager) getManager())
                     .getAssociationTypes();
             ITab tab;
-            for (JetspeedPrincipalAssociationType assoicationType : this.assoicationTypes)
+            for (JetspeedPrincipalAssociationType associationType : this.associationTypes)
             {
                 // if
-                // (!assoicationType.getToPrincipalType().equals(principalType))
+                // (!associationType.getToPrincipalType().equals(principalType))
                 // {
-                final JetspeedPrincipalAssociationType tempAssosciation = assoicationType;
-                final JetspeedPrincipalType fromAssoicationType = assoicationType
+                final JetspeedPrincipalAssociationType tempAssociation = associationType;
+                final JetspeedPrincipalType fromAssociationType = associationType
                         .getFromPrincipalType();
-                final JetspeedPrincipalType toAssoicationType = assoicationType
+                final JetspeedPrincipalType toAssociationType = associationType
                         .getToPrincipalType();
-                final String associationName = assoicationType
+                final String associationName = associationType
                         .getAssociationName();
-                if (fromAssoicationType.getName().equals(
+                if (fromAssociationType.getName().equals(
                         getPrincipal().getType().getName()))
                 {
-                    tab = new AbstractTab(new Model(toAssoicationType.getName()
-                            + " - " + assoicationType.getAssociationName()))
+                    tab = new AbstractTab(new Model(toAssociationType.getName()
+                            + " - " + associationType.getAssociationName()))
                     {
 
                         public Panel getPanel(String panelId)
                         {
                             return new AssociationTypePanel(panelId,
-                                    tempAssosciation);
+                                    tempAssociation);
                         }
                     };
                 } else
                 {
-                    tab = new AbstractTab(new Model(fromAssoicationType
+                    tab = new AbstractTab(new Model(fromAssociationType
                             .getName()
-                            + " - " + assoicationType.getAssociationName()))
+                            + " - " + associationType.getAssociationName()))
                     {
 
                         public Panel getPanel(String panelId)
                         {
                             return new AssociationTypePanel(panelId,
-                                    tempAssosciation);
+                                    tempAssociation);
                         }
                     };
                 }
@@ -1833,12 +1870,12 @@ public class JetspeedPrincipalManagement
         }
 
         /**
-         * @param assoicationTypes
-         *            the assoicationTypes to set
+         * @param AssociationTypes
+         *            the AssociationTypes to set
          */
-        public void setAssoicationTypes(List assoicationTypes)
+        public void setAssociationTypes(List AssociationTypes)
         {
-            this.assoicationTypes = assoicationTypes;
+            this.associationTypes = AssociationTypes;
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message