Package com.jalios.jcms.policy

Class BasicRightPolicyFilter

java.lang.Object

com.jalios.jcms.policy.AbstractPolicyFilter

com.jalios.jcms.policy.BasicRightPolicyFilter

All Implemented Interfaces:

PluginComponent, PolicyFilter, RightPolicyFilter, java.lang.Comparable

Direct Known Subclasses:

DefaultApplicationRightPolicyFilter, FileDocumentReferrerRightPolicyFilter, FormRightPolicyFilter, ParentReadRightPolicyFilter, QuotaPolicyFilter, ShortcutRightPolicyFilter, TrashRightPolicyFilter, UnzipRightPolicyFilter

public class BasicRightPolicyFilter
extends AbstractPolicyFilter
implements RightPolicyFilter, PluginComponent

Default implementation of RightPolicyFilter

Since:

jcms-5.7.0

Author:

Jean-Philippe Encausse

See Also:

RightPolicyFilter

Field Summary

Fields inherited from class com.jalios.jcms.policy.AbstractPolicyFilter

order

Fields inherited from interface com.jalios.jcms.policy.RightPolicyFilter

CTXT_CATEGORIES

Constructor Summary

Constructors

Constructor	Description
BasicRightPolicyFilter()

Method Summary

Modifier and Type	Method	Description
boolean	callCanBeReadBy(PublicationCriteria pubCriteria)	Call by HibernateUtil.queryPublication(PublicationCriteria).
boolean	callCanBeReadBy(java.lang.Class clazz)	This convenient method is a simplfied version of callCanBeReadBy(PublicationCriteria).
boolean	canBeReadBy(boolean isAuthorized, Category cat, Group grp, boolean checkAncestors)	Deprecated. since JCMS-8579
boolean	canBeReadBy(boolean isAuthorized, Category cat, Member mbr, boolean searchInGroups, boolean checkAncestors)	Called by Category.canBeReadBy(Member, boolean, boolean).
boolean	canBeReadBy(boolean isAuthorized, Group grp, Member mbr)	Called by Data.canBeReadBy(Member).
boolean	canBeReadBy(boolean isAuthorized, Member mbrToRead, Member mbrReading)	Checks if a member can read the specified Member.
boolean	canBeReadBy(boolean isAuthorized, Publication pub, Group grp)	Deprecated. since JCMS-8577
boolean	canBeReadBy(boolean isAuthorized, Publication pub, Member mbr, boolean searchInGroups)	Called by Publication.canBeReadBy(Member, boolean).
boolean	canBeReadBy(boolean isAuthorized, Workspace ws, Member mbr)	Checks if a member can read the specified Workspace.
boolean	canCreateContact(boolean isAuthorized, Member mbr)	Check if the given member can create a new contact.
boolean	canCreateWorkspace(boolean isAuthorized, Member mbr, Workspace model)	Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null.
boolean	canDeleteOther(boolean isAuthorized, Member mbr, Data data)	Check if this member can delete-other this instance.
boolean	canDeleteOther(boolean isAuthorized, Member mbr, java.lang.Class clazz, Workspace ws)	Check if this member can delete-other this clazz in at least one of the given workspace.
boolean	canManageCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent)	Called by Member.canManageCategory(Category, boolean, boolean).
boolean	canPublish(boolean isAuthorized, Member mbr, java.lang.Class clazz, java.util.Set wsSet)	Check if this member can publish this clazz in at least one of the given workspace.
boolean	canUpdateOther(boolean isAuthorized, Member mbr, Data data)	Check if this member can update-other this instance.
boolean	canUpdateOther(boolean isAuthorized, Member mbr, java.lang.Class clazz, Workspace ws)	Check if this member can update-other this clazz in at least one of the given workspace.
boolean	canUseCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent)	Called by Member.canUseCategory(Category, boolean, boolean).
boolean	canWorkOn(boolean isAuthorized, Publication pub, Member member)	Called by Member.canWorkOn(Publication).
ControllerStatus	canWorkOn(ControllerStatus status, int op, Member mbr, Member member)	Called by Member.checkMember(int, Member, java.util.Map).
java.lang.Boolean	checkAccess(Member member, java.lang.String resource, java.util.Map<java.lang.String,java.lang.Object> context)	The checkAccess implementation of the BasicRightPolicyFilter does not modify the default behavior of the AccessControlManager so ACL will be applied as defined (ie : it returns null).
boolean	checkAfterUpload(DocUploadInfo info)	Checks if the uploaded file must be accepted or rejected.
boolean	checkBeforeUpload(java.lang.String fieldName, java.lang.String contentType, java.lang.String fileName)	Checks if the uploaded file must be accepted or rejected.
ControllerStatus	checkHtml(java.lang.String str, java.lang.String field)	This method is called to check if the given string does not contain forbidden HTML code
java.util.Set<Workspace>	getWorkspaceSet(java.util.Set<Workspace> workspaceSet, Member mbr)	Retrieve the workspace set of the specified Member.
boolean	init(Plugin plugin)	Initialize the component with the given plugin configuration
boolean	isAdmin(boolean isAdmin, Member member, Workspace ws)	Called by Workspace.isAdmin(Member).
boolean	isWorker(boolean isWorker, Member member, Workspace ws)	Called by Member.isWorker(Workspace) and Member.isWorker().

Methods inherited from class com.jalios.jcms.policy.AbstractPolicyFilter

compareTo, equals, getOrder, setOrder

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.lang.Comparable

compareTo

Methods inherited from interface com.jalios.jcms.policy.RightPolicyFilter

getOrder

Constructor Detail

BasicRightPolicyFilter

public BasicRightPolicyFilter()

Method Detail

init

public boolean init(Plugin plugin)

Description copied from interface: PluginComponent

Initialize the component with the given plugin configuration

Specified by:

init in interface PluginComponent

Parameters:

plugin - the calling plugin

Returns:

true if the component has been correctly initialized.

Since:

jcms-5.7.1

See Also:

PluginComponent.init(Plugin)

canUpdateOther

public boolean canUpdateOther(boolean isAuthorized,
                              Member mbr,
                              Data data)

Description copied from interface: RightPolicyFilter

Check if this member can update-other this instance. This method is called by Member.canUpdateOther(Data)

Specified by:

canUpdateOther in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

data - the data to check

Returns:

true it the given member can update given instances

See Also:

RightPolicyFilter.canUpdateOther(boolean, Member, Data)

canDeleteOther

public boolean canDeleteOther(boolean isAuthorized,
                              Member mbr,
                              Data data)

Description copied from interface: RightPolicyFilter

Check if this member can delete-other this instance. This method is called by Member.canDeleteOther(Data)

Specified by:

canDeleteOther in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

data - the data to check

Returns:

true it the given member can delete given instances

See Also:

RightPolicyFilter.canDeleteOther(boolean, Member, Data)

callCanBeReadBy

public boolean callCanBeReadBy(PublicationCriteria pubCriteria)

Description copied from interface: RightPolicyFilter

Call by HibernateUtil.queryPublication(PublicationCriteria). It checks if the method RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean) must be called on the results of the query.

Specified by:

callCanBeReadBy in interface RightPolicyFilter

Parameters:

pubCriteria - the criteria of the query.

Returns:

true if method RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean) must be called.

See Also:

RightPolicyFilter.callCanBeReadBy(PublicationCriteria)

callCanBeReadBy

public boolean callCanBeReadBy(java.lang.Class clazz)

This convenient method is a simplfied version of callCanBeReadBy(PublicationCriteria).

Parameters:

clazz - the class to check (never null)

Returns:

true if the method canBeReadBy(boolean, Publication, Member, boolean) must be called for the given class.

Since:

jcms-7.0.0

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Publication pub,
                           Member mbr,
                           boolean searchInGroups)

Description copied from interface: RightPolicyFilter

Called by Publication.canBeReadBy(Member, boolean). It checks if a member can read the given publication. WARNING: HIGHLY SENSIBLE, do not modify without being sure of what you do, can dramatically impact performance and can break existing rights behaviour.

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

mbr - the member to check

searchInGroups - if true check if one of the group this member belongs to is authorized to read this publication.

Returns:

true if the member can read this publication

See Also:

RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean)

canBeReadBy

@Deprecated
public boolean canBeReadBy(boolean isAuthorized,
                           Publication pub,
                           Group grp)

Deprecated.

since JCMS-8577

Description copied from interface: RightPolicyFilter

Called by Publication.canBeReadBy(Group). It checks if a group can read this publication.

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

grp - the group to check

Returns:

true if the group can read this publication

See Also:

RightPolicyFilter.canBeReadBy(boolean, Publication, Group)

canWorkOn

public boolean canWorkOn(boolean isAuthorized,
                         Publication pub,
                         Member member)

Description copied from interface: RightPolicyFilter

Called by Member.canWorkOn(Publication). It checks if the given member can work on the given publication (ie, if it has the rights and if it is in a state the member can work in).

Specified by:

canWorkOn in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

member - the member to check

Returns:

true if the member can work on the publication

See Also:

RightPolicyFilter.canWorkOn(boolean, Publication, Member)

canWorkOn

public ControllerStatus canWorkOn(ControllerStatus status,
                                  int op,
                                  Member mbr,
                                  Member member)

Description copied from interface: RightPolicyFilter

Called by Member.checkMember(int, Member, java.util.Map). It checks if the given member can work on the given member.

Specified by:

canWorkOn in interface RightPolicyFilter

Parameters:

status - the internal JCMS controller status.

op - the operation (OP_CREATE, OP_UPDATE, OP_DELETE)

mbr - the member to work on

member - the member to check

Returns:

true if the member can work on the other member

See Also:

RightPolicyFilter.canWorkOn(ControllerStatus, int, Member, Member)

isWorker

public boolean isWorker(boolean isWorker,
                        Member member,
                        Workspace ws)

Description copied from interface: RightPolicyFilter

Called by Member.isWorker(Workspace) and Member.isWorker(). It checks if the given Member is a Worker for the site or the given workspace

Specified by:

isWorker in interface RightPolicyFilter

Parameters:

isWorker - true if internal JCMS control authorized the member to perform this action

member - the member to check

ws - the workspace to check or null if caller is Member.isWorker()

Returns:

true if given Member is a Worker

See Also:

RightPolicyFilter.isWorker(boolean, Member, Workspace)

canPublish

public boolean canPublish(boolean isAuthorized,
                          Member mbr,
                          java.lang.Class clazz,
                          java.util.Set wsSet)

Description copied from interface: RightPolicyFilter

Check if this member can publish this clazz in at least one of the given workspace. This method is called by Member.canPublish(Class, Set)

Specified by:

canPublish in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

wsSet - the Set of workspace to work with

Returns:

true it the given member can publish the given class

See Also:

RightPolicyFilter.canPublish(boolean, Member, Class, Set)

canUpdateOther

public boolean canUpdateOther(boolean isAuthorized,
                              Member mbr,
                              java.lang.Class clazz,
                              Workspace ws)

Description copied from interface: RightPolicyFilter

Check if this member can update-other this clazz in at least one of the given workspace. This method is called by Member.canUpdateOther(Class, Workspace)

Specified by:

canUpdateOther in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

ws - the Workspace to check

Returns:

true it the given member can update instances of the given class

See Also:

RightPolicyFilter.canUpdateOther(boolean, Member, Class, Workspace)

canDeleteOther

public boolean canDeleteOther(boolean isAuthorized,
                              Member mbr,
                              java.lang.Class clazz,
                              Workspace ws)

Description copied from interface: RightPolicyFilter

Check if this member can delete-other this clazz in at least one of the given workspace. This method is called by Member.canDeleteOther(Class, Workspace)

Specified by:

canDeleteOther in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

ws - the Workspace to check

Returns:

true it the given member can delete instances of the given class

See Also:

RightPolicyFilter.canDeleteOther(boolean, Member, Class, Workspace)

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Category cat,
                           Member mbr,
                           boolean searchInGroups,
                           boolean checkAncestors)

Description copied from interface: RightPolicyFilter

Called by Category.canBeReadBy(Member, boolean, boolean). It checks if a member can read the given category.

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

cat - the category to check

mbr - the member to check

searchInGroups - if true check if one of the group this member belongs to is authorized to read this category.

checkAncestors - if true checks the read rights of the ancestors of this category.

Returns:

true if the member can read this category

See Also:

RightPolicyFilter.canBeReadBy(boolean, Category, Member, boolean, boolean)

canBeReadBy

@Deprecated
public boolean canBeReadBy(boolean isAuthorized,
                           Category cat,
                           Group grp,
                           boolean checkAncestors)

Deprecated.

since JCMS-8579

Description copied from interface: RightPolicyFilter

Called by Category.canBeReadBy(Group, boolean). It checks if a group can read this category.

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

cat - the category to check

grp - the group to check

checkAncestors - if true checks the read rights of the ancestors of this category.

Returns:

true if the group can read this category

See Also:

RightPolicyFilter.canBeReadBy(boolean, Category, Group, boolean)

canUseCategory

public boolean canUseCategory(boolean isAuthorized,
                              Member mbr,
                              Category cat,
                              boolean searchInGroups,
                              boolean searchInParent)

Description copied from interface: RightPolicyFilter

Called by Member.canUseCategory(Category, boolean, boolean). It check if a category can be used by given Member. Note In current implementation:

• Always true for admin
• Not called if can not read category

Specified by:

canUseCategory in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

cat - the category to check

searchInGroups - if true check if one of the group this

searchInParent - if true check in parent category

Returns:

true if the member can use (check) this category

Since:

jcms-5.7.1

See Also:

RightPolicyFilter.canUseCategory(boolean, Member, Category, boolean, boolean)

canManageCategory

public boolean canManageCategory(boolean isAuthorized,
                                 Member mbr,
                                 Category cat,
                                 boolean searchInGroups,
                                 boolean searchInParent)

Description copied from interface: RightPolicyFilter

Called by Member.canManageCategory(Category, boolean, boolean). It check if a category can be managed by given Member

Specified by:

canManageCategory in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

cat - the category to check

searchInGroups - if true check if one of the group this

searchInParent - if true check in parent category

Returns:

true if the member can manage (edit/update) this category branch

Since:

jcms-5.7.1

See Also:

RightPolicyFilter.canManageCategory(boolean, Member, Category, boolean, boolean)

canCreateWorkspace

public boolean canCreateWorkspace(boolean isAuthorized,
                                  Member mbr,
                                  Workspace model)

Description copied from interface: RightPolicyFilter

Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null. This method is called by Member.canCreateWorkspace(Workspace)

Specified by:

canCreateWorkspace in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

model - the workspace to duplicate or null if the workspace has to be created ex nihilo

Returns:

true if a workspace can be created by member false otherwise.

Since:

jcms-5.7.3

See Also:

RightPolicyFilter.canCreateWorkspace(boolean, Member, Workspace)

getWorkspaceSet

public java.util.Set<Workspace> getWorkspaceSet(java.util.Set<Workspace> workspaceSet,
                                                Member mbr)

Description copied from interface: RightPolicyFilter

Retrieve the workspace set of the specified Member.

This method is called by Member.getWorkspaceSet().
You MUST NOT (and cannot) modify the workspaceSet received in parameters, create a new TreeSet of workspace and return it.

Specified by:

getWorkspaceSet in interface RightPolicyFilter

Parameters:

workspaceSet - the workspace set computed by internal JCMS routine

mbr - the member for which the workspace set is computed

Returns:

the new workspace set to use

Since:

jcms-7.0.2

See Also:

RightPolicyFilter.getWorkspaceSet(Set, Member)

isAdmin

public boolean isAdmin(boolean isAdmin,
                       Member member,
                       Workspace ws)

Description copied from interface: RightPolicyFilter

Called by Workspace.isAdmin(Member). It checks if the given Member is an administrator for the specified workspace.

If you change the default behavior for a Member, you should also implement get RightPolicyFilter.getWorkspaceSet(Set, Member) (see issue JCMS-2601 for a implementation example).

Specified by:

isAdmin in interface RightPolicyFilter

Parameters:

isAdmin - true if internal JCMS control found member as admin of workspace

member - the member to check

ws - the workspace to check, never null

Returns:

true if given Member is an admin

Since:

jcms-7.1 jcms-7.0.4

See Also:

RightPolicyFilter.isAdmin(boolean, Member, Workspace)

canCreateContact

public boolean canCreateContact(boolean isAuthorized,
                                Member mbr)

Description copied from interface: RightPolicyFilter

Check if the given member can create a new contact.

Specified by:

canCreateContact in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

Returns:

true if the given member can create a new contact.

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Group grp,
                           Member mbr)

Description copied from interface: RightPolicyFilter

Called by Data.canBeReadBy(Member). It checks if a member can read this group.

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

grp - the group

mbr - the member

Returns:

true if the member can read this group

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Member mbrToRead,
                           Member mbrReading)

Description copied from interface: RightPolicyFilter

Checks if a member can read the specified Member.

Invoked by internal implementation of Data.canBeReadBy(Member).

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbrToRead - the Member that would be read

mbrReading - the Member performing the read operation

Returns:

true if the member can read the Member, false otherwise

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Workspace ws,
                           Member mbr)

Description copied from interface: RightPolicyFilter

Checks if a member can read the specified Workspace.

Invoked by internal implementation of Data.canBeReadBy(Member).

Specified by:

canBeReadBy in interface RightPolicyFilter

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

ws - the Workspace that would be read

mbr - the Member performing the read operation

Returns:

true if the member can read the Workspace, false otherwise

checkBeforeUpload

public boolean checkBeforeUpload(java.lang.String fieldName,
                                 java.lang.String contentType,
                                 java.lang.String fileName)

Description copied from interface: RightPolicyFilter

Checks if the uploaded file must be accepted or rejected. This method is called by sub classes of MultiPartFilter AFTER InitFilter BUT BEFORE doInitPage.jsp. The file has not been uploaded. The JcmsContext returned by Channel.getCurrentJcmsContext() is not completly initialized.

Specified by:

checkBeforeUpload in interface RightPolicyFilter

Parameters:

fieldName - the name of the field for the given file

contentType - the content type of the file

fileName - the name of the file

Returns:

true if the file is accepted

See Also:

RightPolicyFilter.checkBeforeUpload(String, String, String)

checkAfterUpload

public boolean checkAfterUpload(DocUploadInfo info)

Description copied from interface: RightPolicyFilter

Checks if the uploaded file must be accepted or rejected. This method is called by DocUploadInfo.doUpload() called by DocUploadHandler and EditDataHandler for MultiPartRequest BEFORE JavaBean validation. The method Channel.getCurrentJcmsContext() must be called to get more information about Member and Workspace.A DataController must be used to check Document during validation.

Specified by:

checkAfterUpload in interface RightPolicyFilter

Parameters:

info - information about the uploaded file

Returns:

true if the file is accepted

See Also:

RightPolicyFilter.checkAfterUpload(DocUploadInfo)

checkHtml

public ControllerStatus checkHtml(java.lang.String str,
                                  java.lang.String field)

Description copied from interface: RightPolicyFilter

This method is called to check if the given string does not contain forbidden HTML code

Specified by:

checkHtml in interface RightPolicyFilter

Parameters:

str - the String to be checked

field - the name of the field which is checked

Returns:

a ControllerStatus

See Also:

RightPolicyFilter.checkHtml(String, String)

checkAccess

public java.lang.Boolean checkAccess(Member member,
                                     java.lang.String resource,
                                     java.util.Map<java.lang.String,java.lang.Object> context)

The checkAccess implementation of the BasicRightPolicyFilter does not modify the default behavior of the AccessControlManager so ACL will be applied as defined (ie : it returns null).

Specified by:

checkAccess in interface RightPolicyFilter

Parameters:

member - the Member for which access right is verified

resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"

context - an optional context map containing relevant information such as workspace or data

Returns:

null if you don't want to interfer with default behavior, true to grant authorization, false to deny authorization

See Also:

RightPolicyFilter.checkAccess(Member, String, Map)