Added new option <allow-element-author-to-work-in-galleries> for

opencms-workplace.xml
alkacon · Oct 18, 2023 · 85d490e · 85d490e
1 parent b1fc0b8
commit 85d490e
Show file tree

Hide file tree

Showing 11 changed files with 162 additions and 15 deletions.
diff --git a/modules/org.opencms.base/resources/system/workplace/commons/uploadAction.jsp b/modules/org.opencms.base/resources/system/workplace/commons/uploadAction.jsp
@@ -1,6 +1,6 @@
 <% 
 	org.opencms.ade.upload.CmsUploadBean upload = new org.opencms.ade.upload.CmsUploadBean(pageContext, request, response);
-	org.opencms.main.OpenCms.getRoleManager().checkRole(upload.getCmsObject(), org.opencms.security.CmsRole.EDITOR);
+	org.opencms.main.OpenCms.getWorkplaceManager().checkAdeGalleryUpload(upload.getCmsObject());
 	upload.setUploadDelay(0);
 	out.write(upload.start());
 %>
diff --git a/src/org/opencms/configuration/CmsWorkplaceConfiguration.java b/src/org/opencms/configuration/CmsWorkplaceConfiguration.java
@@ -207,6 +207,9 @@ public class CmsWorkplaceConfiguration extends A_CmsXmlConfiguration {
     /** The name of the account infos node. */
     public static final String N_ACCOUNTINFOS = "account-infos";
 
+    /** The "allow-element-author-to-work-in-galleries" element */
+    public static final String N_ALLOW_ELEMENT_AUTHOR_TO_WORK_IN_GALLERIES = "allow-element-author-to-work-in-galleries";
+
     /** The name of the "allow broken relations" node. */
     public static final String N_ALLOWBROKENRELATIONS = "allowbrokenrelations";
 
@@ -1068,6 +1071,16 @@ public void body(String namespace, String name, String text) throws Exception {
             }
         });
 
+        digester.addRule("*/" + N_WORKPLACE + "/" + N_ALLOW_ELEMENT_AUTHOR_TO_WORK_IN_GALLERIES, new Rule() {
+
+            @Override
+            public void body(String namespace, String name, String text) throws Exception {
+
+                CmsWorkplaceManager wpManager = (CmsWorkplaceManager)(digester.peek());
+                wpManager.setAllowElementAuthorToWorkInGalleries(Boolean.valueOf(text).booleanValue());
+            }
+        });
+
     }
 
     /**
@@ -1384,6 +1397,10 @@ public String apply(I_CmsPreference input) {
             workplaceElement.addElement(N_SITEMAP_CONFIG_EDIT_ROLE).addText(sitemapConfigEditRole);
         }
 
+        boolean allowElementAuthorToWorkInGalleries = m_workplaceManager.isAllowElementAuthorToWorkInGalleries();
+        workplaceElement.addElement(N_ALLOW_ELEMENT_AUTHOR_TO_WORK_IN_GALLERIES).addText(
+            "" + allowElementAuthorToWorkInGalleries);
+
         // return the configured node
         return workplaceElement;
     }

diff --git a/src/org/opencms/configuration/opencms-workplace.dtd b/src/org/opencms/configuration/opencms-workplace.dtd
@@ -47,7 +47,8 @@
 	additional-log-folders?,
 	use-formatter-keys-for-new-sites?,
 	upload-restriction?,
-	sitemap-config-edit-role?
+	sitemap-config-edit-role?,
+	allow-element-author-to-work-in-galleries?
 	)>
 
 <!--
@@ -900,8 +901,10 @@
 -->
 <!ELEMENT sitemap-config-edit-role (#PCDATA)>
 
-
-
+<!-- 
+# Boolean flag (true/false) which allows element authors to upload in galleries and gives some additional permissions in gallery context menus if set.
+-->
+<!ELEMENT allow-element-author-to-work-in-galleries (#PCDATA)>
 
 <!--
 # Include the explorer types DTD.

diff --git a/src/org/opencms/gwt/CmsCoreService.java b/src/org/opencms/gwt/CmsCoreService.java
@@ -1193,7 +1193,7 @@ public CmsCoreData prefetch() {
             getCmsObject(),
             "/system/workplace/commons/about.jsp");
         String tinyMCE = CmsWorkplace.getStaticResourceUri("/editors/tinymce/jscripts/tinymce/tinymce.min.js");
-        boolean uploadDisabled = !OpenCms.getRoleManager().hasRole(cms, CmsRole.EDITOR);
+        boolean uploadDisabled = OpenCms.getWorkplaceManager().isAdeGalleryUploadDisabled(cms);
         CmsUploadRestrictionInfo uploadRestrictionInfo = OpenCms.getWorkplaceManager().getUploadRestriction().getUploadRestrictionInfo(
             cms);
         String categoryBaseFolder = CmsCategoryService.getInstance().getRepositoryBaseFolderName(cms);

diff --git a/src/org/opencms/ui/actions/CmsDeleteDialogAction.java b/src/org/opencms/ui/actions/CmsDeleteDialogAction.java
@@ -29,8 +29,11 @@
 
 import org.opencms.file.CmsObject;
 import org.opencms.file.CmsResource;
+import org.opencms.gwt.shared.CmsCoreData.AdeContext;
+import org.opencms.main.OpenCms;
 import org.opencms.ui.I_CmsDialogContext;
 import org.opencms.ui.I_CmsDialogContext.ContextType;
+import org.opencms.ui.I_CmsDialogContextWithAdeContext;
 import org.opencms.ui.contextmenu.CmsMenuItemVisibilityMode;
 import org.opencms.ui.contextmenu.CmsStandardVisibilityCheck;
 import org.opencms.ui.contextmenu.I_CmsHasMenuItemVisibility;
@@ -51,6 +54,9 @@ public class CmsDeleteDialogAction extends A_CmsWorkplaceAction implements I_Cms
     /** The action visibility. */
     public static final I_CmsHasMenuItemVisibility VISIBILITY = CmsStandardVisibilityCheck.DEFAULT;
 
+    /** The action visibility. */
+    public static final I_CmsHasMenuItemVisibility ELEMENT_AUTHOR_GALLERY_VISIBILITY = CmsStandardVisibilityCheck.DEFAULT_AUTHOR;
+
     /**
      * @see org.opencms.ui.actions.I_CmsWorkplaceAction#executeAction(org.opencms.ui.I_CmsDialogContext)
      */
@@ -107,10 +113,20 @@ public CmsMenuItemVisibilityMode getVisibility(CmsObject cms, List<CmsResource>
     @Override
     public CmsMenuItemVisibilityMode getVisibility(I_CmsDialogContext context) {
 
-        return (ContextType.sitemapToolbar.equals(context.getContextType())
-            || ContextType.containerpageToolbar.equals(context.getContextType()))
-            ? CmsMenuItemVisibilityMode.VISIBILITY_INVISIBLE
-            : super.getVisibility(context);
+        if (ContextType.sitemapToolbar.equals(context.getContextType())
+            || ContextType.containerpageToolbar.equals(context.getContextType())) {
+            return CmsMenuItemVisibilityMode.VISIBILITY_INVISIBLE;
+        }
+
+        if (context instanceof I_CmsDialogContextWithAdeContext) {
+            AdeContext adeContext = ((I_CmsDialogContextWithAdeContext)context).getAdeContext();
+            if (AdeContext.gallery.equals(adeContext)) {
+                if (OpenCms.getWorkplaceManager().isAllowElementAuthorToWorkInGalleries()) {
+                    return ELEMENT_AUTHOR_GALLERY_VISIBILITY.getVisibility(context.getCms(), context.getResources());
+                }
+            }
+        }
+        return super.getVisibility(context);
     }
 
     /**

diff --git a/src/org/opencms/ui/actions/CmsReplaceDialogAction.java b/src/org/opencms/ui/actions/CmsReplaceDialogAction.java
@@ -29,8 +29,11 @@
 
 import org.opencms.file.CmsObject;
 import org.opencms.file.CmsResource;
+import org.opencms.gwt.shared.CmsCoreData.AdeContext;
+import org.opencms.main.OpenCms;
 import org.opencms.ui.A_CmsUI;
 import org.opencms.ui.I_CmsDialogContext;
+import org.opencms.ui.I_CmsDialogContextWithAdeContext;
 import org.opencms.ui.I_CmsUpdateListener;
 import org.opencms.ui.components.extensions.CmsGwtDialogExtension;
 import org.opencms.ui.contextmenu.CmsMenuItemVisibilityMode;
@@ -55,6 +58,10 @@ public class CmsReplaceDialogAction extends A_CmsWorkplaceAction implements I_Cm
     public static final I_CmsHasMenuItemVisibility VISIBILITY = new CmsMenuItemVisibilitySingleOnly(
         CmsStandardVisibilityCheck.REPLACE);
 
+    /** The action visibility for element authors, if special permissions are enabled for them. */
+    public static final I_CmsHasMenuItemVisibility ELEMENT_AUTHOR_GALLERY_VISIBILITY = new CmsMenuItemVisibilitySingleOnly(
+        CmsStandardVisibilityCheck.REPLACE_AUTHOR);
+
     /**
      * @see org.opencms.ui.actions.I_CmsWorkplaceAction#executeAction(org.opencms.ui.I_CmsDialogContext)
      */
@@ -115,6 +122,24 @@ public CmsMenuItemVisibilityMode getVisibility(CmsObject cms, List<CmsResource>
         return VISIBILITY.getVisibility(cms, resources);
     }
 
+    /**
+     * @see org.opencms.ui.actions.A_CmsWorkplaceAction#getVisibility(org.opencms.ui.I_CmsDialogContext)
+     */
+    @Override
+    public CmsMenuItemVisibilityMode getVisibility(I_CmsDialogContext context) {
+
+        if (context instanceof I_CmsDialogContextWithAdeContext) {
+            AdeContext adeContext = ((I_CmsDialogContextWithAdeContext)context).getAdeContext();
+            if (AdeContext.gallery.equals(adeContext)) {
+                if (OpenCms.getWorkplaceManager().isAllowElementAuthorToWorkInGalleries()) {
+                    return ELEMENT_AUTHOR_GALLERY_VISIBILITY.getVisibility(context.getCms(), context.getResources());
+                }
+            }
+        }
+        return VISIBILITY.getVisibility(context.getCms(), context.getResources());
+
+    }
+
     /**
      * @see org.opencms.ui.actions.I_CmsADEAction#isAdeSupported()
      */

diff --git a/src/org/opencms/ui/contextmenu/CmsStandardVisibilityCheck.java b/src/org/opencms/ui/contextmenu/CmsStandardVisibilityCheck.java
@@ -53,6 +53,7 @@
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.replacable;
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.restrictedconfig;
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.roleeditor;
+import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.roleelementauthor;
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.rolerootadmin;
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.rolevfsmanager;
 import static org.opencms.ui.contextmenu.CmsVisibilityCheckFlag.rolewpuser;
@@ -110,6 +111,16 @@ public final class CmsStandardVisibilityCheck extends A_CmsSimpleVisibilityCheck
         writepermisssion,
         inproject);
 
+    /**
+     * Default permissions but with 'element author' role requirement instead of 'editor'
+     */
+    public static final I_CmsHasMenuItemVisibility DEFAULT_AUTHOR = new CmsStandardVisibilityCheck(
+        roleelementauthor,
+        notonline,
+        notdeleted,
+        writepermisssion,
+        inproject);
+
     /**
      * Check for operations which need a default file.<p>
      */
@@ -208,6 +219,15 @@ public final class CmsStandardVisibilityCheck extends A_CmsSimpleVisibilityCheck
         writepermisssion,
         inproject);
 
+    /** 'Replace' check, but with 'element author' role requirement instead of 'editor'. */
+    public static final CmsStandardVisibilityCheck REPLACE_AUTHOR = new CmsStandardVisibilityCheck(
+        replacable,
+        roleelementauthor,
+        notonline,
+        notdeleted,
+        writepermisssion,
+        inproject);
+
     /** Default check for 'locked resources' action. */
     public static final CmsStandardVisibilityCheck SHOW_LOCKS = new CmsStandardVisibilityCheck(
         notonline,
@@ -294,6 +314,12 @@ public CmsMenuItemVisibilityMode getSingleVisibility(CmsObject cms, CmsResource
             if (flag(roleeditor) && !OpenCms.getRoleManager().hasRoleForResource(cms, CmsRole.EDITOR, resource)) {
                 return VISIBILITY_INVISIBLE;
             }
+
+            if (flag(roleelementauthor)
+                && !OpenCms.getRoleManager().hasRoleForResource(cms, CmsRole.ELEMENT_AUTHOR, resource)) {
+                return VISIBILITY_INVISIBLE;
+            }
+
             if (flag(rolewpuser)
                 && !OpenCms.getRoleManager().hasRoleForResource(cms, CmsRole.WORKPLACE_USER, resource)) {
                 return VISIBILITY_INVISIBLE;

diff --git a/src/org/opencms/ui/contextmenu/CmsVisibilityCheckFlag.java b/src/org/opencms/ui/contextmenu/CmsVisibilityCheckFlag.java
@@ -103,6 +103,9 @@ public enum CmsVisibilityCheckFlag {
     /** Check editor rule. */
     roleeditor,
 
+    /** Check element author role.*/
+    roleelementauthor,
+
     /** Check VFS manager role. */
     rolevfsmanager,
 

diff --git a/src/org/opencms/workplace/CmsWorkplaceManager.java b/src/org/opencms/workplace/CmsWorkplaceManager.java
@@ -70,6 +70,7 @@
 import org.opencms.security.CmsPermissionViolationException;
 import org.opencms.security.CmsRole;
 import org.opencms.security.CmsRoleViolationException;
+import org.opencms.security.CmsSecurityException;
 import org.opencms.security.I_CmsPrincipal;
 import org.opencms.util.CmsRfsFileViewer;
 import org.opencms.util.CmsStringUtil;
@@ -213,6 +214,9 @@ public String getViewForType(String type) {
     /** The admin cms context. */
     private CmsObject m_adminCms;
 
+    /** If enabled, gives element authors more gallery-related permissions (mostly upload/replace). */
+    private boolean m_allowElementAuthorToWorkInGalleries;
+
     /** Indicates if auto-locking of resources is enabled or disabled. */
     private boolean m_autoLockResources;
 
@@ -333,6 +337,9 @@ public String getViewForType(String type) {
     /** Indicates if the user management icon should be displayed in the workplace. */
     private boolean m_showUserGroupIcon;
 
+    /** The role required for editing the sitemap configuration. */
+    private String m_sitemapConfigEditRole;
+
     /** Exclude patterns for synchronization. */
     private ArrayList<Pattern> m_synchronizeExcludePatterns;
 
@@ -363,9 +370,6 @@ public String getViewForType(String type) {
     /** The XML content auto correction flag. */
     private boolean m_xmlContentAutoCorrect;
 
-    /** The role required for editing the sitemap configuration. */
-    private String m_sitemapConfigEditRole;
-
     /**
      * Creates a new instance for the workplace manager, will be called by the workplace configuration manager.<p>
      */
@@ -678,6 +682,17 @@ public boolean autoLockResources() {
         return m_autoLockResources;
     }
 
+    /**
+     * Checks if the user in the given context has permissions for uploading.
+     *
+     * @param cms a CMS context
+     * @throws CmsSecurityException if the user doesn't have permission
+     */
+    public void checkAdeGalleryUpload(CmsObject cms) throws CmsSecurityException {
+
+        OpenCms.getRoleManager().checkRole(cms, getUploadRole());
+    }
+
     /**
      * Checks whether the workplace is accessed through the workplace server, and sends an error message otherwise.<p>
      *
@@ -1080,8 +1095,8 @@ public List<CmsExplorerTypeSettings> getExplorerTypesForView(String viewName) {
                 }
             } else if (CmsResourceTypeFolder.getStaticTypeName().equals(explorerType.getName())
                 && "view_folders|view_basic".contains(viewName)) {
-                result.add(explorerType);
-            }
+                    result.add(explorerType);
+                }
 
         }
         return result;
@@ -1748,6 +1763,28 @@ public synchronized void initialize(CmsObject cms) throws CmsException, CmsRoleV
         m_adminCms = cms;
     }
 
+    /**
+     * Returns true if gallery upload is disabled for the user in the given context.
+     *
+     * @param cms a CMS context
+     * @return true if the upload is disabled
+     */
+    public boolean isAdeGalleryUploadDisabled(CmsObject cms) {
+
+        return !OpenCms.getRoleManager().hasRole(cms, getUploadRole());
+
+    }
+
+    /**
+     * Checks if element authors have special permission to work in galleries (upload/replace).
+     * @return true in the case above
+     */
+
+    public boolean isAllowElementAuthorToWorkInGalleries() {
+
+        return m_allowElementAuthorToWorkInGalleries;
+    }
+
     /**
      * Returns the default property editing mode on resources.<p>
      *
@@ -1886,6 +1923,15 @@ public void setAdditionalLogFolderConfiguration(CmsAdditionalLogFolderConfig log
         m_logFolderConfig = logConfig;
     }
 
+    /**
+     * Enables/disables special permissions for element authors to work with galleries (upload/replace).
+     * @param allowElementAuthorToWorkInGalleries true if the special permissions should be enabled for element authors
+      */
+    public void setAllowElementAuthorToWorkInGalleries(boolean allowElementAuthorToWorkInGalleries) {
+
+        m_allowElementAuthorToWorkInGalleries = allowElementAuthorToWorkInGalleries;
+    }
+
     /**
      * Sets if the autolock resources feature is enabled.<p>
      *
@@ -2393,6 +2439,16 @@ public String translateGroupName(String group, boolean keepOu) {
         };
     }
 
+    /**
+     * Returns the role required for enabling the upload functionality.
+     *
+     * @return the upload role
+     */
+    private CmsRole getUploadRole() {
+
+        return isAllowElementAuthorToWorkInGalleries() ? CmsRole.ELEMENT_AUTHOR : CmsRole.EDITOR;
+    }
+
     /**
      * Initializes the configured explorer type settings.<p>
      */

diff --git a/test/org/opencms/configuration/opencms-workplace.xml b/test/org/opencms/configuration/opencms-workplace.xml
@@ -348,6 +348,6 @@
             <param name="/">enabled:true|types:pdf,doc,png,jpg</param>
         </upload-restriction>
         <sitemap-config-edit-role>DEVELOPER</sitemap-config-edit-role>
-		
+        <allow-element-author-to-work-in-galleries>false</allow-element-author-to-work-in-galleries>
 	</workplace>
 </opencms>
diff --git a/webapp/WEB-INF/config/opencms-workplace.xml b/webapp/WEB-INF/config/opencms-workplace.xml
@@ -314,5 +314,6 @@
             <param name="/">enabled:true|types:*</param>
         </upload-restriction>
         <sitemap-config-edit-role>DEVELOPER</sitemap-config-edit-role>
+        <allow-element-author-to-work-in-galleries>false</allow-element-author-to-work-in-galleries>
     </workplace>
 </opencms>