@Test(expected = PrincipalException.MustHavePermission.class) public void testCreateRepositoryFromExistingFolderWithoutPermissions() throws Exception { DLFolder dlFolder = DLTestUtil.addDLFolder(_group.getGroupId()); PermissionChecker originalPermissionChecker = PermissionThreadLocal.getPermissionChecker(); try { PermissionChecker permissionChecker = new SimplePermissionChecker() { @Override public boolean hasOwnerPermission( long companyId, String name, String primKey, long ownerId, String actionId) { return false; } @Override public boolean hasPermission( long groupId, String name, String primKey, String actionId) { return false; } }; permissionChecker.init(originalPermissionChecker.getUser()); PermissionThreadLocal.setPermissionChecker(permissionChecker); RepositoryProviderUtil.getFolderRepository(dlFolder.getFolderId()); } finally { PermissionThreadLocal.setPermissionChecker(originalPermissionChecker); } }
@Override public void removePortletId(long userId, String portletId, boolean cleanUp) { try { Portlet portlet = PortletLocalServiceUtil.getPortletById(getCompanyId(), portletId); if (portlet == null) { _log.error("Portlet " + portletId + " cannot be removed because it is not registered"); return; } PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); if (!LayoutPermissionUtil.contains(permissionChecker, getLayout(), ActionKeys.UPDATE) && !isCustomizable()) { return; } } catch (Exception e) { _log.error(e, e); return; } List<String> columns = getColumns(); for (int i = 0; i < columns.size(); i++) { String columnId = columns.get(i); if (isCustomizable() && isColumnDisabled(columnId)) { continue; } String columnValue = StringPool.BLANK; if (hasUserPreferences()) { columnValue = getUserPreference(columnId); } else { columnValue = getTypeSettingsProperty(columnId); } columnValue = StringUtil.removeFromList(columnValue, portletId); if (hasUserPreferences()) { setUserPreference(columnId, columnValue); } else { setTypeSettingsProperty(columnId, columnValue); } } if (cleanUp) { try { onRemoveFromLayout(new String[] {portletId}); } catch (Exception e) { _log.error(e, e); } } }
public void setUp() throws Exception { _permissionChecker = PermissionThreadLocal.getPermissionChecker(); PermissionThreadLocal.setPermissionChecker( new DummyPermissionChecker() { @Override public boolean hasPermission(long groupId, String name, long primKey, String actionId) { return true; } }); ; _principal = PrincipalThreadLocal.getName(); PrincipalThreadLocal.setName(TestPropsValues.getUserId()); }
@Override public boolean isCheckLayoutViewPermission() { PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); if (!permissionChecker.isSignedIn()) { return true; } return false; }
protected void setUpPermissionThreadLocal() throws Exception { _originalPermissionChecker = PermissionThreadLocal.getPermissionChecker(); PermissionThreadLocal.setPermissionChecker( new SimplePermissionChecker() { { init(TestPropsValues.getUser()); } @Override public boolean hasOwnerPermission( long companyId, String name, String primKey, long ownerId, String actionId) { return true; } @Override public boolean hasPermission(long groupId, String name, String primKey, String actionId) { return true; } }); }
@Before public void setUp() throws Exception { group = GroupTestUtil.addGroup(); user = UserTestUtil.addUser(); serviceContext = ServiceContextTestUtil.getServiceContext(group.getGroupId()); doSetUp(); ServiceTestUtil.setUser(user); permissionChecker = PermissionThreadLocal.getPermissionChecker(); addPortletModelViewPermission(); }
protected String getRoleOwnerIdsSQL(long groupId, long userId) { StringBundler sb = new StringBundler(8); PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); long[] roleIds = permissionChecker.getRoleIds(userId, groupId); sb.append(StringPool.OPEN_PARENTHESIS); if (roleIds.length != 0) { sb.append("roleId IN ("); sb.append(StringUtil.merge(roleIds)); sb.append(StringPool.CLOSE_PARENTHESIS); sb.append(WHERE_OR); } sb.append("ownerId = "); sb.append(userId); sb.append(StringPool.CLOSE_PARENTHESIS); return sb.toString(); }
protected void tearDownPermissionThreadLocal() { PermissionThreadLocal.setPermissionChecker(_originalPermissionChecker); }
public void tearDown() { PermissionThreadLocal.setPermissionChecker(_permissionChecker); PrincipalThreadLocal.setName(_principal); }
protected String getUserPreference(String key) { String value = StringPool.BLANK; if (!hasUserPreferences()) { return value; } value = _portalPreferences.getValue(CustomizedPages.namespacePlid(getPlid()), key, StringPool.NULL); if (!value.equals(StringPool.NULL)) { return value; } value = getTypeSettingsProperty(key); if (Validator.isNull(value)) { return value; } List<String> newPortletIds = new ArrayList<>(); PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); String[] portletIds = StringUtil.split(value); for (String portletId : portletIds) { try { if (!PortletPermissionUtil.contains( permissionChecker, getLayout(), portletId, ActionKeys.VIEW, true)) { continue; } String rootPortletId = PortletConstants.getRootPortletId(portletId); if (!PortletPermissionUtil.contains( permissionChecker, rootPortletId, ActionKeys.ADD_TO_PAGE)) { continue; } } catch (Exception e) { _log.error(e, e); } String newPortletId = null; boolean preferencesUniquePerLayout = false; try { Portlet portlet = PortletLocalServiceUtil.getPortletById(getCompanyId(), portletId); preferencesUniquePerLayout = portlet.isPreferencesUniquePerLayout(); } catch (SystemException se) { _log.error(se, se); } if (PortletConstants.hasInstanceId(portletId) || preferencesUniquePerLayout) { String instanceId = null; if (PortletConstants.hasInstanceId(portletId)) { instanceId = PortletConstants.generateInstanceId(); } newPortletId = PortletConstants.assemblePortletId( portletId, _portalPreferences.getUserId(), instanceId); copyPreferences(_portalPreferences.getUserId(), portletId, newPortletId); copyResourcePermissions(portletId, newPortletId); } else { newPortletId = portletId; } newPortletIds.add(newPortletId); } value = StringUtil.merge(newPortletIds); setUserPreference(key, value); return value; }
protected String addPortletId( long userId, String portletId, String columnId, int columnPos, boolean checkPermission, boolean strictHasPortlet) { portletId = JS.getSafeName(portletId); Layout layout = getLayout(); Portlet portlet = null; try { portlet = PortletLocalServiceUtil.getPortletById(layout.getCompanyId(), portletId); if (portlet == null) { if (_log.isWarnEnabled()) { _log.warn("Portlet " + portletId + " cannot be added because it is not registered"); } return null; } PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); if (checkPermission && !PortletPermissionUtil.contains( permissionChecker, layout, portlet, ActionKeys.ADD_TO_PAGE)) { return null; } } catch (Exception e) { _log.error(e, e); } if (portlet.isSystem()) { return null; } if (portlet.isInstanceable() && !PortletConstants.hasInstanceId(portletId)) { portletId = PortletConstants.assemblePortletId(portletId, PortletConstants.generateInstanceId()); } if (hasPortletId(portletId, strictHasPortlet)) { return null; } if (columnId == null) { LayoutTemplate layoutTemplate = getLayoutTemplate(); List<String> columns = layoutTemplate.getColumns(); if (!columns.isEmpty()) { columnId = columns.get(0); } } if (columnId == null) { return null; } if (isCustomizable()) { if (isColumnDisabled(columnId)) { return null; } if ((PortletConstants.hasInstanceId(portletId) || portlet.isPreferencesUniquePerLayout()) && hasUserPreferences()) { portletId = PortletConstants.assemblePortletId(portletId, userId); } } String columnValue = StringPool.BLANK; if (hasUserPreferences()) { columnValue = getUserPreference(columnId); } else { columnValue = getTypeSettingsProperty(columnId); } if ((columnValue == null) && columnId.startsWith(_NESTED_PORTLETS_NAMESPACE)) { addNestedColumn(columnId); } if (columnPos >= 0) { List<String> portletIds = ListUtil.fromArray(StringUtil.split(columnValue)); if (columnPos <= portletIds.size()) { portletIds.add(columnPos, portletId); } else { portletIds.add(portletId); } columnValue = StringUtil.merge(portletIds); } else { columnValue = StringUtil.add(columnValue, portletId); } if (hasUserPreferences()) { setUserPreference(columnId, columnValue); } else { setTypeSettingsProperty(columnId, columnValue); } try { if (_enablePortletLayoutListener && !portlet.isUndeployedPortlet()) { PortletLayoutListener portletLayoutListener = portlet.getPortletLayoutListenerInstance(); if (portletLayoutListener != null) { portletLayoutListener.onAddToLayout(portletId, layout.getPlid()); } } } catch (Exception e) { _log.error("Unable to fire portlet layout listener event", e); } return portletId; }
protected String doTransform( ThemeDisplay themeDisplay, Map<String, Object> contextObjects, Map<String, String> tokens, String viewMode, String languageId, Document document, PortletRequestModel portletRequestModel, String script, String langType, boolean propagateException) throws Exception { // Setup listeners if (_log.isDebugEnabled()) { _log.debug("Language " + languageId); } if (Validator.isNull(viewMode)) { viewMode = Constants.VIEW; } if (_logTokens.isDebugEnabled()) { String tokensString = PropertiesUtil.list(tokens); _logTokens.debug(tokensString); } if (_logTransformBefore.isDebugEnabled()) { _logTransformBefore.debug(document); } List<TransformerListener> transformerListeners = JournalTransformerListenerRegistryUtil.getTransformerListeners(); for (TransformerListener transformerListener : transformerListeners) { // Modify XML if (_logXmlBeforeListener.isDebugEnabled()) { _logXmlBeforeListener.debug(document); } if (transformerListener != null) { document = transformerListener.onXml(document, languageId, tokens); if (_logXmlAfterListener.isDebugEnabled()) { _logXmlAfterListener.debug(document); } } // Modify script if (_logScriptBeforeListener.isDebugEnabled()) { _logScriptBeforeListener.debug(script); } if (transformerListener != null) { script = transformerListener.onScript(script, document, languageId, tokens); if (_logScriptAfterListener.isDebugEnabled()) { _logScriptAfterListener.debug(script); } } } // Transform String output = null; if (Validator.isNull(langType)) { output = LocalizationUtil.getLocalization(document.asXML(), languageId); } else { long companyId = 0; long companyGroupId = 0; long articleGroupId = 0; long classNameId = 0; if (tokens != null) { companyId = GetterUtil.getLong(tokens.get("company_id")); companyGroupId = GetterUtil.getLong(tokens.get("company_group_id")); articleGroupId = GetterUtil.getLong(tokens.get("article_group_id")); classNameId = GetterUtil.getLong(tokens.get(TemplateConstants.CLASS_NAME_ID)); } long scopeGroupId = 0; long siteGroupId = 0; if (themeDisplay != null) { companyId = themeDisplay.getCompanyId(); companyGroupId = themeDisplay.getCompanyGroupId(); scopeGroupId = themeDisplay.getScopeGroupId(); siteGroupId = themeDisplay.getSiteGroupId(); } String templateId = tokens.get("template_id"); templateId = getTemplateId(templateId, companyId, companyGroupId, articleGroupId); Template template = getTemplate(templateId, tokens, languageId, document, script, langType); if (contextObjects != null) { template.putAll(contextObjects); } UnsyncStringWriter unsyncStringWriter = new UnsyncStringWriter(); try { if (document != null) { Element rootElement = document.getRootElement(); List<TemplateNode> templateNodes = getTemplateNodes( themeDisplay, rootElement, Long.valueOf(tokens.get("ddm_structure_id"))); if (templateNodes != null) { for (TemplateNode templateNode : templateNodes) { template.put(templateNode.getName(), templateNode); } } if (portletRequestModel != null) { template.put("request", portletRequestModel.toMap()); if (langType.equals(TemplateConstants.LANG_TYPE_XSL)) { Document requestDocument = SAXReaderUtil.read(portletRequestModel.toXML()); Element requestElement = requestDocument.getRootElement(); template.put("xmlRequest", requestElement.asXML()); } } else { Element requestElement = rootElement.element("request"); template.put("request", insertRequestVariables(requestElement)); if (langType.equals(TemplateConstants.LANG_TYPE_XSL)) { template.put("xmlRequest", requestElement.asXML()); } } } template.put("articleGroupId", articleGroupId); template.put("company", getCompany(themeDisplay, companyId)); template.put("companyId", companyId); template.put("device", getDevice(themeDisplay)); String templatesPath = getTemplatesPath(companyId, articleGroupId, classNameId); Locale locale = LocaleUtil.fromLanguageId(languageId); template.put("locale", locale); template.put("permissionChecker", PermissionThreadLocal.getPermissionChecker()); template.put("randomNamespace", StringUtil.randomId() + StringPool.UNDERLINE); template.put("scopeGroupId", scopeGroupId); template.put("siteGroupId", siteGroupId); template.put("templatesPath", templatesPath); template.put("viewMode", viewMode); if (themeDisplay != null) { TemplateManager templateManager = TemplateManagerUtil.getTemplateManager(langType); HttpServletRequest request = themeDisplay.getRequest(); templateManager.addTaglibSupport(template, request, themeDisplay.getResponse()); templateManager.addTaglibTheme( template, "taglibLiferay", request, new PipingServletResponse(themeDisplay.getResponse(), unsyncStringWriter)); } // Deprecated variables template.put("groupId", articleGroupId); template.put("journalTemplatesPath", templatesPath); mergeTemplate(template, unsyncStringWriter, propagateException); } catch (Exception e) { if (e instanceof DocumentException) { throw new TransformException("Unable to read XML document", e); } else if (e instanceof IOException) { throw new TransformException("Error reading template", e); } else if (e instanceof TransformException) { throw (TransformException) e; } else { throw new TransformException("Unhandled exception", e); } } output = unsyncStringWriter.toString(); } // Postprocess output for (TransformerListener transformerListener : transformerListeners) { // Modify output if (_logOutputBeforeListener.isDebugEnabled()) { _logOutputBeforeListener.debug(output); } output = transformerListener.onOutput(output, languageId, tokens); if (_logOutputAfterListener.isDebugEnabled()) { _logOutputAfterListener.debug(output); } } if (_logTransfromAfter.isDebugEnabled()) { _logTransfromAfter.debug(output); } return output; }