Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Making possible to edit content within the Edit Page, regardless of the portlets you have assigned. #26447

Merged
merged 7 commits into from Oct 26, 2023
Merged

Making possible to edit content within the Edit Page, regardless of the portlets you have assigned. #26447

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0e55dfe
dotCMS/core#22698 adding fix
AndreyDotcms Oct 16, 2023
9c05478
dotCMS/core#22698 adding test
AndreyDotcms Oct 16, 2023
a389d70
dotCMS/core#22698 improving code readability
AndreyDotcms Oct 17, 2023
3d8b5f6
dotCMS/core#22698 gh feedback
AndreyDotcms Oct 17, 2023
108e28a
dotCMS/core#22698 improving code
AndreyDotcms Oct 23, 2023
6737bdb
Merge branch 'master' into issue-22698
erickgonzalez Oct 23, 2023
a94d456
dotCMS/core#22698 refactoring code
AndreyDotcms Oct 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
53 changes: 53 additions & 0 deletions dotCMS/src/integration-test/java/com/dotmarketing/business/LayoutAPITest.java
View file
Open in desktop
Expand Up @@ -7,18 +7,25 @@
import com.dotcms.mock.request.MockHttpRequestIntegrationTest;
import com.dotcms.mock.request.MockParameterRequest;
import com.dotcms.util.IntegrationTestInitService;
import com.dotmarketing.beans.Host;
import com.dotmarketing.business.ajax.RoleAjax;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.util.UUIDGenerator;
import com.dotmarketing.util.UtilMethods;
import com.google.common.collect.ImmutableMap;
import com.liferay.portal.PortalException;
import com.liferay.portal.SystemException;
import com.liferay.portal.model.User;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

import org.junit.Assert;
Expand Down Expand Up @@ -143,6 +150,52 @@ public void test_doesUserHaveAccessToPortlet() throws DotDataException {

}

/**
* Method to test: {@link LayoutAPI#doesUserHaveAccessToPortlet(String, User)}
* Given Scenario: You should be able to edit content within the Edit Page, regardless of the portlets you have assigned.
* ExpectedResult: If the user has. edit permissions, they should be given access to the portlet.
*
*/
@Test
public void test_doesUserHaveAccessToPortlet_editPagePortletShouldBeAccessedIfValidPermission() throws DotDataException, DotSecurityException, SystemException, PortalException {
final RoleAPI roleAPI = APILocator.getRoleAPI();
//limited user
final User newUser = new UserDataGen().roles(TestUserUtils.getBackendRole()).nextPersisted();
final User systemUser = APILocator.systemUser();

//create a host
Host host = new Host();
host.setHostname("testHost"+System.currentTimeMillis());
host = APILocator.getHostAPI().save(host, systemUser, false);

//create a role
final String roleName = "testRole"+System.currentTimeMillis();
Role nrole = new Role();
nrole.setName(roleName);
nrole.setRoleKey(roleName);
nrole.setEditUsers(true);
nrole.setEditPermissions(true);
nrole.setEditLayouts(true);
nrole.setDescription(roleName);
nrole = APILocator.getRoleAPI().save(nrole);

//validate that user does not have access to the portlet until the permissions are assigned
assertFalse("The user should not have access to the portlet" , layoutAPI.doesUserHaveAccessToPortlet("edit-page", newUser));

//assign the role to the user
roleAPI.addRoleToUser(nrole, newUser);

//assign the permissions to the role
Map<String,String> permList=new HashMap<>();
permList.put("pages", Integer.toString(PermissionAPI.PERMISSION_READ | PermissionAPI.PERMISSION_EDIT));
permList.put("content", Integer.toString(PermissionAPI.PERMISSION_READ | PermissionAPI.PERMISSION_EDIT));
RoleAjax roleAjax = new RoleAjax();
roleAjax.saveRolePermission(nrole.getId(), host.getIdentifier(), permList, false);

//validate that user does have access to the portlet
assertTrue("The user should have access to the portlet", layoutAPI.doesUserHaveAccessToPortlet("edit-page", newUser));
}

/**
* Method to test: {@link LayoutAPI#findGettingStartedLayout()}
* Given Scenario: Try to get the Getting Started Layout, if exists remove it. And call the
Expand Down
34 changes: 22 additions & 12 deletions dotCMS/src/main/java/com/dotmarketing/business/LayoutAPIImpl.java
View file
Open in desktop
Expand Up @@ -5,30 +5,26 @@

import com.dotcms.util.CollectionsUtils;
import com.dotmarketing.util.Logger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;

import java.util.*;

import javax.servlet.http.HttpServletRequest;
import com.dotcms.api.system.event.Payload;
import com.dotcms.api.system.event.SystemEventType;
import com.dotcms.business.CloseDBIfOpened;
import com.dotcms.business.WrapInTransaction;
import com.dotmarketing.db.DotRunnableFlusherThread;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotRuntimeException;
import com.dotmarketing.util.UtilMethods;
import com.dotmarketing.util.WebKeys;
import com.google.common.base.Splitter;
import com.liferay.portal.model.Portlet;
import com.liferay.portal.model.User;
import io.vavr.API;
import io.vavr.control.Try;

import static com.dotmarketing.business.PermissionAPI.PermissionableType.CONTENTLETS;
import static com.dotmarketing.business.PermissionAPI.PermissionableType.HTMLPAGES;

/**
* @author jasontesser
*
Expand Down Expand Up @@ -171,14 +167,28 @@ public int compare(Layout l1, Layout l2) {
return layouts;
}


/* This method is used to check if the user has access to edit the page portlet.
* All the users should have access to Edit Page, regardless of the assigned portlets.
* To determine if the user has access to edit page, we check if the user can edit HTMLPAGES or CONTENTLETS
*/
private boolean doesUserHaveAccessEditPagePortlet(User user) throws DotDataException {
final PermissionAPI permAPI = APILocator.getPermissionAPI();
return permAPI.doesUserHavePermissions(HTMLPAGES, PermissionAPI.PERMISSION_EDIT, user) ||
permAPI.doesUserHavePermissions(CONTENTLETS, PermissionAPI.PERMISSION_EDIT, user);
}

@Override
public boolean doesUserHaveAccessToPortlet(final String portletId, final User user) throws DotDataException {
if(portletId==null || user==null || !user.isBackendUser()) {
return false;
}
if(portletId==null || user==null || !user.isBackendUser()) {
return false;
}
if(loadLayoutsForUser(user).stream(). anyMatch(layout -> layout.getPortletIds().contains(portletId))){
return true;
}
if("edit-page".equals(portletId) && doesUserHaveAccessEditPagePortlet(user)){
return true;
}
return APILocator.getRoleAPI().doesUserHaveRole(user, APILocator.getRoleAPI().loadCMSAdminRole());
}

Expand Down