com.arsdigita.cms
Class SecurityManager

java.lang.Object
  extended bycom.arsdigita.cms.SecurityManager
All Implemented Interfaces:
com.arsdigita.toolbox.Security, SecurityConstants

public class SecurityManager
extends Object
implements com.arsdigita.toolbox.Security, SecurityConstants

Security class used for checking and granting privileges in CMS.

Version:
$Revision: #23 $ $DateTime: 2004/04/07 16:07:11 $
Author:
Michael Pih

Field Summary
static com.arsdigita.kernel.permissions.PrivilegeDescriptor CMS_PREVIEW_ITEM_DESCRIPTOR
           
static String versionId
           
 
Fields inherited from interface com.arsdigita.cms.util.SecurityConstants
ADMIN_PAGES, APPLY_ALTERNATE_WORKFLOWS, APPLY_WORKFLOW, CATEGORIZE_ITEMS, CATEGORY_ADMIN, CMS_APPLY_ALTERNATE_WORKFLOWS, CMS_CATEGORIZE_ITEMS, CMS_CATEGORY_ADMIN, CMS_CONTENT_TYPE_ADMIN, CMS_DELETE_ITEM, CMS_EDIT_ITEM, CMS_ITEM_ADMIN, CMS_LIFECYCLE_ADMIN, CMS_NEW_ITEM, CMS_PREVIEW_ITEM, CMS_PUBLISH, CMS_READ_ITEM, CMS_STAFF_ADMIN, CMS_WORKFLOW_ADMIN, CONTENT_TYPE_ADMIN, DELETE_IMAGES, DELETE_ITEM, EDIT_ITEM, LIFECYCLE_ADMIN, NEW_ITEM, PREVIEW_PAGES, PUBLIC_PAGES, PUBLISH, SCHEDULE_PUBLICATION, STAFF_ADMIN, WORKFLOW_ADMIN
 
Constructor Summary
SecurityManager(ContentSection section)
           
 
Method Summary
 boolean canAccess(javax.servlet.http.HttpServletRequest request, String action)
          Determine whether the current user has access to a particular action.
 boolean canAccess(javax.servlet.http.HttpServletRequest request, String action, ContentItem item)
           
 boolean canAccess(com.arsdigita.kernel.Party party, String action)
          Determine whether a party has access to a particular action.
 boolean canAccess(String action)
           
 boolean canAccess(com.arsdigita.kernel.User user, String action, ContentItem item)
           
protected  boolean canAdministerCategories(com.arsdigita.kernel.Party party)
           
protected  boolean canAdministerContentTypes(com.arsdigita.kernel.Party party)
           
protected  boolean canAdministerLifecycles(com.arsdigita.kernel.Party party)
          Checking privileges.
protected  boolean canAdministerRoles(com.arsdigita.kernel.Party party)
           
protected  boolean canAdministerRoles(com.arsdigita.kernel.Party party, ContentItem item)
           
protected  boolean canAdministerWorkflow(com.arsdigita.kernel.Party party)
           
protected  boolean canApplyAlternateWorkflows(com.arsdigita.kernel.Party party)
           
protected  boolean canApplyAlternateWorkflows(com.arsdigita.kernel.User user, ContentItem item)
           
protected  boolean canApplyWorkflow(com.arsdigita.kernel.User user, ContentItem item)
          Check if:
protected  boolean canCreateItems(com.arsdigita.kernel.Party party)
           
protected  boolean canCreateItems(com.arsdigita.kernel.User user, ContentItem item)
           
protected  boolean canDeleteImages(com.arsdigita.kernel.Party party)
          Returns true if the specified user has the CMS_ITEM_ADMIN permission on the current content item.
protected  boolean canDeleteItem(com.arsdigita.kernel.User user, ContentItem item)
          Check if the user has CMS_DELETE_ITEM privelege.
protected  boolean canEditItem(com.arsdigita.kernel.User user, ContentItem item)
          Check if:
protected  boolean canPublishItems(com.arsdigita.kernel.Party party)
           
protected  boolean canPublishItems(com.arsdigita.kernel.Party party, ContentItem item)
           
protected  boolean canSchedulePublication(com.arsdigita.kernel.User user, ContentItem item)
          Check if:
protected  boolean canViewAdminPages(com.arsdigita.kernel.Party party)
          Returns true if the specified party has the READ permission on the current content section.
protected  boolean canViewPreviewPages(com.arsdigita.kernel.Party party)
          Returns true if the specified user has the CMS_PREVIEW_ITEM permission on the current content section.
protected  boolean canViewPreviewPages(com.arsdigita.kernel.User user, ContentItem item)
          Returns true if the specified user has the CMS_PREVIEW_ITEM permission on the current content item.
protected  boolean canViewPublicPages(com.arsdigita.kernel.Party party)
          Returns true if the specified user has the CMS_READ_ITEM permission on the current content section.
protected  boolean canViewPublicPages(com.arsdigita.kernel.User user, ContentItem item)
          Returns true if the specified user has the CMS_READ_ITEM permission on the current content item.
static void requireSignIn(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Redirects the user to the login page if not already signed in, setting the return url to the current request URI.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

versionId

public static final String versionId
See Also:
Constant Field Values

CMS_PREVIEW_ITEM_DESCRIPTOR

public static final com.arsdigita.kernel.permissions.PrivilegeDescriptor CMS_PREVIEW_ITEM_DESCRIPTOR
Constructor Detail

SecurityManager

public SecurityManager(ContentSection section)
Method Detail

canAccess

public final boolean canAccess(String action)

canAccess

public boolean canAccess(com.arsdigita.kernel.Party party,
                         String action)
Determine whether a party has access to a particular action.

Specified by:
canAccess in interface com.arsdigita.toolbox.Security
Parameters:
party - The party
action - The action
Returns:
true if the party has access, false otherwise

canAccess

public boolean canAccess(javax.servlet.http.HttpServletRequest request,
                         String action)
Determine whether the current user has access to a particular action.

Parameters:
request - The HTTP request
action - The action
Returns:
true if the logged-in user has access, false otherwise

canAccess

public boolean canAccess(com.arsdigita.kernel.User user,
                         String action,
                         ContentItem item)

canAccess

public boolean canAccess(javax.servlet.http.HttpServletRequest request,
                         String action,
                         ContentItem item)

canAdministerLifecycles

protected boolean canAdministerLifecycles(com.arsdigita.kernel.Party party)
Checking privileges.


canAdministerWorkflow

protected boolean canAdministerWorkflow(com.arsdigita.kernel.Party party)

canAdministerRoles

protected boolean canAdministerRoles(com.arsdigita.kernel.Party party)

canAdministerRoles

protected boolean canAdministerRoles(com.arsdigita.kernel.Party party,
                                     ContentItem item)

canAdministerContentTypes

protected boolean canAdministerContentTypes(com.arsdigita.kernel.Party party)

canAdministerCategories

protected boolean canAdministerCategories(com.arsdigita.kernel.Party party)

canPublishItems

protected boolean canPublishItems(com.arsdigita.kernel.Party party)

canPublishItems

protected boolean canPublishItems(com.arsdigita.kernel.Party party,
                                  ContentItem item)

canCreateItems

protected boolean canCreateItems(com.arsdigita.kernel.Party party)

canCreateItems

protected boolean canCreateItems(com.arsdigita.kernel.User user,
                                 ContentItem item)

canApplyAlternateWorkflows

protected boolean canApplyAlternateWorkflows(com.arsdigita.kernel.Party party)

canApplyAlternateWorkflows

protected boolean canApplyAlternateWorkflows(com.arsdigita.kernel.User user,
                                             ContentItem item)

canViewPublicPages

protected boolean canViewPublicPages(com.arsdigita.kernel.Party party)
Returns true if the specified user has the CMS_READ_ITEM permission on the current content section. False otherwise.


canViewPublicPages

protected boolean canViewPublicPages(com.arsdigita.kernel.User user,
                                     ContentItem item)
Returns true if the specified user has the CMS_READ_ITEM permission on the current content item. False otherwise. For now, just call the section-specific version. Must modify when we implement folder-level permissions.


canViewPreviewPages

protected boolean canViewPreviewPages(com.arsdigita.kernel.Party party)
Returns true if the specified user has the CMS_PREVIEW_ITEM permission on the current content section. False otherwise.


canViewPreviewPages

protected boolean canViewPreviewPages(com.arsdigita.kernel.User user,
                                      ContentItem item)
Returns true if the specified user has the CMS_PREVIEW_ITEM permission on the current content item. False otherwise. For now, just call the section-specific version. Must modify when we implement folder-level permissions.


canViewAdminPages

protected boolean canViewAdminPages(com.arsdigita.kernel.Party party)
Returns true if the specified party has the READ permission on the current content section. False otherwise.


canDeleteImages

protected boolean canDeleteImages(com.arsdigita.kernel.Party party)
Returns true if the specified user has the CMS_ITEM_ADMIN permission on the current content item. False otherwise.


canEditItem

protected boolean canEditItem(com.arsdigita.kernel.User user,
                              ContentItem item)

Check if:

Parameters:
user - The user
item - The content item
Returns:
true if the user is allowed to edit an item, false otherwise

canSchedulePublication

protected boolean canSchedulePublication(com.arsdigita.kernel.User user,
                                         ContentItem item)

Check if:

Parameters:
user - The user
item - The content item
Returns:
true if the user is allowed to edit an item, false otherwise

canDeleteItem

protected boolean canDeleteItem(com.arsdigita.kernel.User user,
                                ContentItem item)
Check if the user has CMS_DELETE_ITEM privelege.

Parameters:
user - The user
item - The content item
Returns:
true if the user is allowed to edit an item, false otherwise

canApplyWorkflow

protected boolean canApplyWorkflow(com.arsdigita.kernel.User user,
                                   ContentItem item)

Check if:

Parameters:
user - The user
item - The content item
Returns:
true if the user is allowed to apply a workflow to the item, false otherwise

requireSignIn

public static void requireSignIn(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)
                          throws IOException,
                                 javax.servlet.ServletException
Redirects the user to the login page if not already signed in, setting the return url to the current request URI.

Throws:
javax.servlet.ServletException - If there is an exception thrown while trying to redirect, wrap that exception in a ServletException
IOException


Copyright (c) 2004 Red Hat, Inc. Corporation. All Rights Reserved. Generated at July 21 2004:2352 UTC