001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.workplace.commons; 029 030import org.opencms.db.CmsDbEntryNotFoundException; 031import org.opencms.file.CmsGroup; 032import org.opencms.file.CmsObject; 033import org.opencms.file.CmsResource; 034import org.opencms.file.CmsResourceFilter; 035import org.opencms.file.CmsUser; 036import org.opencms.file.history.CmsHistoryPrincipal; 037import org.opencms.jsp.CmsJspActionElement; 038import org.opencms.lock.CmsLockFilter; 039import org.opencms.main.CmsException; 040import org.opencms.main.CmsLog; 041import org.opencms.main.OpenCms; 042import org.opencms.security.CmsAccessControlEntry; 043import org.opencms.security.CmsAccessControlList; 044import org.opencms.security.CmsOrganizationalUnit; 045import org.opencms.security.CmsPermissionSet; 046import org.opencms.security.CmsPrincipal; 047import org.opencms.security.CmsRole; 048import org.opencms.security.I_CmsPrincipal; 049import org.opencms.util.CmsStringUtil; 050import org.opencms.util.CmsUUID; 051import org.opencms.widgets.CmsPrincipalWidget; 052import org.opencms.workplace.CmsDialog; 053import org.opencms.workplace.CmsWorkplace; 054import org.opencms.workplace.CmsWorkplaceSettings; 055import org.opencms.workplace.explorer.CmsResourceUtil; 056 057import java.util.ArrayList; 058import java.util.Arrays; 059import java.util.HashMap; 060import java.util.Iterator; 061import java.util.List; 062import java.util.Map; 063import java.util.Set; 064 065import javax.servlet.http.HttpServletRequest; 066import javax.servlet.http.HttpServletResponse; 067import javax.servlet.jsp.PageContext; 068 069import org.apache.commons.logging.Log; 070 071/** 072 * Provides methods for building the permission settings dialog.<p> 073 * 074 * The following files use this class: 075 * <ul> 076 * <li>/commons/chacc.jsp 077 * </ul> 078 * <p> 079 * 080 * @since 6.0.0 081 */ 082public class CmsChacc extends CmsDialog { 083 084 /** Value for the action: add an access control entry. */ 085 public static final int ACTION_ADDACE = 300; 086 087 /** Value for the action: delete the permissions. */ 088 public static final int ACTION_DELETE = 200; 089 090 /** Value for the action: set the internal use flag. */ 091 public static final int ACTION_INTERNALUSE = 400; 092 093 /** Request parameter value for the action: add an access control entry. */ 094 public static final String DIALOG_ADDACE = "addace"; 095 096 /** Request parameter value for the action: delete the permissions. */ 097 public static final String DIALOG_DELETE = "delete"; 098 099 /** Request parameter value for the action: set the internal use flag. */ 100 public static final String DIALOG_INTERNALUSE = "internaluse"; 101 102 /** The dialog type. */ 103 public static final String DIALOG_TYPE = "chacc"; 104 105 /** Request parameter name for the inherit permissions parameter. */ 106 public static final String PARAM_INHERIT = "inherit"; 107 108 /** Request parameter name for the internal use only flag. */ 109 public static final String PARAM_INTERNAL = "internal"; 110 111 /** Request parameter name for the name parameter. */ 112 public static final String PARAM_NAME = "name"; 113 114 /** Request parameter name for the overwrite inherited permissions parameter. */ 115 public static final String PARAM_OVERWRITEINHERITED = "overwriteinherited"; 116 117 /** Request parameter name for the responsible parameter. */ 118 public static final String PARAM_RESPONSIBLE = "responsible"; 119 120 /** Request parameter name for the type parameter. */ 121 public static final String PARAM_TYPE = "type"; 122 123 /** Request parameter name for the view parameter. */ 124 public static final String PARAM_VIEW = "view"; 125 126 /** Constant for the request parameters suffix: allow. */ 127 public static final String PERMISSION_ALLOW = "allow"; 128 129 /** Constant for the request parameters suffix: deny. */ 130 public static final String PERMISSION_DENY = "deny"; 131 132 /** The log object for this class. */ 133 private static final Log LOG = CmsLog.getLog(CmsChacc.class); 134 135 /** Constant for unknown type. */ 136 private static final String UNKNOWN_TYPE = "Unknown"; 137 138 /** PermissionSet of the current user for the resource. */ 139 private CmsPermissionSet m_curPermissions; 140 141 /** Indicates if forms are editable by current user. */ 142 private boolean m_editable; 143 144 /** Stores eventual error message Strings. */ 145 private List<String> m_errorMessages = new ArrayList<String>(); 146 147 /** Indicates if inheritance flags are set as hidden fields for resource folders. */ 148 private boolean m_inherit; 149 150 /** The name parameter. */ 151 private String m_paramName; 152 153 /** The type parameter. */ 154 private String m_paramType; 155 156 /** UUID paramter as String. */ 157 private String m_paramUuid; 158 159 /** Stores all possible permission keys of a permission set. */ 160 private Set<String> m_permissionKeys = CmsPermissionSet.getPermissionKeys(); 161 162 /** Marks if the inherited permissions information should be displayed. */ 163 private boolean m_showInheritedPermissions; 164 165 /** The possible types of new access control entries. */ 166 private String[] m_types = { 167 I_CmsPrincipal.PRINCIPAL_GROUP, 168 I_CmsPrincipal.PRINCIPAL_USER, 169 CmsRole.PRINCIPAL_ROLE, 170 CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME, 171 CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME}; 172 173 /** The possible type values of access control entries. */ 174 private int[] m_typesInt = { 175 CmsAccessControlEntry.ACCESS_FLAGS_GROUP, 176 CmsAccessControlEntry.ACCESS_FLAGS_USER, 177 CmsAccessControlEntry.ACCESS_FLAGS_ROLE, 178 CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS, 179 CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL}; 180 181 /** The possible localized types of new access control entries. */ 182 private String[] m_typesLocalized = new String[5]; 183 184 /** 185 * Public constructor.<p> 186 * 187 * @param jsp an initialized JSP action element 188 */ 189 public CmsChacc(CmsJspActionElement jsp) { 190 191 super(jsp); 192 m_errorMessages.clear(); 193 } 194 195 /** 196 * Public constructor with JSP variables.<p> 197 * 198 * @param context the JSP page context 199 * @param req the JSP request 200 * @param res the JSP response 201 */ 202 public CmsChacc(PageContext context, HttpServletRequest req, HttpServletResponse res) { 203 204 this(new CmsJspActionElement(context, req, res)); 205 } 206 207 /** 208 * Builds a detail view selector.<p> 209 * 210 * @param wp the dialog object 211 * @return the HTML code for the detail view selector 212 */ 213 public static String buildSummaryDetailsButtons(CmsDialog wp) { 214 215 StringBuffer result = new StringBuffer(512); 216 // create detail view selector 217 result.append("<table border=\"0\">\n<tr>\n\t<td>"); 218 result.append(wp.key(Messages.GUI_PERMISSION_SELECT_VIEW_0)); 219 result.append("</td>\n"); 220 String selectedView = wp.getSettings().getPermissionDetailView(); 221 result.append("\t<form action=\"").append(wp.getDialogUri()).append( 222 "\" method=\"post\" name=\"selectshortview\">\n"); 223 result.append("\t<td>\n"); 224 result.append("\t<input type=\"hidden\" name=\""); 225 result.append(PARAM_VIEW); 226 result.append("\" value=\"short\">\n"); 227 // set parameters to show correct hidden input fields 228 wp.setParamAction(null); 229 result.append(wp.paramsAsHidden()); 230 result.append("\t<input type=\"submit\" class=\"dialogbutton\" value=\"").append( 231 wp.key(Messages.GUI_LABEL_SUMMARY_0)).append("\""); 232 if (!"long".equals(selectedView)) { 233 result.append(" disabled=\"disabled\""); 234 } 235 result.append(">\n"); 236 result.append("\t</td>\n"); 237 result.append("\t</form>\n\t<form action=\"").append(wp.getDialogUri()).append( 238 "\" method=\"post\" name=\"selectlongview\">\n"); 239 result.append("\t<td>\n"); 240 result.append("\t<input type=\"hidden\" name=\""); 241 result.append(PARAM_VIEW); 242 result.append("\" value=\"long\">\n"); 243 result.append(wp.paramsAsHidden()); 244 result.append("\t<input type=\"submit\" class=\"dialogbutton\" value=\"").append( 245 wp.key(Messages.GUI_LABEL_DETAILS_0)).append("\""); 246 if ("long".equals(selectedView)) { 247 result.append(" disabled=\"disabled\""); 248 } 249 result.append(">\n"); 250 result.append("\t</td>\n\t</form>\n"); 251 result.append("</tr>\n</table>\n"); 252 return result.toString(); 253 } 254 255 /** 256 * Adds a new access control entry to the resource.<p> 257 * 258 * @return true if a new ace was created, otherwise false 259 */ 260 public boolean actionAddAce() { 261 262 String file = getParamResource(); 263 String name = getParamName(); 264 String type = getParamType(); 265 int arrayPosition = -1; 266 try { 267 arrayPosition = Integer.parseInt(type); 268 } catch (Exception e) { 269 // can usually be ignored 270 if (LOG.isInfoEnabled()) { 271 LOG.info(e.getLocalizedMessage()); 272 } 273 } 274 275 if (checkNewEntry(name, arrayPosition)) { 276 String permissionString = ""; 277 if (getInheritOption() && getSettings().getUserSettings().getDialogPermissionsInheritOnFolder()) { 278 // inherit permissions on folders if setting is enabled 279 permissionString = "+i"; 280 } 281 try { 282 // lock resource if autolock is enabled 283 checkLock(getParamResource()); 284 if (name.equals(key(Messages.GUI_LABEL_ALLOTHERS_0))) { 285 getCms().chacc( 286 file, 287 getTypes(false)[arrayPosition], 288 CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME, 289 permissionString); 290 } else if (name.equals(key(Messages.GUI_LABEL_OVERWRITEALL_0))) { 291 getCms().chacc( 292 file, 293 getTypes(false)[arrayPosition], 294 CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME, 295 permissionString); 296 } else { 297 if (getTypes(false)[arrayPosition].equalsIgnoreCase(CmsRole.PRINCIPAL_ROLE)) { 298 // if role, first check if we have to translate the role name 299 CmsRole role = CmsRole.valueOfRoleName(name); 300 if (role == null) { 301 // we need translation 302 Iterator<CmsRole> it = CmsRole.getSystemRoles().iterator(); 303 while (it.hasNext()) { 304 role = it.next(); 305 if (role.getName(getLocale()).equalsIgnoreCase(name)) { 306 name = role.getRoleName(); 307 break; 308 } 309 } 310 } 311 } 312 getCms().chacc(file, getTypes(false)[arrayPosition], name, permissionString); 313 } 314 return true; 315 } catch (CmsException e) { 316 m_errorMessages.add(e.getMessage()); 317 if (LOG.isErrorEnabled()) { 318 LOG.error(e.getLocalizedMessage(), e); 319 } 320 } 321 } 322 return false; 323 } 324 325 /** 326 * Modifies the Internal Use flag of a resource.<p> 327 * @param request the Http servlet request 328 * 329 * @return true if the operation was was successfully removed, otherwise false 330 */ 331 public boolean actionInternalUse(HttpServletRequest request) { 332 333 String internal = request.getParameter(PARAM_INTERNAL); 334 335 CmsResource resource; 336 boolean internalValue = false; 337 if (internal != null) { 338 internalValue = true; 339 } 340 try { 341 resource = getCms().readResource(getParamResource(), CmsResourceFilter.ALL); 342 343 int flags = resource.getFlags(); 344 345 if (internalValue) { 346 flags |= CmsResource.FLAG_INTERNAL; 347 } else { 348 flags &= ~CmsResource.FLAG_INTERNAL; 349 } 350 351 getCms().lockResource(getParamResource()); 352 getCms().chflags(getParamResource(), flags); 353 354 } catch (CmsException e) { 355 m_errorMessages.add(key(Messages.ERR_MODIFY_INTERNAL_FLAG_0)); 356 if (LOG.isErrorEnabled()) { 357 LOG.error(e.getLocalizedMessage(), e); 358 } 359 return false; 360 } 361 return true; 362 } 363 364 /** 365 * Modifies a present access control entry for a resource.<p> 366 * 367 * @param request the Http servlet request 368 * @return true if the modification worked, otherwise false 369 */ 370 public boolean actionModifyAce(HttpServletRequest request) { 371 372 String file = getParamResource(); 373 374 // get request parameters 375 String name = getParamName(); 376 String type = getParamType(); 377 String inherit = request.getParameter(PARAM_INHERIT); 378 String overWriteInherited = request.getParameter(PARAM_OVERWRITEINHERITED); 379 String responsible = request.getParameter(PARAM_RESPONSIBLE); 380 381 // get the new permissions 382 Set<String> permissionKeys = CmsPermissionSet.getPermissionKeys(); 383 int allowValue = 0; 384 int denyValue = 0; 385 String key, param; 386 int value, paramInt; 387 388 Iterator<String> i = permissionKeys.iterator(); 389 // loop through all possible permissions 390 while (i.hasNext()) { 391 key = i.next(); 392 value = CmsPermissionSet.getPermissionValue(key); 393 // set the right allowed and denied permissions from request parameters 394 try { 395 param = request.getParameter(value + PERMISSION_ALLOW); 396 paramInt = Integer.parseInt(param); 397 allowValue |= paramInt; 398 } catch (Exception e) { 399 // can usually be ignored 400 if (LOG.isInfoEnabled()) { 401 LOG.info(e.getLocalizedMessage()); 402 } 403 } 404 try { 405 param = request.getParameter(value + PERMISSION_DENY); 406 paramInt = Integer.parseInt(param); 407 denyValue |= paramInt; 408 } catch (Exception e) { 409 // can usually be ignored 410 if (LOG.isInfoEnabled()) { 411 LOG.info(e.getLocalizedMessage()); 412 } 413 } 414 } 415 416 // get the current Ace to get the current ace flags 417 try { 418 List<CmsAccessControlEntry> allEntries = getCms().getAccessControlEntries(file, false); 419 int flags = 0; 420 for (int k = 0; k < allEntries.size(); k++) { 421 CmsAccessControlEntry curEntry = allEntries.get(k); 422 String curType = getEntryType(curEntry.getFlags(), false); 423 I_CmsPrincipal p; 424 try { 425 p = CmsPrincipal.readPrincipalIncludingHistory(getCms(), curEntry.getPrincipal()); 426 } catch (CmsException e) { 427 p = null; 428 } 429 if (((p != null) && p.getName().equals(name) && curType.equals(type))) { 430 flags = curEntry.getFlags(); 431 break; 432 } else if (p == null) { 433 // check if it is the case of a role 434 CmsRole role = CmsRole.valueOfId(curEntry.getPrincipal()); 435 if ((role != null) && name.equals(role.getRoleName())) { 436 flags = curEntry.getFlags(); 437 break; 438 } else if ((curEntry.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID) 439 && name.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME)) 440 || (curEntry.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID) 441 && name.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME))) { 442 flags = curEntry.getFlags(); 443 break; 444 } 445 } 446 } 447 448 // modify the ace flags to determine inheritance of the current ace 449 if (Boolean.valueOf(inherit).booleanValue()) { 450 flags |= CmsAccessControlEntry.ACCESS_FLAGS_INHERIT; 451 } else { 452 flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_INHERIT; 453 } 454 455 // modify the ace flags to determine overwriting of inherited ace 456 if (Boolean.valueOf(overWriteInherited).booleanValue()) { 457 flags |= CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE; 458 } else { 459 flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE; 460 } 461 462 if (Boolean.valueOf(responsible).booleanValue()) { 463 flags |= CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE; 464 } else { 465 flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE; 466 } 467 468 // lock resource if autolock is enabled 469 checkLock(getParamResource()); 470 // try to change the access entry 471 if (name.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID.toString())) { 472 getCms().chacc( 473 file, 474 type, 475 CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_NAME, 476 allowValue, 477 denyValue, 478 flags); 479 } else if (name.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID.toString())) { 480 getCms().chacc( 481 file, 482 type, 483 CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_NAME, 484 allowValue, 485 denyValue, 486 flags); 487 } else { 488 getCms().chacc(file, type, name, allowValue, denyValue, flags); 489 } 490 return true; 491 } catch (CmsException e) { 492 m_errorMessages.add(key(Messages.ERR_CHACC_MODIFY_ENTRY_0)); 493 if (LOG.isErrorEnabled()) { 494 LOG.error(e.getLocalizedMessage(), e); 495 } 496 return false; 497 } 498 } 499 500 /** 501 * Removes a present access control entry from the resource.<p> 502 * 503 * @return true if the ace was successfully removed, otherwise false 504 */ 505 public boolean actionRemoveAce() { 506 507 String file = getParamResource(); 508 String name = getParamName(); 509 String type = getParamType(); 510 String uuid = getParamUuid(); 511 try { 512 // lock resource if autolock is enabled 513 checkLock(getParamResource()); 514 // check if it is the case of a role 515 CmsRole role = CmsRole.valueOfGroupName(name); 516 if (role != null) { 517 // translate the internal group name to a role name 518 name = role.getFqn(); 519 } 520 try { 521 getCms().rmacc(file, type, uuid); 522 } catch (CmsException e) { 523 LOG.warn(e.getLocalizedMessage(), e); 524 getCms().rmacc(file, type, name); 525 } 526 return true; 527 } catch (CmsException e) { 528 m_errorMessages.add(key(Messages.ERR_CHACC_DELETE_ENTRY_0)); 529 if (LOG.isErrorEnabled()) { 530 LOG.error(e.getLocalizedMessage(), e); 531 } 532 return false; 533 } 534 } 535 536 /** 537 * Builds a String with HTML code to display the users access rights for the current resource.<p> 538 * 539 * @return HTML String with the access rights of the current user 540 */ 541 public String buildCurrentPermissions() { 542 543 StringBuffer result = new StringBuffer( 544 dialogToggleStart( 545 key(Messages.GUI_PERMISSION_USER_0), 546 "userpermissions", 547 getSettings().getUserSettings().getDialogExpandUserPermissions())); 548 result.append(dialogWhiteBoxStart()); 549 try { 550 result.append(buildPermissionEntryForm( 551 getSettings().getUser().getId(), 552 buildPermissionsForCurrentUser(), 553 false, 554 false)); 555 } catch (CmsException e) { 556 // should never happen 557 if (LOG.isErrorEnabled()) { 558 LOG.error(e.getLocalizedMessage(), e); 559 } 560 } 561 result.append(dialogWhiteBoxEnd()); 562 result.append("</div>\n"); 563 return result.toString(); 564 } 565 566 /** 567 * Returns the error messages if something went wrong.<p> 568 * 569 * @return all error messages 570 */ 571 public String buildErrorMessages() { 572 573 StringBuffer result = new StringBuffer(8); 574 String errorMessages = getErrorMessagesString(); 575 if (!"".equals(errorMessages)) { 576 result.append(dialogBlock(HTML_START, key(Messages.GUI_PERMISSION_ERROR_0), true)); 577 result.append("<font color='red'>").append(errorMessages).append("</font>"); 578 result.append(dialogBlockEnd()); 579 } 580 return result.toString(); 581 } 582 583 /** 584 * Builds a String with HTML code to display the responsible users of a resource.<p> 585 * 586 * @param show true the responsible list is open 587 * @return HTML code for the responsible users of the current resource 588 */ 589 public String buildResponsibleList(boolean show) { 590 591 List<CmsResource> parentResources = new ArrayList<CmsResource>(); 592 Map<Object, String> responsibles = new HashMap<Object, String>(); 593 CmsObject cms = getCms(); 594 try { 595 // get all parent folders of the current file 596 parentResources = cms.readPath(getParamResource(), CmsResourceFilter.IGNORE_EXPIRATION); 597 } catch (CmsException e) { 598 // can usually be ignored 599 if (LOG.isInfoEnabled()) { 600 LOG.info(e.getLocalizedMessage()); 601 } 602 } 603 604 String resourceRootPath = cms.getRequestContext().addSiteRoot(getParamResource()); 605 String site = cms.getRequestContext().getSiteRoot(); 606 try { 607 cms.getRequestContext().setSiteRoot(""); 608 Iterator<CmsResource> i = parentResources.iterator(); 609 while (i.hasNext()) { 610 CmsResource resource = i.next(); 611 try { 612 String rootPath = resource.getRootPath(); 613 Iterator<CmsAccessControlEntry> entries = cms.getAccessControlEntries(rootPath, false).iterator(); 614 while (entries.hasNext()) { 615 CmsAccessControlEntry ace = entries.next(); 616 if (ace.isResponsible()) { 617 try { 618 responsibles.put( 619 CmsPrincipal.readPrincipalIncludingHistory(cms, ace.getPrincipal()), 620 rootPath); 621 } catch (CmsDbEntryNotFoundException e) { 622 responsibles.put(ace.getPrincipal(), rootPath); 623 } 624 } 625 } 626 } catch (CmsException e) { 627 // can usually be ignored 628 if (LOG.isInfoEnabled()) { 629 LOG.info(e.getLocalizedMessage()); 630 } 631 } 632 } 633 if (responsibles.size() == 0) { 634 return key(Messages.GUI_AVAILABILITY_NO_RESPONSIBLES_0); 635 } 636 StringBuffer result = new StringBuffer(512); 637 result.append(dialogToggleStart(key(Messages.GUI_AVAILABILITY_RESPONSIBLES_0), "responsibles", show)); 638 639 result.append(dialogWhiteBoxStart()); 640 Iterator<Map.Entry<Object, String>> it = responsibles.entrySet().iterator(); 641 while (i.hasNext()) { 642 Map.Entry<Object, String> entry = it.next(); 643 String name; 644 String ou = null; 645 String image; 646 if (entry.getKey() instanceof I_CmsPrincipal) { 647 I_CmsPrincipal principal = (I_CmsPrincipal)entry.getKey(); 648 if (principal instanceof CmsHistoryPrincipal) { 649 if (principal.isGroup()) { 650 name = ((CmsHistoryPrincipal)principal).getDescription() 651 + " (" 652 + principal.getSimpleName() 653 + ")"; 654 image = "commons/group.png"; 655 } else { 656 name = ((CmsHistoryPrincipal)principal).getName(); 657 image = "commons/user.png"; 658 } 659 } else if (principal instanceof CmsGroup) { 660 name = ((CmsGroup)principal).getDescription(getLocale()) 661 + " (" 662 + principal.getSimpleName() 663 + ")"; 664 image = "commons/group.png"; 665 } else { 666 name = ((CmsUser)principal).getFullName(); 667 image = "commons/user.png"; 668 } 669 ou = principal.getOuFqn(); 670 } else { 671 // check if it is the case of a role 672 CmsRole role = CmsRole.valueOfId((CmsUUID)entry.getKey()); 673 if (role != null) { 674 name = role.getName(getLocale()); 675 image = "commons/role.png"; 676 } else { 677 name = entry.getKey().toString(); 678 image = "explorer/project_none.gif"; 679 } 680 } 681 result.append("<div class=\"dialogrow\"><img src=\""); 682 result.append(getSkinUri()); 683 result.append(image); 684 result.append( 685 "\" class='noborder' width='16' height='16' alt='Principal' title='Principal'> <span class=\"textbold\">"); 686 result.append(name); 687 result.append("</span>"); 688 if ("long".equals(getSettings().getPermissionDetailView())) { 689 String resourceName = entry.getValue(); 690 if (!resourceRootPath.equals(resourceName)) { 691 result.append("<div class=\"dialogpermissioninherit\">"); 692 result.append(key(Messages.GUI_PERMISSION_INHERITED_FROM_1, new Object[] {resourceName})); 693 result.append("</div>"); 694 } 695 } 696 try { 697 if ((ou != null) 698 && (OpenCms.getOrgUnitManager().getOrganizationalUnits(getCms(), "", true).size() > 1)) { 699 result.append("<br>"); 700 result.append("<img src='").append(getSkinUri()).append( 701 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 702 result.append("<img src='").append(getSkinUri()).append( 703 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 704 result.append(" "); 705 try { 706 result.append( 707 OpenCms.getOrgUnitManager().readOrganizationalUnit(getCms(), ou).getDisplayName( 708 getLocale())); 709 } catch (CmsException e) { 710 result.append(ou); 711 } 712 } 713 } catch (CmsException e) { 714 // should never happen 715 if (LOG.isErrorEnabled()) { 716 LOG.error(e.getLocalizedMessage(), e); 717 } 718 } 719 result.append("</div>\n"); 720 } 721 result.append(dialogWhiteBoxEnd()); 722 result.append("</div>\n"); 723 return result.toString(); 724 } finally { 725 cms.getRequestContext().setSiteRoot(site); 726 } 727 } 728 729 /** 730 * Builds a String with HTML code to display the inherited and own access control entries of a resource.<p> 731 * 732 * @return HTML code for inherited and own entries of the current resource 733 */ 734 public String buildRightsList() { 735 736 StringBuffer result = new StringBuffer( 737 dialogToggleStart( 738 key(Messages.GUI_PERMISSION_BEQUEATH_SUBFOLDER_0), 739 "inheritedpermissions", 740 getSettings().getUserSettings().getDialogExpandInheritedPermissions() 741 || getShowInheritedPermissions())); 742 743 // store all parent folder ids together with path in a map 744 Map<CmsUUID, String> parents = new HashMap<CmsUUID, String>(); 745 String path = CmsResource.getParentFolder(getParamResource()); 746 List<CmsResource> parentResources = new ArrayList<CmsResource>(); 747 try { 748 // get all parent folders of the current file 749 parentResources = getCms().readPath(path, CmsResourceFilter.IGNORE_EXPIRATION); 750 } catch (CmsException e) { 751 // can usually be ignored 752 if (LOG.isInfoEnabled()) { 753 LOG.info(e.getLocalizedMessage()); 754 } 755 } 756 Iterator<CmsResource> k = parentResources.iterator(); 757 while (k.hasNext()) { 758 // add the current folder to the map 759 CmsResource curRes = k.next(); 760 parents.put(curRes.getResourceId(), curRes.getRootPath()); 761 } 762 763 // create new ArrayLists in which inherited and non inherited entries are stored 764 ArrayList<CmsAccessControlEntry> ownEntries = new ArrayList<CmsAccessControlEntry>(); 765 try { 766 Iterator<CmsAccessControlEntry> itAces = getCms().getAccessControlEntries( 767 getParamResource(), 768 false).iterator(); 769 while (itAces.hasNext()) { 770 CmsAccessControlEntry curEntry = itAces.next(); 771 if (!curEntry.isInherited()) { 772 // add the entry to the own rights list 773 ownEntries.add(curEntry); 774 } 775 } 776 } catch (CmsException e) { 777 // can usually be ignored 778 if (LOG.isInfoEnabled()) { 779 LOG.info(e.getLocalizedMessage()); 780 } 781 } 782 783 ArrayList<CmsAccessControlEntry> inheritedEntries = new ArrayList<CmsAccessControlEntry>(); 784 try { 785 Iterator<CmsAccessControlEntry> itAces = getCms().getAccessControlEntries(path, true).iterator(); 786 while (itAces.hasNext()) { 787 CmsAccessControlEntry curEntry = itAces.next(); 788 // add the entry to the inherited rights list for the "long" view 789 if ("long".equals(getSettings().getPermissionDetailView())) { 790 inheritedEntries.add(curEntry); 791 } 792 } 793 } catch (CmsException e) { 794 // can usually be ignored 795 if (LOG.isInfoEnabled()) { 796 LOG.info(e.getLocalizedMessage()); 797 } 798 } 799 800 // now create the inherited entries box 801 result.append(dialogWhiteBox(HTML_START)); 802 result.append(buildInheritedList(inheritedEntries, parents)); 803 result.append(dialogWhiteBox(HTML_END)); 804 805 // close div that toggles visibility of inherited permissions 806 result.append("</div>"); 807 808 // create the add user/group form 809 result.append(buildAddForm()); 810 811 // create the resource entries box 812 result.append(buildResourceList(ownEntries)); 813 814 return result.toString(); 815 } 816 817 /** 818 * Returns the current users permission set on the resource.<p> 819 * 820 * @return the users permission set 821 */ 822 public CmsPermissionSet getCurPermissions() { 823 824 return m_curPermissions; 825 } 826 827 /** 828 * Returns a list with all error messages which occurred when trying to add a new access control entry.<p> 829 * 830 * @return List of error message Strings 831 */ 832 public List<String> getErrorMessages() { 833 834 return m_errorMessages; 835 } 836 837 /** 838 * Returns a String with all error messages occuring when trying to add a new access control entry.<p> 839 * 840 * @return String with error messages, separated by <br> 841 */ 842 public String getErrorMessagesString() { 843 844 StringBuffer errors = new StringBuffer(8); 845 Iterator<String> i = getErrorMessages().iterator(); 846 while (i.hasNext()) { 847 errors.append(i.next()); 848 if (i.hasNext()) { 849 errors.append("<br>"); 850 } 851 } 852 return errors.toString(); 853 } 854 855 /** 856 * Returns the value of the name parameter, 857 * or null if this parameter was not provided.<p> 858 * 859 * The name parameter stores the name of the group or user.<p> 860 * 861 * @return the value of the name parameter 862 */ 863 public String getParamName() { 864 865 return m_paramName; 866 } 867 868 /** 869 * Returns the value of the type parameter, 870 * or null if this parameter was not provided.<p> 871 * 872 * The type parameter stores the type of an ace (group or user).<p> 873 * 874 * @return the value of the type parameter 875 */ 876 public String getParamType() { 877 878 return m_paramType; 879 } 880 881 /** 882 * Returns the UUID parameter.<p> 883 * 884 * @return the UUID parameter 885 */ 886 public String getParamUuid() { 887 888 return m_paramUuid; 889 } 890 891 /** 892 * Returns if the inherited permissions information should be displayed.<p> 893 * 894 * @return true if the inherited permissions information should be displayed, otherwise false 895 */ 896 public boolean getShowInheritedPermissions() { 897 898 return m_showInheritedPermissions; 899 } 900 901 /** 902 * @see org.opencms.workplace.CmsDialog#htmlStart() 903 */ 904 @Override 905 public String htmlStart() { 906 907 StringBuffer result = new StringBuffer(256); 908 result.append(super.htmlStart()); 909 result.append((new CmsPrincipalWidget().getDialogIncludes(getCms(), null))); 910 result.append("<script >"); 911 result.append("typeField = '").append(PARAM_TYPE).append("';"); 912 result.append("</script>"); 913 return result.toString(); 914 } 915 916 /** 917 * Initializes some member variables to display the form with the right options for the current user.<p> 918 * 919 * This method must be called after initWorkplaceRequestValues().<p> 920 */ 921 public void init() { 922 923 // the current user name 924 String userName = getSettings().getUser().getName(); 925 926 if (m_typesLocalized[0] == null) { 927 m_typesLocalized[0] = key(Messages.GUI_LABEL_GROUP_0); 928 m_typesLocalized[1] = key(Messages.GUI_LABEL_USER_0); 929 m_typesLocalized[2] = key(Messages.GUI_LABEL_ROLE_0); 930 m_typesLocalized[3] = key(Messages.GUI_LABEL_ALLOTHERS_0); 931 m_typesLocalized[4] = key(Messages.GUI_LABEL_OVERWRITEALL_0); 932 } 933 934 // set flags to show editable or non editable entries 935 setEditable(false); 936 setInheritOption(false); 937 String resName = getParamResource(); 938 939 try { 940 // get the current users' permissions 941 setCurPermissions(getCms().getPermissions(getParamResource(), userName)); 942 943 // check if the current resource is a folder 944 CmsResource resource = getCms().readResource(getParamResource(), CmsResourceFilter.ALL); 945 if (resource.isFolder()) { 946 // only folders have the inherit option activated 947 setInheritOption(true); 948 if (!resName.endsWith("/")) { 949 // append manually a "/" to folder name to avoid issues with check if resource is in project 950 resName += "/"; 951 } 952 } 953 } catch (CmsException e) { 954 // can usually be ignored 955 if (LOG.isInfoEnabled()) { 956 LOG.info(e.getLocalizedMessage()); 957 } 958 } 959 960 // check the current users permission to change access control entries 961 if ((!getCms().getRequestContext().getCurrentProject().isOnlineProject() 962 && getCms().isInsideCurrentProject(resName)) 963 && (OpenCms.getRoleManager().hasRole(getCms(), CmsRole.VFS_MANAGER) 964 || (((m_curPermissions.getAllowedPermissions() & CmsPermissionSet.PERMISSION_CONTROL) > 0) 965 && !((m_curPermissions.getDeniedPermissions() & CmsPermissionSet.PERMISSION_CONTROL) > 0)))) { 966 if (isBlockingLocked()) { 967 m_errorMessages.add(key(Messages.ERR_PERMISSION_BLOCKING_LOCKS_0)); 968 } else { 969 setEditable(true); 970 } 971 } 972 } 973 974 /** 975 * Sets the value of the name parameter.<p> 976 * 977 * @param value the value to set 978 */ 979 public void setParamName(String value) { 980 981 m_paramName = value; 982 } 983 984 /** 985 * Sets the value of the type parameter.<p> 986 * 987 * @param value the value to set 988 */ 989 public void setParamType(String value) { 990 991 m_paramType = value; 992 } 993 994 /** 995 * Sets the UUID parameter.<p> 996 * 997 * @param uuid the UUID to set 998 */ 999 public void setParamUuid(String uuid) { 1000 1001 m_paramUuid = uuid; 1002 } 1003 1004 /** 1005 * Validates the user input when creating a new access control entry.<p> 1006 * 1007 * @param name the name of the new user/group 1008 * @param arrayPosition the position in the types array 1009 * 1010 * @return true if everything is ok, otherwise false 1011 */ 1012 protected boolean checkNewEntry(String name, int arrayPosition) { 1013 1014 m_errorMessages.clear(); 1015 boolean inArray = false; 1016 if (getTypes(false)[arrayPosition] != null) { 1017 inArray = true; 1018 } 1019 if (!inArray) { 1020 m_errorMessages.add(key(Messages.ERR_PERMISSION_SELECT_TYPE_0)); 1021 } 1022 if (CmsStringUtil.isEmptyOrWhitespaceOnly(name)) { 1023 m_errorMessages.add(key(Messages.ERR_MISSING_GROUP_OR_USER_NAME_0)); 1024 } 1025 if (m_errorMessages.size() > 0) { 1026 return false; 1027 } 1028 return true; 1029 } 1030 1031 /** 1032 * Returns the resource on which the specified access control entry was set.<p> 1033 * 1034 * @param entry the current access control entry 1035 * @param parents the parent resources to determine the connected resource 1036 * @return the resource name of the corresponding resource 1037 */ 1038 protected String getConnectedResource(CmsAccessControlEntry entry, Map<CmsUUID, String> parents) { 1039 1040 CmsUUID resId = entry.getResource(); 1041 String resName = parents.get(resId); 1042 if (CmsStringUtil.isNotEmptyOrWhitespaceOnly(resName)) { 1043 return resName; 1044 } 1045 return resId.toString(); 1046 } 1047 1048 /** 1049 * Returns the current editable flag for the user to change ACEs.<p> 1050 * 1051 * @return true if user can edit the permissions, otherwise false 1052 */ 1053 protected boolean getEditable() { 1054 1055 return m_editable; 1056 } 1057 1058 /** 1059 * Determines the type of the current access control entry.<p> 1060 * 1061 * @param flags the value of the current flags 1062 * @param all to include all types, or just user and groups 1063 * 1064 * @return String representation of the ace type 1065 */ 1066 protected String getEntryType(int flags, boolean all) { 1067 1068 for (int i = 0; i < getTypes(all).length; i++) { 1069 if ((flags & getTypesInt()[i]) > 0) { 1070 return getTypes(all)[i]; 1071 } 1072 } 1073 return UNKNOWN_TYPE; 1074 } 1075 1076 /** 1077 * Determines the int type of the current access control entry.<p> 1078 * 1079 * @param flags the value of the current flags 1080 * @return int representation of the ace type as int 1081 */ 1082 protected int getEntryTypeInt(int flags) { 1083 1084 for (int i = 0; i < getTypesInt().length; i++) { 1085 if ((flags & getTypesInt()[i]) > 0) { 1086 return i; 1087 } 1088 } 1089 return -1; 1090 } 1091 1092 /** 1093 * Returns if the access control entry can be inherited to subfolders and can overwrite inherited permissions.<p> 1094 * 1095 * @return true to show the checkbox, otherwise false 1096 */ 1097 protected boolean getInheritOption() { 1098 1099 return m_inherit; 1100 } 1101 1102 /** 1103 * Returns a String array with the possible entry types.<p> 1104 * 1105 * @param all to include all types, or just user, groups and roles 1106 * 1107 * @return the possible types 1108 */ 1109 protected String[] getTypes(boolean all) { 1110 1111 if (!all) { 1112 String[] array = new String[3]; 1113 return Arrays.asList(m_types).subList(0, 3).toArray(array); 1114 } 1115 return m_types; 1116 } 1117 1118 /** 1119 * Returns an int array with possible entry types.<p> 1120 * 1121 * @return the possible types as int array 1122 */ 1123 protected int[] getTypesInt() { 1124 1125 return m_typesInt; 1126 } 1127 1128 /** 1129 * Returns a String array with the possible localized entry types.<p> 1130 * 1131 * @return the possible localized types 1132 */ 1133 protected String[] getTypesLocalized() { 1134 1135 return m_typesLocalized; 1136 } 1137 1138 /** 1139 * @see org.opencms.workplace.CmsWorkplace#initWorkplaceRequestValues(org.opencms.workplace.CmsWorkplaceSettings, javax.servlet.http.HttpServletRequest) 1140 */ 1141 @Override 1142 protected void initWorkplaceRequestValues(CmsWorkplaceSettings settings, HttpServletRequest request) { 1143 1144 // fill the parameter values in the get/set methods 1145 fillParamValues(request); 1146 1147 // set the detail mode of the "inherited" list view 1148 String detail = request.getParameter(PARAM_VIEW); 1149 if (detail != null) { 1150 settings.setPermissionDetailView(detail); 1151 setShowInheritedPermissions(true); 1152 } 1153 1154 // determine which action has to be performed 1155 if (DIALOG_TYPE.equals(getParamAction())) { 1156 setAction(ACTION_DEFAULT); 1157 } else if (DIALOG_SET.equals(getParamAction())) { 1158 setAction(ACTION_SET); 1159 } else if (DIALOG_DELETE.equals(getParamAction())) { 1160 setAction(ACTION_DELETE); 1161 } else if (DIALOG_ADDACE.equals(getParamAction())) { 1162 setAction(ACTION_ADDACE); 1163 } else if (DIALOG_LOCKS_CONFIRMED.equals(getParamAction())) { 1164 setAction(ACTION_LOCKS_CONFIRMED); 1165 } else if (DIALOG_CANCEL.equals(getParamAction())) { 1166 setAction(ACTION_CANCEL); 1167 } else if (DIALOG_INTERNALUSE.equals(getParamAction())) { 1168 setAction(ACTION_INTERNALUSE); 1169 } else { 1170 setAction(ACTION_DEFAULT); 1171 // build the title for chacc dialog 1172 setParamTitle( 1173 key(Messages.GUI_PERMISSION_CHANGE_1, new Object[] {CmsResource.getName(getParamResource())})); 1174 } 1175 1176 } 1177 1178 /** 1179 * Checks if a certain permission of a permission set is allowed.<p> 1180 * 1181 * @param p the current CmsPermissionSet 1182 * @param value the int value of the permission to check 1183 * @return true if the permission is allowed, otherwise false 1184 */ 1185 protected boolean isAllowed(CmsPermissionSet p, int value) { 1186 1187 if ((p.getAllowedPermissions() & value) > 0) { 1188 return true; 1189 } 1190 return false; 1191 } 1192 1193 /** 1194 * Checks if a certain permission of a permission set is denied.<p> 1195 * 1196 * @param p the current CmsPermissionSet 1197 * @param value the int value of the permission to check 1198 * @return true if the permission is denied, otherwise false 1199 */ 1200 protected boolean isDenied(CmsPermissionSet p, int value) { 1201 1202 if ((p.getDeniedPermissions() & value) > 0) { 1203 return true; 1204 } 1205 return false; 1206 } 1207 1208 /** 1209 * Check if the current permissions are overwriting the inherited ones.<p> 1210 * 1211 * @param flags value of all flags of the current entry 1212 * @return true if permissions are overwriting the inherited ones, otherwise false 1213 */ 1214 protected boolean isOverWritingInherited(int flags) { 1215 1216 if ((flags & CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE) > 0) { 1217 return true; 1218 } 1219 return false; 1220 } 1221 1222 /** 1223 * Check if the user is a responsible for the resource.<p> 1224 * 1225 * @param flags value of all flags of the current entry 1226 * @return true if user is responsible for the resource, otherwise false 1227 */ 1228 protected boolean isResponsible(int flags) { 1229 1230 if ((flags & CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE) > 0) { 1231 return true; 1232 } 1233 return false; 1234 } 1235 1236 /** 1237 * Sets the current users permissions on the resource. 1238 * This is set in the init() method.<p> 1239 * 1240 * @param value the CmsPermissionSet 1241 */ 1242 protected void setCurPermissions(CmsPermissionSet value) { 1243 1244 m_curPermissions = value; 1245 } 1246 1247 /** 1248 * Sets the editable flag for the forms. 1249 * This is set in the init() method.<p> 1250 * 1251 * @param value true if user can edit the permissions, otherwise false 1252 */ 1253 protected void setEditable(boolean value) { 1254 1255 m_editable = value; 1256 } 1257 1258 /** 1259 * Sets if the access control entry can be inherited to subfolders and can overwrite inherited permissions.<p> 1260 * 1261 * This is set in the init() method.<p> 1262 * 1263 * @param value set to true for folders, otherwise false 1264 */ 1265 protected void setInheritOption(boolean value) { 1266 1267 m_inherit = value; 1268 } 1269 1270 /** 1271 * Sets if the inherited permissions information should be displayed.<p> 1272 * 1273 * @param showInheritedPermissions true if the inherited permissions information should be displayed, otherwise false 1274 */ 1275 protected void setShowInheritedPermissions(boolean showInheritedPermissions) { 1276 1277 m_showInheritedPermissions = showInheritedPermissions; 1278 } 1279 1280 /** 1281 * Builds a String with HTML code to display the form to add a new access control entry for the current resource.<p> 1282 * 1283 * @return HTML String with the form 1284 */ 1285 private String buildAddForm() { 1286 1287 StringBuffer result = new StringBuffer(256); 1288 1289 // only display form if the current user has the "control" right 1290 if (getEditable()) { 1291 result.append(dialogSpacer()); 1292 result.append(dialogBlockStart(key(Messages.GUI_PERMISSION_ADD_ACE_0))); 1293 1294 // get all possible entry types 1295 ArrayList<String> options = new ArrayList<String>(); 1296 ArrayList<String> optionValues = new ArrayList<String>(); 1297 for (int i = 0; i < (getTypes(false).length - (1 * (isRoleEditable() ? 0 : 1))); i++) { 1298 options.add(getTypesLocalized()[i]); 1299 optionValues.add(Integer.toString(i)); 1300 } 1301 1302 // create the input form for adding an ace 1303 result.append("<form action=\"").append(getDialogUri()).append( 1304 "\" method=\"post\" name=\"add\" class=\"nomargin\">\n"); 1305 // set parameters to show correct hidden input fields 1306 setParamAction(DIALOG_ADDACE); 1307 setParamType(null); 1308 setParamName(null); 1309 result.append(paramsAsHidden()); 1310 result.append("<table border=\"0\" width=\"100%\">\n"); 1311 result.append("<tr>\n"); 1312 result.append("\t<td>").append( 1313 buildSelect("name=\"" + PARAM_TYPE + "\"", options, optionValues, -1)).append("</td>\n"); 1314 result.append("\t<td class=\"maxwidth\"><input type=\"text\" class=\"maxwidth\" name=\""); 1315 result.append(PARAM_NAME); 1316 result.append("\" value=\"\"></td>\n"); 1317 1318 result.append("<td><span style='display: block; height: 1px; width: 10px;'/></td>"); 1319 1320 result.append( 1321 button( 1322 new CmsPrincipalWidget().getButtonJs(PARAM_NAME, "add"), 1323 null, 1324 "principal", 1325 org.opencms.workplace.Messages.GUI_DIALOG_BUTTON_SEARCH_0, 1326 getSettings().getUserSettings().getEditorButtonStyle())); 1327 1328 result.append( 1329 button( 1330 "javascript:document.forms['add'].submit();", 1331 null, 1332 "new", 1333 Messages.GUI_LABEL_ADD_0, 1334 getSettings().getUserSettings().getEditorButtonStyle())); 1335 1336 result.append("</tr>\n"); 1337 result.append("</form>\n"); 1338 result.append("</table>\n"); 1339 1340 result.append(dialogBlockEnd()); 1341 } 1342 return result.toString(); 1343 } 1344 1345 /** 1346 * Builds a StringBuffer with HTML code to show a list of all inherited access control entries.<p> 1347 * 1348 * @param entries ArrayList with all entries to show for the long view 1349 * @param parents Map of parent resources needed to get the connected resources for the detailed view 1350 * @return StringBuffer with HTML code for all entries 1351 */ 1352 private StringBuffer buildInheritedList(ArrayList<CmsAccessControlEntry> entries, Map<CmsUUID, String> parents) { 1353 1354 StringBuffer result = new StringBuffer(32); 1355 String view = getSettings().getPermissionDetailView(); 1356 1357 // display the long view 1358 if ("long".equals(view)) { 1359 Iterator<CmsAccessControlEntry> i = entries.iterator(); 1360 while (i.hasNext()) { 1361 CmsAccessControlEntry curEntry = i.next(); 1362 // build the list with enabled extended view and resource name 1363 result.append(buildPermissionEntryForm(curEntry, false, true, getConnectedResource(curEntry, parents))); 1364 } 1365 } else { 1366 // show the short view, use an ACL to build the list 1367 try { 1368 // get the inherited ACL of the parent folder 1369 CmsAccessControlList acList = getCms().getAccessControlList( 1370 CmsResource.getParentFolder(getParamResource()), 1371 false); 1372 Iterator<CmsUUID> i = acList.getPrincipals().iterator(); 1373 while (i.hasNext()) { 1374 CmsUUID principalId = i.next(); 1375 if (!principalId.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { 1376 CmsPermissionSet permissions = acList.getPermissions(principalId); 1377 // build the list with enabled extended view only 1378 result.append(buildPermissionEntryForm(principalId, permissions, false, true)); 1379 } 1380 } 1381 } catch (CmsException e) { 1382 // can usually be ignored 1383 if (LOG.isInfoEnabled()) { 1384 LOG.info(e.getLocalizedMessage()); 1385 } 1386 } 1387 } 1388 return result; 1389 } 1390 1391 /** 1392 * Builds a String with HTML code to display the form to add a new access control entry for the current resource.<p> 1393 * 1394 * @return HTML String with the form 1395 */ 1396 private String buildInternalForm() { 1397 1398 StringBuffer result = new StringBuffer(128); 1399 1400 CmsResource resource = null; 1401 boolean internal = false; 1402 1403 // try to read the internal flag from the resource 1404 try { 1405 resource = getCms().readResource(getParamResource(), CmsResourceFilter.ALL); 1406 internal = resource.isInternal(); 1407 } catch (CmsException e) { 1408 // an error occurred reading the resource 1409 LOG.error(e.getLocalizedMessage()); 1410 } 1411 1412 if ((resource != null) && (resource.isFile())) { 1413 // only show internal check box on files 1414 result.append("<form action=\"").append(getDialogUri()).append( 1415 "\" method=\"post\" name=\"internal\" class=\"nomargin\">\n"); 1416 result.append("<table border=\"0\" width=\"100%\">\n"); 1417 result.append("<tr>\n"); 1418 result.append("\t<td class=\"dialogpermissioncell\">").append(key(Messages.GUI_PERMISSION_INTERNAL_0)); 1419 result.append(" <input type=\"checkbox\" name=\""); 1420 result.append(PARAM_INTERNAL); 1421 result.append("\" value=\"true\""); 1422 if (internal) { 1423 result.append(" checked=\"checked\""); 1424 } 1425 if (!getEditable()) { 1426 result.append(" disabled=\"disabled\""); 1427 } 1428 result.append(" ></td>\n"); 1429 if (getEditable()) { 1430 result.append("<td><input type=\"submit\" class=\"dialogbutton\" value=\"").append( 1431 key(Messages.GUI_LABEL_SET_0)).append("\">"); 1432 } 1433 result.append("</td>\n"); 1434 result.append("</tr>\n"); 1435 result.append("</table>\n"); 1436 setParamAction(DIALOG_INTERNALUSE); 1437 setParamType(null); 1438 setParamName(null); 1439 result.append(paramsAsHidden()); 1440 result.append("</form>\n"); 1441 } 1442 return result.toString(); 1443 1444 } 1445 1446 /** 1447 * Creates an HTML input form for the current access control entry.<p> 1448 * 1449 * @param entry the current access control entry 1450 * @param editable boolean to determine if the form is editable 1451 * @param extendedView boolean to determine if the view is selectable with DHTML 1452 * @param inheritRes the resource name from which the ace is inherited 1453 * @return StringBuffer with HTML code of the form 1454 */ 1455 private StringBuffer buildPermissionEntryForm( 1456 CmsAccessControlEntry entry, 1457 boolean editable, 1458 boolean extendedView, 1459 String inheritRes) { 1460 1461 StringBuffer result = new StringBuffer(512); 1462 1463 // get name and type of the current entry 1464 I_CmsPrincipal principal; 1465 try { 1466 principal = CmsPrincipal.readPrincipalIncludingHistory(getCms(), entry.getPrincipal()); 1467 } catch (CmsException e) { 1468 principal = null; 1469 } 1470 1471 String id = (principal != null) ? principal.getName() : entry.getPrincipal().toString(); 1472 String name; 1473 String ou = null; 1474 int flags = 0; 1475 if ((principal != null) && (principal instanceof CmsHistoryPrincipal)) { 1476 // there is a history principal entry, handle it 1477 if (principal.isGroup()) { 1478 String niceName = OpenCms.getWorkplaceManager().translateGroupName(principal.getName(), false); 1479 name = key( 1480 org.opencms.security.Messages.GUI_ORGUNIT_DISPLAY_NAME_2, 1481 new Object[] {((CmsHistoryPrincipal)principal).getDescription(), niceName}); 1482 ou = CmsOrganizationalUnit.getParentFqn(id); 1483 flags = CmsAccessControlEntry.ACCESS_FLAGS_GROUP; 1484 } else { 1485 name = ((CmsHistoryPrincipal)principal).getName(); 1486 ou = CmsOrganizationalUnit.getParentFqn(id); 1487 flags = CmsAccessControlEntry.ACCESS_FLAGS_USER; 1488 } 1489 } else if ((principal != null) && principal.isGroup()) { 1490 String niceName = OpenCms.getWorkplaceManager().translateGroupName(principal.getName(), false); 1491 name = key( 1492 org.opencms.security.Messages.GUI_ORGUNIT_DISPLAY_NAME_2, 1493 new Object[] {((CmsGroup)principal).getDescription(getLocale()), niceName}); 1494 ou = CmsOrganizationalUnit.getParentFqn(id); 1495 flags = CmsAccessControlEntry.ACCESS_FLAGS_GROUP; 1496 } else if ((principal != null) && principal.isUser()) { 1497 name = ((CmsUser)principal).getFullName(); 1498 ou = CmsOrganizationalUnit.getParentFqn(id); 1499 flags = CmsAccessControlEntry.ACCESS_FLAGS_USER; 1500 } else if ((id != null) && id.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID.toString())) { 1501 name = key(Messages.GUI_LABEL_ALLOTHERS_0); 1502 flags = CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS; 1503 } else if ((id != null) && id.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID.toString())) { 1504 name = key(Messages.GUI_LABEL_OVERWRITEALL_0); 1505 flags = CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL; 1506 } else { 1507 // check if it is the case of a role 1508 CmsRole role = CmsRole.valueOfId(entry.getPrincipal()); 1509 if (role != null) { 1510 name = role.getName(getLocale()); 1511 id = role.getRoleName(); 1512 flags = CmsAccessControlEntry.ACCESS_FLAGS_ROLE; 1513 } else { 1514 name = entry.getPrincipal().toString(); 1515 } 1516 } 1517 1518 if ((flags > 0) && ((entry.getFlags() & flags) == 0)) { 1519 // the flag is set to the wrong principal type 1520 if (LOG.isErrorEnabled()) { 1521 LOG.error(Messages.get().getBundle(getLocale()).key(Messages.ERR_INVALID_ACE_1, entry.toString())); 1522 } 1523 entry = new CmsAccessControlEntry( 1524 entry.getResource(), 1525 entry.getPrincipal(), 1526 entry.getAllowedPermissions(), 1527 entry.getDeniedPermissions(), 1528 (entry.getFlags() | flags)); 1529 } else if (entry.getFlags() < CmsAccessControlEntry.ACCESS_FLAGS_USER) { 1530 // the flag is set to NO principal type 1531 if (LOG.isErrorEnabled()) { 1532 LOG.error(Messages.get().getBundle(getLocale()).key(Messages.ERR_INVALID_ACE_1, entry.toString())); 1533 } 1534 entry = new CmsAccessControlEntry( 1535 entry.getResource(), 1536 entry.getPrincipal(), 1537 entry.getAllowedPermissions(), 1538 entry.getDeniedPermissions(), 1539 (entry.getFlags() | CmsAccessControlEntry.ACCESS_FLAGS_GROUP)); 1540 } 1541 1542 String type = getEntryType(entry.getFlags(), false); 1543 1544 if (id == null) { 1545 id = ""; 1546 } 1547 1548 // set the parameters for the hidden fields 1549 setParamType(type); 1550 setParamName(id); 1551 setParamUuid(entry.getPrincipal().toString()); 1552 1553 // set id value for html attributes 1554 String idValue = type + id + entry.getResource(); 1555 1556 // get the localized type label 1557 int typeInt = getEntryTypeInt(entry.getFlags()); 1558 String typeLocalized = UNKNOWN_TYPE; 1559 if (typeInt >= 0) { 1560 typeLocalized = getTypesLocalized()[typeInt]; 1561 } 1562 1563 // determine the right image to display 1564 String typeImg = getTypes(true)[0]; 1565 if (typeInt >= 0) { 1566 typeImg = getEntryType(entry.getFlags(), true).toLowerCase(); 1567 } 1568 1569 // get all permissions of the current entry 1570 CmsPermissionSet permissions = entry.getPermissions(); 1571 1572 // build String for disabled check boxes 1573 String disabled = ""; 1574 if (!editable || (typeInt < 0)) { 1575 disabled = " disabled=\"disabled\""; 1576 } 1577 1578 // build the heading 1579 if (!id.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID.toString())) { 1580 result.append(dialogRow(HTML_START)); 1581 if (extendedView) { 1582 // for extended view, add toggle symbol and link to output 1583 result.append("<a href=\"javascript:toggleDetail('").append(idValue).append("');\">"); 1584 result.append("<img src=\"").append(getSkinUri()).append( 1585 "commons/plus.png\" class=\"noborder\" id=\"ic-").append(idValue).append("\"></a>"); 1586 } else { 1587 result.append("<img src='").append(getSkinUri()).append( 1588 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 1589 } 1590 result.append("<img src=\"").append(getSkinUri()).append("commons/"); 1591 result.append(typeImg); 1592 result.append(".png\" class=\"noborder\" width=\"16\" height=\"16\" alt=\""); 1593 result.append(typeLocalized); 1594 result.append("\" title=\""); 1595 result.append(typeLocalized); 1596 result.append("\"> <span class=\"textbold\">"); 1597 result.append(name); 1598 result.append("</span>"); 1599 if (extendedView) { 1600 // for extended view, add short permissions 1601 result.append(" (").append(entry.getPermissions().getPermissionString()).append(")"); 1602 } 1603 try { 1604 if ((ou != null) 1605 && (OpenCms.getOrgUnitManager().getOrganizationalUnits(getCms(), "", true).size() > 1)) { 1606 result.append("<br>"); 1607 result.append("<img src='").append(getSkinUri()).append( 1608 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 1609 result.append("<img src='").append(getSkinUri()).append( 1610 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 1611 result.append(" "); 1612 try { 1613 result.append( 1614 OpenCms.getOrgUnitManager().readOrganizationalUnit(getCms(), ou).getDisplayName( 1615 getLocale())); 1616 } catch (CmsException e) { 1617 result.append(ou); 1618 } 1619 } 1620 } catch (CmsException e) { 1621 // should never happen 1622 if (LOG.isInfoEnabled()) { 1623 LOG.info(e.getLocalizedMessage()); 1624 } 1625 } 1626 result.append(dialogRow(HTML_END)); 1627 if (extendedView) { 1628 // show the resource from which the ace is inherited if present 1629 if (CmsStringUtil.isNotEmptyOrWhitespaceOnly(inheritRes)) { 1630 result.append("<div class=\"dialogpermissioninherit\">"); 1631 result.append("<img src='").append(getSkinUri()).append( 1632 "explorer/project_none.gif' class='noborder' width='16' height='16' >"); 1633 result.append(" "); 1634 result.append(key(Messages.GUI_PERMISSION_INHERITED_FROM_1, new Object[] {inheritRes})); 1635 result.append("</div>\n"); 1636 } 1637 result.append("<div id =\"").append(idValue).append("\" class=\"hide\">"); 1638 } 1639 result.append("<table class=\"dialogpermissiondetails\">\n"); 1640 1641 // build the form depending on the editable flag 1642 if (editable) { 1643 result.append("<form action=\"").append(getDialogUri()).append( 1644 "\" method=\"post\" class=\"nomargin\" name=\"set").append(idValue).append("\">\n"); 1645 // set parameters to show correct hidden input fields 1646 setParamAction(DIALOG_SET); 1647 result.append(paramsAsHidden()); 1648 } else { 1649 result.append("<form class=\"nomargin\">\n"); 1650 } 1651 1652 // build headings for permission descriptions 1653 result.append("<tr>\n"); 1654 result.append("\t<td class=\"dialogpermissioncell\"><span class=\"textbold\" unselectable=\"on\">"); 1655 result.append(key(Messages.GUI_PERMISSION_0)).append("</span></td>\n"); 1656 result.append( 1657 "\t<td class=\"dialogpermissioncell textcenter\"><span class=\"textbold\" unselectable=\"on\">"); 1658 result.append(key(Messages.GUI_PERMISSION_ALLOWED_0)).append("</span></td>\n"); 1659 result.append( 1660 "\t<td class=\"dialogpermissioncell textcenter\"><span class=\"textbold\" unselectable=\"on\">"); 1661 result.append(key(Messages.GUI_PERMISSION_DENIED_0)).append("</span></td>\n"); 1662 result.append("</tr>"); 1663 1664 Iterator<String> i = m_permissionKeys.iterator(); 1665 1666 // show all possible permissions in the form 1667 while (i.hasNext()) { 1668 String key = i.next(); 1669 int value = CmsPermissionSet.getPermissionValue(key); 1670 String keyMessage = key(key); 1671 result.append("<tr>\n"); 1672 result.append("\t<td class=\"dialogpermissioncell\">").append(keyMessage).append("</td>\n"); 1673 result.append("\t<td class=\"dialogpermissioncell textcenter\"><input type=\"checkbox\" name=\""); 1674 result.append(value).append(PERMISSION_ALLOW).append("\" value=\"").append(value).append("\"").append( 1675 disabled); 1676 if (isAllowed(permissions, value)) { 1677 result.append(" checked=\"checked\""); 1678 } 1679 result.append("></td>\n"); 1680 result.append("\t<td class=\"dialogpermissioncell textcenter\"><input type=\"checkbox\" name=\""); 1681 result.append(value).append(PERMISSION_DENY).append("\" value=\"").append(value).append("\"").append( 1682 disabled); 1683 if (isDenied(permissions, value)) { 1684 result.append(" checked=\"checked\""); 1685 } 1686 result.append("></td>\n"); 1687 result.append("</tr>\n"); 1688 } 1689 1690 // show overwrite check box and buttons only for editable entries 1691 if (editable) { 1692 // do not show the responsible option for the 'all others' ace 1693 if (!id.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID.toString())) { 1694 // show owner check box 1695 result.append("<tr>\n"); 1696 result.append("\t<td class=\"dialogpermissioncell\">").append( 1697 key(Messages.GUI_LABEL_RESPONSIBLE_0)).append("</td>\n"); 1698 result.append("\t<td class=\"dialogpermissioncell textcenter\">"); 1699 result.append("<input type=\"checkbox\" name=\"").append(PARAM_RESPONSIBLE).append( 1700 "\" value=\"true\"").append(disabled); 1701 if (isResponsible(entry.getFlags())) { 1702 result.append(" checked=\"checked\""); 1703 } 1704 result.append("></td>\n"); 1705 result.append("\t<td class=\"dialogpermissioncell\"> </td>\n"); 1706 result.append("</tr>\n"); 1707 } 1708 // show overwrite inherited check box 1709 result.append("<tr>\n"); 1710 result.append("\t<td class=\"dialogpermissioncell\">").append( 1711 key(Messages.GUI_PERMISSION_OVERWRITE_INHERITED_0)).append("</td>\n"); 1712 result.append("\t<td class=\"dialogpermissioncell textcenter\">"); 1713 result.append("<input type=\"checkbox\" name=\"").append(PARAM_OVERWRITEINHERITED).append( 1714 "\" value=\"true\"").append(disabled); 1715 if (isOverWritingInherited(entry.getFlags())) { 1716 result.append(" checked=\"checked\""); 1717 } 1718 result.append("></td>\n"); 1719 result.append("\t<td class=\"dialogpermissioncell\"> </td>\n"); 1720 result.append("</tr>\n"); 1721 1722 // show inherit permissions check box on folders 1723 if (getInheritOption()) { 1724 result.append("<tr>\n"); 1725 result.append("\t<td class=\"dialogpermissioncell\">").append( 1726 key(Messages.GUI_PERMISSION_INHERIT_ON_SUBFOLDERS_0)).append("</td>\n"); 1727 result.append("\t<td class=\"dialogpermissioncell textcenter\">"); 1728 result.append("<input type=\"checkbox\" name=\"").append(PARAM_INHERIT).append( 1729 "\" value=\"true\"").append(disabled); 1730 if (entry.isInheriting()) { 1731 result.append(" checked=\"checked\""); 1732 } 1733 result.append("></td>\n"); 1734 result.append("\t<td class=\"dialogpermissioncell\"> </td>\n"); 1735 result.append("</tr>\n"); 1736 } 1737 1738 // show "set" and "delete" buttons 1739 result.append("<tr>\n"); 1740 result.append("\t<td> </td>\n"); 1741 result.append( 1742 "\t<td class=\"textcenter\"><input class=\"dialogbutton\" type=\"submit\" value=\"").append( 1743 key(Messages.GUI_LABEL_SET_0)).append("\"></form></td>\n"); 1744 result.append("\t<td class=\"textcenter\">\n"); 1745 // build the form for the "delete" button 1746 result.append("\t\t<form class=\"nomargin\" action=\"").append(getDialogUri()).append( 1747 "\" method=\"post\" name=\"delete").append(idValue).append("\">\n"); 1748 // set parameters to show correct hidden input fields 1749 setParamAction(DIALOG_DELETE); 1750 result.append(paramsAsHidden()); 1751 result.append("\t\t<input class=\"dialogbutton\" type=\"submit\" value=\"").append( 1752 key(Messages.GUI_LABEL_DELETE_0)).append("\">\n"); 1753 result.append("\t\t</form>\n"); 1754 result.append("\t</td>\n"); 1755 result.append("</tr>\n"); 1756 } else { 1757 // close the form 1758 result.append("</form>\n"); 1759 } 1760 1761 result.append("</table>\n"); 1762 if (extendedView) { 1763 // close the hidden div for extended view 1764 result.append("</div>"); 1765 } 1766 } else { 1767 result.append(dialogRow(HTML_START)); 1768 1769 result.append("<table style='margin-left: 13px;' class=\"dialogpermissiondetails\">\n"); 1770 // build headings for permission descriptions 1771 result.append("<tr>\n"); 1772 result.append("\t<td style=\"width: 280px;\"><span class=\"textbold\" unselectable=\"on\">"); 1773 1774 result.append("<img src=\"").append(getSkinUri()).append("commons/"); 1775 result.append(typeImg); 1776 result.append(".png\" class=\"noborder\" width=\"16\" height=\"16\" alt=\""); 1777 result.append(typeLocalized); 1778 result.append("\" title=\""); 1779 result.append(typeLocalized); 1780 result.append("\"> <span class=\"textbold\">"); 1781 result.append(name); 1782 result.append("</span></td>\n"); 1783 result.append( 1784 "\t<td class=\"dialogpermissioncell textcenter\"><span class=\"textbold\" unselectable=\"on\">"); 1785 if (editable) { 1786 // build the form for the "delete" button 1787 result.append("\t\t<form class=\"nomargin\" action=\"").append(getDialogUri()).append( 1788 "\" method=\"post\" name=\"delete").append(idValue).append("\">\n"); 1789 // set parameters to show correct hidden input fields 1790 setParamAction(DIALOG_DELETE); 1791 result.append(paramsAsHidden()); 1792 result.append("\t\t<input class=\"dialogbutton\" type=\"submit\" value=\"").append( 1793 key(Messages.GUI_LABEL_DELETE_0)).append("\">\n"); 1794 result.append("\t\t</form>\n"); 1795 } 1796 result.append("</td>\n"); 1797 result.append("</tr>"); 1798 result.append("</table>\n"); 1799 result.append(dialogRow(HTML_END)); 1800 1801 } 1802 return result; 1803 } 1804 1805 /** 1806 * @see #buildPermissionEntryForm(CmsAccessControlEntry, boolean, boolean, String) 1807 * 1808 * @param id the UUID of the principal of the permission set 1809 * @param curSet the current permission set 1810 * @param editable boolean to determine if the form is editable 1811 * @param extendedView boolean to determine if the view is selectable with DHTML 1812 * @return String with HTML code of the form 1813 */ 1814 private StringBuffer buildPermissionEntryForm( 1815 CmsUUID id, 1816 CmsPermissionSet curSet, 1817 boolean editable, 1818 boolean extendedView) { 1819 1820 String fileName = getParamResource(); 1821 int flags = 0; 1822 try { 1823 I_CmsPrincipal p; 1824 try { 1825 p = CmsPrincipal.readPrincipalIncludingHistory(getCms(), id); 1826 } catch (CmsException e) { 1827 p = null; 1828 } 1829 if ((p != null) && p.isGroup()) { 1830 flags = CmsAccessControlEntry.ACCESS_FLAGS_GROUP; 1831 } else if ((p != null) && p.isUser()) { 1832 flags = CmsAccessControlEntry.ACCESS_FLAGS_USER; 1833 } else if ((p == null) && id.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID)) { 1834 flags = CmsAccessControlEntry.ACCESS_FLAGS_ALLOTHERS; 1835 } else if ((p == null) && id.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { 1836 flags = CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE_ALL; 1837 } else { 1838 // check if it is the case of a role 1839 CmsRole role = CmsRole.valueOfId(id); 1840 if (role != null) { 1841 flags = CmsAccessControlEntry.ACCESS_FLAGS_ROLE; 1842 } 1843 } 1844 1845 CmsResource res = getCms().readResource(fileName, CmsResourceFilter.ALL); 1846 CmsAccessControlEntry entry = new CmsAccessControlEntry(res.getResourceId(), id, curSet, flags); 1847 return buildPermissionEntryForm(entry, editable, extendedView, null); 1848 } catch (CmsException e) { 1849 // can usually be ignored 1850 if (LOG.isInfoEnabled()) { 1851 LOG.info(e.getLocalizedMessage()); 1852 } 1853 return new StringBuffer(""); 1854 } 1855 } 1856 1857 /** 1858 * Returns the actual real permissions (including role, and any other special check) for the current user.<p> 1859 * 1860 * @return the actual real permissions for the current user 1861 * 1862 * @throws CmsException if something goes wrong 1863 */ 1864 private CmsPermissionSet buildPermissionsForCurrentUser() throws CmsException { 1865 1866 CmsResourceUtil resUtil = new CmsResourceUtil( 1867 getCms(), 1868 getCms().readResource(getParamResource(), CmsResourceFilter.ALL)); 1869 return resUtil.getPermissionSet(); 1870 } 1871 1872 /** 1873 * Builds a StringBuffer with HTML code for the access control entries of a resource.<p> 1874 * 1875 * @param entries all access control entries for the resource 1876 * @return StringBuffer with HTML code for all entries 1877 */ 1878 private StringBuffer buildResourceList(ArrayList<CmsAccessControlEntry> entries) { 1879 1880 StringBuffer result = new StringBuffer(256); 1881 Iterator<CmsAccessControlEntry> i = entries.iterator(); 1882 boolean hasEntries = i.hasNext(); 1883 1884 if (hasEntries || !getInheritOption()) { 1885 // create headline for resource entries 1886 result.append(dialogSubheadline(key(Messages.GUI_PERMISSION_TITLE_0))); 1887 } 1888 1889 // create the internal form 1890 result.append(buildInternalForm()); 1891 1892 if (hasEntries) { 1893 // only create output if entries are present 1894 result.append(dialogSpacer()); 1895 // open white box 1896 result.append(dialogWhiteBox(HTML_START)); 1897 1898 // list all entries 1899 while (i.hasNext()) { 1900 CmsAccessControlEntry curEntry = i.next(); 1901 result.append(buildPermissionEntryForm(curEntry, getEditable(), false, null)); 1902 if (i.hasNext()) { 1903 result.append(dialogSeparator()); 1904 } 1905 } 1906 1907 // close white box 1908 result.append(dialogWhiteBox(HTML_END)); 1909 } 1910 return result; 1911 } 1912 1913 /** 1914 * Returns if the requested resource if blocking locked.<p> 1915 * 1916 * @return <code>true</code> if the resource is blocking locked 1917 */ 1918 private boolean isBlockingLocked() { 1919 1920 boolean result = true; 1921 CmsLockFilter blockingFilter = CmsLockFilter.FILTER_ALL; 1922 blockingFilter = blockingFilter.filterNotLockableByUser(getCms().getRequestContext().getCurrentUser()); 1923 try { 1924 List<String> blocking = getCms().getLockedResources(getParamResource(), blockingFilter); 1925 result = blocking.size() > 0; 1926 } catch (CmsException e) { 1927 if (LOG.isDebugEnabled()) { 1928 LOG.debug(e.getLocalizedMessage(), e); 1929 } 1930 } 1931 return result; 1932 } 1933 1934 /** 1935 * Checks if the current user has the vfs manager role for the current select resource.<p> 1936 * 1937 * @return <code>true</code> if the current user has the vfs manager role for the current select resource 1938 */ 1939 private boolean isRoleEditable() { 1940 1941 CmsObject cms = getCms(); 1942 String path = getParamResource(); 1943 return CmsWorkplace.canEditPermissionsForRoles(cms, path); 1944 1945 } 1946}