diff --git a/src/com/opencms/core/CmsShellCommands.java b/src/com/opencms/core/CmsShellCommands.java index 4fedcc204c6..90b0d8a4011 100644 --- a/src/com/opencms/core/CmsShellCommands.java +++ b/src/com/opencms/core/CmsShellCommands.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/com/opencms/core/Attic/CmsShellCommands.java,v $ -* Date : $Date: 2003/06/13 10:04:20 $ -* Version: $Revision: 1.76 $ +* Date : $Date: 2003/06/13 16:15:55 $ +* Version: $Revision: 1.77 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -64,7 +64,7 @@ * @author Andreas Schouten * @author Anders Fugmann * - * @version $Revision: 1.76 $ $Date: 2003/06/13 10:04:20 $ + * @version $Revision: 1.77 $ $Date: 2003/06/13 16:15:55 $ * * @see com.opencms.file.CmsObject */ @@ -112,34 +112,6 @@ public void acceptTask(String taskId) { } } - /** - * Checks, if the user may create this resource. - * - * @param resource the resource to check. - */ - public void accessCreate(String resource) { - try { - System.out.println(m_cms.accessCreate(resource)); - } - catch(Exception exc) { - CmsShell.printException(exc); - } - } - - /** - * Checks, if the user may lock this resource. - * - * @param resource the resource to check. - */ - public void accessLock(String resource) { - try { - System.out.println(m_cms.accessLock(resource)); - } - catch(Exception exc) { - CmsShell.printException(exc); - } - } - /** * Tests if the user can access the project. * @@ -155,20 +127,6 @@ public void accessProject(String id) { } } - /** - * Checks, if the user may read this resource. - * - * @param resource The resource to check. - */ - public void accessRead(String resource) { - try { - System.out.println(m_cms.accessRead(resource)); - } - catch(Exception exc) { - CmsShell.printException(exc); - } - } - /** * Tests if the user can write the resource. * diff --git a/src/com/opencms/core/I_CmsConstants.java b/src/com/opencms/core/I_CmsConstants.java index c08c02edbf3..57f4c4eec6e 100755 --- a/src/com/opencms/core/I_CmsConstants.java +++ b/src/com/opencms/core/I_CmsConstants.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/com/opencms/core/Attic/I_CmsConstants.java,v $ -* Date : $Date: 2003/06/13 10:04:20 $ -* Version: $Revision: 1.231 $ +* Date : $Date: 2003/06/13 16:15:55 $ +* Version: $Revision: 1.232 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -40,7 +40,7 @@ * @author Michaela Schleich * @author Thomas Weckert * - * @version $Revision: 1.231 $ $Date: 2003/06/13 10:04:20 $ + * @version $Revision: 1.232 $ $Date: 2003/06/13 16:15:55 $ */ public interface I_CmsConstants { @@ -366,22 +366,42 @@ public interface I_CmsConstants { /** * The permission to read a resource */ - final static int C_PERMISSION_READ = 1; + int C_PERMISSION_READ = 1; /** * The permission to write a resource */ - final static int C_PERMISSION_WRITE = 2; + int C_PERMISSION_WRITE = 2; /** * The permission to view a resource */ - final static int C_PERMISSION_VIEW = 4; + int C_PERMISSION_VIEW = 4; + + /** + * The permission to control a resource + */ + int C_PERMISSION_CONTROL = 8; - // Constants used for checking access - final static CmsPermissionSet C_READ_ACCESS = new CmsPermissionSet(I_CmsConstants.C_PERMISSION_READ); - final static CmsPermissionSet C_WRITE_ACCESS = new CmsPermissionSet(I_CmsConstants.C_PERMISSION_WRITE); - final static CmsPermissionSet C_VIEW_ACCESS = new CmsPermissionSet(I_CmsConstants.C_PERMISSION_VIEW); + /** + * Permission set to check read acces + */ + CmsPermissionSet C_READ_ACCESS = new CmsPermissionSet(C_PERMISSION_READ); + + /** + * Permission set to check write access + */ + CmsPermissionSet C_WRITE_ACCESS = new CmsPermissionSet(C_PERMISSION_WRITE); + + /** + * Permission set to check view access + */ + CmsPermissionSet C_VIEW_ACCESS = new CmsPermissionSet(C_PERMISSION_VIEW); + + /** + * Permission set to check control access + */ + CmsPermissionSet C_CONTROL_ACCESS = new CmsPermissionSet(C_PERMISSION_CONTROL); /** * Group may read this resource diff --git a/src/com/opencms/file/CmsObject.java b/src/com/opencms/file/CmsObject.java index 4ca789d5ed0..90ef2a2e726 100755 --- a/src/com/opencms/file/CmsObject.java +++ b/src/com/opencms/file/CmsObject.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/com/opencms/file/Attic/CmsObject.java,v $ -* Date : $Date: 2003/06/13 10:04:20 $ -* Version: $Revision: 1.284 $ +* Date : $Date: 2003/06/13 16:17:05 $ +* Version: $Revision: 1.285 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -80,7 +80,7 @@ * @author Alexander Kandzior (a.kandzior@alkacon.com) * @author Michaela Schleich * - * @version $Revision: 1.284 $ + * @version $Revision: 1.285 $ */ public class CmsObject implements I_CmsConstants { @@ -140,36 +140,7 @@ public CmsObject () { public void acceptTask(int taskId) throws CmsException { m_driverManager.acceptTask(m_context.currentUser(), m_context.currentProject(), taskId); } -/** - * Checks, if the user may create this resource. - * - * @param resource the resource to check. - * @return true if the user has the appropriate rigths to create the resource; false otherwise - * - * @throws CmsException if operation was not successful. - */ -public boolean accessCreate(String resource) throws CmsException { - try { - return m_driverManager.accessCreate(m_context.currentUser(), m_context.currentProject(), getSiteRoot(resource)); - } catch (Exception exc) { - throw new CmsException(CmsException.C_UNKNOWN_EXCEPTION, exc); - } -} -/** - * Checks, if the user may lock this resource. - * - * @param resource the resource to check. - * @return true if the user has the appropriate rights to lock this resource; false otherwise - * - * @throws CmsException if operation was not successful. - */ -public boolean accessLock(String resource) throws CmsException { - try { - return m_driverManager.accessLock(m_context.currentUser(), m_context.currentProject(), getSiteRoot(resource)); - } catch (Exception exc) { - throw new CmsException(CmsException.C_UNKNOWN_EXCEPTION, exc); - } -} + /** * Checks if the user can access the project. * @@ -181,21 +152,7 @@ public boolean accessLock(String resource) throws CmsException { public boolean accessProject(int projectId) throws CmsException { return (m_driverManager.accessProject(m_context.currentUser(), m_context.currentProject(), projectId)); } -/** - * Checks, if the user may read this resource. - * - * @param resource The resource to check. - * @return true, if the user has the appropriate rigths to read the resource; false otherwise. - * - * @throws CmsException if operation was not successful. - */ -public boolean accessRead(String resource) throws CmsException { - try { - return m_driverManager.accessRead(m_context.currentUser(), m_context.currentProject(), getSiteRoot(resource)); - } catch (Exception exc) { - throw new CmsException(CmsException.C_UNKNOWN_EXCEPTION, exc); - } -} + /** * Checks, if the user may write this resource. * diff --git a/src/org/opencms/db/CmsDriverManager.java b/src/org/opencms/db/CmsDriverManager.java index 5e668232538..0ca18663c3a 100644 --- a/src/org/opencms/db/CmsDriverManager.java +++ b/src/org/opencms/db/CmsDriverManager.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/org/opencms/db/CmsDriverManager.java,v $ - * Date : $Date: 2003/06/13 13:17:22 $ - * Version: $Revision: 1.3 $ + * Date : $Date: 2003/06/13 16:17:55 $ + * Version: $Revision: 1.4 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -71,7 +71,7 @@ /** * This is the driver manager. * - * @version $Revision: 1.3 $ $Date: 2003/06/13 13:17:22 $ + * @version $Revision: 1.4 $ $Date: 2003/06/13 16:17:55 $ * @author Thomas Weckert (t.weckert@alkacon.com) * @author Carsten Weinholz (c.weinholz@alkacon.com) * @since 5.1 @@ -109,7 +109,7 @@ public boolean equals(Object obj) { /** * Inner class to define the access policy when checking permissions on vfs operations. * - * @version $Revision: 1.3 $ $Date: 2003/06/13 13:17:22 $ + * @version $Revision: 1.4 $ $Date: 2003/06/13 16:17:55 $ * @author Carsten Weinholz (c.weinholz@alkacon.com) */ class VfsAccessGuard extends CmsAccessGuard { @@ -216,6 +216,55 @@ public CmsPermissionSet evaluatePermissions(CmsResource resource, int checks) t } } + /** + * Inner class to define the access policy when checking permissions on user operations. + * + * @version $Revision: 1.4 $ $Date: 2003/06/13 16:17:55 $ + * @author Carsten Weinholz (c.weinholz@alkacon.com) + */ + class UserAccessGuard extends CmsAccessGuard { + + /* + * Sets of checks + */ + public static final int C_CHECK_DEFAULT = 0; + + /** + * Constructor to create a new access guard to secure user access operations for a given user in a given project. + * + * @param user the user that requests access (typically the current user) + * @param project the project in which the permissions are evaluated (typically the current project) + * @param checks flags to define which permission constraints are performed + */ + public UserAccessGuard(CmsUser user, CmsProject project, int checks) { + super(user, project, checks); + } + + /** + * Evaluates the permissions of the given user on a resource within a given project by + * calculating a permission set following a certain policy. + * + * @param resource the resource on which permissions are required + * @param checks flags to define the checks performed when evaluating the permissions + * + * @return a set of allowed and denied permissions for the given user on the resource + * @throws CmsException if something goes wrong + * @see org.opencms.security.CmsAccessGuard#evaluatePermissions(com.opencms.file.CmsResource, int) + */ + public CmsPermissionSet evaluatePermissions(CmsResource resource, int checks) throws CmsException { + + if (isAdmin(getUser(),getProject())) { + // if the current user is administrator, anything is allowed + return new CmsPermissionSet(~0); + + } else { + // otherwise, get the permissions from the access control list + CmsAccessControlList acl = getAccessControlList(getUser(), getProject(), resource); + return acl.getPermissions(getUser(), getGroupsOfUser(getUser(),getUser().getName())); + } + } + } + /** * Constant to count the file-system changes. */ @@ -556,252 +605,7 @@ public void acceptTask(CmsUser currentUser, CmsProject currentProject, int taskI task = m_workflowDriver.writeTask(task); m_workflowDriver.writeSystemTaskLog(taskId, "Task was accepted from " + currentUser.getFirstname() + " " + currentUser.getLastname() + "."); } - - /** - * Checks, if the user may create this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user has access, or not. - */ - public boolean accessCreate(CmsUser currentUser, CmsProject currentProject, - CmsResource resource) throws CmsException { - - // check, if this is the onlineproject - if(currentProject.isOnlineProject()){ - // the online-project is not writeable! - return(false); - } - - // check the access to the project - if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) { - // no access to the project! - return(false); - } - - // check if the resource belongs to the current project - if(resource.getProjectId() != currentProject.getId()) { - return false; - } - - // is the resource locked? - if( resource.isLocked() && (!resource.isLockedBy().equals(currentUser.getId()) || - (resource.getLockedInProject() != currentProject.getId() && - currentProject.getFlags() != C_PROJECT_STATE_INVISIBLE)) ) { - // resource locked by another user, no creation allowed - return(false); - } - - // check the rights for the current resource - if (! getVfsAccessGuard(currentUser, currentProject).check(resource, C_WRITE_ACCESS, false)) - return false; - - // TODO: remove old access check - //if( ! ( accessOther(resource, C_ACCESS_PUBLIC_WRITE) || - // accessOwner(currentUser, currentProject, resource, C_PERMISSION_WRITE) || - // accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_WRITE) ) ) { - // // no write access to this resource! - // return false; - //} - - // read the parent folder - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } else { - // no parent folder! - return true; - } - - // check the rights and if the resource is not locked - do { - //if( accessOther(resource, C_ACCESS_PUBLIC_READ) || - // accessOwner(currentUser, currentProject, resource, C_PERMISSION_READ) || - // accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_READ) ) { - - // is the resource locked? - if( resource.isLocked() && !resource.isLockedBy().equals(currentUser.getId()) ) { - // resource locked by anopther user, no creation allowed - return(false); - } - - // read next resource - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } - // } else { - // last check was negative - // return(false); - // } - } while(resource.getParent() != null); - - // all checks are done positive - return(true); - } - /** - * Checks, if the user may create this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user has access, or not. - */ - public boolean accessCreate(CmsUser currentUser, CmsProject currentProject, - String resourceName) throws CmsException { - - CmsResource resource = m_vfsDriver.readFileHeader(currentProject.getId(), resourceName, false); - return accessCreate(currentUser, currentProject, resource); - } - /** - * Checks, if the group may access this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * @param flags The flags to check. - * - * @return wether the user has access, or not. - *//* - protected boolean accessGroup(CmsUser currentUser, CmsProject currentProject, - CmsResource resource, int flags) - throws CmsException { - - // is the user in the group for the resource? - if(userInGroup(currentUser, currentProject, currentUser.getName(), - readGroup(currentUser, currentProject, - resource).getName())) { - if( (resource.getAccessFlags() & flags) == flags ) { - return true; - } - } - // the resource isn't accesible by the user. - - return false; - - }*/ - /** - * Checks, if the user may lock this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user may lock this resource, or not. - */ - public boolean accessLock(CmsUser currentUser, CmsProject currentProject, - CmsResource resource) throws CmsException { - // check, if this is the onlineproject - if(currentProject.isOnlineProject()){ - // the online-project is not writeable! - return(false); - } - - // check the access to the project - if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) { - // no access to the project! - return(false); - } - - // check if the resource belongs to the current project - if(resource.getProjectId() != currentProject.getId()) { - return false; - } - - // read the parent folder - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } else { - // no parent folder! - return true; - } - - // check the rights and if the resource is not locked - do { - // is the resource locked? - if( resource.isLocked() && ((!resource.isLockedBy().equals(currentUser.getId())) || - (resource.getLockedInProject() != currentProject.getId() && - currentProject.getFlags() != C_PROJECT_STATE_INVISIBLE)) ) { - // resource locked by anopther user, no creation allowed - return(false); - } - - // read next resource - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } - } while(resource.getParent() != null); - - // all checks are done positive - return(true); - } - /** - * Checks, if the user may lock this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user may lock this resource, or not. - */ - public boolean accessLock(CmsUser currentUser, CmsProject currentProject, - String resourceName) throws CmsException { - - CmsResource resource = m_vfsDriver.readFileHeader(currentProject.getId(), resourceName, false); - return accessLock(currentUser,currentProject,resource); - } -/** - * Checks, if others may access this resource. - * - * @param resource The resource to check. - * @param flags The flags to check. - * - * @return wether the user has access, or not. - *//* -protected boolean accessOther(CmsResource resource, int flags) throws CmsException -{ - if ((resource.getAccessFlags() & flags) == flags) - { - return true; - } - else - { - return false; - } - }*/ - - /** - * Checks, if the owner may access this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * @param flags The flags to check. - * - * @return wether the user has access, or not. - *//* - protected boolean accessOwner(CmsUser currentUser, CmsProject currentProject, - CmsResource resource, int flags) - throws CmsException { - // The Admin has always access - if( isAdmin(currentUser, currentProject) ) { - return(true); - } - // is the resource owned by this user? - if(resource.getOwnerId().equals(currentUser.getId())) { - if( (resource.getAccessFlags() & flags) == flags ) { - return true ; - } - } - // the resource isn't accesible by the user. - return false; - }*/ - + // Methods working with projects /** @@ -845,137 +649,7 @@ public boolean accessProject(CmsUser currentUser, CmsProject currentProject, int } return (false); } - - /** - * Checks if the user may read this resource. - * NOTE: If the ressource is in the project you never have to fallback. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return weather the user has access, or not. - */ - public boolean accessRead(CmsUser currentUser, CmsProject currentProject, CmsResource resource) throws CmsException { - String cacheKey = getCacheKey(null, currentUser, new CmsProject(currentProject.getId(), -1), resource.getResourceName()); - Boolean access = (Boolean)m_accessCache.get(cacheKey); - - if (access != null) { - return access.booleanValue(); - } else { - if ( (resource == null) - || !accessProject(currentUser, currentProject, resource.getProjectId()) - || ! getVfsAccessGuard(currentUser, currentProject).check(resource, C_READ_ACCESS, false)) { - - // ( !accessOther(resource, C_ACCESS_PUBLIC_READ) - // && !accessOwner(currentUser, currentProject, resource, C_PERMISSION_READ) - // && !accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_READ))) { - - m_accessCache.put(cacheKey, new Boolean(false)); - return false; - } - - // check the rights for all - /* - CmsResource res = resource; // save the original resource name to be used if an error occurs. - while (res.getParent() != null) { - // readFolder without checking access - res = m_vfsDriver.readFolder(currentProject.getId(), res.getRootName() + res.getParent()); - if (res == null) { - if (I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING && A_OpenCms.isLogging()) { - A_OpenCms.log(A_OpenCms.C_OPENCMS_DEBUG, "Resource has no parent: " + resource.getAbsolutePath()); - } - throw new CmsException(getClass().getName() + ".accessRead(): Cannot find \'" + resource.getName(), CmsException.C_NOT_FOUND); - } - if ( !accessOther(res, C_ACCESS_PUBLIC_READ) - && !accessOwner(currentUser, currentProject, res, C_PERMISSION_READ) - && !accessGroup(currentUser, currentProject, res, C_ACCESS_GROUP_READ)) { - - m_accessCache.put(cacheKey, new Boolean(false)); - return false; - } - } - */ - m_accessCache.put(cacheKey, new Boolean(true)); - return true; - } - } - - /** - * Checks if the user may read this resource. - * NOTE: If the ressource is in the project you never have to fallback. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return weather the user has access, or not. - */ - public boolean accessRead(CmsUser currentUser, CmsProject currentProject, String resourceName) throws CmsException { - - //System.err.println("Accessing: " + currentProject.getId() + resourceName); - CmsResource resource = m_vfsDriver.readFileHeader(currentProject.getId(), resourceName, false); - return accessRead(currentUser, currentProject, resource); - } - - /** - * Checks, if the user may unlock this resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user may unlock this resource, or not. - */ - public boolean accessUnlock(CmsUser currentUser, CmsProject currentProject, - CmsResource resource) - throws CmsException { - // check, if this is the onlineproject - if(currentProject.isOnlineProject()){ - // the online-project is not writeable! - return(false); - } - - // check the access to the project - if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) { - // no access to the project! - return(false); - } - - // check if the resource belongs to the current project - if(resource.getProjectId() != currentProject.getId()) { - return false; - } - - // read the parent folder - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } else { - // no parent folder! - return true; - } - - - // check if the resource is not locked - do { - // is the resource locked? - if( resource.isLocked() ) { - // resource locked by anopther user, no creation allowed - return(false); - } - - // read next resource - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } - } while(resource.getParent() != null); - - // all checks are done positive - return(true); - } /** * Checks, if the user may write this resource. * @@ -997,7 +671,7 @@ public boolean accessWrite(CmsUser currentUser, CmsProject currentProject, } // check the access to the project - if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) { + if(! accessProject(currentUser, currentProject, currentProject.getId())) { // no access to the project! return(false); } @@ -1067,12 +741,13 @@ public boolean accessWrite(CmsUser currentUser, CmsProject currentProject, // all checks are done positive return(true); } + /** * Checks, if the user may write this resource. * * @param currentUser The user who requested this method. * @param currentProject The current project of the user. - * @param resource The resource to check. + * @param resourceName The name of the resource to check. * * @return wether the user has access, or not. */ @@ -1082,81 +757,27 @@ public boolean accessWrite(CmsUser currentUser, CmsProject currentProject, CmsResource resource = m_vfsDriver.readFileHeader(currentProject.getId(), resourceName, false); return accessWrite(currentUser,currentProject,resource); } + /** - * Checks, if the user may write the unlocked resource. - * - * @param currentUser The user who requested this method. - * @param currentProject The current project of the user. - * @param resource The resource to check. - * - * @return wether the user has access, or not. - */ - public boolean accessWriteUnlocked(CmsUser currentUser, CmsProject currentProject, - CmsResource resource) throws CmsException { - - - // check, if this is the onlineproject - - if(currentProject.isOnlineProject()){ - // the online-project is not writeable! - return(false); - } - - // check the access to the project - if( ! accessProject(currentUser, currentProject, currentProject.getId()) ) { - // no access to the project! - return(false); - } - - // check if the resource belongs to the current project - if(resource.getProjectId() != currentProject.getId()) { - return false; - } - - // check the rights for the current resource - if (!getVfsAccessGuard(currentUser, currentProject).check(resource, C_WRITE_ACCESS, false)) - return false; - - // read the parent folder - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } else { - // no parent folder! - return true; - } - - - // check the rights and if the resource is not locked - // for parent folders only read access is needed - do { - //if( accessOther(resource, C_ACCESS_PUBLIC_READ) || - // accessOwner(currentUser, currentProject, resource, C_PERMISSION_READ) || - // accessGroup(currentUser, currentProject, resource, C_ACCESS_GROUP_READ) ) { - - // is the resource locked? - if( resource.isLocked() && (!resource.isLockedBy().equals(currentUser.getId()) ) ) { - // resource locked by anopther user, no creation allowed - return(false); - } - - // read next resource - if(resource.getParent() != null) { - // readFolder without checking access - resource = m_vfsDriver.readFolder(resource.getProjectId(), resource.getRootName()+resource.getParent()); - } - //} else { - // // last check was negative - // return(false); - //} - } while(resource.getParent() != null); - - // all checks are done positive - return(true); + * Returns an instance of the vfs access guard performing permission checks for vfs operations. + * + * @param currentUser the user who requested this method + * @param currentProject the current project of the user + * @return an initialized instance of CmsAccessGuard + */ + public CmsAccessGuard getVfsAccessGuard(CmsUser currentUser, CmsProject currentProject) { + return new VfsAccessGuard(currentUser, currentProject, VfsAccessGuard.C_CHECK_DEFAULT); } - public CmsAccessGuard getVfsAccessGuard(CmsUser currentUser, CmsProject currentProject) { - return new VfsAccessGuard(currentUser, currentProject, VfsAccessGuard.C_CHECK_DEFAULT); + /** + * Returns an instance of the user access guard performing permission checks for user operations. + * + * @param currentUser the user who requested this method + * @param currentProject the current project of the user + * @return an initialized instance of CmsAccessGuard + */ + public CmsAccessGuard getUserAccessGuard(CmsUser currentUser, CmsProject currentProject) { + return new UserAccessGuard(currentUser, currentProject, UserAccessGuard.C_CHECK_DEFAULT); } /** @@ -1845,9 +1466,11 @@ public void copyFile(CmsUser currentUser, CmsProject currentProject, String sour ListIterator aceList = m_userDriver.getAccessControlEntries(currentProject, sourceFile.getResourceAceId(), false).listIterator(); while (aceList.hasNext()) { CmsAccessControlEntry ace = (CmsAccessControlEntry) aceList.next(); - createAccessControlEntry(currentUser, currentProject, newResource, ace.getPrincipal(), ace.getPermissions(), ace.getFlags()); + m_userDriver.createAccessControlEntry(currentProject, newResource.getResourceAceId(), ace.getPrincipal(), ace.getPermissions().getAllowedPermissions(), ace.getPermissions().getDeniedPermissions(), ace.getFlags()); + } - + + clearAccessControlListCache(); m_accessCache.clear(); // inform about the file-system-change fileSystemChanged(sourceFile.isFolder()); @@ -1900,9 +1523,10 @@ public void copyFolder(CmsUser currentUser, CmsProject currentProject, ListIterator aceList = getAccessControlEntries(currentUser, currentProject, folder,false).listIterator(); while (aceList.hasNext()) { CmsAccessControlEntry ace = (CmsAccessControlEntry)aceList.next(); - createAccessControlEntry(currentUser, currentProject, newResource, ace.getPrincipal(), ace.getPermissions(), ace.getFlags()); + m_userDriver.createAccessControlEntry(currentProject, newResource.getResourceAceId(), ace.getPrincipal(), ace.getPermissions().getAllowedPermissions(), ace.getPermissions().getDeniedPermissions(), ace.getFlags()); } - + + clearAccessControlListCache(); m_resourceListCache.clear(); m_accessCache.clear(); // inform about the file-system-change @@ -2030,9 +1654,7 @@ public int countLockedResources(CmsUser currentUser, CmsProject currentProject, * @param currentUser The user who owns this file. * @param currentGroup The group who owns this file. * @param currentProject The project in which the resource will be used. - * @param folder The complete m_path to the folder in which the new folder will - * be created. - * @param file The name of the new file (No pathinformation allowed). + * @param newFileName The name of the new file * @param contents The contents of the new file. * @param type The name of the resourcetype of the new file. * @param propertyinfos A Hashtable of propertyinfos, that should be set for this folder. @@ -2050,7 +1672,16 @@ public CmsFile createFile(CmsUser currentUser, CmsGroup currentGroup, CmsProject // checks, if the filename is valid, if not it throws a exception validFilename(resourceName); - + + // checks, if the type is valid, i.e. the user can create files of this type + // we can't utilize the access guard to do this, since it needs a resource to check + // TODO: preliminary version - improve later + I_CmsResourceType resType = getResourceType(currentUser, currentProject, type); + if(("XMLTemplate".equals(resType.getResourceTypeName())||"jsp".equals(resType.getResourceTypeName())) + && !isAdmin(currentUser, currentProject)) { + throw new CmsException("[" + this.getClass().getName() + "] " + resourceName, CmsException.C_NO_ACCESS); + } + CmsFolder cmsFolder = readFolder(currentUser, currentProject, folderName); // check if the user has write access to the destination folder @@ -2610,14 +2241,15 @@ public void deleteFile(CmsUser currentUser, CmsProject currentProject, deleteAllProperties(currentUser,currentProject,file.getResourceName()); m_vfsDriver.removeFile(currentProject.getId(), filename); // remove the access control entries - removeAllAccessControlEntries(currentUser, currentProject, file); + m_userDriver.removeAllAccessControlEntries(currentProject,file.getResourceAceId()); } else { m_vfsDriver.deleteFile(currentProject, filename); // delete the access control entries deleteAllAccessControlEntries(currentUser, currentProject, file); } // update the cache - this.clearResourceCache(filename, currentProject, currentUser); + clearAccessControlListCache(); + clearResourceCache(filename, currentProject, currentUser); m_accessCache.clear(); // inform about the file-system-change @@ -2670,14 +2302,16 @@ public void deleteFolder(CmsUser currentUser, CmsProject currentProject, deleteAllProperties(currentUser,currentProject, cmsFolder.getResourceName()); m_vfsDriver.removeFolder(currentProject.getId(),cmsFolder); // remove the access control entries - removeAllAccessControlEntries(currentUser, currentProject, cmsFolder); + m_userDriver.removeAllAccessControlEntries(currentProject,cmsFolder.getResourceAceId()); + } else { m_vfsDriver.deleteFolder(currentProject,cmsFolder); // delete the access control entries deleteAllAccessControlEntries(currentUser, currentProject, cmsFolder); } // update cache - this.clearResourceCache(foldername, currentProject, currentUser); + clearAccessControlListCache(); + clearResourceCache(foldername, currentProject, currentUser); m_accessCache.clear(); // inform about the file-system-change fileSystemChanged(true); @@ -2810,7 +2444,7 @@ public void deleteProject(CmsUser currentUser, CmsProject currentProject, // delete the file m_vfsDriver.removeFile(id, currentFile.getResourceName()); // remove the access control entries - removeAllAccessControlEntries(currentUser, currentProject, currentFile); + m_userDriver.removeAllAccessControlEntries(currentProject,currentFile.getResourceAceId()); } else if (currentFile.getState() == C_STATE_CHANGED){ if(!currentFile.isLocked()){ // lock the resource @@ -2860,11 +2494,12 @@ public void deleteProject(CmsUser currentUser, CmsProject currentProject, CmsFolder delFolder = ((CmsFolder) deletedFolders.elementAt(i)); m_vfsDriver.removeFolder(id, delFolder); // remove the access control entries - removeAllAccessControlEntries(currentUser, currentProject, delFolder); + m_userDriver.removeAllAccessControlEntries(currentProject,delFolder.getResourceAceId()); } // unlock all resources in the project m_projectDriver.unlockProject(deleteProject); - this.clearResourceCache(); + clearAccessControlListCache(); + clearResourceCache(); // delete the project m_projectDriver.deleteProject(deleteProject); m_projectCache.remove(new Integer(id)); @@ -6434,12 +6069,15 @@ public Vector readProjectLogs(CmsUser currentUser, CmsProject currentProject, * Looks up a specified property with optional direcory upward cascading.

* * Security: - * Only a user is granted who has the right to read the resource. + * Only a user is granted who has the right to read or to view the resource. + * + * Note: view instead of read permission is required intentionally, since the + * workplace needs properties when displaying file and folder lists. * * @param currentUser the current user * @param currentProject the current project of the user * @param resource the resource to look up the property for - * @param siteroot the site root where to stop the cascading + * @param siteRoot the site root where to stop the cascading * @param property the name of the property to look up * @param search if true, the property will be looked up on all parent folders * if it is not attached to the the resource, if false not (ie. normal @@ -6452,8 +6090,10 @@ public String readProperty(CmsUser currentUser, CmsProject currentProject, Strin // read the resource CmsResource res = readFileHeader(currentUser, currentProject, resource); - // check the security - getVfsAccessGuard(currentUser, currentProject).check(res, C_READ_ACCESS); + // check the security + CmsAccessGuard accessGuard = getVfsAccessGuard(currentUser, currentProject); + if (!(accessGuard.check(res, C_VIEW_ACCESS, false) && accessGuard.check(res,C_READ_ACCESS, false))) + throw new CmsException("[" + this.getClass().getName() + "] " + resource, CmsException.C_NO_ACCESS); search = search && (siteRoot != null); // check if we have the result already cached @@ -6512,12 +6152,15 @@ public String readProperty(CmsUser currentUser, CmsProject currentProject, Strin * resource (or it's parent folders in case search is set to true).

* * Security: - * Only a user is granted who has the right to read the resource. + * Only a user is granted who has the right to read or to view the resource. + * + * Note: view instead of read permission is required intentionally, since the + * workplace needs properties when displaying file and folder lists. * * @param currentUser the current user * @param currentProject the current project of the user * @param resource the resource to look up the property for - * @param siteroot the site root where to stop the cascading + * @param siteRoot the site root where to stop the cascading * @param property the name of the property to look up * @param search if true, the property will be looked up on all parent folders * if it is not attached to the the resource, if false not (ie. normal @@ -6540,7 +6183,10 @@ public String readProperty(CmsUser currentUser, CmsProject currentProject, Strin * Looks up all properties for a resource with optional direcory upward cascading.

* * Security: - * Only a user is granted who has the right to read the resource. + * Only a user is granted who has the right to read or to view the resource. + * + * Note: view instead of read permission is required intentionally, since the + * workplace needs properties when displaying file and folder lists. * * @param currentUser the current user * @param currentProject the current project of the user @@ -6557,7 +6203,10 @@ public Map readProperties(CmsUser currentUser, CmsProject currentProject, String CmsResource res = readFileHeader(currentUser, currentProject, resource); // check the security - getVfsAccessGuard(currentUser, currentProject).check(res, C_READ_ACCESS); + CmsAccessGuard accessGuard = getVfsAccessGuard(currentUser, currentProject); + if (!accessGuard.check(res, C_VIEW_ACCESS, false) || !accessGuard.check(res,C_READ_ACCESS, false)) + throw new CmsException("[" + this.getClass().getName() + "] " + resource, CmsException.C_NO_ACCESS); + search = search && (siteRoot != null); // check if we have the result already cached @@ -7508,14 +7157,15 @@ public void unlockProject(CmsUser currentUser, CmsProject currentProject, int id * Security: * Access is granted, if: *

* - * @param user The user who wants to lock the file. - * @param project The project in which the resource will be used. - * @param resourcename The complete m_path to the resource to lock. + * @param currentUser The user who wants to lock the file. + * @param currentProject The project in which the resource will be used. + * @param resourcename The complete m_path to the resource to lock. * - * @throws CmsException Throws CmsException if operation was not succesful. + * @throws CmsException if operation was not succesful. */ public void unlockResource(CmsUser currentUser,CmsProject currentProject, String resourcename) @@ -7530,54 +7180,49 @@ public void unlockResource(CmsUser currentUser,CmsProject currentProject, cmsResource = (CmsFile)readFileHeader(currentUser,currentProject,resourcename); } - // check, if the user may lock the resource - if( accessUnlock(currentUser, currentProject, cmsResource) ) { - // unlock the resource. - if (cmsResource.isLocked()){ - // check if the resource is locked by the actual user - if (cmsResource.isLockedBy().equals(currentUser.getId())) { - - // unlock the resource - cmsResource.setLocked(CmsUUID.getNullUUID()); + // check if the user has write access to the resource + getVfsAccessGuard(currentUser, currentProject).check(cmsResource, C_WRITE_ACCESS, VfsAccessGuard.C_CHECK_IGNORE_LOCK, true); - //update resource - m_vfsDriver.updateLockstate(cmsResource, cmsResource.getLockedInProject()); + // unlock the resource if it is locked by this user + if(cmsResource.isLockedBy().equals(currentUser.getId())) { - // update the cache - this.clearResourceCache(resourcename, currentProject, currentUser); - } else { - throw new CmsException("[" + this.getClass().getName() + "] " + - resourcename + CmsException.C_NO_ACCESS); - } + // unlock the resource + cmsResource.setLocked(CmsUUID.getNullUUID()); + + //update resource + m_vfsDriver.updateLockstate(cmsResource, cmsResource.getLockedInProject()); + + // update the cache + this.clearResourceCache(resourcename, currentProject, currentUser); + } else { + // ignore attempts to unlock not locked resources + return; } - // if this resource is a folder -> lock all subresources, too - if(cmsResource.isFolder()) { - Vector files = getFilesInFolder(currentUser,currentProject, cmsResource.getResourceName()); - Vector folders = getSubFolders(currentUser,currentProject, cmsResource.getResourceName()); - CmsResource currentResource; + // if this resource is a folder -> lock all subresources, too + if(cmsResource.isFolder()) { + Vector files = getFilesInFolder(currentUser,currentProject, cmsResource.getResourceName()); + Vector folders = getSubFolders(currentUser,currentProject, cmsResource.getResourceName()); + CmsResource currentResource; - // lock all files in this folder - for(int i = 0; i < files.size(); i++ ) { - currentResource = (CmsResource)files.elementAt(i); - if (currentResource.getState() != C_STATE_DELETED) { - unlockResource(currentUser, currentProject, currentResource.getResourceName()); - } + // unlock all files in this folder + for(int i = 0; i < files.size(); i++) { + currentResource = (CmsResource)files.elementAt(i); + if (currentResource.getState() != C_STATE_DELETED) { + unlockResource(currentUser, currentProject, currentResource.getResourceName()); } + } - // lock all files in this folder - for(int i = 0; i < folders.size(); i++) { - currentResource = (CmsResource)folders.elementAt(i); - if (currentResource.getState() != C_STATE_DELETED) { - unlockResource(currentUser, currentProject, currentResource.getResourceName()); - } + // unlock all files in this folder + for(int i = 0; i < folders.size(); i++) { + currentResource = (CmsResource)folders.elementAt(i); + if (currentResource.getState() != C_STATE_DELETED) { + unlockResource(currentUser, currentProject, currentResource.getResourceName()); } } - } else { - throw new CmsException("[" + this.getClass().getName() + "] " + resourcename, - CmsException.C_NO_ACCESS); } } + /** * Checks if a user is member of a group.

* @@ -9075,6 +8720,12 @@ public final I_CmsBackupDriver getBackupDriver() { /** * Creates a new access control entry for a given resource. * + * Security: + * Access is granted, if: + *

+ * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9085,6 +8736,8 @@ public final I_CmsBackupDriver getBackupDriver() { * @throws CmsException if something goes wrong */ public CmsAccessControlEntry createAccessControlEntry(CmsUser currentUser, CmsProject currentProject, CmsResource resource, CmsUUID principal, CmsPermissionSet permissions, int flags) throws CmsException { + + getUserAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_CONTROL_ACCESS); m_userDriver.createAccessControlEntry(currentProject, resource.getResourceAceId(), principal, permissions.getAllowedPermissions(), permissions.getDeniedPermissions(), flags); clearAccessControlListCache(); @@ -9094,6 +8747,12 @@ public CmsAccessControlEntry createAccessControlEntry(CmsUser currentUser, CmsPr /** * Removes an access control entry for a given resource and principal * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9101,48 +8760,52 @@ public CmsAccessControlEntry createAccessControlEntry(CmsUser currentUser, CmsPr * @throws CmsException if something goes wrong */ public void removeAccessControlEntry(CmsUser currentUser, CmsProject currentProject, CmsResource resource, CmsUUID principal) throws CmsException { - - m_userDriver.removeAccessControlEntry(currentProject,resource.getResourceAceId(), principal); - clearAccessControlListCache(); - } - - /** - * Removes all access control entries for a given resource - * - * @param currentUser the user requesting the action - * @param currentProject the project in which the action is performed - * @param resource the resource - * @throws CmsException if something goes wrong - */ - public void removeAllAccessControlEntries(CmsUser currentUser, CmsProject currentProject, CmsResource resource) throws CmsException { - - m_userDriver.removeAllAccessControlEntries(currentProject,resource.getResourceAceId()); - clearAccessControlListCache(); + + getUserAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_CONTROL_ACCESS); + + m_userDriver.removeAccessControlEntry(currentProject,resource.getResourceAceId(), principal); + clearAccessControlListCache(); } /** * Marks all access control entries belonging to a resource as deleted * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource * @throws CmsException if something goes wrong */ public void deleteAllAccessControlEntries(CmsUser currentUser, CmsProject currentProject, CmsResource resource) throws CmsException { - + + getVfsAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_WRITE_ACCESS); + m_userDriver.deleteAllAccessControlEntries(currentProject,resource.getResourceAceId()); clearAccessControlListCache(); } /** * Removes the deleted mark for all access control entries of a given resource - * + * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource * @throws CmsException if something goes wrong */ public void undeleteAllAccessControlEntries(CmsUser currentUser, CmsProject currentProject, CmsResource resource) throws CmsException { + + getVfsAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_WRITE_ACCESS); m_userDriver.undeleteAllAccessControlEntries(currentProject,resource.getResourceAceId()); clearAccessControlListCache(); @@ -9151,6 +8814,12 @@ public void undeleteAllAccessControlEntries(CmsUser currentUser, CmsProject curr /** * Writes an access control entry to the cms. * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9159,6 +8828,8 @@ public void undeleteAllAccessControlEntries(CmsUser currentUser, CmsProject curr */ public void writeAccessControlEntry(CmsUser currentUser, CmsProject currentProject, CmsResource resource, CmsAccessControlEntry acEntry) throws CmsException { + getUserAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_CONTROL_ACCESS); + m_userDriver.writeAccessControlEntry(currentProject,acEntry); clearAccessControlListCache(); } @@ -9167,6 +8838,12 @@ public void writeAccessControlEntry(CmsUser currentUser, CmsProject currentProje * Writes a vector of access control entries as new access control entries of a given resource. * Already existing access control entries of this resource are removed before. * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9174,15 +8851,24 @@ public void writeAccessControlEntry(CmsUser currentUser, CmsProject currentProje * @throws CmsException if something goes wrong */ public void writeAccessControlEntries(CmsUser currentUser, CmsProject currentProject, CmsResource resource, Vector acEntries) throws CmsException { - removeAllAccessControlEntries(currentUser, currentProject, resource); + + getUserAccessGuard(currentUser, currentProject).check(resource, I_CmsConstants.C_CONTROL_ACCESS); + + m_userDriver.removeAllAccessControlEntries(currentProject,resource.getResourceAceId()); + Iterator i = acEntries.iterator(); while (i.hasNext()) { m_userDriver.writeAccessControlEntry(currentProject, (CmsAccessControlEntry)i.next()); } + + clearAccessControlListCache(); } /** * Reads an access control entry from the cms. + * + * Security: + * The access control entries of a resource are readable by everyone. * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed @@ -9199,6 +8885,9 @@ public CmsAccessControlEntry readAccessControlEntry(CmsUser currentUser, CmsProj /** * Reads all relevant access control entries for a given resource. * + * Security: + * The access control entries of a resource are readable by everyone. + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9229,6 +8918,12 @@ public Vector getAccessControlEntries(CmsUser currentUser, CmsProject currentPro * Copies the access control entries of a given resource to another resorce. * Already existing access control entries of this resource are removed. * + * Security: + * Access is granted, if: + * + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param source the resource which access control entries are copied @@ -9236,8 +8931,14 @@ public Vector getAccessControlEntries(CmsUser currentUser, CmsProject currentPro * @throws CmsException if something goes wrong */ public void copyAccessControlEntries(CmsUser currentUser, CmsProject currentProject, CmsResource source, CmsResource dest) throws CmsException { + + getUserAccessGuard(currentUser, currentProject).check(dest, I_CmsConstants.C_CONTROL_ACCESS); + ListIterator acEntries = m_userDriver.getAccessControlEntries(currentProject, source.getResourceAceId(), false).listIterator(); - removeAllAccessControlEntries(currentUser, currentProject, dest); + + m_userDriver.removeAllAccessControlEntries(currentProject,dest.getResourceAceId()); + clearAccessControlListCache(); + while (acEntries.hasNext()) { writeAccessControlEntry(currentUser, currentProject, dest, (CmsAccessControlEntry)acEntries.next()); } @@ -9252,6 +8953,9 @@ public void copyAccessControlEntries(CmsUser currentUser, CmsProject currentProj * Returns the access control list of a given resource. * Note: the current project must be the project the resource belongs to ! * + * Security: + * The access control list of a resource is readable by everyone. + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource @@ -9297,6 +9001,9 @@ public CmsAccessControlList getAccessControlList(CmsUser currentUser, CmsProject /** * Returns the current permissions of an user on the given resource * + * Security: + * Permissions are readable by everyone. + * * @param currentUser the user requesting the action * @param currentProject the project in which the action is performed * @param resource the resource diff --git a/src/org/opencms/db/generic/CmsProjectDriver.java b/src/org/opencms/db/generic/CmsProjectDriver.java index c9f6528a0ba..1eb90ea9e98 100644 --- a/src/org/opencms/db/generic/CmsProjectDriver.java +++ b/src/org/opencms/db/generic/CmsProjectDriver.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/org/opencms/db/generic/CmsProjectDriver.java,v $ - * Date : $Date: 2003/06/13 14:48:16 $ - * Version: $Revision: 1.2 $ + * Date : $Date: 2003/06/13 16:17:55 $ + * Version: $Revision: 1.3 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -68,7 +68,7 @@ /** * Generic (ANSI-SQL) implementation of the project driver methods.

* - * @version $Revision: 1.2 $ $Date: 2003/06/13 14:48:16 $ + * @version $Revision: 1.3 $ $Date: 2003/06/13 16:17:55 $ * @author Thomas Weckert (t.weckert@alkacon.com) * @author Carsten Weinholz (c.weinholz@alkacon.com) * @since 5.1 @@ -742,9 +742,9 @@ public void fillDefaults() throws CmsException { siteRootId = rootFolder.getId(); // create the access control entries - m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),administrators.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); - m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),projectleader.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); - m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),users.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); + m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),administrators.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW|I_CmsConstants.C_PERMISSION_CONTROL,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); + m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),projectleader.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW|I_CmsConstants.C_PERMISSION_CONTROL,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); + m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),users.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_WRITE|I_CmsConstants.C_PERMISSION_VIEW|I_CmsConstants.C_PERMISSION_CONTROL,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); m_driverManager.getUserDriver().createAccessControlEntry(online,rootFolder.getResourceAceId(),guests.getId(),I_CmsConstants.C_PERMISSION_READ|I_CmsConstants.C_PERMISSION_VIEW,0,I_CmsConstants.C_ACCESSFLAGS_INHERITED); // create the folder for the virtual file system diff --git a/src/org/opencms/security/CmsPermissionSet.java b/src/org/opencms/security/CmsPermissionSet.java index 052fc05e66f..7509c0595f7 100644 --- a/src/org/opencms/security/CmsPermissionSet.java +++ b/src/org/opencms/security/CmsPermissionSet.java @@ -1,7 +1,7 @@ /* * File : $Source: /alkacon/cvs/opencms/src/org/opencms/security/CmsPermissionSet.java,v $ - * Date : $Date: 2003/06/13 10:03:10 $ - * Version: $Revision: 1.1 $ + * Date : $Date: 2003/06/13 16:17:55 $ + * Version: $Revision: 1.2 $ * * This library is part of OpenCms - * the Open Source Content Mananagement System @@ -37,7 +37,7 @@ /** * A permission set contains both allowed and denied permissions as bitsets.

* - * @version $Revision: 1.1 $ $Date: 2003/06/13 10:03:10 $ + * @version $Revision: 1.2 $ $Date: 2003/06/13 16:17:55 $ * @author Carsten Weinholz (c.weinholz@alkacon.com) */ public class CmsPermissionSet { @@ -52,9 +52,6 @@ public class CmsPermissionSet { */ int m_denied; - int m_flags; - - /** * Constructor to create an empty permission set. */ @@ -62,7 +59,6 @@ public CmsPermissionSet() { m_allowed = 0; m_denied = 0; - m_flags = 0; } /** @@ -74,7 +70,6 @@ public CmsPermissionSet (int allowedPermissions) { m_allowed = allowedPermissions; m_denied = 0; - m_flags = 0; } /** @@ -87,7 +82,6 @@ public CmsPermissionSet(int allowedPermissions, int deniedPermissions) { m_allowed = allowedPermissions; m_denied = deniedPermissions; - m_flags = 0; } /** @@ -101,7 +95,6 @@ public CmsPermissionSet(String permissionString) { StringTokenizer tok = new StringTokenizer(permissionString, "+-", true); m_allowed = 0; m_denied = 0; - m_flags = 0; while(tok.hasMoreElements()) { String prefix = tok.nextToken(); @@ -119,6 +112,10 @@ public CmsPermissionSet(String permissionString) { if (prefix.charAt(0) == '+') m_allowed |= I_CmsConstants.C_PERMISSION_VIEW; if (prefix.charAt(0) == '-') m_denied |= I_CmsConstants.C_PERMISSION_VIEW; break; + case 'C': case 'c': + if (prefix.charAt(0) == '+') m_allowed |= I_CmsConstants.C_PERMISSION_CONTROL; + if (prefix.charAt(0) == '-') m_denied |= I_CmsConstants.C_PERMISSION_CONTROL; + break; default: // ignore break; @@ -228,21 +225,24 @@ public int getDeniedPermissions() { /** * Returns the string representation of the current permissions in this permission set. * - * @return string of the format {{+|-}{r|w|v}}* + * @return string of the format {{+|-}{r|w|v|c}}* */ public String getPermissionString() { StringBuffer p = new StringBuffer(""); - if ((m_denied & I_CmsConstants.C_PERMISSION_READ)>0) p.append("-r"); - else if ((m_allowed & I_CmsConstants.C_PERMISSION_READ)>0) p.append("+r"); + if ((m_denied & I_CmsConstants.C_PERMISSION_READ)>0) p.append("-r"); + else if ((m_allowed & I_CmsConstants.C_PERMISSION_READ)>0) p.append("+r"); - if ((m_denied & I_CmsConstants.C_PERMISSION_WRITE)>0) p.append("-w"); - else if ((m_allowed & I_CmsConstants.C_PERMISSION_WRITE)>0) p.append("+w"); - - if ((m_denied & I_CmsConstants.C_PERMISSION_VIEW)>0) p.append("-v"); - else if ((m_allowed & I_CmsConstants.C_PERMISSION_VIEW)>0) p.append("+v"); + if ((m_denied & I_CmsConstants.C_PERMISSION_WRITE)>0) p.append("-w"); + else if ((m_allowed & I_CmsConstants.C_PERMISSION_WRITE)>0) p.append("+w"); + if ((m_denied & I_CmsConstants.C_PERMISSION_VIEW)>0) p.append("-v"); + else if ((m_allowed & I_CmsConstants.C_PERMISSION_VIEW)>0) p.append("+v"); + + if ((m_denied & I_CmsConstants.C_PERMISSION_CONTROL)>0) p.append("-c"); + else if ((m_allowed & I_CmsConstants.C_PERMISSION_CONTROL)>0) p.append("+c"); + return p.toString(); }