1 12 13 package com.openedit.modules.admin; 14 15 import java.util.ArrayList ; 16 import java.util.Iterator ; 17 import java.util.List ; 18 19 import org.apache.commons.logging.Log; 20 import org.apache.commons.logging.LogFactory; 21 22 import com.openedit.OpenEditException; 23 import com.openedit.WebPageRequest; 24 import com.openedit.config.Configuration; 25 import com.openedit.page.Page; 26 import com.openedit.page.PageSettings; 27 import com.openedit.page.manage.PageManager; 28 import com.openedit.users.User; 29 import com.openedit.util.PathUtilities; 30 import com.openedit.util.strainer.Filter; 31 import com.openedit.util.strainer.FilterException; 32 33 34 49 public class EnforcePrivilege 50 { 51 protected static final String DEFAULT_LOGIN_PATH = "/openedit/authentication/logon.html"; 52 protected static final String DEFAULT_ADMIN_PERMISSION = "oe.administration"; 53 54 private static final Log log = LogFactory.getLog(EnforcePrivilege.class); 55 56 protected String fieldLoginPath; 57 protected String fieldPermission; 58 protected List fieldExcludes; 59 protected PageManager fieldPageManager; 60 61 62 65 public void execute( WebPageRequest inContext ) throws OpenEditException 66 { 67 Page page = (Page) inContext.getPage(); String requestPath = page.getPath(); 69 70 if (!inExcludeList(requestPath)) 71 { 72 User user = inContext.getUser(); 73 74 if (user == null) 75 { 76 log.error("No user found, redirecting"); 77 inContext.redirect( getLoginPath() ); 78 } 79 else 80 { 81 String editingPath = inContext.getRequestParameter("editPath"); 82 83 if ( editingPath != null && editingPath.length() > 0 ) 84 { 85 Page pageToEdit = getPageManager().getPage(editingPath); 86 WebPageRequest pageRequest = inContext.copy(pageToEdit); 87 88 if (pageToEdit != null && pageRequest.isEditable() ) 89 { 90 return; } 92 } 93 if ( !user.hasPermission( getPermission() ) ) 94 { 95 log.error("No permission " + user.getUserName() + " " + getPermission() + " sending redirect"); 96 inContext.putPageValue("oe-exception", "You do not have permission: " + getPermission()); 97 inContext.redirect( getLoginPath() ); 98 } 99 } 100 } 101 102 } 103 104 111 protected boolean inExcludeList(String inPath) 112 { 113 for (Iterator iter = getExcludes().iterator(); iter.hasNext();) 114 { 115 String path = (String )iter.next(); 116 117 if (PathUtilities.match(inPath, path)) 118 { 119 log.debug( 120 "Excluded path " + inPath + " from " + getClass().getName() + 121 " because it matched " + path); 122 123 return true; 124 } 125 } 126 if ( inPath.equals( getLoginPath() ) ) 127 { 128 return true; 129 } 130 return false; 131 } 132 135 public void configure( Configuration inElement, PageSettings inSettings ) 136 { 137 fieldPermission = inElement.getChildValue( "permission" ); 138 fieldLoginPath = inElement.getChildValue( "login-path" ); 139 fieldLoginPath = inSettings.replaceProperty(fieldLoginPath); 140 for (Iterator iter = inElement.getChildren("exclude").iterator(); iter.hasNext();) 141 { 142 Configuration excludeElem = (Configuration) iter.next(); 143 String path = excludeElem.getValue(); 144 path = inSettings.replaceProperty(path); 145 getExcludes().add( path ); 146 } 147 } 148 149 protected String getPermission() 150 { 151 if (fieldPermission == null) 152 { 153 fieldPermission = DEFAULT_ADMIN_PERMISSION; 154 } 155 return fieldPermission; 156 } 157 158 protected String getLoginPath() 159 { 160 if (fieldLoginPath == null) 161 { 162 fieldLoginPath = DEFAULT_LOGIN_PATH; 163 } 164 return fieldLoginPath; 165 } 166 167 protected List getExcludes() 168 { 169 if (fieldExcludes == null) 170 { 171 fieldExcludes = new ArrayList (); 172 } 173 return fieldExcludes; 174 } 175 public PageManager getPageManager() 176 { 177 return fieldPageManager; 178 } 179 public void setPageManager( PageManager pageManager ) 180 { 181 fieldPageManager = pageManager; 182 } 183 184 194 protected boolean userPassesFilter( Filter inFilter ) 195 throws OpenEditException 196 { 197 try 198 { 199 return ((inFilter == null) || inFilter.passes( this )); 200 } 201 catch (FilterException fe) 202 { 203 throw new OpenEditException(fe); 204 } 205 } 206 207 } 208 | Popular Tags |