svn commit: r729424 - in /ofbiz/trunk/framework/common: entitydef/entitymodel.xml webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy widget/PortalPageScreens.xml

Author: hansbak
Date: Thu Dec 25 06:38:57 2008
New Revision: 729424

URL: http://svn.apache.org/viewvc?rev=729424&view=rev
Log:
add security checking to portlet list

Added:
    ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy   (with props)
Modified:
    ofbiz/trunk/framework/common/entitydef/entitymodel.xml
    ofbiz/trunk/framework/common/widget/PortalPageScreens.xml

Modified: ofbiz/trunk/framework/common/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/entitydef/entitymodel.xml?rev=729424&r1=729423&r2=729424&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/entitydef/entitymodel.xml (original)
+++ ofbiz/trunk/framework/common/entitydef/entitymodel.xml Thu Dec 25 06:38:57 2008
@@ -568,6 +568,7 @@
         <field name="description" type="description"></field>
         <field name="screenshot" type="url"></field>
         <field name="securityServiceName" type="long-varchar"><description>The service named here is used to see if current user can see the portlet on the list of available portlets; the screen that the portlet calls should also call this service to check permission and not render; the service named here must implement the "permissionInterface" service just like services used for service permissions</description></field>
+        <field name="securityMainAction" type="short-varchar"><description>The main action which can be done with this portlet, possible values: CREATE UPDATE VIEW DELETE</description></field>
         <prim-key field="portalPortletId"/>
     </entity>
     <entity entity-name="PortalPage" package-name="org.ofbiz.common.portal" title="Defines a Portal Page">

Added: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy?rev=729424&view=auto
==============================================================================
--- ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy (added)
+++ ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy Thu Dec 25 06:38:57 2008
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.ofbiz.entity.*;
+import org.ofbiz.entity.condition.*;
+
+
+ppIter = delegator.find("PortalPortlet", null, null, null, null, null);
+
+portalPortlets = [];
+inMap = [:];
+while (portlet = ppIter.next()) {
+
+ if (portlet.securityServiceName && portlet.securityMainAction) {
+ inMap.mainAction = portlet.securityMainAction;
+ inMap.userLogin = context.userLogin;
+ result = dispatcher.runSync(portlet.securityServiceName, inMap)
+ hasPermission = result.hasPermission;
+ } else {
+ hasPermission = true;
+ }
+
+ if (hasPermission) {
+ portalPortlets.add(portlet);
+ }
+}
+context.portalPortlets = portalPortlets;
+

Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/trunk/framework/common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/trunk/framework/common/widget/PortalPageScreens.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/widget/PortalPageScreens.xml?rev=729424&r1=729423&r2=729424&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/widget/PortalPageScreens.xml (original)
+++ ofbiz/trunk/framework/common/widget/PortalPageScreens.xml Thu Dec 25 06:38:57 2008
@@ -82,7 +82,7 @@
             <actions>
                 <set field="originalPortalPageId" from-field="parameters.originalPortalPageId"/>
                 <set field="mainPortalPageId" from-field="parameters.mainPortalPageId"/>
-                <entity-condition entity-name="PortalPortlet" list-name="portalPortlets"/>
+                <script location="component://common/webcommon/WEB-INF/actions/includes/ListPortalPortlets.groovy"/>
             </actions>
             <widgets>
                 <decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">