1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.layout.impl;
18
19 import org.apache.commons.logging.Log;
20 import org.apache.commons.logging.LogFactory;
21 import org.apache.jetspeed.JetspeedActions;
22 import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
23 import org.apache.jetspeed.om.folder.Folder;
24 import org.apache.jetspeed.om.page.ContentPageImpl;
25 import org.apache.jetspeed.om.page.Page;
26 import org.apache.jetspeed.page.PageManager;
27 import org.apache.jetspeed.profiler.impl.ProfilerValveImpl;
28 import org.apache.jetspeed.request.RequestContext;
29
30 /***
31 * Abstracted behavior of security checks for portlet actions
32 *
33 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
34 * @version $Id: $
35 */
36 public class PortletActionSecurityPathBehavior implements PortletActionSecurityBehavior
37 {
38 protected Log log = LogFactory.getLog(PortletActionSecurityPathBehavior.class);
39 protected PageManager pageManager;
40
41 public PortletActionSecurityPathBehavior(PageManager pageManager)
42 {
43 this.pageManager = pageManager;
44 }
45
46 public boolean checkAccess(RequestContext context, String action)
47 {
48 Page page = context.getPage();
49 String path = page.getPath();
50 if (path == null)
51 return false;
52 if (path.indexOf(Folder.ROLE_FOLDER) > -1 || path.indexOf(Folder.GROUP_FOLDER) > -1)
53 {
54 if (action.equals(JetspeedActions.VIEW))
55 return true;
56 return false;
57 }
58 return true;
59 }
60
61 public boolean createNewPageOnEdit(RequestContext context)
62 {
63 Page page = context.getPage();
64 String path = page.getPath();
65 try
66 {
67 if (path == null)
68 return false;
69
70 if (path.indexOf(Folder.USER_FOLDER) == -1)
71 {
72 this.pageManager.createUserHomePagesFromRoles(context.getSubject());
73 page = this.pageManager.getPage(Folder.USER_FOLDER
74 + context.getRequest().getUserPrincipal().getName()
75 + Folder.PATH_SEPARATOR
76 + Folder.FALLBACK_DEFAULT_PAGE);
77 context.setPage(new ContentPageImpl(page));
78 context.getRequest().getSession().removeAttribute(ProfilerValveImpl.PORTAL_SITE_SESSION_CONTEXT_ATTR_KEY);
79 }
80 }
81 catch (Exception e)
82 {
83
84 return false;
85 }
86 return true;
87 }
88 }