0001: /*
0002: * File : $Source: /usr/local/cvs/opencms/src/org/opencms/db/CmsSecurityManager.java,v $
0003: * Date : $Date: 2008-02-27 14:44:57 $
0004: * Version: $Revision: 1.115 $
0005: *
0006: * This library is part of OpenCms -
0007: * the Open Source Content Management System
0008: *
0009: * Copyright (c) 2002 - 2008 Alkacon Software GmbH (http://www.alkacon.com)
0010: *
0011: * This library is free software; you can redistribute it and/or
0012: * modify it under the terms of the GNU Lesser General Public
0013: * License as published by the Free Software Foundation; either
0014: * version 2.1 of the License, or (at your option) any later version.
0015: *
0016: * This library is distributed in the hope that it will be useful,
0017: * but WITHOUT ANY WARRANTY; without even the implied warranty of
0018: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0019: * Lesser General Public License for more details.
0020: *
0021: * For further information about Alkacon Software GmbH, please see the
0022: * company website: http://www.alkacon.com
0023: *
0024: * For further information about OpenCms, please see the
0025: * project website: http://www.opencms.org
0026: *
0027: * You should have received a copy of the GNU Lesser General Public
0028: * License along with this library; if not, write to the Free Software
0029: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
0030: */
0031:
0032: package org.opencms.db;
0033:
0034: import org.opencms.configuration.CmsConfigurationManager;
0035: import org.opencms.configuration.CmsSystemConfiguration;
0036: import org.opencms.file.CmsDataAccessException;
0037: import org.opencms.file.CmsFile;
0038: import org.opencms.file.CmsFolder;
0039: import org.opencms.file.CmsGroup;
0040: import org.opencms.file.CmsObject;
0041: import org.opencms.file.CmsProject;
0042: import org.opencms.file.CmsProperty;
0043: import org.opencms.file.CmsPropertyDefinition;
0044: import org.opencms.file.CmsRequestContext;
0045: import org.opencms.file.CmsResource;
0046: import org.opencms.file.CmsResourceFilter;
0047: import org.opencms.file.CmsUser;
0048: import org.opencms.file.CmsVfsException;
0049: import org.opencms.file.CmsVfsResourceAlreadyExistsException;
0050: import org.opencms.file.CmsVfsResourceNotFoundException;
0051: import org.opencms.file.history.CmsHistoryPrincipal;
0052: import org.opencms.file.history.CmsHistoryProject;
0053: import org.opencms.file.history.I_CmsHistoryResource;
0054: import org.opencms.i18n.CmsMessageContainer;
0055: import org.opencms.lock.CmsLock;
0056: import org.opencms.lock.CmsLockException;
0057: import org.opencms.lock.CmsLockFilter;
0058: import org.opencms.lock.CmsLockManager;
0059: import org.opencms.lock.CmsLockType;
0060: import org.opencms.main.CmsException;
0061: import org.opencms.main.CmsIllegalArgumentException;
0062: import org.opencms.main.CmsInitException;
0063: import org.opencms.main.CmsLog;
0064: import org.opencms.main.CmsMultiException;
0065: import org.opencms.main.OpenCms;
0066: import org.opencms.publish.CmsPublishEngine;
0067: import org.opencms.relations.CmsRelationFilter;
0068: import org.opencms.relations.CmsRelationType;
0069: import org.opencms.report.I_CmsReport;
0070: import org.opencms.security.CmsAccessControlEntry;
0071: import org.opencms.security.CmsAccessControlList;
0072: import org.opencms.security.CmsDefaultPermissionHandler;
0073: import org.opencms.security.CmsOrganizationalUnit;
0074: import org.opencms.security.CmsPermissionSet;
0075: import org.opencms.security.CmsPermissionSetCustom;
0076: import org.opencms.security.CmsPermissionViolationException;
0077: import org.opencms.security.CmsRole;
0078: import org.opencms.security.CmsRoleViolationException;
0079: import org.opencms.security.CmsSecurityException;
0080: import org.opencms.security.I_CmsPermissionHandler;
0081: import org.opencms.security.I_CmsPrincipal;
0082: import org.opencms.util.CmsFileUtil;
0083: import org.opencms.util.CmsStringUtil;
0084: import org.opencms.util.CmsUUID;
0085:
0086: import java.util.ArrayList;
0087: import java.util.Collections;
0088: import java.util.Date;
0089: import java.util.HashSet;
0090: import java.util.Iterator;
0091: import java.util.List;
0092: import java.util.Map;
0093: import java.util.Set;
0094:
0095: import org.apache.commons.logging.Log;
0096:
0097: /**
0098: * The OpenCms security manager.<p>
0099: *
0100: * The security manager checks the permissions required for a user action invoke by the Cms object. If permissions
0101: * are granted, the security manager invokes a method on the OpenCms driver manager to access the database.<p>
0102: *
0103: * @author Thomas Weckert
0104: * @author Michael Moossen
0105: *
0106: * @since 6.0.0
0107: */
0108: public final class CmsSecurityManager {
0109:
0110: /** The log object for this class. */
0111: private static final Log LOG = CmsLog
0112: .getLog(CmsSecurityManager.class);
0113:
0114: /** The factory to create runtime info objects. */
0115: protected I_CmsDbContextFactory m_dbContextFactory;
0116:
0117: /** The initialized OpenCms driver manager to access the database. */
0118: protected CmsDriverManager m_driverManager;
0119:
0120: /** The lock manager. */
0121: private CmsLockManager m_lockManager;
0122:
0123: /** Permission handler implementation. */
0124: private I_CmsPermissionHandler m_permissionHandler;
0125:
0126: /**
0127: * Default constructor.<p>
0128: */
0129: private CmsSecurityManager() {
0130:
0131: // intentionally left blank
0132: }
0133:
0134: /**
0135: * Creates a new instance of the OpenCms security manager.<p>
0136: *
0137: * @param configurationManager the configuration manager
0138: * @param runtimeInfoFactory the initialized OpenCms runtime info factory
0139: * @param publishEngine the publish engine
0140: *
0141: * @return a new instance of the OpenCms security manager
0142: *
0143: * @throws CmsInitException if the security manager could not be initialized
0144: */
0145: public static CmsSecurityManager newInstance(
0146: CmsConfigurationManager configurationManager,
0147: I_CmsDbContextFactory runtimeInfoFactory,
0148: CmsPublishEngine publishEngine) throws CmsInitException {
0149:
0150: if (OpenCms.getRunLevel() > OpenCms.RUNLEVEL_2_INITIALIZING) {
0151: // OpenCms is already initialized
0152: throw new CmsInitException(
0153: org.opencms.main.Messages
0154: .get()
0155: .container(
0156: org.opencms.main.Messages.ERR_ALREADY_INITIALIZED_0));
0157: }
0158:
0159: CmsSecurityManager securityManager = new CmsSecurityManager();
0160: securityManager.init(configurationManager, runtimeInfoFactory,
0161: publishEngine);
0162:
0163: return securityManager;
0164: }
0165:
0166: /**
0167: * Adds a new relation to a given resource.<p>
0168: *
0169: * @param context the request context
0170: * @param resource the resource to add the relation to
0171: * @param target the target of the relation
0172: * @param type the type of the relation
0173: * @param importCase if importing relations
0174: *
0175: * @throws CmsException if something goes wrong
0176: *
0177: * @see #deleteRelationsForResource(CmsRequestContext, CmsResource, CmsRelationFilter)
0178: * @see CmsObject#addRelationToResource(String, String, String)
0179: */
0180: public void addRelationToResource(CmsRequestContext context,
0181: CmsResource resource, CmsResource target,
0182: CmsRelationType type, boolean importCase)
0183: throws CmsException {
0184:
0185: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0186: try {
0187: checkOfflineProject(dbc);
0188: checkPermissions(dbc, resource,
0189: CmsPermissionSet.ACCESS_WRITE, true,
0190: CmsResourceFilter.ALL);
0191: m_driverManager.addRelationToResource(dbc, resource,
0192: target, type, importCase);
0193: } catch (Exception e) {
0194: dbc.report(null, Messages.get().container(
0195: Messages.ERR_ADD_RELATION_TO_RESOURCE_3,
0196: context.getSitePath(resource),
0197: context.getSitePath(target), type), e);
0198:
0199: } finally {
0200: dbc.clear();
0201: }
0202: }
0203:
0204: /**
0205: * Adds a resource to the given organizational unit.<p>
0206: *
0207: * @param context the current request context
0208: * @param orgUnit the organizational unit to add the resource to
0209: * @param resource the resource that is to be added to the organizational unit
0210: *
0211: * @throws CmsException if something goes wrong
0212: *
0213: * @see org.opencms.security.CmsOrgUnitManager#addResourceToOrgUnit(CmsObject, String, String)
0214: * @see org.opencms.security.CmsOrgUnitManager#removeResourceFromOrgUnit(CmsObject, String, String)
0215: */
0216: public void addResourceToOrgUnit(CmsRequestContext context,
0217: CmsOrganizationalUnit orgUnit, CmsResource resource)
0218: throws CmsException {
0219:
0220: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0221: try {
0222: checkOfflineProject(dbc);
0223: checkRole(dbc, CmsRole.ADMINISTRATOR.forOrgUnit(orgUnit
0224: .getName()));
0225: m_driverManager
0226: .addResourceToOrgUnit(dbc, orgUnit, resource);
0227: } catch (Exception e) {
0228: dbc.report(null, Messages.get().container(
0229: Messages.ERR_ADD_RESOURCE_TO_ORGUNIT_2,
0230: orgUnit.getName(),
0231: dbc.removeSiteRoot(resource.getRootPath())), e);
0232: } finally {
0233: dbc.clear();
0234: }
0235: }
0236:
0237: /**
0238: * Adds a user to a group.<p>
0239: *
0240: * @param context the current request context
0241: * @param username the name of the user that is to be added to the group
0242: * @param groupname the name of the group
0243: * @param readRoles if reading roles or groups
0244: *
0245: * @throws CmsException if operation was not successful
0246: */
0247: public void addUserToGroup(CmsRequestContext context,
0248: String username, String groupname, boolean readRoles)
0249: throws CmsException {
0250:
0251: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0252: try {
0253: CmsRole role = CmsRole.ACCOUNT_MANAGER
0254: .forOrgUnit(getParentOrganizationalUnit(username));
0255: checkRoleForUserModification(dbc, username, role);
0256: m_driverManager.addUserToGroup(dbc, CmsOrganizationalUnit
0257: .removeLeadingSeparator(username),
0258: CmsOrganizationalUnit
0259: .removeLeadingSeparator(groupname),
0260: readRoles);
0261: } catch (Exception e) {
0262: dbc.report(null, Messages.get().container(
0263: Messages.ERR_ADD_USER_GROUP_FAILED_2, username,
0264: groupname), e);
0265: } finally {
0266: dbc.clear();
0267: }
0268: }
0269:
0270: /**
0271: * Changes the lock of a resource to the current user, that is "steals" the lock from another user.<p>
0272: *
0273: * @param context the current request context
0274: * @param resource the resource to change the lock for
0275: *
0276: * @throws CmsException if something goes wrong
0277: *
0278: * @see org.opencms.file.types.I_CmsResourceType#changeLock(CmsObject, CmsSecurityManager, CmsResource)
0279: */
0280: public void changeLock(CmsRequestContext context,
0281: CmsResource resource) throws CmsException {
0282:
0283: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0284: checkOfflineProject(dbc);
0285: try {
0286: m_driverManager.changeLock(dbc, resource,
0287: CmsLockType.EXCLUSIVE);
0288: } catch (Exception e) {
0289: dbc.report(null, Messages.get().container(
0290: Messages.ERR_CHANGE_LOCK_OF_RESOURCE_2,
0291: context.getSitePath(resource),
0292: " - " + e.getMessage()), e);
0293: } finally {
0294: dbc.clear();
0295: }
0296: }
0297:
0298: /**
0299: * Returns a list with all sub resources of a given folder that have set the given property,
0300: * matching the current property's value with the given old value and replacing it by a given new value.<p>
0301: *
0302: * @param context the current request context
0303: * @param resource the resource on which property definition values are changed
0304: * @param propertyDefinition the name of the property definition to change the value
0305: * @param oldValue the old value of the property definition
0306: * @param newValue the new value of the property definition
0307: * @param recursive if true, change recursively all property values on sub-resources (only for folders)
0308: *
0309: * @return a list with the <code>{@link CmsResource}</code>'s where the property value has been changed
0310: *
0311: * @throws CmsVfsException for now only when the search for the old value fails
0312: * @throws CmsException if operation was not successful
0313: */
0314: public synchronized List changeResourcesInFolderWithProperty(
0315: CmsRequestContext context, CmsResource resource,
0316: String propertyDefinition, String oldValue,
0317: String newValue, boolean recursive) throws CmsException,
0318: CmsVfsException {
0319:
0320: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0321: List result = null;
0322: try {
0323: result = m_driverManager
0324: .changeResourcesInFolderWithProperty(dbc, resource,
0325: propertyDefinition, oldValue, newValue,
0326: recursive);
0327: } catch (Exception e) {
0328: dbc
0329: .report(
0330: null,
0331: Messages
0332: .get()
0333: .container(
0334: Messages.ERR_CHANGE_RESOURCES_IN_FOLDER_WITH_PROP_4,
0335: new Object[] {
0336: propertyDefinition,
0337: oldValue,
0338: newValue,
0339: context
0340: .getSitePath(resource) }),
0341: e);
0342: } finally {
0343: dbc.clear();
0344: }
0345: return result;
0346: }
0347:
0348: /**
0349: * Checks if the current user has management access to the given project.<p>
0350: *
0351: * @param dbc the current database context
0352: * @param project the project to check
0353: *
0354: * @throws CmsRoleViolationException if the user does not have the required role permissions
0355: */
0356: public void checkManagerOfProjectRole(CmsDbContext dbc,
0357: CmsProject project) throws CmsRoleViolationException {
0358:
0359: boolean hasRole = false;
0360: try {
0361: hasRole = m_driverManager.getAllManageableProjects(dbc)
0362: .contains(project);
0363: } catch (CmsException e) {
0364: // should never happen
0365: if (LOG.isErrorEnabled()) {
0366: LOG.error(e.getLocalizedMessage(), e);
0367: }
0368: }
0369: if (!hasRole) {
0370: throw new CmsRoleViolationException(
0371: org.opencms.security.Messages
0372: .get()
0373: .container(
0374: org.opencms.security.Messages.ERR_NOT_MANAGER_OF_PROJECT_2,
0375: dbc.currentUser().getName(),
0376: dbc.currentProject().getName()));
0377: }
0378: }
0379:
0380: /**
0381: * Checks if the project in the given database context is not the "Online" project,
0382: * and throws an Exception if this is the case.<p>
0383: *
0384: * This is used to ensure a user is in an "Offline" project
0385: * before write access to VFS resources is granted.<p>
0386: *
0387: * @param dbc the current OpenCms users database context
0388: *
0389: * @throws CmsVfsException if the project in the given database context is the "Online" project
0390: */
0391: public void checkOfflineProject(CmsDbContext dbc)
0392: throws CmsVfsException {
0393:
0394: if (dbc.currentProject().isOnlineProject()) {
0395: throw new CmsVfsException(
0396: org.opencms.file.Messages
0397: .get()
0398: .container(
0399: org.opencms.file.Messages.ERR_NOT_ALLOWED_IN_ONLINE_PROJECT_0));
0400: }
0401: }
0402:
0403: /**
0404: * Performs a blocking permission check on a resource.<p>
0405: *
0406: * If the required permissions are not satisfied by the permissions the user has on the resource,
0407: * an exception is thrown.<p>
0408: *
0409: * @param context the current request context
0410: * @param resource the resource on which permissions are required
0411: * @param requiredPermissions the set of permissions required to access the resource
0412: * @param checkLock if true, the lock status of the resource is also checked
0413: * @param filter the filter for the resource
0414: *
0415: * @throws CmsException in case of any i/o error
0416: * @throws CmsSecurityException if the required permissions are not satisfied
0417: *
0418: * @see #checkPermissions(CmsRequestContext, CmsResource, CmsPermissionSet, I_CmsPermissionHandler.CmsPermissionCheckResult)
0419: */
0420: public void checkPermissions(CmsRequestContext context,
0421: CmsResource resource, CmsPermissionSet requiredPermissions,
0422: boolean checkLock, CmsResourceFilter filter)
0423: throws CmsException, CmsSecurityException {
0424:
0425: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0426: try {
0427: // check the access permissions
0428: checkPermissions(dbc, resource, requiredPermissions,
0429: checkLock, filter);
0430: } finally {
0431: dbc.clear();
0432: }
0433: }
0434:
0435: /**
0436: * Checks if the current user has the permissions to publish the given publish list
0437: * (which contains the information about the resources / project to publish).<p>
0438: *
0439: * @param dbc the current OpenCms users database context
0440: * @param publishList the publish list to check (contains the information about the resources / project to publish)
0441: *
0442: * @throws CmsException if the user does not have the required permissions because of project lock state
0443: * @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
0444: * whose parent folder is new or deleted in the offline project,
0445: * or if the current user has no management access to the current project
0446: */
0447: public void checkPublishPermissions(CmsDbContext dbc,
0448: CmsPublishList publishList) throws CmsException,
0449: CmsMultiException {
0450:
0451: // is the current project an "offline" project?
0452: checkOfflineProject(dbc);
0453:
0454: // check if this is a "direct publish" attempt
0455: if (!publishList.isDirectPublish()) {
0456: // check if the user is a manager of the current project, in this case he has publish permissions
0457: checkManagerOfProjectRole(dbc, dbc.getRequestContext()
0458: .currentProject());
0459: } else {
0460: // direct publish, create exception containers
0461: CmsMultiException resourceIssues = new CmsMultiException();
0462: CmsMultiException permissionIssues = new CmsMultiException();
0463: // iterate all resources in the direct publish list
0464: Iterator it = publishList.getDirectPublishResources()
0465: .iterator();
0466: List parentFolders = new ArrayList();
0467: while (it.hasNext()) {
0468: CmsResource res = (CmsResource) it.next();
0469: // the parent folder must not be new or deleted
0470: String parentFolder = CmsResource.getParentFolder(res
0471: .getRootPath());
0472: if ((parentFolder != null)
0473: && !parentFolders.contains(parentFolder)) {
0474: // check each parent folder only once
0475: CmsResource parent = readResource(dbc,
0476: parentFolder, CmsResourceFilter.ALL);
0477: if (parent.getState().isDeleted()) {
0478: // parent folder is deleted - direct publish not allowed
0479: resourceIssues
0480: .addException(new CmsVfsException(
0481: Messages
0482: .get()
0483: .container(
0484: Messages.ERR_DIRECT_PUBLISH_PARENT_DELETED_2,
0485: dbc
0486: .getRequestContext()
0487: .removeSiteRoot(
0488: res
0489: .getRootPath()),
0490: parentFolder)));
0491: }
0492: if (parent.getState().isNew()) {
0493: // parent folder is new - direct publish not allowed
0494: resourceIssues
0495: .addException(new CmsVfsException(
0496: Messages
0497: .get()
0498: .container(
0499: Messages.ERR_DIRECT_PUBLISH_PARENT_NEW_2,
0500: dbc
0501: .removeSiteRoot(res
0502: .getRootPath()),
0503: parentFolder)));
0504: }
0505: // add checked parent folder to prevent duplicate checks
0506: parentFolders.add(parentFolder);
0507: }
0508: // check if the user has the explicit permission to direct publish the selected resource
0509: if (I_CmsPermissionHandler.PERM_ALLOWED != hasPermissions(
0510: dbc.getRequestContext(), res,
0511: CmsPermissionSet.ACCESS_DIRECT_PUBLISH, true,
0512: CmsResourceFilter.ALL)) {
0513:
0514: // the user has no "direct publish" permissions on the resource
0515: permissionIssues
0516: .addException(new CmsSecurityException(
0517: Messages
0518: .get()
0519: .container(
0520: Messages.ERR_DIRECT_PUBLISH_NO_PERMISSIONS_1,
0521: dbc
0522: .removeSiteRoot(res
0523: .getRootPath()))));
0524: }
0525: }
0526: if (resourceIssues.hasExceptions()
0527: || permissionIssues.hasExceptions()) {
0528: // there are issues, permission check has failed
0529: resourceIssues.addExceptions(permissionIssues
0530: .getExceptions());
0531: throw resourceIssues;
0532: }
0533: }
0534: // no issues have been found , permissions are granted
0535: }
0536:
0537: /**
0538: * Checks if the current user has the permissions to publish the given publish list
0539: * (which contains the information about the resources / project to publish).<p>
0540: *
0541: * @param context the current request context
0542: * @param publishList the publish list to check (contains the information about the resources / project to publish)
0543: *
0544: * @throws CmsException if the user does not have the required permissions because of project lock state
0545: * @throws CmsMultiException if issues occur like a direct publish is attempted on a resource
0546: * whose parent folder is new or deleted in the offline project,
0547: * or if the current user has no management access to the current project
0548: *
0549: * @deprecated notice that checking is no longer possible at this way
0550: */
0551: public void checkPublishPermissions(CmsRequestContext context,
0552: CmsPublishList publishList) throws CmsException,
0553: CmsMultiException {
0554:
0555: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0556: try {
0557: // check the access permissions
0558: checkPublishPermissions(dbc, publishList);
0559: } finally {
0560: dbc.clear();
0561: }
0562: }
0563:
0564: /**
0565: * Checks if the user of the current database context has permissions to impersonate the given role
0566: * in the given organizational unit.<p>
0567: *
0568: * If the organizational unit is <code>null</code>, this method will check if the
0569: * given user has the given role for at least one organizational unit.<p>
0570: *
0571: * @param dbc the current OpenCms users database context
0572: * @param role the role to check
0573: *
0574: * @throws CmsRoleViolationException if the user does not have the required role permissions
0575: *
0576: * @see org.opencms.security.CmsRoleManager#checkRole(CmsObject, CmsRole)
0577: */
0578: public void checkRole(CmsDbContext dbc, CmsRole role)
0579: throws CmsRoleViolationException {
0580:
0581: if (!hasRole(dbc, dbc.currentUser(), role)) {
0582: if (role.getOuFqn() != null) {
0583: throw role.createRoleViolationExceptionForOrgUnit(dbc
0584: .getRequestContext(), role.getOuFqn());
0585: } else {
0586: throw role.createRoleViolationException(dbc
0587: .getRequestContext());
0588: }
0589: }
0590: }
0591:
0592: /**
0593: * Checks if the user of the current context has permissions to impersonate the given role.<p>
0594: *
0595: * If the organizational unit is <code>null</code>, this method will check if the
0596: * given user has the given role for at least one organizational unit.<p>
0597: *
0598: * @param context the current request context
0599: * @param role the role to check
0600: *
0601: * @throws CmsRoleViolationException if the user does not have the required role permissions
0602: */
0603: public void checkRole(CmsRequestContext context, CmsRole role)
0604: throws CmsRoleViolationException {
0605:
0606: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0607: try {
0608: checkRole(dbc, role);
0609: } finally {
0610: dbc.clear();
0611: }
0612: }
0613:
0614: /**
0615: * Checks if the user of the current database context has permissions to impersonate the given role
0616: * for the given resource.<p>
0617: *
0618: * @param dbc the current OpenCms users database context
0619: * @param role the role to check
0620: * @param resource the resource to check the role for
0621: *
0622: * @throws CmsRoleViolationException if the user does not have the required role permissions
0623: *
0624: * @see org.opencms.security.CmsRoleManager#checkRole(CmsObject, CmsRole)
0625: */
0626: public void checkRoleForResource(CmsDbContext dbc, CmsRole role,
0627: CmsResource resource) throws CmsRoleViolationException {
0628:
0629: if (!hasRoleForResource(dbc, dbc.currentUser(), role, resource)) {
0630: throw role.createRoleViolationExceptionForResource(dbc
0631: .getRequestContext(), resource);
0632: }
0633: }
0634:
0635: /**
0636: * Checks if the user of the current context has permissions to impersonate the given role
0637: * for the given resource.<p>
0638: *
0639: * @param context the current request context
0640: * @param role the role to check
0641: * @param resource the resource to check the role for
0642: *
0643: * @throws CmsRoleViolationException if the user does not have the required role permissions
0644: */
0645: public void checkRoleForResource(CmsRequestContext context,
0646: CmsRole role, CmsResource resource)
0647: throws CmsRoleViolationException {
0648:
0649: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0650: try {
0651: checkRoleForResource(dbc, role, resource);
0652: } finally {
0653: dbc.clear();
0654: }
0655: }
0656:
0657: /**
0658: * Changes the resource flags of a resource.<p>
0659: *
0660: * The resource flags are used to indicate various "special" conditions
0661: * for a resource. Most notably, the "internal only" setting which signals
0662: * that a resource can not be directly requested with it's URL.<p>
0663: *
0664: * @param context the current request context
0665: * @param resource the resource to change the flags for
0666: * @param flags the new resource flags for this resource
0667: *
0668: * @throws CmsException if something goes wrong
0669: * @throws CmsSecurityException if the user has insufficient permission for the given resource (({@link CmsPermissionSet#ACCESS_WRITE} required)
0670: *
0671: * @see org.opencms.file.types.I_CmsResourceType#chflags(CmsObject, CmsSecurityManager, CmsResource, int)
0672: */
0673: public void chflags(CmsRequestContext context,
0674: CmsResource resource, int flags) throws CmsException,
0675: CmsSecurityException {
0676:
0677: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0678: try {
0679: checkOfflineProject(dbc);
0680: checkPermissions(dbc, resource,
0681: CmsPermissionSet.ACCESS_WRITE, true,
0682: CmsResourceFilter.ALL);
0683: m_driverManager.chflags(dbc, resource, flags);
0684: } catch (Exception e) {
0685: dbc.report(null, Messages.get().container(
0686: Messages.ERR_CHANGE_RESOURCE_FLAGS_1,
0687: context.getSitePath(resource)), e);
0688: } finally {
0689: dbc.clear();
0690: }
0691: }
0692:
0693: /**
0694: * Changes the resource type of a resource.<p>
0695: *
0696: * OpenCms handles resources according to the resource type,
0697: * not the file suffix. This is e.g. why a JSP in OpenCms can have the
0698: * suffix ".html" instead of ".jsp" only. Changing the resource type
0699: * makes sense e.g. if you want to make a plain text file a JSP resource,
0700: * or a binary file an image, etc.<p>
0701: *
0702: * @param context the current request context
0703: * @param resource the resource to change the type for
0704: * @param type the new resource type for this resource
0705: *
0706: * @throws CmsException if something goes wrong
0707: * @throws CmsSecurityException if the user has insufficient permission for the given resource (({@link CmsPermissionSet#ACCESS_WRITE} required))
0708: *
0709: * @see org.opencms.file.types.I_CmsResourceType#chtype(CmsObject, CmsSecurityManager, CmsResource, int)
0710: * @see CmsObject#chtype(String, int)
0711: */
0712: public void chtype(CmsRequestContext context, CmsResource resource,
0713: int type) throws CmsException, CmsSecurityException {
0714:
0715: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0716: try {
0717: checkOfflineProject(dbc);
0718: checkPermissions(dbc, resource,
0719: CmsPermissionSet.ACCESS_WRITE, true,
0720: CmsResourceFilter.ALL);
0721: m_driverManager.chtype(dbc, resource, type);
0722: } catch (Exception e) {
0723: dbc.report(null, Messages.get().container(
0724: Messages.ERR_CHANGE_RESOURCE_TYPE_1,
0725: context.getSitePath(resource)), e);
0726: } finally {
0727: dbc.clear();
0728: }
0729: }
0730:
0731: /**
0732: * Copies the access control entries of a given resource to a destination resource.<p>
0733: *
0734: * Already existing access control entries of the destination resource are removed.<p>
0735: *
0736: * @param context the current request context
0737: * @param source the resource to copy the access control entries from
0738: * @param destination the resource to which the access control entries are copied
0739: *
0740: * @throws CmsException if something goes wrong
0741: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_CONTROL} required)
0742: */
0743: public void copyAccessControlEntries(CmsRequestContext context,
0744: CmsResource source, CmsResource destination)
0745: throws CmsException, CmsSecurityException {
0746:
0747: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0748: try {
0749: checkOfflineProject(dbc);
0750: checkPermissions(dbc, source, CmsPermissionSet.ACCESS_READ,
0751: true, CmsResourceFilter.ALL);
0752: checkPermissions(dbc, destination,
0753: CmsPermissionSet.ACCESS_CONTROL, true,
0754: CmsResourceFilter.ALL);
0755: m_driverManager.copyAccessControlEntries(dbc, source,
0756: destination, true);
0757: } catch (Exception e) {
0758: CmsRequestContext rc = context;
0759: dbc.report(null, Messages.get().container(
0760: Messages.ERR_COPY_ACE_2,
0761: rc.removeSiteRoot(source.getRootPath()),
0762: rc.removeSiteRoot(destination.getRootPath())), e);
0763: } finally {
0764: dbc.clear();
0765: }
0766: }
0767:
0768: /**
0769: * Copies a resource.<p>
0770: *
0771: * You must ensure that the destination path is an absolute, valid and
0772: * existing VFS path. Relative paths from the source are currently not supported.<p>
0773: *
0774: * The copied resource will always be locked to the current user
0775: * after the copy operation.<p>
0776: *
0777: * In case the target resource already exists, it is overwritten with the
0778: * source resource.<p>
0779: *
0780: * The <code>siblingMode</code> parameter controls how to handle siblings
0781: * during the copy operation.<br>
0782: * Possible values for this parameter are: <br>
0783: * <ul>
0784: * <li><code>{@link org.opencms.file.CmsResource#COPY_AS_NEW}</code></li>
0785: * <li><code>{@link org.opencms.file.CmsResource#COPY_AS_SIBLING}</code></li>
0786: * <li><code>{@link org.opencms.file.CmsResource#COPY_PRESERVE_SIBLING}</code></li>
0787: * </ul><p>
0788: *
0789: * @param context the current request context
0790: * @param source the resource to copy
0791: * @param destination the name of the copy destination with complete path
0792: * @param siblingMode indicates how to handle siblings during copy
0793: *
0794: * @throws CmsException if something goes wrong
0795: * @throws CmsSecurityException if resource could not be copied
0796: *
0797: * @see CmsObject#copyResource(String, String, CmsResource.CmsResourceCopyMode)
0798: * @see org.opencms.file.types.I_CmsResourceType#copyResource(CmsObject, CmsSecurityManager, CmsResource, String, CmsResource.CmsResourceCopyMode)
0799: */
0800: public void copyResource(CmsRequestContext context,
0801: CmsResource source, String destination,
0802: CmsResource.CmsResourceCopyMode siblingMode)
0803: throws CmsException, CmsSecurityException {
0804:
0805: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0806: try {
0807: checkOfflineProject(dbc);
0808: checkPermissions(dbc, source, CmsPermissionSet.ACCESS_READ,
0809: true, CmsResourceFilter.ALL);
0810: if (source.isFolder()
0811: && destination.startsWith(source.getRootPath())) {
0812: throw new CmsVfsException(Messages.get().container(
0813: Messages.ERR_RECURSIVE_INCLUSION_2,
0814: dbc.removeSiteRoot(source.getRootPath()),
0815: dbc.removeSiteRoot(destination)));
0816: }
0817: // target permissions will be checked later
0818: m_driverManager.copyResource(dbc, source, destination,
0819: siblingMode);
0820: } catch (Exception e) {
0821: dbc.report(null, Messages.get().container(
0822: Messages.ERR_COPY_RESOURCE_2,
0823: dbc.removeSiteRoot(source.getRootPath()),
0824: dbc.removeSiteRoot(destination)), e);
0825: } finally {
0826: dbc.clear();
0827: }
0828: }
0829:
0830: /**
0831: * Copies a resource to the current project of the user.<p>
0832: *
0833: * @param context the current request context
0834: * @param resource the resource to apply this operation to
0835: *
0836: * @throws CmsException if something goes wrong
0837: * @throws CmsRoleViolationException if the current user does not have management access to the project
0838: *
0839: * @see org.opencms.file.types.I_CmsResourceType#copyResourceToProject(CmsObject, CmsSecurityManager, CmsResource)
0840: */
0841: public void copyResourceToProject(CmsRequestContext context,
0842: CmsResource resource) throws CmsException,
0843: CmsRoleViolationException {
0844:
0845: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0846: try {
0847: checkOfflineProject(dbc);
0848: checkManagerOfProjectRole(dbc, context.currentProject());
0849:
0850: m_driverManager.copyResourceToProject(dbc, resource);
0851: } catch (Exception e) {
0852: dbc.report(null, Messages.get().container(
0853: Messages.ERR_COPY_RESOURCE_TO_PROJECT_2,
0854: context.getSitePath(resource),
0855: context.currentProject().getName()), e);
0856: } finally {
0857: dbc.clear();
0858: }
0859: }
0860:
0861: /**
0862: * Counts the locked resources in this project.<p>
0863: *
0864: * @param context the current request context
0865: * @param id the id of the project
0866: *
0867: * @return the amount of locked resources in this project
0868: *
0869: * @throws CmsException if something goes wrong
0870: * @throws CmsRoleViolationException if the current user does not have management access to the project
0871: */
0872: public int countLockedResources(CmsRequestContext context,
0873: CmsUUID id) throws CmsException, CmsRoleViolationException {
0874:
0875: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0876: CmsProject project = null;
0877: int result = 0;
0878: try {
0879: project = m_driverManager.readProject(dbc, id);
0880: checkManagerOfProjectRole(dbc, project);
0881: result = m_driverManager.countLockedResources(project);
0882: } catch (Exception e) {
0883: dbc.report(null, Messages.get().container(
0884: Messages.ERR_COUNT_LOCKED_RESOURCES_PROJECT_2,
0885: (project == null) ? "<failed to read>" : project
0886: .getName(), id), e);
0887: } finally {
0888: dbc.clear();
0889: }
0890: return result;
0891: }
0892:
0893: /**
0894: * Creates a new user group.<p>
0895: *
0896: * @param context the current request context
0897: * @param name the name of the new group
0898: * @param description the description for the new group
0899: * @param flags the flags for the new group
0900: * @param parent the name of the parent group (or <code>null</code>)
0901: *
0902: * @return a <code>{@link CmsGroup}</code> object representing the newly created group
0903: *
0904: * @throws CmsException if operation was not successful.
0905: * @throws CmsRoleViolationException if the role {@link CmsRole#ACCOUNT_MANAGER} is not owned by the current user
0906: */
0907: public CmsGroup createGroup(CmsRequestContext context, String name,
0908: String description, int flags, String parent)
0909: throws CmsException, CmsRoleViolationException {
0910:
0911: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0912:
0913: CmsGroup result = null;
0914: try {
0915: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
0916: .forOrgUnit(getParentOrganizationalUnit(name)));
0917: result = m_driverManager.createGroup(dbc, new CmsUUID(),
0918: name, description, flags, parent);
0919: } catch (Exception e) {
0920: dbc.report(null, Messages.get().container(
0921: Messages.ERR_CREATE_GROUP_1, name), e);
0922: } finally {
0923: dbc.clear();
0924: }
0925: return result;
0926: }
0927:
0928: /**
0929: * Creates a new organizational unit.<p>
0930: *
0931: * @param context the current request context
0932: * @param ouFqn the fully qualified name of the new organizational unit
0933: * @param description the description of the new organizational unit
0934: * @param flags the flags for the new organizational unit
0935: * @param resource the first associated resource
0936: *
0937: * @return a <code>{@link CmsOrganizationalUnit}</code> object representing
0938: * the newly created organizational unit
0939: *
0940: * @throws CmsException if operation was not successful
0941: *
0942: * @see org.opencms.security.CmsOrgUnitManager#createOrganizationalUnit(CmsObject, String, String, int, String)
0943: */
0944: public CmsOrganizationalUnit createOrganizationalUnit(
0945: CmsRequestContext context, String ouFqn,
0946: String description, int flags, CmsResource resource)
0947: throws CmsException {
0948:
0949: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0950: CmsOrganizationalUnit result = null;
0951: try {
0952: checkRole(dbc, CmsRole.ADMINISTRATOR
0953: .forOrgUnit(getParentOrganizationalUnit(ouFqn)));
0954: checkOfflineProject(dbc);
0955: result = m_driverManager
0956: .createOrganizationalUnit(dbc,
0957: CmsOrganizationalUnit
0958: .removeLeadingSeparator(ouFqn),
0959: description, flags, resource);
0960: } catch (Exception e) {
0961: dbc.report(null, Messages.get().container(
0962: Messages.ERR_CREATE_ORGUNIT_1, ouFqn), e);
0963: } finally {
0964: dbc.clear();
0965: }
0966: return result;
0967: }
0968:
0969: /**
0970: * Creates a project.<p>
0971: *
0972: * @param context the current request context
0973: * @param name the name of the project to create
0974: * @param description the description of the project
0975: * @param groupname the project user group to be set
0976: * @param managergroupname the project manager group to be set
0977: * @param projecttype the type of the project
0978: *
0979: * @return the created project
0980: *
0981: * @throws CmsException if something goes wrong
0982: * @throws CmsRoleViolationException if the current user does not own the role {@link CmsRole#PROJECT_MANAGER}
0983: */
0984: public CmsProject createProject(CmsRequestContext context,
0985: String name, String description, String groupname,
0986: String managergroupname,
0987: CmsProject.CmsProjectType projecttype) throws CmsException,
0988: CmsRoleViolationException {
0989:
0990: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
0991: CmsProject result = null;
0992: try {
0993: checkRole(dbc, CmsRole.PROJECT_MANAGER
0994: .forOrgUnit(getParentOrganizationalUnit(name)));
0995: result = m_driverManager.createProject(dbc,
0996: CmsOrganizationalUnit.removeLeadingSeparator(name),
0997: description, CmsOrganizationalUnit
0998: .removeLeadingSeparator(groupname),
0999: CmsOrganizationalUnit
1000: .removeLeadingSeparator(managergroupname),
1001: projecttype);
1002: } catch (Exception e) {
1003: dbc.report(null, Messages.get().container(
1004: Messages.ERR_CREATE_PROJECT_1, name), e);
1005: } finally {
1006: dbc.clear();
1007: }
1008: return result;
1009: }
1010:
1011: /**
1012: * Creates a property definition.<p>
1013: *
1014: * Property definitions are valid for all resource types.<p>
1015: *
1016: * @param context the current request context
1017: * @param name the name of the property definition to create
1018: *
1019: * @return the created property definition
1020: *
1021: * @throws CmsException if something goes wrong
1022: * @throws CmsSecurityException if the current project is online.
1023: * @throws CmsRoleViolationException if the current user does not own the role {@link CmsRole#WORKPLACE_MANAGER}
1024: */
1025: public CmsPropertyDefinition createPropertyDefinition(
1026: CmsRequestContext context, String name)
1027: throws CmsException, CmsSecurityException,
1028: CmsRoleViolationException {
1029:
1030: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1031: CmsPropertyDefinition result = null;
1032:
1033: try {
1034: checkOfflineProject(dbc);
1035: checkRole(dbc, CmsRole.WORKPLACE_MANAGER.forOrgUnit(null));
1036: result = m_driverManager
1037: .createPropertyDefinition(dbc, name);
1038: } catch (Exception e) {
1039: dbc.report(null, Messages.get().container(
1040: Messages.ERR_CREATE_PROPDEF_1, name), e);
1041: } finally {
1042: dbc.clear();
1043: }
1044: return result;
1045: }
1046:
1047: /**
1048: * Creates a new resource of the given resource type with the provided content and properties.<p>
1049: *
1050: * If the provided content is null and the resource is not a folder, the content will be set to an empty byte array.<p>
1051: *
1052: * @param context the current request context
1053: * @param resourcename the name of the resource to create (full path)
1054: * @param type the type of the resource to create
1055: * @param content the content for the new resource
1056: * @param properties the properties for the new resource
1057: *
1058: * @return the created resource
1059: *
1060: * @throws CmsException if something goes wrong
1061: *
1062: * @see org.opencms.file.types.I_CmsResourceType#createResource(CmsObject, CmsSecurityManager, String, byte[], List)
1063: */
1064: public synchronized CmsResource createResource(
1065: CmsRequestContext context, String resourcename, int type,
1066: byte[] content, List properties) throws CmsException {
1067:
1068: if (existsResource(context, resourcename,
1069: CmsResourceFilter.IGNORE_EXPIRATION)) {
1070: // check if the resource already exists by name
1071: throw new CmsVfsResourceAlreadyExistsException(
1072: org.opencms.db.generic.Messages
1073: .get()
1074: .container(
1075: org.opencms.db.generic.Messages.ERR_RESOURCE_WITH_NAME_ALREADY_EXISTS_1,
1076: resourcename));
1077: }
1078: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1079: CmsResource newResource = null;
1080: try {
1081: checkOfflineProject(dbc);
1082: newResource = m_driverManager.createResource(dbc,
1083: resourcename, type, content, properties);
1084: } catch (Exception e) {
1085: dbc.report(null, Messages.get().container(
1086: Messages.ERR_CREATE_RESOURCE_1, resourcename), e);
1087: } finally {
1088: dbc.clear();
1089: }
1090: return newResource;
1091: }
1092:
1093: /**
1094: * Creates a new sibling of the source resource.<p>
1095: *
1096: * @param context the current request context
1097: * @param source the resource to create a sibling for
1098: * @param destination the name of the sibling to create with complete path
1099: * @param properties the individual properties for the new sibling
1100: *
1101: * @return the new created sibling
1102: *
1103: * @throws CmsException if something goes wrong
1104: *
1105: * @see org.opencms.file.types.I_CmsResourceType#createSibling(CmsObject, CmsSecurityManager, CmsResource, String, List)
1106: */
1107: public CmsResource createSibling(CmsRequestContext context,
1108: CmsResource source, String destination, List properties)
1109: throws CmsException {
1110:
1111: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1112:
1113: CmsResource sibling = null;
1114: try {
1115: checkOfflineProject(dbc);
1116: sibling = m_driverManager.createSibling(dbc, source,
1117: destination, properties);
1118: } catch (Exception e) {
1119: dbc.report(null, Messages.get().container(
1120: Messages.ERR_CREATE_SIBLING_1,
1121: context.removeSiteRoot(source.getRootPath())), e);
1122: } finally {
1123: dbc.clear();
1124: }
1125: return sibling;
1126: }
1127:
1128: /**
1129: * Creates the project for the temporary workplace files.<p>
1130: *
1131: * @param context the current request context
1132: *
1133: * @return the created project for the temporary workplace files
1134: *
1135: * @throws CmsException if something goes wrong
1136: */
1137: public CmsProject createTempfileProject(CmsRequestContext context)
1138: throws CmsException {
1139:
1140: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1141:
1142: CmsProject result = null;
1143: try {
1144: checkRole(dbc, CmsRole.PROJECT_MANAGER.forOrgUnit(null));
1145: result = m_driverManager.createTempfileProject(dbc);
1146: } catch (Exception e) {
1147: dbc.report(null, Messages.get().container(
1148: Messages.ERR_CREATE_TEMPFILE_PROJECT_0), e);
1149: } finally {
1150: dbc.clear();
1151: }
1152: return result;
1153: }
1154:
1155: /**
1156: * Creates a new user.<p>
1157: *
1158: * @param context the current request context
1159: * @param name the name for the new user
1160: * @param password the password for the new user
1161: * @param description the description for the new user
1162: * @param additionalInfos the additional infos for the user
1163: *
1164: * @return the created user
1165: *
1166: * @see CmsObject#createUser(String, String, String, Map)
1167: *
1168: * @throws CmsException if something goes wrong
1169: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
1170: */
1171: public CmsUser createUser(CmsRequestContext context, String name,
1172: String password, String description, Map additionalInfos)
1173: throws CmsException, CmsRoleViolationException {
1174:
1175: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1176:
1177: CmsUser result = null;
1178: try {
1179: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
1180: .forOrgUnit(getParentOrganizationalUnit(name)));
1181: result = m_driverManager.createUser(dbc,
1182: CmsOrganizationalUnit.removeLeadingSeparator(name),
1183: password, description, additionalInfos);
1184: } catch (Exception e) {
1185: dbc.report(null, Messages.get().container(
1186: Messages.ERR_CREATE_USER_1, name), e);
1187: } finally {
1188: dbc.clear();
1189: }
1190: return result;
1191: }
1192:
1193: /**
1194: * Deletes all entries in the published resource table.<p>
1195: *
1196: * @param context the current request context
1197: * @param linkType the type of resource deleted (0= non-parameter, 1=parameter)
1198: *
1199: * @throws CmsException if something goes wrong
1200: */
1201: public void deleteAllStaticExportPublishedResources(
1202: CmsRequestContext context, int linkType)
1203: throws CmsException {
1204:
1205: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1206: try {
1207: m_driverManager.deleteAllStaticExportPublishedResources(
1208: dbc, linkType);
1209: } catch (Exception e) {
1210: dbc.report(null, Messages.get().container(
1211: Messages.ERR_DELETE_STATEXP_PUBLISHED_RESOURCES_0),
1212: e);
1213: } finally {
1214: dbc.clear();
1215: }
1216: }
1217:
1218: /**
1219: * Deletes a group, where all permissions, users and children of the group
1220: * are transfered to a replacement group.<p>
1221: *
1222: * @param context the current request context
1223: * @param groupId the id of the group to be deleted
1224: * @param replacementId the id of the group to be transfered, can be <code>null</code>
1225: *
1226: * @throws CmsException if operation was not successful
1227: * @throws CmsSecurityException if the group is a default group.
1228: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
1229: */
1230: public void deleteGroup(CmsRequestContext context, CmsUUID groupId,
1231: CmsUUID replacementId) throws CmsException,
1232: CmsRoleViolationException, CmsSecurityException {
1233:
1234: CmsGroup group = readGroup(context, groupId);
1235: if (group.isRole()) {
1236: throw new CmsSecurityException(Messages.get().container(
1237: Messages.ERR_DELETE_ROLE_GROUP_1, group.getName()));
1238: }
1239: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1240: try {
1241: // catch own exception as special cause for general "Error deleting group".
1242: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
1243: .forOrgUnit(getParentOrganizationalUnit(group
1244: .getName())));
1245: // this is needed because
1246: // I_CmsUserDriver#removeAccessControlEntriesForPrincipal(CmsDbContext, CmsProject, CmsProject, CmsUUID)
1247: // expects an offline project, if not, data will become inconsistent
1248: checkOfflineProject(dbc);
1249: m_driverManager.deleteGroup(dbc, group, replacementId);
1250: } catch (Exception e) {
1251: dbc.report(null, Messages.get().container(
1252: Messages.ERR_DELETE_GROUP_1, group.getName()), e);
1253: } finally {
1254: dbc.clear();
1255: }
1256: }
1257:
1258: /**
1259: * Delete a user group.<p>
1260: *
1261: * Only groups that contain no subgroups can be deleted.<p>
1262: *
1263: * @param context the current request context
1264: * @param name the name of the group that is to be deleted
1265: *
1266: * @throws CmsException if operation was not successful
1267: * @throws CmsSecurityException if the group is a default group.
1268: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
1269: */
1270: public void deleteGroup(CmsRequestContext context, String name)
1271: throws CmsException, CmsRoleViolationException,
1272: CmsSecurityException {
1273:
1274: CmsGroup group = readGroup(context, name);
1275: if (group.isRole()) {
1276: throw new CmsSecurityException(Messages.get().container(
1277: Messages.ERR_DELETE_ROLE_GROUP_1, name));
1278: }
1279: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1280: try {
1281: // catch own exception as special cause for general "Error deleting group".
1282: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
1283: .forOrgUnit(getParentOrganizationalUnit(name)));
1284: // this is needed because
1285: // I_CmsUserDriver#removeAccessControlEntriesForPrincipal(CmsDbContext, CmsProject, CmsProject, CmsUUID)
1286: // expects an offline project, if not data will become inconsistent
1287: checkOfflineProject(dbc);
1288: m_driverManager.deleteGroup(dbc, group, null);
1289: } catch (Exception e) {
1290: dbc.report(null, Messages.get().container(
1291: Messages.ERR_DELETE_GROUP_1, name), e);
1292: } finally {
1293: dbc.clear();
1294: }
1295: }
1296:
1297: /**
1298: * Deletes the versions from the history tables, keeping the given number of versions per resource.<p>
1299: *
1300: * @param context the current request context
1301: * @param folder the folder (with subresources) to delete historical versions for
1302: * @param versionsToKeep number of versions to keep, is ignored if negative
1303: * @param versionsDeleted number of versions to keep for deleted resources, is ignored if negative
1304: * @param timeDeleted deleted resources older than this will also be deleted, is ignored if negative
1305: * @param report the report for output logging
1306: *
1307: * @throws CmsException if operation was not successful
1308: * @throws CmsRoleViolationException if the current user does not own the role {@link CmsRole#WORKPLACE_MANAGER}
1309: */
1310: public void deleteHistoricalVersions(CmsRequestContext context,
1311: CmsFolder folder, int versionsToKeep, int versionsDeleted,
1312: long timeDeleted, I_CmsReport report) throws CmsException,
1313: CmsRoleViolationException {
1314:
1315: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1316: try {
1317: checkRole(dbc, CmsRole.WORKPLACE_MANAGER.forOrgUnit(null));
1318: checkPermissions(dbc, folder,
1319: CmsPermissionSet.ACCESS_WRITE, false,
1320: CmsResourceFilter.ALL);
1321: m_driverManager.deleteHistoricalVersions(dbc, folder,
1322: versionsToKeep, versionsDeleted, timeDeleted,
1323: report);
1324: } catch (Exception e) {
1325: dbc.report(null, Messages.get().container(
1326: Messages.ERR_DELETE_HISTORY_4,
1327: new Object[] {
1328: dbc.removeSiteRoot(folder.getRootPath()),
1329: new Integer(versionsToKeep),
1330: new Integer(versionsDeleted),
1331: new Date(timeDeleted) }), e);
1332: } finally {
1333: dbc.clear();
1334: }
1335: }
1336:
1337: /**
1338: * Deletes an organizational unit.<p>
1339: *
1340: * Only organizational units that contain no sub organizational unit can be deleted.<p>
1341: *
1342: * The organizational unit can not be delete if it is used in the request context,
1343: * or if the current user belongs to it.<p>
1344: *
1345: * All users and groups in the given organizational unit will be deleted.<p>
1346: *
1347: * @param context the current request context
1348: * @param organizationalUnit the organizational unit to delete
1349: *
1350: * @throws CmsException if operation was not successful
1351: *
1352: * @see org.opencms.security.CmsOrgUnitManager#deleteOrganizationalUnit(CmsObject, String)
1353: */
1354: public void deleteOrganizationalUnit(CmsRequestContext context,
1355: CmsOrganizationalUnit organizationalUnit)
1356: throws CmsException {
1357:
1358: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1359: try {
1360: // check for root ou
1361: if (organizationalUnit.getParentFqn() == null) {
1362: throw new CmsDataAccessException(
1363: org.opencms.security.Messages
1364: .get()
1365: .container(
1366: org.opencms.security.Messages.ERR_ORGUNIT_ROOT_EDITION_0));
1367: }
1368:
1369: checkRole(
1370: dbc,
1371: CmsRole.ADMINISTRATOR
1372: .forOrgUnit(getParentOrganizationalUnit(organizationalUnit
1373: .getName())));
1374: checkOfflineProject(dbc);
1375: m_driverManager.deleteOrganizationalUnit(dbc,
1376: organizationalUnit);
1377: } catch (Exception e) {
1378: dbc.report(null, Messages.get().container(
1379: Messages.ERR_DELETE_ORGUNIT_1,
1380: organizationalUnit.getName()), e);
1381: } finally {
1382: dbc.clear();
1383: }
1384: }
1385:
1386: /**
1387: * Deletes a project.<p>
1388: *
1389: * All modified resources currently inside this project will be reset to their online state.<p>
1390: *
1391: * @param context the current request context
1392: * @param projectId the ID of the project to be deleted
1393: *
1394: * @throws CmsException if something goes wrong
1395: * @throws CmsRoleViolationException if the current user does not own management access to the project
1396: */
1397: public void deleteProject(CmsRequestContext context,
1398: CmsUUID projectId) throws CmsException,
1399: CmsRoleViolationException {
1400:
1401: if (projectId.equals(CmsProject.ONLINE_PROJECT_ID)) {
1402: // online project must not be deleted
1403: throw new CmsVfsException(
1404: org.opencms.file.Messages
1405: .get()
1406: .container(
1407: org.opencms.file.Messages.ERR_NOT_ALLOWED_IN_ONLINE_PROJECT_0));
1408: }
1409:
1410: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1411: CmsProject deleteProject = null;
1412: try {
1413: // read the project that should be deleted
1414: deleteProject = m_driverManager.readProject(dbc, projectId);
1415: checkManagerOfProjectRole(dbc, deleteProject);
1416: m_driverManager.deleteProject(dbc, deleteProject);
1417: } catch (Exception e) {
1418: String projectName = (deleteProject == null ? String
1419: .valueOf(projectId) : deleteProject.getName());
1420: dbc.report(null, Messages.get().container(
1421: Messages.ERR_DELETE_PROJECT_1, projectName), e);
1422: } finally {
1423: dbc.clear();
1424: }
1425: }
1426:
1427: /**
1428: * Deletes a property definition.<p>
1429: *
1430: * @param context the current request context
1431: * @param name the name of the property definition to delete
1432: *
1433: * @throws CmsException if something goes wrong
1434: * @throws CmsSecurityException if the project to delete is the "Online" project
1435: * @throws CmsRoleViolationException if the current user does not own the role {@link CmsRole#WORKPLACE_MANAGER}
1436: */
1437: public void deletePropertyDefinition(CmsRequestContext context,
1438: String name) throws CmsException, CmsSecurityException,
1439: CmsRoleViolationException {
1440:
1441: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1442: try {
1443: checkOfflineProject(dbc);
1444: checkRole(dbc, CmsRole.WORKPLACE_MANAGER.forOrgUnit(null));
1445: m_driverManager.deletePropertyDefinition(dbc, name);
1446: } catch (Exception e) {
1447: dbc.report(null, Messages.get().container(
1448: Messages.ERR_DELETE_PROPERTY_1, name), e);
1449: } finally {
1450: dbc.clear();
1451: }
1452: }
1453:
1454: /**
1455: * Deletes all relations for the given resource matching the given filter.<p>
1456: *
1457: * @param context the current user context
1458: * @param resource the resource to delete the relations for
1459: * @param filter the filter to use for deletion
1460: *
1461: * @throws CmsException if something goes wrong
1462: *
1463: * @see #addRelationToResource(CmsRequestContext, CmsResource, CmsResource, CmsRelationType, boolean)
1464: * @see CmsObject#deleteRelationsFromResource(String, CmsRelationFilter)
1465: */
1466: public void deleteRelationsForResource(CmsRequestContext context,
1467: CmsResource resource, CmsRelationFilter filter)
1468: throws CmsException {
1469:
1470: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1471: try {
1472: checkOfflineProject(dbc);
1473: checkPermissions(dbc, resource,
1474: CmsPermissionSet.ACCESS_WRITE, true,
1475: CmsResourceFilter.ALL);
1476: m_driverManager.deleteRelationsForResource(dbc, resource,
1477: filter);
1478: } catch (Exception e) {
1479: dbc.report(null, Messages.get().container(
1480: Messages.ERR_DELETE_RELATIONS_1,
1481: dbc.removeSiteRoot(resource.getRootPath())), e);
1482: } finally {
1483: dbc.clear();
1484: }
1485: }
1486:
1487: /**
1488: * Deletes a resource given its name.<p>
1489: *
1490: * The <code>siblingMode</code> parameter controls how to handle siblings
1491: * during the delete operation.<br>
1492: * Possible values for this parameter are: <br>
1493: * <ul>
1494: * <li><code>{@link CmsResource#DELETE_REMOVE_SIBLINGS}</code></li>
1495: * <li><code>{@link CmsResource#DELETE_PRESERVE_SIBLINGS}</code></li>
1496: * </ul><p>
1497: *
1498: * @param context the current request context
1499: * @param resource the name of the resource to delete (full path)
1500: * @param siblingMode indicates how to handle siblings of the deleted resource
1501: *
1502: * @throws CmsException if something goes wrong
1503: * @throws CmsSecurityException if the user does not have {@link CmsPermissionSet#ACCESS_WRITE} on the given resource
1504: *
1505: * @see org.opencms.file.types.I_CmsResourceType#deleteResource(CmsObject, CmsSecurityManager, CmsResource, CmsResource.CmsResourceDeleteMode)
1506: */
1507: public void deleteResource(CmsRequestContext context,
1508: CmsResource resource,
1509: CmsResource.CmsResourceDeleteMode siblingMode)
1510: throws CmsException, CmsSecurityException {
1511:
1512: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1513: try {
1514: checkOfflineProject(dbc);
1515: checkPermissions(dbc, resource,
1516: CmsPermissionSet.ACCESS_WRITE, true,
1517: CmsResourceFilter.ALL);
1518: checkSystemLocks(dbc, resource);
1519:
1520: // check write permissions for subresources in case of deleting a folder
1521: if (resource.isFolder()) {
1522: dbc.getRequestContext().setAttribute(
1523: I_CmsVfsDriver.REQ_ATTR_CHECK_PERMISSIONS,
1524: Boolean.TRUE);
1525: try {
1526: m_driverManager.getVfsDriver().removeFolder(dbc,
1527: dbc.currentProject(), resource);
1528: } catch (CmsDataAccessException e) {
1529: // unwrap the permission violation exception
1530: if (e.getCause() instanceof CmsPermissionViolationException) {
1531: throw (CmsPermissionViolationException) e
1532: .getCause();
1533: } else {
1534: throw e;
1535: }
1536: }
1537: dbc.getRequestContext().removeAttribute(
1538: I_CmsVfsDriver.REQ_ATTR_CHECK_PERMISSIONS);
1539: }
1540:
1541: deleteResource(dbc, resource, siblingMode);
1542: } catch (Exception e) {
1543: dbc.report(null, Messages.get().container(
1544: Messages.ERR_DELETE_RESOURCE_1,
1545: context.getSitePath(resource)), e);
1546: } finally {
1547: dbc.clear();
1548: }
1549: }
1550:
1551: /**
1552: * Deletes an entry in the published resource table.<p>
1553: *
1554: * @param context the current request context
1555: * @param resourceName The name of the resource to be deleted in the static export
1556: * @param linkType the type of resource deleted (0= non-parameter, 1=parameter)
1557: * @param linkParameter the parameters of the resource
1558: *
1559: * @throws CmsException if something goes wrong
1560: */
1561: public void deleteStaticExportPublishedResource(
1562: CmsRequestContext context, String resourceName,
1563: int linkType, String linkParameter) throws CmsException {
1564:
1565: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1566: try {
1567: m_driverManager.deleteStaticExportPublishedResource(dbc,
1568: resourceName, linkType, linkParameter);
1569: } catch (Exception e) {
1570: dbc.report(null, Messages.get().container(
1571: Messages.ERR_DELETE_STATEXP_PUBLISHES_RESOURCE_1,
1572: resourceName), e);
1573: } finally {
1574: dbc.clear();
1575: }
1576: }
1577:
1578: /**
1579: * Deletes a user.<p>
1580: *
1581: * @param context the current request context
1582: * @param userId the Id of the user to be deleted
1583: *
1584: * @throws CmsException if something goes wrong
1585: */
1586: public void deleteUser(CmsRequestContext context, CmsUUID userId)
1587: throws CmsException {
1588:
1589: CmsUser user = readUser(context, userId);
1590: deleteUser(context, user, null);
1591: }
1592:
1593: /**
1594: * Deletes a user, where all permissions and resources attributes of the user
1595: * were transfered to a replacement user.<p>
1596: *
1597: * @param context the current request context
1598: * @param userId the id of the user to be deleted
1599: * @param replacementId the id of the user to be transfered
1600: *
1601: * @throws CmsException if operation was not successful
1602: */
1603: public void deleteUser(CmsRequestContext context, CmsUUID userId,
1604: CmsUUID replacementId) throws CmsException {
1605:
1606: CmsUser user = readUser(context, userId);
1607: CmsUser replacementUser = null;
1608: if ((replacementId != null) && !replacementId.isNullUUID()) {
1609: replacementUser = readUser(context, replacementId);
1610: }
1611: deleteUser(context, user, replacementUser);
1612: }
1613:
1614: /**
1615: * Deletes a user.<p>
1616: *
1617: * @param context the current request context
1618: * @param username the name of the user to be deleted
1619: *
1620: * @throws CmsException if something goes wrong
1621: */
1622: public void deleteUser(CmsRequestContext context, String username)
1623: throws CmsException {
1624:
1625: CmsUser user = readUser(context, username);
1626: deleteUser(context, user, null);
1627: }
1628:
1629: /**
1630: * Destroys this security manager.<p>
1631: *
1632: * @throws Throwable if something goes wrong
1633: */
1634: public synchronized void destroy() throws Throwable {
1635:
1636: try {
1637: if (m_driverManager != null) {
1638: if (m_driverManager.getLockManager() != null) {
1639: try {
1640: writeLocks();
1641: } catch (Throwable t) {
1642: if (LOG.isErrorEnabled()) {
1643: LOG
1644: .error(
1645: org.opencms.lock.Messages
1646: .get()
1647: .getBundle()
1648: .key(
1649: org.opencms.lock.Messages.ERR_WRITE_LOCKS_FINAL_0),
1650: t);
1651: }
1652: }
1653: }
1654: m_driverManager.destroy();
1655: }
1656: } catch (Throwable t) {
1657: if (LOG.isErrorEnabled()) {
1658: LOG.error(Messages.get().getBundle().key(
1659: Messages.LOG_ERR_DRIVER_MANAGER_CLOSE_0), t);
1660: }
1661: }
1662:
1663: m_driverManager = null;
1664: m_dbContextFactory = null;
1665:
1666: if (CmsLog.INIT.isInfoEnabled()) {
1667: CmsLog.INIT.info(Messages.get().getBundle().key(
1668: Messages.INIT_SECURITY_MANAGER_SHUTDOWN_1,
1669: this .getClass().getName()));
1670: }
1671: }
1672:
1673: /**
1674: * Checks the availability of a resource in the VFS,
1675: * using the <code>{@link CmsResourceFilter#DEFAULT}</code> filter.<p>
1676: *
1677: * A resource may be of type <code>{@link CmsFile}</code> or
1678: * <code>{@link CmsFolder}</code>.<p>
1679: *
1680: * The specified filter controls what kind of resources should be "found"
1681: * during the read operation. This will depend on the application. For example,
1682: * using <code>{@link CmsResourceFilter#DEFAULT}</code> will only return currently
1683: * "valid" resources, while using <code>{@link CmsResourceFilter#IGNORE_EXPIRATION}</code>
1684: * will ignore the date release / date expired information of the resource.<p>
1685: *
1686: * This method also takes into account the user permissions, so if
1687: * the given resource exists, but the current user has not the required
1688: * permissions, then this method will return <code>false</code>.<p>
1689: *
1690: * @param context the current request context
1691: * @param resourcePath the name of the resource to read (full path)
1692: * @param filter the resource filter to use while reading
1693: *
1694: * @return <code>true</code> if the resource is available
1695: *
1696: * @see CmsObject#existsResource(String, CmsResourceFilter)
1697: * @see CmsObject#existsResource(String)
1698: */
1699: public boolean existsResource(CmsRequestContext context,
1700: String resourcePath, CmsResourceFilter filter) {
1701:
1702: boolean result = false;
1703: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1704: try {
1705: readResource(dbc, resourcePath, filter);
1706: result = true;
1707: } catch (Exception e) {
1708: result = false;
1709: } finally {
1710: dbc.clear();
1711: }
1712: return result;
1713: }
1714:
1715: /**
1716: * Fills the given publish list with the the VFS resources that actually get published.<p>
1717: *
1718: * Please refer to the source code of this method for the rules on how to decide whether a
1719: * new/changed/deleted <code>{@link CmsResource}</code> object can be published or not.<p>
1720: *
1721: * @param context the current request context
1722: * @param publishList must be initialized with basic publish information (Project or direct publish operation)
1723: *
1724: * @return the given publish list filled with all new/changed/deleted files from the current (offline) project
1725: * that will be published actually
1726: *
1727: * @throws CmsException if something goes wrong
1728: *
1729: * @see org.opencms.db.CmsPublishList
1730: */
1731: public CmsPublishList fillPublishList(CmsRequestContext context,
1732: CmsPublishList publishList) throws CmsException {
1733:
1734: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1735: try {
1736: m_driverManager.fillPublishList(dbc, publishList);
1737: checkPublishPermissions(dbc, publishList);
1738: } catch (Exception e) {
1739: if (publishList.isDirectPublish()) {
1740: dbc
1741: .report(
1742: null,
1743: Messages
1744: .get()
1745: .container(
1746: Messages.ERR_GET_PUBLISH_LIST_DIRECT_1,
1747: CmsFileUtil
1748: .formatResourceNames(
1749: context,
1750: publishList
1751: .getDirectPublishResources())),
1752: e);
1753: } else {
1754: dbc.report(null, Messages.get().container(
1755: Messages.ERR_GET_PUBLISH_LIST_PROJECT_1,
1756: context.currentProject().getName()), e);
1757: }
1758: } finally {
1759: dbc.clear();
1760: }
1761: return publishList;
1762: }
1763:
1764: /**
1765: * Returns the list of access control entries of a resource given its name.<p>
1766: *
1767: * @param context the current request context
1768: * @param resource the resource to read the access control entries for
1769: * @param getInherited true if the result should include all access control entries inherited by parent folders
1770: *
1771: * @return a list of <code>{@link CmsAccessControlEntry}</code> objects defining all permissions for the given resource
1772: *
1773: * @throws CmsException if something goes wrong
1774: */
1775: public List getAccessControlEntries(CmsRequestContext context,
1776: CmsResource resource, boolean getInherited)
1777: throws CmsException {
1778:
1779: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1780: List result = null;
1781: try {
1782: result = m_driverManager.getAccessControlEntries(dbc,
1783: resource, getInherited);
1784: } catch (Exception e) {
1785: dbc.report(null, Messages.get().container(
1786: Messages.ERR_GET_ACL_ENTRIES_1,
1787: context.getSitePath(resource)), e);
1788: } finally {
1789: dbc.clear();
1790: }
1791: return result;
1792: }
1793:
1794: /**
1795: * Returns the access control list (summarized access control entries) of a given resource.<p>
1796: *
1797: * If <code>inheritedOnly</code> is set, only inherited access control entries are returned.<p>
1798: *
1799: * @param context the current request context
1800: * @param resource the resource
1801: * @param inheritedOnly skip non-inherited entries if set
1802: *
1803: * @return the access control list of the resource
1804: *
1805: * @throws CmsException if something goes wrong
1806: */
1807: public CmsAccessControlList getAccessControlList(
1808: CmsRequestContext context, CmsResource resource,
1809: boolean inheritedOnly) throws CmsException {
1810:
1811: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1812: CmsAccessControlList result = null;
1813: try {
1814: result = m_driverManager.getAccessControlList(dbc,
1815: resource, inheritedOnly);
1816: } catch (Exception e) {
1817: dbc.report(null, Messages.get().container(
1818: Messages.ERR_GET_ACL_ENTRIES_1,
1819: context.getSitePath(resource)), e);
1820:
1821: } finally {
1822: dbc.clear();
1823: }
1824: return result;
1825: }
1826:
1827: /**
1828: * Returns all projects which are owned by the current user or which are
1829: * accessible for the group of the user.<p>
1830: *
1831: * @param context the current request context
1832: *
1833: * @return a list of objects of type <code>{@link CmsProject}</code>
1834: *
1835: * @throws CmsException if something goes wrong
1836: */
1837: public List getAllAccessibleProjects(CmsRequestContext context)
1838: throws CmsException {
1839:
1840: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1841: List result = null;
1842: try {
1843: result = m_driverManager.getAllAccessibleProjects(dbc);
1844: } catch (Exception e) {
1845: dbc.report(null, Messages.get().container(
1846: Messages.ERR_GET_ALL_ACCESSIBLE_PROJECTS_1,
1847: dbc.currentUser().getName()), e);
1848: } finally {
1849: dbc.clear();
1850: }
1851: return result;
1852: }
1853:
1854: /**
1855: * Returns a list with all projects from history.<p>
1856: *
1857: * @param context the current request context
1858: *
1859: * @return list of <code>{@link CmsHistoryProject}</code> objects
1860: * with all projects from history.
1861: *
1862: * @throws CmsException if operation was not successful
1863: */
1864: public List getAllHistoricalProjects(CmsRequestContext context)
1865: throws CmsException {
1866:
1867: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1868: List result = null;
1869: try {
1870: result = m_driverManager.getAllHistoricalProjects(dbc);
1871: } catch (Exception e) {
1872: dbc.report(null, Messages.get().container(
1873: Messages.ERR_GET_ALL_ACCESSIBLE_PROJECTS_1,
1874: dbc.currentUser().getName()), e);
1875: } finally {
1876: dbc.clear();
1877: }
1878: return result;
1879: }
1880:
1881: /**
1882: * Returns all projects which are owned by the current user or which are manageable
1883: * for the group of the user.<p>
1884: *
1885: * @param context the current request context
1886: *
1887: * @return a list of objects of type <code>{@link CmsProject}</code>
1888: *
1889: * @throws CmsException if operation was not successful
1890: */
1891: public List getAllManageableProjects(CmsRequestContext context)
1892: throws CmsException {
1893:
1894: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1895: List result = null;
1896: try {
1897: result = m_driverManager.getAllManageableProjects(dbc);
1898: } catch (Exception e) {
1899: dbc.report(null, Messages.get().container(
1900: Messages.ERR_GET_ALL_MANAGEABLE_PROJECTS_1,
1901: dbc.currentUser().getName()), e);
1902: } finally {
1903: dbc.clear();
1904: }
1905: return result;
1906: }
1907:
1908: /**
1909: * Returns all child groups of a group.<p>
1910: *
1911: * This method also returns all sub-child groups of the current group.<p>
1912: *
1913: * @param context the current request context
1914: * @param groupname the name of the group
1915: * @param includeSubChildren if set also returns all sub-child groups of the given group
1916: *
1917: * @return a list of all child <code>{@link CmsGroup}</code> objects or <code>null</code>
1918: *
1919: * @throws CmsException if operation was not successful
1920: */
1921: public List getChildren(CmsRequestContext context,
1922: String groupname, boolean includeSubChildren)
1923: throws CmsException {
1924:
1925: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1926: List result = null;
1927: try {
1928: result = m_driverManager.getChildren(dbc, m_driverManager
1929: .readGroup(dbc, CmsOrganizationalUnit
1930: .removeLeadingSeparator(groupname)),
1931: includeSubChildren);
1932: } catch (Exception e) {
1933: dbc.report(null, Messages.get().container(
1934: Messages.ERR_GET_CHILD_GROUPS_TRANSITIVE_1,
1935: groupname), e);
1936: } finally {
1937: dbc.clear();
1938: }
1939: return result;
1940: }
1941:
1942: /**
1943: * Returns all groups of the given organizational unit.<p>
1944: *
1945: * @param context the current request context
1946: * @param orgUnit the organizational unit to get the groups for
1947: * @param includeSubOus if all groups of sub-organizational units should be retrieved too
1948: * @param readRoles if to read roles or groups
1949: *
1950: * @return all <code>{@link CmsGroup}</code> objects in the organizational unit
1951: *
1952: * @throws CmsException if operation was not successful
1953: *
1954: * @see org.opencms.security.CmsOrgUnitManager#getResourcesForOrganizationalUnit(CmsObject, String)
1955: * @see org.opencms.security.CmsOrgUnitManager#getGroups(CmsObject, String, boolean)
1956: * @see org.opencms.security.CmsOrgUnitManager#getUsers(CmsObject, String, boolean)
1957: */
1958: public List getGroups(CmsRequestContext context,
1959: CmsOrganizationalUnit orgUnit, boolean includeSubOus,
1960: boolean readRoles) throws CmsException {
1961:
1962: List result = null;
1963: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1964: try {
1965: result = m_driverManager.getGroups(dbc, orgUnit,
1966: includeSubOus, readRoles);
1967: } catch (Exception e) {
1968: dbc.report(null, Messages.get().container(
1969: Messages.ERR_READ_ORGUNIT_GROUPS_1,
1970: orgUnit.getName()), e);
1971: } finally {
1972: dbc.clear();
1973: }
1974: return result;
1975: }
1976:
1977: /**
1978: * Returns the list of groups to which the user directly belongs to.<p>
1979: *
1980: * @param context the current request context
1981: * @param username The name of the user
1982: * @param ouFqn the fully qualified name of the organizational unit to restrict the result set for
1983: * @param includeChildOus include groups of child organizational units
1984: * @param readRoles if to read roles or groups
1985: * @param directGroupsOnly if set only the direct assigned groups will be returned, if not also indirect roles
1986: * @param remoteAddress the IP address to filter the groups in the result list
1987: *
1988: * @return a list of <code>{@link CmsGroup}</code> objects filtered by the given IP address
1989: *
1990: * @throws CmsException if operation was not successful
1991: */
1992: public List getGroupsOfUser(CmsRequestContext context,
1993: String username, String ouFqn, boolean includeChildOus,
1994: boolean readRoles, boolean directGroupsOnly,
1995: String remoteAddress) throws CmsException {
1996:
1997: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
1998: List result = null;
1999: try {
2000: result = m_driverManager
2001: .getGroupsOfUser(dbc, CmsOrganizationalUnit
2002: .removeLeadingSeparator(username),
2003: CmsOrganizationalUnit
2004: .removeLeadingSeparator(ouFqn),
2005: includeChildOus, readRoles,
2006: directGroupsOnly, remoteAddress);
2007: } catch (Exception e) {
2008: dbc.report(null, Messages.get().container(
2009: Messages.ERR_GET_GROUPS_OF_USER_2, username,
2010: remoteAddress), e);
2011: } finally {
2012: dbc.clear();
2013: }
2014: return result;
2015: }
2016:
2017: /**
2018: * Returns the lock state of a resource.<p>
2019: *
2020: * @param context the current request context
2021: * @param resource the resource to return the lock state for
2022: *
2023: * @return the lock state of the resource
2024: *
2025: * @throws CmsException if something goes wrong
2026: */
2027: public CmsLock getLock(CmsRequestContext context,
2028: CmsResource resource) throws CmsException {
2029:
2030: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2031: CmsLock result = null;
2032: try {
2033: result = m_driverManager.getLock(dbc, resource);
2034: } catch (Exception e) {
2035: dbc.report(null, Messages.get().container(
2036: Messages.ERR_GET_LOCK_1,
2037: context.getSitePath(resource)), e);
2038: } finally {
2039: dbc.clear();
2040: }
2041: return result;
2042: }
2043:
2044: /**
2045: * Returns all locked resources in a given folder.<p>
2046: *
2047: * @param context the current request context
2048: * @param resource the folder to search in
2049: * @param filter the lock filter
2050: *
2051: * @return a list of locked resource paths (relative to current site)
2052: *
2053: * @throws CmsException if something goes wrong
2054: */
2055: public List getLockedResources(CmsRequestContext context,
2056: CmsResource resource, CmsLockFilter filter)
2057: throws CmsException {
2058:
2059: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2060: List result = null;
2061: try {
2062: checkOfflineProject(dbc);
2063: checkPermissions(dbc, resource,
2064: CmsPermissionSet.ACCESS_READ, false,
2065: CmsResourceFilter.ALL);
2066: result = m_driverManager.getLockedResources(dbc, resource,
2067: filter);
2068: } catch (Exception e) {
2069: dbc.report(null, Messages.get().container(
2070: Messages.ERR_COUNT_LOCKED_RESOURCES_FOLDER_1,
2071: context.getSitePath(resource)), e);
2072: } finally {
2073: dbc.clear();
2074: }
2075: return result;
2076: }
2077:
2078: /**
2079: * Returns the lock manger.<p>
2080: *
2081: * @return the lock manager
2082: */
2083: public CmsLockManager getLockManager() {
2084:
2085: return m_lockManager;
2086: }
2087:
2088: /**
2089: * Returns all resources of organizational units for which the current user has
2090: * the given role role.<p>
2091: *
2092: * @param context the current request context
2093: * @param role the role to check
2094: *
2095: * @return a list of {@link org.opencms.file.CmsResource} objects
2096: *
2097: * @throws CmsException if something goes wrong
2098: */
2099: public List getManageableResources(CmsRequestContext context,
2100: CmsRole role) throws CmsException {
2101:
2102: List resources;
2103: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2104: try {
2105: resources = getManageableResources(dbc, role);
2106: } finally {
2107: dbc.clear();
2108: }
2109: return resources;
2110: }
2111:
2112: /**
2113: * Returns all child organizational units of the given parent organizational unit including
2114: * hierarchical deeper organization units if needed.<p>
2115: *
2116: * @param context the current request context
2117: * @param parent the parent organizational unit
2118: * @param includeChildren if hierarchical deeper organization units should also be returned
2119: *
2120: * @return a list of <code>{@link CmsOrganizationalUnit}</code> objects
2121: *
2122: * @throws CmsException if operation was not successful
2123: *
2124: * @see org.opencms.security.CmsOrgUnitManager#getOrganizationalUnits(CmsObject, String, boolean)
2125: */
2126: public List getOrganizationalUnits(CmsRequestContext context,
2127: CmsOrganizationalUnit parent, boolean includeChildren)
2128: throws CmsException {
2129:
2130: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2131: List result = null;
2132: try {
2133: result = m_driverManager.getOrganizationalUnits(dbc,
2134: parent, includeChildren);
2135: } catch (Exception e) {
2136: dbc.report(null, Messages.get().container(
2137: Messages.ERR_GET_ORGUNITS_1, parent.getName()), e);
2138: } finally {
2139: dbc.clear();
2140: }
2141: return result;
2142: }
2143:
2144: /**
2145: * Returns all the organizational units for which the current user has the given role.<p>
2146: *
2147: * @param requestContext the current request context
2148: * @param role the role to check
2149: * @param includeSubOus if sub organizational units should be included in the search
2150: *
2151: * @return a list of {@link org.opencms.security.CmsOrganizationalUnit} objects
2152: *
2153: * @throws CmsException if something goes wrong
2154: */
2155: public List getOrgUnitsForRole(CmsRequestContext requestContext,
2156: CmsRole role, boolean includeSubOus) throws CmsException {
2157:
2158: CmsDbContext dbc = m_dbContextFactory
2159: .getDbContext(requestContext);
2160: List result = null;
2161: try {
2162: result = m_driverManager.getOrgUnitsForRole(dbc, role,
2163: includeSubOus);
2164: } catch (Exception e) {
2165: dbc.report(null, Messages.get().container(
2166: Messages.ERR_GET_ORGUNITS_ROLE_1,
2167: role.getName(requestContext.getLocale())), e);
2168: } finally {
2169: dbc.clear();
2170: }
2171: return result;
2172: }
2173:
2174: /**
2175: * Returns the parent group of a group.<p>
2176: *
2177: * @param context the current request context
2178: * @param groupname the name of the group
2179: *
2180: * @return group the parent group or <code>null</code>
2181: *
2182: * @throws CmsException if operation was not successful
2183: */
2184: public CmsGroup getParent(CmsRequestContext context,
2185: String groupname) throws CmsException {
2186:
2187: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2188: CmsGroup result = null;
2189: try {
2190: result = m_driverManager.getParent(dbc,
2191: CmsOrganizationalUnit
2192: .removeLeadingSeparator(groupname));
2193: } catch (Exception e) {
2194: dbc.report(null, Messages.get().container(
2195: Messages.ERR_GET_PARENT_GROUP_1, groupname), e);
2196: } finally {
2197: dbc.clear();
2198: }
2199: return result;
2200: }
2201:
2202: /**
2203: * Returns the set of permissions of the current user for a given resource.<p>
2204: *
2205: * @param context the current request context
2206: * @param resource the resource
2207: * @param user the user
2208: *
2209: * @return bit set with allowed permissions
2210: *
2211: * @throws CmsException if something goes wrong
2212: */
2213: public CmsPermissionSetCustom getPermissions(
2214: CmsRequestContext context, CmsResource resource,
2215: CmsUser user) throws CmsException {
2216:
2217: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2218: CmsPermissionSetCustom result = null;
2219: try {
2220: result = m_driverManager
2221: .getPermissions(dbc, resource, user);
2222: } catch (Exception e) {
2223: dbc.report(null, Messages.get().container(
2224: Messages.ERR_GET_PERMISSIONS_2, user.getName(),
2225: context.getSitePath(resource)), e);
2226: } finally {
2227: dbc.clear();
2228: }
2229: return result;
2230: }
2231:
2232: /**
2233: * Returns the uuid id for the given id,
2234: * remove this method as soon as possible.<p>
2235: *
2236: * @param context the current cms context
2237: * @param id the old project id
2238: *
2239: * @return the new uuid for the given id
2240: *
2241: * @throws CmsException if something goes wrong
2242: */
2243: public CmsUUID getProjectId(CmsRequestContext context, int id)
2244: throws CmsException {
2245:
2246: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2247: CmsUUID result = null;
2248: try {
2249: result = m_driverManager.getProjectId(dbc, id);
2250: } catch (CmsException e) {
2251: dbc.report(null, e.getMessageContainer(), e);
2252: } finally {
2253: dbc.clear();
2254: }
2255: return result;
2256: }
2257:
2258: /**
2259: * Returns a new publish list that contains the unpublished resources related
2260: * to all resources in the given publish list, the related resources exclude
2261: * all resources in the given publish list and also locked (by other users) resources.<p>
2262: *
2263: * @param context the current cms context
2264: * @param publishList the publish list to exclude from result
2265: * @param filter the relation filter to use to get the related resources
2266: *
2267: * @return a new publish list that contains the related resources
2268: *
2269: * @throws CmsException if something goes wrong
2270: *
2271: * @see org.opencms.publish.CmsPublishManager#getRelatedResourcesToPublish(CmsObject, CmsPublishList)
2272: */
2273: public CmsPublishList getRelatedResourcesToPublish(
2274: CmsRequestContext context, CmsPublishList publishList,
2275: CmsRelationFilter filter) throws CmsException {
2276:
2277: if (!publishList.isDirectPublish()) {
2278: throw new CmsIllegalArgumentException(
2279: Messages
2280: .get()
2281: .container(
2282: Messages.ERR_GET_RELATED_RESOURCES_PUBLISH_PROJECT_0));
2283: }
2284:
2285: CmsPublishList ret = null;
2286: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2287: try {
2288: ret = m_driverManager.getRelatedResourcesToPublish(dbc,
2289: publishList, filter);
2290: checkPublishPermissions(dbc, ret);
2291: } catch (Exception e) {
2292: dbc
2293: .report(
2294: null,
2295: Messages
2296: .get()
2297: .container(
2298: Messages.ERR_GET_RELATED_RESOURCES_PUBLISH_DIRECT_1,
2299: CmsFileUtil
2300: .formatResourceNames(
2301: context,
2302: publishList
2303: .getDirectPublishResources())),
2304: e);
2305: } finally {
2306: dbc.clear();
2307: }
2308: return ret;
2309: }
2310:
2311: /**
2312: * Returns all relations for the given resource matching the given filter.<p>
2313: *
2314: * @param context the current user context
2315: * @param resource the resource to retrieve the relations for
2316: * @param filter the filter to match the relation
2317: *
2318: * @return all {@link org.opencms.relations.CmsRelation} objects for the given resource matching the given filter
2319: *
2320: * @throws CmsException if something goes wrong
2321: *
2322: * @see CmsObject#getRelationsForResource(String, CmsRelationFilter)
2323: */
2324: public List getRelationsForResource(CmsRequestContext context,
2325: CmsResource resource, CmsRelationFilter filter)
2326: throws CmsException {
2327:
2328: List result = null;
2329: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2330: try {
2331: // check the access permissions
2332: checkPermissions(dbc, resource,
2333: CmsPermissionSet.ACCESS_VIEW, false,
2334: CmsResourceFilter.ALL);
2335: result = m_driverManager.getRelationsForResource(dbc,
2336: resource, filter);
2337: } catch (Exception e) {
2338: dbc.report(null, Messages.get().container(
2339: Messages.ERR_READ_RELATIONS_1,
2340: context.removeSiteRoot(resource.getRootPath())), e);
2341: } finally {
2342: dbc.clear();
2343: }
2344: return result;
2345: }
2346:
2347: /**
2348: * Returns all resources of the given organizational unit.<p>
2349: *
2350: * @param context the current request context
2351: * @param orgUnit the organizational unit to get all resources for
2352: *
2353: * @return all <code>{@link CmsResource}</code> objects in the organizational unit
2354: *
2355: * @throws CmsException if operation was not successful
2356: *
2357: * @see org.opencms.security.CmsOrgUnitManager#getResourcesForOrganizationalUnit(CmsObject, String)
2358: * @see org.opencms.security.CmsOrgUnitManager#getGroups(CmsObject, String, boolean)
2359: * @see org.opencms.security.CmsOrgUnitManager#getUsers(CmsObject, String, boolean)
2360: */
2361: public List getResourcesForOrganizationalUnit(
2362: CmsRequestContext context, CmsOrganizationalUnit orgUnit)
2363: throws CmsException {
2364:
2365: List result = null;
2366: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2367: try {
2368: result = m_driverManager.getResourcesForOrganizationalUnit(
2369: dbc, orgUnit);
2370: } catch (Exception e) {
2371: dbc.report(null, Messages.get().container(
2372: Messages.ERR_READ_ORGUNIT_RESOURCES_1,
2373: orgUnit.getName()), e);
2374: } finally {
2375: dbc.clear();
2376: }
2377: return result;
2378: }
2379:
2380: /**
2381: * Returns all resources associated to a given principal via an ACE with the given permissions.<p>
2382: *
2383: * If the <code>includeAttr</code> flag is set it returns also all resources associated to
2384: * a given principal through some of following attributes.<p>
2385: *
2386: * <ul>
2387: * <li>User Created</li>
2388: * <li>User Last Modified</li>
2389: * </ul><p>
2390: *
2391: * @param context the current request context
2392: * @param principalId the id of the principal
2393: * @param permissions a set of permissions to match, can be <code>null</code> for all ACEs
2394: * @param includeAttr a flag to include resources associated by attributes
2395: *
2396: * @return a list of <code>{@link CmsResource}</code> objects
2397: *
2398: * @throws CmsException if something goes wrong
2399: */
2400: public List getResourcesForPrincipal(CmsRequestContext context,
2401: CmsUUID principalId, CmsPermissionSet permissions,
2402: boolean includeAttr) throws CmsException {
2403:
2404: List dependencies;
2405: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2406: try {
2407: dependencies = m_driverManager.getResourcesForPrincipal(
2408: dbc, dbc.currentProject(), principalId,
2409: permissions, includeAttr);
2410: } catch (Exception e) {
2411: dbc.report(null, Messages.get().container(
2412: Messages.ERR_READ_RESOURCES_FOR_PRINCIPAL_LOG_1,
2413: principalId), e);
2414: dependencies = new ArrayList();
2415: } finally {
2416: dbc.clear();
2417: }
2418: return dependencies;
2419: }
2420:
2421: /**
2422: * Returns all roles the given user has for the given resource.<p>
2423: *
2424: * @param context the current request context
2425: * @param user the user to check
2426: * @param resource the resource to check the roles for
2427: *
2428: * @return a list of {@link CmsRole} objects
2429: *
2430: * @throws CmsException is something goes wrong
2431: */
2432: public List getRolesForResource(CmsRequestContext context,
2433: CmsUser user, CmsResource resource) throws CmsException {
2434:
2435: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2436: List result = null;
2437: try {
2438: result = m_driverManager.getRolesForResource(dbc, user,
2439: resource);
2440: } catch (Exception e) {
2441: dbc.report(null, Messages.get().container(
2442: Messages.ERR_GET_ROLES_FOR_RESOURCE_2,
2443: user.getName(), context.getSitePath(resource)), e);
2444: } finally {
2445: dbc.clear();
2446: }
2447: return result;
2448: }
2449:
2450: /**
2451: * Returns an instance of the common sql manager.<p>
2452: *
2453: * @return an instance of the common sql manager
2454: */
2455: public CmsSqlManager getSqlManager() {
2456:
2457: return m_driverManager.getSqlManager();
2458: }
2459:
2460: /**
2461: * Returns all users of the given organizational unit.<p>
2462: *
2463: * @param context the current request context
2464: * @param orgUnit the organizational unit to get the users for
2465: * @param recursive if all users of sub-organizational units should be retrieved too
2466: *
2467: * @return all <code>{@link CmsUser}</code> objects in the organizational unit
2468: *
2469: * @throws CmsException if operation was not successful
2470: *
2471: * @see org.opencms.security.CmsOrgUnitManager#getResourcesForOrganizationalUnit(CmsObject, String)
2472: * @see org.opencms.security.CmsOrgUnitManager#getGroups(CmsObject, String, boolean)
2473: * @see org.opencms.security.CmsOrgUnitManager#getUsers(CmsObject, String, boolean)
2474: */
2475: public List getUsers(CmsRequestContext context,
2476: CmsOrganizationalUnit orgUnit, boolean recursive)
2477: throws CmsException {
2478:
2479: List result = null;
2480: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2481: try {
2482: result = m_driverManager.getUsers(dbc, orgUnit, recursive);
2483: } catch (Exception e) {
2484: dbc.report(null, Messages.get().container(
2485: Messages.ERR_READ_ORGUNIT_USERS_1,
2486: orgUnit.getName()), e);
2487: } finally {
2488: dbc.clear();
2489: }
2490: return result;
2491: }
2492:
2493: /**
2494: * Returns a list of users in a group.<p>
2495: *
2496: * @param context the current request context
2497: * @param groupname the name of the group to list users from
2498: * @param includeOtherOuUsers include users of other organizational units
2499: * @param directUsersOnly if set only the direct assigned users will be returned,
2500: * if not also indirect users, ie. members of child groups
2501: * @param readRoles if to read roles or groups
2502: *
2503: * @return all <code>{@link CmsUser}</code> objects in the group
2504: *
2505: * @throws CmsException if operation was not successful
2506: */
2507: public List getUsersOfGroup(CmsRequestContext context,
2508: String groupname, boolean includeOtherOuUsers,
2509: boolean directUsersOnly, boolean readRoles)
2510: throws CmsException {
2511:
2512: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2513: List result = null;
2514: try {
2515: result = m_driverManager.getUsersOfGroup(dbc,
2516: CmsOrganizationalUnit
2517: .removeLeadingSeparator(groupname),
2518: includeOtherOuUsers, directUsersOnly, readRoles);
2519: } catch (Exception e) {
2520: dbc.report(null, Messages.get().container(
2521: Messages.ERR_GET_USERS_OF_GROUP_1, groupname), e);
2522: } finally {
2523: dbc.clear();
2524: }
2525: return result;
2526: }
2527:
2528: /**
2529: * Performs a non-blocking permission check on a resource.<p>
2530: *
2531: * This test will not throw an exception in case the required permissions are not
2532: * available for the requested operation. Instead, it will return one of the
2533: * following values:<ul>
2534: * <li><code>{@link I_CmsPermissionHandler#PERM_ALLOWED}</code></li>
2535: * <li><code>{@link I_CmsPermissionHandler#PERM_FILTERED}</code></li>
2536: * <li><code>{@link I_CmsPermissionHandler#PERM_DENIED}</code></li></ul><p>
2537: *
2538: * @param context the current request context
2539: * @param resource the resource on which permissions are required
2540: * @param requiredPermissions the set of permissions required for the operation
2541: * @param checkLock if true, a lock for the current user is required for
2542: * all write operations, if false it's ok to write as long as the resource
2543: * is not locked by another user
2544: * @param filter the resource filter to use
2545: *
2546: * @return <code>{@link I_CmsPermissionHandler#PERM_ALLOWED}</code> if the user has sufficient permissions on the resource
2547: * for the requested operation
2548: *
2549: * @throws CmsException in case of i/o errors (NOT because of insufficient permissions)
2550: *
2551: * @see #hasPermissions(CmsDbContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter)
2552: */
2553: public I_CmsPermissionHandler.CmsPermissionCheckResult hasPermissions(
2554: CmsRequestContext context, CmsResource resource,
2555: CmsPermissionSet requiredPermissions, boolean checkLock,
2556: CmsResourceFilter filter) throws CmsException {
2557:
2558: I_CmsPermissionHandler.CmsPermissionCheckResult result = null;
2559: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2560: try {
2561: result = hasPermissions(dbc, resource, requiredPermissions,
2562: checkLock, filter);
2563: } finally {
2564: dbc.clear();
2565: }
2566: return result;
2567: }
2568:
2569: /**
2570: * Checks if the given user has the given role in the given organizational unit.<p>
2571: *
2572: * If the organizational unit is <code>null</code>, this method will check if the
2573: * given user has the given role for at least one organizational unit.<p>
2574: *
2575: * @param dbc the current OpenCms users database context
2576: * @param user the user to check the role for
2577: * @param role the role to check
2578: *
2579: * @return <code>true</code> if the given user has the given role in the given organizational unit
2580: */
2581: public boolean hasRole(CmsDbContext dbc, CmsUser user, CmsRole role) {
2582:
2583: // try to read from cache
2584: String key = user.getName().toString() + role.getGroupName()
2585: + role.getOuFqn();
2586: Boolean result = OpenCms.getMemoryMonitor().getCachedRole(key);
2587: if (result != null) {
2588: return result.booleanValue();
2589: }
2590:
2591: // read all roles of the current user
2592: List roles;
2593: try {
2594: roles = m_driverManager.getGroupsOfUser(dbc,
2595: user.getName(), "", true, true, false, dbc
2596: .getRequestContext().getRemoteAddress());
2597: } catch (CmsException e) {
2598: if (LOG.isErrorEnabled()) {
2599: LOG.error(e.getLocalizedMessage(), e);
2600: }
2601: // any exception: return false
2602: return false;
2603: }
2604:
2605: result = Boolean.valueOf(hasRole(role, roles));
2606: OpenCms.getMemoryMonitor()
2607: .cacheRole(key, result.booleanValue());
2608: return result.booleanValue();
2609: }
2610:
2611: /**
2612: * Checks if the given user has the given role in the given organizational unit.<p>
2613: *
2614: * If the organizational unit is <code>null</code>, this method will check if the
2615: * given user has the given role for at least one organizational unit.<p>
2616: *
2617: * @param context the current request context
2618: * @param user the user to check the role for
2619: * @param role the role to check
2620: *
2621: * @return <code>true</code> if the given user has the given role in the given organizational unit
2622: */
2623: public boolean hasRole(CmsRequestContext context, CmsUser user,
2624: CmsRole role) {
2625:
2626: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2627: boolean result;
2628: try {
2629: result = hasRole(dbc, user, role);
2630: } finally {
2631: dbc.clear();
2632: }
2633: return result;
2634: }
2635:
2636: /**
2637: * Checks if the given user has the given role for the given resource.<p>
2638: *
2639: * @param dbc the current OpenCms users database context
2640: * @param user the user to check the role for
2641: * @param role the role to check
2642: * @param resource the resource to check the role for
2643: *
2644: * @return <code>true</code> if the given user has the given role for the given resource
2645: */
2646: public boolean hasRoleForResource(CmsDbContext dbc, CmsUser user,
2647: CmsRole role, CmsResource resource) {
2648:
2649: // guest user has no role
2650: if (user.isGuestUser()) {
2651: return false;
2652: }
2653:
2654: // try to read from cache
2655: String key = user.getId().toString() + role.getGroupName()
2656: + resource.getRootPath();
2657: Boolean result = OpenCms.getMemoryMonitor().getCachedRole(key);
2658: if (result != null) {
2659: return result.booleanValue();
2660: }
2661:
2662: // read all roles of the current user
2663: List roles;
2664: try {
2665: roles = new ArrayList(m_driverManager.getGroupsOfUser(dbc,
2666: user.getName(), "", true, true, true, dbc
2667: .getRequestContext().getRemoteAddress()));
2668: } catch (CmsException e) {
2669: if (LOG.isErrorEnabled()) {
2670: LOG.error(e.getLocalizedMessage(), e);
2671: }
2672: // any exception: return false
2673: return false;
2674: }
2675:
2676: // first check the user has the role at all
2677: if (!hasRole(role.forOrgUnit(null), roles)) {
2678: result = Boolean.FALSE;
2679: }
2680:
2681: // then check if one applies to the given resource
2682: Iterator it = roles.iterator();
2683: while ((result == null) && it.hasNext()) {
2684: CmsGroup group = (CmsGroup) it.next();
2685: CmsRole givenRole = CmsRole.valueOf(group);
2686: if (hasRole(role.forOrgUnit(null), Collections
2687: .singletonList(group))) {
2688: // we have the same role, now check the resource if needed
2689: if (givenRole.getOuFqn() != null) {
2690: try {
2691: CmsOrganizationalUnit orgUnit = m_driverManager
2692: .readOrganizationalUnit(dbc, givenRole
2693: .getOuFqn());
2694: Iterator itResources = m_driverManager
2695: .getResourcesForOrganizationalUnit(dbc,
2696: orgUnit).iterator();
2697: while (itResources.hasNext()) {
2698: CmsResource givenResource = (CmsResource) itResources
2699: .next();
2700: if (resource.getRootPath().startsWith(
2701: givenResource.getRootPath())) {
2702: result = Boolean.TRUE;
2703: break;
2704: }
2705: }
2706: } catch (CmsException e) {
2707: if (LOG.isErrorEnabled()) {
2708: LOG.error(e.getLocalizedMessage(), e);
2709: }
2710: // ignore
2711: }
2712: } else {
2713: result = Boolean.TRUE;
2714: }
2715: }
2716: }
2717:
2718: if (result == null) {
2719: result = Boolean.FALSE;
2720: }
2721: OpenCms.getMemoryMonitor()
2722: .cacheRole(key, result.booleanValue());
2723: return result.booleanValue();
2724: }
2725:
2726: /**
2727: * Checks if the given user has the given role for the given resource.<p>
2728: *
2729: * @param context the current request context
2730: * @param user the user to check
2731: * @param role the role to check
2732: * @param resource the resource to check the role for
2733: *
2734: * @return <code>true</code> if the given user has the given role for the given resource
2735: */
2736: public boolean hasRoleForResource(CmsRequestContext context,
2737: CmsUser user, CmsRole role, CmsResource resource) {
2738:
2739: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2740: boolean result;
2741: try {
2742: result = hasRoleForResource(dbc, user, role, resource);
2743: } finally {
2744: dbc.clear();
2745: }
2746: return result;
2747: }
2748:
2749: /**
2750: * Writes a list of access control entries as new access control entries of a given resource.<p>
2751: *
2752: * Already existing access control entries of this resource are removed before.<p>
2753: *
2754: * Access is granted, if:<p>
2755: * <ul>
2756: * <li>the current user has control permission on the resource</li>
2757: * </ul><p>
2758: *
2759: * @param context the current request context
2760: * @param resource the resource
2761: * @param acEntries a list of <code>{@link CmsAccessControlEntry}</code> objects
2762: *
2763: * @throws CmsException if something goes wrong
2764: * @throws CmsSecurityException if the required permissions are not satisfied
2765: */
2766: public void importAccessControlEntries(CmsRequestContext context,
2767: CmsResource resource, List acEntries) throws CmsException,
2768: CmsSecurityException {
2769:
2770: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2771: try {
2772: checkOfflineProject(dbc);
2773: checkPermissions(dbc, resource,
2774: CmsPermissionSet.ACCESS_CONTROL, true,
2775: CmsResourceFilter.ALL);
2776: m_driverManager.importAccessControlEntries(dbc, resource,
2777: acEntries);
2778: } catch (Exception e) {
2779: dbc.report(null, Messages.get().container(
2780: Messages.ERR_IMPORT_ACL_ENTRIES_1,
2781: context.getSitePath(resource)), e);
2782: } finally {
2783: dbc.clear();
2784: }
2785: }
2786:
2787: /**
2788: * Creates a new resource with the provided content and properties.<p>
2789: *
2790: * The <code>content</code> parameter may be null if the resource id already exists.
2791: * If so, the created resource will be made a sibling of the existing resource,
2792: * the existing content will remain unchanged.
2793: * This is used during file import for import of siblings as the
2794: * <code>manifest.xml</code> only contains one binary copy per file.
2795: * If the resource id exists but the <code>content</code> is not null,
2796: * the created resource will be made a sibling of the existing resource,
2797: * and both will share the new content.<p>
2798: *
2799: * @param context the current request context
2800: * @param resourcePath the name of the resource to create (full path)
2801: * @param resource the new resource to create
2802: * @param content the content for the new resource
2803: * @param properties the properties for the new resource
2804: * @param importCase if <code>true</code>, signals that this operation is done while importing resource,
2805: * causing different lock behavior and potential "lost and found" usage
2806: *
2807: * @return the created resource
2808: *
2809: * @throws CmsException if something goes wrong
2810: */
2811: public CmsResource importResource(CmsRequestContext context,
2812: String resourcePath, CmsResource resource, byte[] content,
2813: List properties, boolean importCase) throws CmsException {
2814:
2815: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2816: CmsResource newResource = null;
2817: try {
2818: checkOfflineProject(dbc);
2819: newResource = m_driverManager.createResource(dbc,
2820: resourcePath, resource, content, properties,
2821: importCase);
2822: } catch (Exception e) {
2823: dbc.report(null, Messages.get().container(
2824: Messages.ERR_IMPORT_RESOURCE_2,
2825: context.getSitePath(resource), resourcePath), e);
2826: } finally {
2827: dbc.clear();
2828: }
2829: return newResource;
2830: }
2831:
2832: /**
2833: * Creates a new user by import.<p>
2834: *
2835: * @param context the current request context
2836: * @param id the id of the user
2837: * @param name the new name for the user
2838: * @param password the new password for the user
2839: * @param firstname the first name of the user
2840: * @param lastname the last name of the user
2841: * @param email the email of the user
2842: * @param flags the flags for a user (for example <code>{@link I_CmsPrincipal#FLAG_ENABLED}</code>)
2843: * @param dateCreated the creation date
2844: * @param additionalInfos the additional user infos
2845: *
2846: * @return the imported user
2847: *
2848: * @throws CmsException if something goes wrong
2849: * @throws CmsRoleViolationException if the role {@link CmsRole#ACCOUNT_MANAGER} is not owned by the current user.
2850: */
2851: public CmsUser importUser(CmsRequestContext context, String id,
2852: String name, String password, String firstname,
2853: String lastname, String email, int flags, long dateCreated,
2854: Map additionalInfos) throws CmsException,
2855: CmsRoleViolationException {
2856:
2857: CmsUser newUser = null;
2858:
2859: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2860:
2861: try {
2862: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
2863: .forOrgUnit(getParentOrganizationalUnit(name)));
2864: newUser = m_driverManager.importUser(dbc, id,
2865: CmsOrganizationalUnit.removeLeadingSeparator(name),
2866: password, firstname, lastname, email, flags,
2867: dateCreated, additionalInfos);
2868:
2869: } catch (Exception e) {
2870: dbc.report(null, Messages.get().container(
2871: Messages.ERR_IMPORT_USER_7,
2872: new Object[] { id, name, firstname, lastname,
2873: email, new Integer(flags),
2874: new Date(dateCreated), additionalInfos }),
2875: e);
2876: } finally {
2877: dbc.clear();
2878: }
2879:
2880: return newUser;
2881: }
2882:
2883: /**
2884: * Initializes this security manager with a given runtime info factory.<p>
2885: *
2886: * @param configurationManager the configurationManager
2887: * @param dbContextFactory the initialized OpenCms runtime info factory
2888: * @param publishEngine the publish engine
2889: *
2890: * @throws CmsInitException if the initialization fails
2891: */
2892: public void init(CmsConfigurationManager configurationManager,
2893: I_CmsDbContextFactory dbContextFactory,
2894: CmsPublishEngine publishEngine) throws CmsInitException {
2895:
2896: if (dbContextFactory == null) {
2897: throw new CmsInitException(
2898: org.opencms.main.Messages
2899: .get()
2900: .container(
2901: org.opencms.main.Messages.ERR_CRITICAL_NO_DB_CONTEXT_0));
2902: }
2903:
2904: m_dbContextFactory = dbContextFactory;
2905:
2906: CmsSystemConfiguration systemConfiguration = (CmsSystemConfiguration) configurationManager
2907: .getConfiguration(CmsSystemConfiguration.class);
2908:
2909: // create the driver manager
2910: m_driverManager = CmsDriverManager.newInstance(
2911: configurationManager, this , dbContextFactory,
2912: publishEngine);
2913:
2914: try {
2915: // invoke the init method of the driver manager
2916: m_driverManager.init(configurationManager);
2917: if (CmsLog.INIT.isInfoEnabled()) {
2918: CmsLog.INIT
2919: .info(Messages
2920: .get()
2921: .getBundle()
2922: .key(
2923: Messages.INIT_DRIVER_MANAGER_START_PHASE4_OK_0));
2924: }
2925: } catch (Exception exc) {
2926: CmsMessageContainer message = Messages.get().container(
2927: Messages.LOG_ERR_DRIVER_MANAGER_START_0);
2928: if (LOG.isFatalEnabled()) {
2929: LOG.fatal(message.key(), exc);
2930: }
2931: throw new CmsInitException(message, exc);
2932: }
2933:
2934: // create a new lock manager
2935: m_lockManager = m_driverManager.getLockManager();
2936:
2937: // initialize the permission handler
2938: String permHandlerClassName = systemConfiguration
2939: .getPermissionHandler();
2940: if (permHandlerClassName == null) {
2941: // use default implementation
2942: m_permissionHandler = new CmsDefaultPermissionHandler();
2943: } else {
2944: // use configured permission handler
2945: try {
2946: m_permissionHandler = (I_CmsPermissionHandler) Class
2947: .forName(permHandlerClassName).newInstance();
2948: } catch (Exception e) {
2949: throw new CmsInitException(
2950: org.opencms.main.Messages
2951: .get()
2952: .container(
2953: org.opencms.main.Messages.ERR_CRITICAL_CLASS_CREATION_1,
2954: permHandlerClassName), e);
2955: }
2956: }
2957:
2958: m_permissionHandler.init(m_driverManager, systemConfiguration);
2959:
2960: if (CmsLog.INIT.isInfoEnabled()) {
2961: CmsLog.INIT.info(Messages.get().getBundle().key(
2962: Messages.INIT_SECURITY_MANAGER_INIT_0));
2963: }
2964: }
2965:
2966: /**
2967: * Checks if the specified resource is inside the current project.<p>
2968: *
2969: * The project "view" is determined by a set of path prefixes.
2970: * If the resource starts with any one of this prefixes, it is considered to
2971: * be "inside" the project.<p>
2972: *
2973: * @param context the current request context
2974: * @param resourcename the specified resource name (full path)
2975: *
2976: * @return <code>true</code>, if the specified resource is inside the current project
2977: */
2978: public boolean isInsideCurrentProject(CmsRequestContext context,
2979: String resourcename) {
2980:
2981: boolean result = false;
2982: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
2983: try {
2984: result = m_driverManager.isInsideCurrentProject(dbc,
2985: resourcename);
2986: } finally {
2987: dbc.clear();
2988: }
2989: return result;
2990: }
2991:
2992: /**
2993: * Checks if the current user has management access to the current project.<p>
2994: *
2995: * @param context the current request context
2996: *
2997: * @return <code>true</code>, if the user has management access to the current project
2998: */
2999: public boolean isManagerOfProject(CmsRequestContext context) {
3000:
3001: try {
3002: return getAllManageableProjects(context).contains(
3003: context.currentProject());
3004: } catch (CmsException e) {
3005: // should never happen
3006: if (LOG.isErrorEnabled()) {
3007: LOG.error(e.getLocalizedMessage(), e);
3008: }
3009: return false;
3010: }
3011: }
3012:
3013: /**
3014: * Locks a resource.<p>
3015: *
3016: * The <code>type</code> parameter controls what kind of lock is used.<br>
3017: * Possible values for this parameter are: <br>
3018: * <ul>
3019: * <li><code>{@link org.opencms.lock.CmsLockType#EXCLUSIVE}</code></li>
3020: * <li><code>{@link org.opencms.lock.CmsLockType#TEMPORARY}</code></li>
3021: * <li><code>{@link org.opencms.lock.CmsLockType#PUBLISH}</code></li>
3022: * </ul><p>
3023: *
3024: * @param context the current request context
3025: * @param resource the resource to lock
3026: * @param type type of the lock
3027: *
3028: * @throws CmsException if something goes wrong
3029: *
3030: * @see CmsObject#lockResource(String)
3031: * @see CmsObject#lockResourceTemporary(String)
3032: * @see org.opencms.file.types.I_CmsResourceType#lockResource(CmsObject, CmsSecurityManager, CmsResource, CmsLockType)
3033: */
3034: public void lockResource(CmsRequestContext context,
3035: CmsResource resource, CmsLockType type) throws CmsException {
3036:
3037: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3038: try {
3039: checkOfflineProject(dbc);
3040: checkPermissions(dbc, resource,
3041: CmsPermissionSet.ACCESS_WRITE, false,
3042: CmsResourceFilter.ALL);
3043: m_driverManager.lockResource(dbc, resource, type);
3044: } catch (Exception e) {
3045: dbc.report(null, Messages.get().container(
3046: Messages.ERR_LOCK_RESOURCE_2,
3047: context.getSitePath(resource), type.toString()), e);
3048: } finally {
3049: dbc.clear();
3050: }
3051: }
3052:
3053: /**
3054: * Attempts to authenticate a user into OpenCms with the given password.<p>
3055: *
3056: * @param context the current request context
3057: * @param username the name of the user to be logged in
3058: * @param password the password of the user
3059: * @param remoteAddress the ip address of the request
3060: *
3061: * @return the logged in user
3062: *
3063: * @throws CmsException if the login was not successful
3064: */
3065: public CmsUser loginUser(CmsRequestContext context,
3066: String username, String password, String remoteAddress)
3067: throws CmsException {
3068:
3069: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3070: CmsUser result = null;
3071: try {
3072: result = m_driverManager.loginUser(dbc,
3073: CmsOrganizationalUnit
3074: .removeLeadingSeparator(username),
3075: password, remoteAddress);
3076: } finally {
3077: dbc.clear();
3078: }
3079: return result;
3080: }
3081:
3082: /**
3083: * Lookup and read the user or group with the given UUID.<p>
3084: *
3085: * @param context the current request context
3086: * @param principalId the UUID of the principal to lookup
3087: *
3088: * @return the principal (group or user) if found, otherwise <code>null</code>
3089: */
3090: public I_CmsPrincipal lookupPrincipal(CmsRequestContext context,
3091: CmsUUID principalId) {
3092:
3093: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3094: I_CmsPrincipal result = null;
3095: try {
3096: result = m_driverManager.lookupPrincipal(dbc, principalId);
3097: } finally {
3098: dbc.clear();
3099: }
3100: return result;
3101: }
3102:
3103: /**
3104: * Lookup and read the user or group with the given name.<p>
3105: *
3106: * @param context the current request context
3107: * @param principalName the name of the principal to lookup
3108: *
3109: * @return the principal (group or user) if found, otherwise <code>null</code>
3110: */
3111: public I_CmsPrincipal lookupPrincipal(CmsRequestContext context,
3112: String principalName) {
3113:
3114: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3115: I_CmsPrincipal result = null;
3116: try {
3117: result = m_driverManager.lookupPrincipal(dbc,
3118: CmsOrganizationalUnit
3119: .removeLeadingSeparator(principalName));
3120: } finally {
3121: dbc.clear();
3122: }
3123: return result;
3124: }
3125:
3126: /**
3127: * Returns a new publish list that contains all resources of both given publish lists.<p>
3128: *
3129: * @param context the current request context
3130: * @param pubList1 the first publish list
3131: * @param pubList2 the second publish list
3132: *
3133: * @return a new publish list that contains all resources of both given publish lists
3134: *
3135: * @throws CmsException if something goes wrong
3136: *
3137: * @see org.opencms.publish.CmsPublishManager#mergePublishLists(CmsObject, CmsPublishList, CmsPublishList)
3138: */
3139: public CmsPublishList mergePublishLists(CmsRequestContext context,
3140: CmsPublishList pubList1, CmsPublishList pubList2)
3141: throws CmsException {
3142:
3143: CmsPublishList ret = null;
3144: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3145: try {
3146: // get all resources from the first list
3147: Set publishResources = new HashSet(pubList1
3148: .getAllResources());
3149: // get all resources from the second list
3150: publishResources.addAll(pubList2.getAllResources());
3151:
3152: // create merged publish list
3153: ret = new CmsPublishList(pubList1
3154: .getDirectPublishResources(), pubList1
3155: .isPublishSiblings(), pubList1
3156: .isPublishSubResources());
3157: ret.addAll(publishResources, false); // ignore files that should not be published
3158: ret.initialize(); // ensure sort order
3159:
3160: checkPublishPermissions(dbc, ret);
3161: } catch (Exception e) {
3162: dbc.report(null, Messages.get().container(
3163: Messages.ERR_MERGING_PUBLISH_LISTS_0), e);
3164: } finally {
3165: dbc.clear();
3166: }
3167: return ret;
3168: }
3169:
3170: /**
3171: * Moves a resource.<p>
3172: *
3173: * You must ensure that the destination path is an absolute, valid and
3174: * existing VFS path. Relative paths from the source are currently not supported.<p>
3175: *
3176: * The moved resource will always be locked to the current user
3177: * after the move operation.<p>
3178: *
3179: * In case the target resource already exists, it is overwritten with the
3180: * source resource.<p>
3181: *
3182: * @param context the current request context
3183: * @param source the resource to copy
3184: * @param destination the name of the copy destination with complete path
3185: *
3186: * @throws CmsException if something goes wrong
3187: * @throws CmsSecurityException if resource could not be copied
3188: *
3189: * @see CmsObject#moveResource(String, String)
3190: * @see org.opencms.file.types.I_CmsResourceType#moveResource(CmsObject, CmsSecurityManager, CmsResource, String)
3191: */
3192: public void moveResource(CmsRequestContext context,
3193: CmsResource source, String destination)
3194: throws CmsException, CmsSecurityException {
3195:
3196: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3197: try {
3198: checkOfflineProject(dbc);
3199: checkPermissions(dbc, source, CmsPermissionSet.ACCESS_READ,
3200: true, CmsResourceFilter.ALL);
3201: checkPermissions(dbc, source,
3202: CmsPermissionSet.ACCESS_WRITE, true,
3203: CmsResourceFilter.ALL);
3204: checkSystemLocks(dbc, source);
3205:
3206: // check write permissions for subresources in case of moving a folder
3207: if (source.isFolder()) {
3208: dbc.getRequestContext().setAttribute(
3209: I_CmsVfsDriver.REQ_ATTR_CHECK_PERMISSIONS,
3210: Boolean.TRUE);
3211: try {
3212: m_driverManager.getVfsDriver().moveResource(dbc,
3213: dbc.currentProject().getUuid(), source,
3214: destination);
3215: } catch (CmsDataAccessException e) {
3216: // unwrap the permission violation exception
3217: if (e.getCause() instanceof CmsPermissionViolationException) {
3218: throw (CmsPermissionViolationException) e
3219: .getCause();
3220: } else {
3221: throw e;
3222: }
3223: }
3224: dbc.getRequestContext().removeAttribute(
3225: I_CmsVfsDriver.REQ_ATTR_CHECK_PERMISSIONS);
3226: }
3227: moveResource(dbc, source, destination);
3228: } catch (Exception e) {
3229: dbc.report(null, Messages.get().container(
3230: Messages.ERR_MOVE_RESOURCE_2,
3231: dbc.removeSiteRoot(source.getRootPath()),
3232: dbc.removeSiteRoot(destination)), e);
3233: } finally {
3234: dbc.clear();
3235: }
3236: }
3237:
3238: /**
3239: * Moves a resource to the "lost and found" folder.<p>
3240: *
3241: * The method can also be used to check get the name of a resource
3242: * in the "lost and found" folder only without actually moving the
3243: * the resource. To do this, the <code>returnNameOnly</code> flag
3244: * must be set to <code>true</code>.<p>
3245: *
3246: * In general, it is the same name as the given resource has, the only exception is
3247: * if a resource in the "lost and found" folder with the same name already exists.
3248: * In such case, a counter is added to the resource name.<p>
3249: *
3250: * @param context the current request context
3251: * @param resource the resource to apply this operation to
3252: * @param returnNameOnly if <code>true</code>, only the name of the resource in the "lost and found"
3253: * folder is returned, the move operation is not really performed
3254: *
3255: * @return the name of the resource inside the "lost and found" folder
3256: *
3257: * @throws CmsException if something goes wrong
3258: *
3259: * @see CmsObject#moveToLostAndFound(String)
3260: * @see CmsObject#getLostAndFoundName(String)
3261: */
3262: public String moveToLostAndFound(CmsRequestContext context,
3263: CmsResource resource, boolean returnNameOnly)
3264: throws CmsException {
3265:
3266: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3267: String result = null;
3268: try {
3269: checkOfflineProject(dbc);
3270: checkPermissions(dbc, resource,
3271: CmsPermissionSet.ACCESS_READ, true,
3272: CmsResourceFilter.ALL);
3273: if (!returnNameOnly) {
3274: checkPermissions(dbc, resource,
3275: CmsPermissionSet.ACCESS_WRITE, true,
3276: CmsResourceFilter.ALL);
3277: }
3278: result = m_driverManager.moveToLostAndFound(dbc, resource,
3279: returnNameOnly);
3280: } catch (Exception e) {
3281: dbc.report(null, Messages.get().container(
3282: Messages.ERR_MOVE_TO_LOST_AND_FOUND_1,
3283: dbc.removeSiteRoot(resource.getRootPath())), e);
3284: } finally {
3285: dbc.clear();
3286: }
3287: return result;
3288: }
3289:
3290: /**
3291: * Publishes the resources of a specified publish list.<p>
3292: *
3293: * @param cms the current request context
3294: * @param publishList a publish list
3295: * @param report an instance of <code>{@link I_CmsReport}</code> to print messages
3296: *
3297: * @return the publish history id of the published project
3298: *
3299: * @throws CmsException if something goes wrong
3300: *
3301: * @see #fillPublishList(CmsRequestContext, CmsPublishList)
3302: */
3303: public CmsUUID publishProject(CmsObject cms,
3304: CmsPublishList publishList, I_CmsReport report)
3305: throws CmsException {
3306:
3307: CmsRequestContext context = cms.getRequestContext();
3308: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3309: try {
3310: // check if the current user has the required publish permissions
3311: checkPublishPermissions(dbc, publishList);
3312: m_driverManager.publishProject(cms, dbc, publishList,
3313: report);
3314: } finally {
3315: dbc.clear();
3316: }
3317: return publishList.getPublishHistoryId();
3318: }
3319:
3320: /**
3321: * Reads all historical versions of a resource.<p>
3322: *
3323: * The reading excludes the file content, if the resource is a file.<p>
3324: *
3325: * @param context the current request context
3326: * @param resource the resource to be read
3327: *
3328: * @return a list of historical versions, as <code>{@link I_CmsHistoryResource}</code> objects
3329: *
3330: * @throws CmsException if something goes wrong
3331: */
3332: public List readAllAvailableVersions(CmsRequestContext context,
3333: CmsResource resource) throws CmsException {
3334:
3335: List result = null;
3336: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3337: try {
3338: result = m_driverManager.readAllAvailableVersions(dbc,
3339: resource);
3340: } catch (Exception e) {
3341: dbc.report(null, Messages.get().container(
3342: Messages.ERR_READ_ALL_HISTORY_FILE_HEADERS_1,
3343: context.getSitePath(resource)), e);
3344: } finally {
3345: dbc.clear();
3346: }
3347: return result;
3348: }
3349:
3350: /**
3351: * Reads all property definitions for the given mapping type.<p>
3352: *
3353: * @param context the current request context
3354: *
3355: * @return a list with the <code>{@link CmsPropertyDefinition}</code> objects (may be empty)
3356: *
3357: * @throws CmsException if something goes wrong
3358: */
3359: public List readAllPropertyDefinitions(CmsRequestContext context)
3360: throws CmsException {
3361:
3362: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3363: List result = null;
3364: try {
3365: result = m_driverManager.readAllPropertyDefinitions(dbc);
3366: } catch (Exception e) {
3367: dbc.report(null, Messages.get().container(
3368: Messages.ERR_READ_ALL_PROPDEF_0), e);
3369: } finally {
3370: dbc.clear();
3371: }
3372: return result;
3373: }
3374:
3375: /**
3376: * Returns the first ancestor folder matching the filter criteria.<p>
3377: *
3378: * If no folder matching the filter criteria is found, null is returned.<p>
3379: *
3380: * @param context the context of the current request
3381: * @param resource the resource to start
3382: * @param filter the resource filter to match while reading the ancestors
3383: *
3384: * @return the first ancestor folder matching the filter criteria or <code>null</code> if no folder was found
3385: *
3386: * @throws CmsException if something goes wrong
3387: */
3388: public CmsFolder readAncestor(CmsRequestContext context,
3389: CmsResource resource, CmsResourceFilter filter)
3390: throws CmsException {
3391:
3392: // get the full folder path of the resource to start from
3393: String path = CmsResource.getFolderPath(resource.getRootPath());
3394: do {
3395: // check if the current folder matches the given filter
3396: if (existsResource(context, path, filter)) {
3397: // folder matches, return it
3398: return readFolder(context, path, filter);
3399: } else {
3400: // folder does not match filter criteria, go up one folder
3401: path = CmsResource.getParentFolder(path);
3402: }
3403:
3404: if (CmsStringUtil.isEmpty(path)
3405: || !path.startsWith(context.getSiteRoot())) {
3406: // site root or root folder reached and no matching folder found
3407: return null;
3408: }
3409: } while (true);
3410: }
3411:
3412: /**
3413: * Returns the child resources of a resource, that is the resources
3414: * contained in a folder.<p>
3415: *
3416: * With the parameters <code>getFolders</code> and <code>getFiles</code>
3417: * you can control what type of resources you want in the result list:
3418: * files, folders, or both.<p>
3419: *
3420: * This method is mainly used by the workplace explorer.<p>
3421: *
3422: * @param context the current request context
3423: * @param resource the resource to return the child resources for
3424: * @param filter the resource filter to use
3425: * @param getFolders if true the child folders are included in the result
3426: * @param getFiles if true the child files are included in the result
3427: *
3428: * @return a list of all child resources
3429: *
3430: * @throws CmsException if something goes wrong
3431: * @throws CmsSecurityException if the user has insufficient permission for the given resource (read is required)
3432: *
3433: */
3434: public List readChildResources(CmsRequestContext context,
3435: CmsResource resource, CmsResourceFilter filter,
3436: boolean getFolders, boolean getFiles) throws CmsException,
3437: CmsSecurityException {
3438:
3439: List result = null;
3440: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3441: try {
3442: // check the access permissions
3443: checkPermissions(dbc, resource,
3444: CmsPermissionSet.ACCESS_READ, true,
3445: CmsResourceFilter.ALL);
3446: result = m_driverManager.readChildResources(dbc, resource,
3447: filter, getFolders, getFiles, true);
3448: } catch (Exception e) {
3449: dbc.report(null, Messages.get().container(
3450: Messages.ERR_READ_CHILD_RESOURCES_1,
3451: context.getSitePath(resource)), e);
3452: } finally {
3453: dbc.clear();
3454: }
3455: return result;
3456: }
3457:
3458: /**
3459: * Returns the default file for the given folder.<p>
3460: *
3461: * If the given resource is a file, then this file is returned.<p>
3462: *
3463: * Otherwise, in case of a folder:<br>
3464: * <ol>
3465: * <li>the {@link CmsPropertyDefinition#PROPERTY_DEFAULT_FILE} is checked, and
3466: * <li>if still no file could be found, the configured default files in the
3467: * <code>opencms-vfs.xml</code> configuration are iterated until a match is
3468: * found, and
3469: * <li>if still no file could be found, <code>null</code> is returned
3470: * </ol><p>
3471: *
3472: * @param context the request context
3473: * @param resource the folder to get the default file for
3474: *
3475: * @return the default file for the given folder
3476: *
3477: * @throws CmsSecurityException if the user has no permissions to read the resulting file
3478: *
3479: * @see CmsObject#readDefaultFile(String)
3480: * @see CmsDriverManager#readDefaultFile(CmsDbContext, CmsResource)
3481: */
3482: public CmsResource readDefaultFile(CmsRequestContext context,
3483: CmsResource resource) throws CmsSecurityException {
3484:
3485: CmsResource result = null;
3486: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3487: try {
3488: result = m_driverManager.readDefaultFile(dbc, resource);
3489: if (result != null) {
3490: // check if the user has read access to the resource
3491: checkPermissions(dbc, result,
3492: CmsPermissionSet.ACCESS_READ, true,
3493: CmsResourceFilter.DEFAULT);
3494: }
3495: } catch (CmsSecurityException se) {
3496: // permissions deny access to the resource
3497: throw se;
3498: } catch (CmsException e) {
3499: // ignore all other exceptions
3500: } finally {
3501: dbc.clear();
3502: }
3503: return result;
3504: }
3505:
3506: /**
3507: * Reads all deleted (historical) resources below the given path,
3508: * including the full tree below the path, if required.<p>
3509: *
3510: * @param context the current request context
3511: * @param resource the parent resource to read the resources from
3512: * @param readTree <code>true</code> to read all subresources
3513: *
3514: * @return a list of <code>{@link I_CmsHistoryResource}</code> objects
3515: *
3516: * @throws CmsException if something goes wrong
3517: *
3518: * @see CmsObject#readResource(CmsUUID, int)
3519: * @see CmsObject#readResources(String, CmsResourceFilter, boolean)
3520: * @see CmsObject#readDeletedResources(String, boolean)
3521: */
3522: public List readDeletedResources(CmsRequestContext context,
3523: CmsResource resource, boolean readTree) throws CmsException {
3524:
3525: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3526: List result = null;
3527: try {
3528: boolean isVfsManager = hasRoleForResource(dbc, dbc
3529: .currentUser(), CmsRole.VFS_MANAGER, resource);
3530: result = m_driverManager.readDeletedResources(dbc,
3531: resource, readTree, isVfsManager);
3532: } catch (CmsException e) {
3533: dbc.report(null, Messages.get().container(
3534: Messages.ERR_READING_DELETED_RESOURCES_1,
3535: dbc.removeSiteRoot(resource.getRootPath())), e);
3536: } finally {
3537: dbc.clear();
3538: }
3539: return result;
3540: }
3541:
3542: /**
3543: * Reads a file resource (including it's binary content) from the VFS.<p>
3544: *
3545: * In case you do not need the file content,
3546: * use <code>{@link #readResource(CmsRequestContext, String, CmsResourceFilter)}</code> instead.<p>
3547: *
3548: * @param context the current request context
3549: * @param resource the resource to be read
3550: *
3551: * @return the file read from the VFS
3552: *
3553: * @throws CmsException if something goes wrong
3554: */
3555: public CmsFile readFile(CmsRequestContext context,
3556: CmsResource resource) throws CmsException {
3557:
3558: CmsFile result = null;
3559: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3560: try {
3561: result = m_driverManager.readFile(dbc, resource);
3562: } catch (Exception e) {
3563: if (resource instanceof I_CmsHistoryResource) {
3564: dbc.report(null, Messages.get().container(
3565: Messages.ERR_READ_FILE_HISTORY_2,
3566: context.getSitePath(resource),
3567: new Integer(resource.getVersion())), e);
3568: } else {
3569: dbc.report(null, Messages.get().container(
3570: Messages.ERR_READ_FILE_1,
3571: context.getSitePath(resource)), e);
3572: }
3573: } finally {
3574: dbc.clear();
3575: }
3576: return result;
3577: }
3578:
3579: /**
3580: * Reads a folder resource from the VFS,
3581: * using the specified resource filter.<p>
3582: *
3583: * The specified filter controls what kind of resources should be "found"
3584: * during the read operation. This will depend on the application. For example,
3585: * using <code>{@link CmsResourceFilter#DEFAULT}</code> will only return currently
3586: * "valid" resources, while using <code>{@link CmsResourceFilter#IGNORE_EXPIRATION}</code>
3587: * will ignore the date release / date expired information of the resource.<p>
3588: *
3589: * @param context the current request context
3590: * @param resourcename the name of the folder to read (full path)
3591: * @param filter the resource filter to use while reading
3592: *
3593: * @return the folder that was read
3594: *
3595: * @throws CmsException if something goes wrong
3596: */
3597: public CmsFolder readFolder(CmsRequestContext context,
3598: String resourcename, CmsResourceFilter filter)
3599: throws CmsException {
3600:
3601: CmsFolder result = null;
3602: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3603: try {
3604: result = readFolder(dbc, resourcename, filter);
3605: } catch (Exception e) {
3606: dbc.report(null, Messages.get().container(
3607: Messages.ERR_READ_FOLDER_2, resourcename, filter),
3608: e);
3609: } finally {
3610: dbc.clear();
3611: }
3612: return result;
3613: }
3614:
3615: /**
3616: * Reads the group of a project.<p>
3617: *
3618: * @param context the current request context
3619: * @param project the project to read from
3620: *
3621: * @return the group of a resource
3622: */
3623: public CmsGroup readGroup(CmsRequestContext context,
3624: CmsProject project) {
3625:
3626: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3627: CmsGroup result = null;
3628: try {
3629: result = m_driverManager.readGroup(dbc, project);
3630: } finally {
3631: dbc.clear();
3632: }
3633: return result;
3634: }
3635:
3636: /**
3637: * Reads a group based on its id.<p>
3638: *
3639: * @param context the current request context
3640: * @param groupId the id of the group that is to be read
3641: *
3642: * @return the requested group
3643: *
3644: * @throws CmsException if operation was not successful
3645: */
3646: public CmsGroup readGroup(CmsRequestContext context, CmsUUID groupId)
3647: throws CmsException {
3648:
3649: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3650: CmsGroup result = null;
3651: try {
3652: result = m_driverManager.readGroup(dbc, groupId);
3653: } catch (Exception e) {
3654: dbc.report(null, Messages.get().container(
3655: Messages.ERR_READ_GROUP_FOR_ID_1,
3656: groupId.toString()), e);
3657: } finally {
3658: dbc.clear();
3659: }
3660: return result;
3661: }
3662:
3663: /**
3664: * Reads a group based on its name.<p>
3665: *
3666: * @param context the current request context
3667: * @param groupname the name of the group that is to be read
3668: *
3669: * @return the requested group
3670: *
3671: * @throws CmsException if operation was not successful
3672: */
3673: public CmsGroup readGroup(CmsRequestContext context,
3674: String groupname) throws CmsException {
3675:
3676: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3677: CmsGroup result = null;
3678: try {
3679: result = m_driverManager.readGroup(dbc,
3680: CmsOrganizationalUnit
3681: .removeLeadingSeparator(groupname));
3682: } catch (Exception e) {
3683: dbc.report(null, Messages.get().container(
3684: Messages.ERR_READ_GROUP_FOR_NAME_1, groupname), e);
3685: } finally {
3686: dbc.clear();
3687: }
3688: return result;
3689: }
3690:
3691: /**
3692: * Reads a principal (an user or group) from the historical archive based on its ID.<p>
3693: *
3694: * @param context the current request context
3695: * @param principalId the id of the principal to read
3696: *
3697: * @return the historical principal entry with the given id
3698: *
3699: * @throws CmsException if something goes wrong, ie. {@link CmsDbEntryNotFoundException}
3700: *
3701: * @see CmsObject#readUser(CmsUUID)
3702: * @see CmsObject#readGroup(CmsUUID)
3703: * @see CmsObject#readHistoryPrincipal(CmsUUID)
3704: */
3705: public CmsHistoryPrincipal readHistoricalPrincipal(
3706: CmsRequestContext context, CmsUUID principalId)
3707: throws CmsException {
3708:
3709: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3710: CmsHistoryPrincipal result = null;
3711: try {
3712: result = m_driverManager.readHistoricalPrincipal(dbc,
3713: principalId);
3714: } catch (Exception e) {
3715: dbc.report(null,
3716: Messages.get().container(
3717: Messages.ERR_READ_HISTORY_PRINCIPAL_1,
3718: principalId), e);
3719: } finally {
3720: dbc.clear();
3721: }
3722: return result;
3723: }
3724:
3725: /**
3726: * Returns a historical project entry.<p>
3727: *
3728: * @param context the current request context
3729: * @param publishTag the publish tag of the project
3730: *
3731: * @return the requested historical project entry
3732: *
3733: * @throws CmsException if something goes wrong
3734: */
3735: public CmsHistoryProject readHistoryProject(
3736: CmsRequestContext context, int publishTag)
3737: throws CmsException {
3738:
3739: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3740: CmsHistoryProject result = null;
3741: try {
3742: result = m_driverManager
3743: .readHistoryProject(dbc, publishTag);
3744: } catch (Exception e) {
3745: dbc.report(null, Messages.get().container(
3746: Messages.ERR_READ_HISTORY_PROJECT_2,
3747: new Integer(publishTag),
3748: dbc.currentProject().getName()), e);
3749: } finally {
3750: dbc.clear();
3751: }
3752: return result;
3753: }
3754:
3755: /**
3756: * Reads the list of all <code>{@link CmsProperty}</code> objects that belong to the given historical resource.<p>
3757: *
3758: * @param context the current request context
3759: * @param resource the historical resource entry to read the properties for
3760: *
3761: * @return the list of <code>{@link CmsProperty}</code> objects
3762: *
3763: * @throws CmsException if something goes wrong
3764: */
3765: public List readHistoryPropertyObjects(CmsRequestContext context,
3766: I_CmsHistoryResource resource) throws CmsException {
3767:
3768: List result = null;
3769: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3770: try {
3771: result = m_driverManager.readHistoryPropertyObjects(dbc,
3772: resource);
3773: } catch (Exception e) {
3774: dbc.report(null, Messages.get().container(
3775: Messages.ERR_READ_PROPS_FOR_RESOURCE_1,
3776: context.getSitePath((CmsResource) resource)), e);
3777: } finally {
3778: dbc.clear();
3779: }
3780: return result;
3781: }
3782:
3783: /**
3784: * Reads the locks that were saved to the database in the previous run of OpenCms.<p>
3785: *
3786: * @throws CmsException if something goes wrong
3787: */
3788: public void readLocks() throws CmsException {
3789:
3790: CmsDbContext dbc = m_dbContextFactory.getDbContext();
3791: try {
3792: m_driverManager.readLocks(dbc);
3793: } finally {
3794: dbc.clear();
3795: }
3796: }
3797:
3798: /**
3799: * Reads the manager group of a project.<p>
3800: *
3801: * @param context the current request context
3802: * @param project the project to read from
3803: *
3804: * @return the group of a resource
3805: */
3806: public CmsGroup readManagerGroup(CmsRequestContext context,
3807: CmsProject project) {
3808:
3809: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3810: CmsGroup result = null;
3811: try {
3812: result = m_driverManager.readManagerGroup(dbc, project);
3813: } finally {
3814: dbc.clear();
3815: }
3816: return result;
3817: }
3818:
3819: /**
3820: * Reads an organizational Unit based on its fully qualified name.<p>
3821: *
3822: * @param context the current request context
3823: * @param ouFqn the fully qualified name of the organizational Unit to be read
3824: *
3825: * @return the organizational Unit that with the provided fully qualified name
3826: *
3827: * @throws CmsException if something goes wrong
3828: */
3829: public CmsOrganizationalUnit readOrganizationalUnit(
3830: CmsRequestContext context, String ouFqn)
3831: throws CmsException {
3832:
3833: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3834: CmsOrganizationalUnit result = null;
3835: try {
3836: result = m_driverManager
3837: .readOrganizationalUnit(dbc, CmsOrganizationalUnit
3838: .removeLeadingSeparator(ouFqn));
3839: } catch (Exception e) {
3840: dbc.report(null, Messages.get().container(
3841: Messages.ERR_READ_ORGUNIT_1, ouFqn), e);
3842: } finally {
3843: dbc.clear();
3844: }
3845: return result;
3846: }
3847:
3848: /**
3849: * Reads the owner of a project from the OpenCms.<p>
3850: *
3851: * @param context the current request context
3852: * @param project the project to get the owner from
3853: *
3854: * @return the owner of a resource
3855: *
3856: * @throws CmsException if something goes wrong
3857: */
3858: public CmsUser readOwner(CmsRequestContext context,
3859: CmsProject project) throws CmsException {
3860:
3861: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3862: CmsUser result = null;
3863: try {
3864: result = m_driverManager.readOwner(dbc, project);
3865: } catch (Exception e) {
3866: dbc.report(null, Messages.get().container(
3867: Messages.ERR_READ_OWNER_FOR_PROJECT_2,
3868: project.getName(), project.getUuid()), e);
3869: } finally {
3870: dbc.clear();
3871: }
3872: return result;
3873: }
3874:
3875: /**
3876: * Builds a list of resources for a given path.<p>
3877: *
3878: * @param context the current request context
3879: * @param projectId the project to lookup the resource
3880: * @param path the requested path
3881: * @param filter a filter object (only "includeDeleted" information is used!)
3882: *
3883: * @return list of <code>{@link CmsResource}</code>s
3884: *
3885: * @throws CmsException if something goes wrong
3886: */
3887: public List readPath(CmsRequestContext context, CmsUUID projectId,
3888: String path, CmsResourceFilter filter) throws CmsException {
3889:
3890: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3891: List result = null;
3892: try {
3893: result = m_driverManager.readPath(dbc, projectId, path,
3894: filter);
3895: } catch (Exception e) {
3896: dbc.report(null, Messages.get().container(
3897: Messages.ERR_READ_PATH_2, projectId, path), e);
3898: } finally {
3899: dbc.clear();
3900: }
3901: return result;
3902: }
3903:
3904: /**
3905: * Reads a project given the projects id.<p>
3906: *
3907: * @param id the id of the project
3908: *
3909: * @return the project read
3910: *
3911: * @throws CmsException if something goes wrong
3912: */
3913: public CmsProject readProject(CmsUUID id) throws CmsException {
3914:
3915: CmsDbContext dbc = m_dbContextFactory.getDbContext();
3916: CmsProject result = null;
3917: try {
3918: result = m_driverManager.readProject(dbc, id);
3919: } catch (Exception e) {
3920: dbc.report(null, Messages.get().container(
3921: Messages.ERR_READ_PROJECT_FOR_ID_1, id), e);
3922: } finally {
3923: dbc.clear();
3924: }
3925: return result;
3926: }
3927:
3928: /**
3929: * Reads a project.<p>
3930: *
3931: * Important: Since a project name can be used multiple times, this is NOT the most efficient
3932: * way to read the project. This is only a convenience for front end developing.
3933: * Reading a project by name will return the first project with that name.
3934: * All core classes must use the id version {@link #readProject(CmsUUID)} to ensure the right project is read.<p>
3935: *
3936: * @param name the name of the project
3937: *
3938: * @return the project read
3939: *
3940: * @throws CmsException if something goes wrong
3941: */
3942: public CmsProject readProject(String name) throws CmsException {
3943:
3944: CmsDbContext dbc = m_dbContextFactory.getDbContext();
3945: CmsProject result = null;
3946: try {
3947: result = m_driverManager.readProject(dbc,
3948: CmsOrganizationalUnit.removeLeadingSeparator(name));
3949: } catch (Exception e) {
3950: dbc.report(null, Messages.get().container(
3951: Messages.ERR_READ_PROJECT_FOR_NAME_1, name), e);
3952: } finally {
3953: dbc.clear();
3954: }
3955: return result;
3956: }
3957:
3958: /**
3959: * Returns the list of all resource names that define the "view" of the given project.<p>
3960: *
3961: * @param context the current request context
3962: * @param project the project to get the project resources for
3963: *
3964: * @return the list of all resources, as <code>{@link String}</code> objects
3965: * that define the "view" of the given project
3966: *
3967: * @throws CmsException if something goes wrong
3968: */
3969: public List readProjectResources(CmsRequestContext context,
3970: CmsProject project) throws CmsException {
3971:
3972: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
3973: List result = null;
3974: try {
3975: result = m_driverManager.readProjectResources(dbc, project);
3976: } catch (Exception e) {
3977: dbc.report(null, Messages.get().container(
3978: Messages.ERR_READ_PROJECT_RESOURCES_2,
3979: project.getName(), project.getUuid()), e);
3980: } finally {
3981: dbc.clear();
3982: }
3983: return result;
3984: }
3985:
3986: /**
3987: * Reads all resources of a project that match a given state from the VFS.<p>
3988: *
3989: * Possible values for the <code>state</code> parameter are:<br>
3990: * <ul>
3991: * <li><code>{@link CmsResource#STATE_CHANGED}</code>: Read all "changed" resources in the project</li>
3992: * <li><code>{@link CmsResource#STATE_NEW}</code>: Read all "new" resources in the project</li>
3993: * <li><code>{@link CmsResource#STATE_DELETED}</code>: Read all "deleted" resources in the project</li>
3994: * <li><code>{@link CmsResource#STATE_KEEP}</code>: Read all resources either "changed", "new" or "deleted" in the project</li>
3995: * </ul><p>
3996: *
3997: * @param context the current request context
3998: * @param projectId the id of the project to read the file resources for
3999: * @param state the resource state to match
4000: *
4001: * @return a list of <code>{@link CmsResource}</code> objects matching the filter criteria
4002: *
4003: * @throws CmsException if something goes wrong
4004: *
4005: * @see CmsObject#readProjectView(CmsUUID, CmsResourceState)
4006: */
4007: public List readProjectView(CmsRequestContext context,
4008: CmsUUID projectId, CmsResourceState state)
4009: throws CmsException {
4010:
4011: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4012: List result = null;
4013: try {
4014: result = m_driverManager.readProjectView(dbc, projectId,
4015: state);
4016: } catch (Exception e) {
4017: dbc.report(null, Messages.get().container(
4018: Messages.ERR_READ_PROJECT_VIEW_1, projectId), e);
4019: } finally {
4020: dbc.clear();
4021: }
4022: return result;
4023: }
4024:
4025: /**
4026: * Reads a property definition.<p>
4027: *
4028: * If no property definition with the given name is found,
4029: * <code>null</code> is returned.<p>
4030: *
4031: * @param context the current request context
4032: * @param name the name of the property definition to read
4033: *
4034: * @return the property definition that was read,
4035: * or <code>null</code> if there is no property definition with the given name
4036: *
4037: * @throws CmsException if something goes wrong
4038: */
4039: public CmsPropertyDefinition readPropertyDefinition(
4040: CmsRequestContext context, String name) throws CmsException {
4041:
4042: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4043: CmsPropertyDefinition result = null;
4044: try {
4045: result = m_driverManager.readPropertyDefinition(dbc, name);
4046: } catch (Exception e) {
4047: dbc.report(null, Messages.get().container(
4048: Messages.ERR_READ_PROPDEF_1, name), e);
4049: } finally {
4050: dbc.clear();
4051: }
4052: return result;
4053: }
4054:
4055: /**
4056: * Reads a property object from a resource specified by a property name.<p>
4057: *
4058: * Returns <code>{@link CmsProperty#getNullProperty()}</code> if the property is not found.<p>
4059: *
4060: * @param context the context of the current request
4061: * @param resource the resource where the property is mapped to
4062: * @param key the property key name
4063: * @param search if <code>true</code>, the property is searched on all parent folders of the resource.
4064: * if it's not found attached directly to the resource.
4065: *
4066: * @return the required property, or <code>{@link CmsProperty#getNullProperty()}</code> if the property was not found
4067: *
4068: * @throws CmsException if something goes wrong
4069: */
4070: public CmsProperty readPropertyObject(CmsRequestContext context,
4071: CmsResource resource, String key, boolean search)
4072: throws CmsException {
4073:
4074: CmsProperty result = null;
4075: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4076: try {
4077: result = m_driverManager.readPropertyObject(dbc, resource,
4078: key, search);
4079: } catch (Exception e) {
4080: dbc.report(null, Messages.get().container(
4081: Messages.ERR_READ_PROP_FOR_RESOURCE_2, key,
4082: context.getSitePath(resource)), e);
4083: } finally {
4084: dbc.clear();
4085: }
4086: return result;
4087: }
4088:
4089: /**
4090: * Reads all property objects from a resource.<p>
4091: *
4092: * Returns an empty list if no properties are found.<p>
4093: *
4094: * If the <code>search</code> parameter is <code>true</code>, the properties of all
4095: * parent folders of the resource are also read. The results are merged with the
4096: * properties directly attached to the resource. While merging, a property
4097: * on a parent folder that has already been found will be ignored.
4098: * So e.g. if a resource has a property "Title" attached, and it's parent folder
4099: * has the same property attached but with a different value, the result list will
4100: * contain only the property with the value from the resource, not form the parent folder(s).<p>
4101: *
4102: * @param context the context of the current request
4103: * @param resource the resource where the property is mapped to
4104: * @param search <code>true</code>, if the properties should be searched on all parent folders if not found on the resource
4105: *
4106: * @return a list of <code>{@link CmsProperty}</code> objects
4107: *
4108: * @throws CmsException if something goes wrong
4109: */
4110: public List readPropertyObjects(CmsRequestContext context,
4111: CmsResource resource, boolean search) throws CmsException {
4112:
4113: List result = null;
4114: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4115: try {
4116: result = m_driverManager.readPropertyObjects(dbc, resource,
4117: search);
4118: } catch (Exception e) {
4119: dbc.report(null, Messages.get().container(
4120: Messages.ERR_READ_PROPS_FOR_RESOURCE_1,
4121: context.getSitePath(resource)), e);
4122: } finally {
4123: dbc.clear();
4124: }
4125: return result;
4126: }
4127:
4128: /**
4129: * Reads the resources that were published in a publish task for a given publish history ID.<p>
4130: *
4131: * @param context the current request context
4132: * @param publishHistoryId unique ID to identify each publish task in the publish history
4133: *
4134: * @return a list of <code>{@link org.opencms.db.CmsPublishedResource}</code> objects
4135: *
4136: * @throws CmsException if something goes wrong
4137: */
4138: public List readPublishedResources(CmsRequestContext context,
4139: CmsUUID publishHistoryId) throws CmsException {
4140:
4141: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4142: List result = null;
4143: try {
4144: result = m_driverManager.readPublishedResources(dbc,
4145: publishHistoryId);
4146: } catch (Exception e) {
4147: dbc.report(null, Messages.get().container(
4148: Messages.ERR_READ_PUBLISHED_RESOURCES_FOR_ID_1,
4149: publishHistoryId.toString()), e);
4150: } finally {
4151: dbc.clear();
4152: }
4153: return result;
4154: }
4155:
4156: /**
4157: * Reads the historical resource entry for the given resource with the given version number.<p>
4158: *
4159: * @param context the current request context
4160: * @param resource the resource to be read the version for
4161: * @param version the version number to retrieve
4162: *
4163: * @return the resource that was read
4164: *
4165: * @throws CmsException if the resource could not be read for any reason
4166: *
4167: * @see CmsObject#readFile(CmsResource)
4168: * @see CmsObject#restoreResourceVersion(CmsUUID, int)
4169: * @see CmsObject#readResource(CmsUUID, int)
4170: */
4171: public I_CmsHistoryResource readResource(CmsRequestContext context,
4172: CmsResource resource, int version) throws CmsException {
4173:
4174: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4175: I_CmsHistoryResource result = null;
4176: try {
4177: result = m_driverManager.readResource(dbc, resource,
4178: version);
4179: } catch (CmsException e) {
4180: dbc.report(null, Messages.get().container(
4181: Messages.ERR_READING_RESOURCE_VERSION_2,
4182: dbc.removeSiteRoot(resource.getRootPath()),
4183: new Integer(version)), e);
4184: } finally {
4185: dbc.clear();
4186: }
4187: return result;
4188: }
4189:
4190: /**
4191: * Reads a resource from the VFS,
4192: * using the specified resource filter.<p>
4193: *
4194: * A resource may be of type <code>{@link CmsFile}</code> or
4195: * <code>{@link CmsFolder}</code>. In case of
4196: * a file, the resource will not contain the binary file content. Since reading
4197: * the binary content is a cost-expensive database operation, it's recommended
4198: * to work with resources if possible, and only read the file content when absolutely
4199: * required. To "upgrade" a resource to a file,
4200: * use <code>{@link CmsObject#readFile(CmsResource)}</code>.<p>
4201: *
4202: * The specified filter controls what kind of resources should be "found"
4203: * during the read operation. This will depend on the application. For example,
4204: * using <code>{@link CmsResourceFilter#DEFAULT}</code> will only return currently
4205: * "valid" resources, while using <code>{@link CmsResourceFilter#IGNORE_EXPIRATION}</code>
4206: * will ignore the date release / date expired information of the resource.<p>
4207: *
4208: * @param context the current request context
4209: * @param structureID the ID of the structure which will be used)
4210: * @param filter the resource filter to use while reading
4211: *
4212: * @return the resource that was read
4213: *
4214: * @throws CmsException if the resource could not be read for any reason
4215: *
4216: * @see CmsObject#readResource(CmsUUID, CmsResourceFilter)
4217: * @see CmsObject#readResource(CmsUUID)
4218: * @see CmsObject#readFile(CmsResource)
4219: */
4220: public CmsResource readResource(CmsRequestContext context,
4221: CmsUUID structureID, CmsResourceFilter filter)
4222: throws CmsException {
4223:
4224: CmsResource result = null;
4225: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4226: try {
4227: result = readResource(dbc, structureID, filter);
4228: } catch (Exception e) {
4229: dbc.report(null, Messages.get().container(
4230: Messages.ERR_READ_RESOURCE_FOR_ID_1, structureID),
4231: e);
4232: } finally {
4233: dbc.clear();
4234: }
4235: return result;
4236: }
4237:
4238: /**
4239: * Reads a resource from the VFS,
4240: * using the specified resource filter.<p>
4241: *
4242: * A resource may be of type <code>{@link CmsFile}</code> or
4243: * <code>{@link CmsFolder}</code>. In case of
4244: * a file, the resource will not contain the binary file content. Since reading
4245: * the binary content is a cost-expensive database operation, it's recommended
4246: * to work with resources if possible, and only read the file content when absolutely
4247: * required. To "upgrade" a resource to a file,
4248: * use <code>{@link CmsObject#readFile(CmsResource)}</code>.<p>
4249: *
4250: * The specified filter controls what kind of resources should be "found"
4251: * during the read operation. This will depend on the application. For example,
4252: * using <code>{@link CmsResourceFilter#DEFAULT}</code> will only return currently
4253: * "valid" resources, while using <code>{@link CmsResourceFilter#IGNORE_EXPIRATION}</code>
4254: * will ignore the date release / date expired information of the resource.<p>
4255: *
4256: * @param context the current request context
4257: * @param resourcePath the name of the resource to read (full path)
4258: * @param filter the resource filter to use while reading
4259: *
4260: * @return the resource that was read
4261: *
4262: * @throws CmsException if the resource could not be read for any reason
4263: *
4264: * @see CmsObject#readResource(String, CmsResourceFilter)
4265: * @see CmsObject#readResource(String)
4266: * @see CmsObject#readFile(CmsResource)
4267: */
4268: public CmsResource readResource(CmsRequestContext context,
4269: String resourcePath, CmsResourceFilter filter)
4270: throws CmsException {
4271:
4272: CmsResource result = null;
4273: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4274: try {
4275: result = readResource(dbc, resourcePath, filter);
4276: } catch (Exception e) {
4277: dbc.report(null, Messages.get().container(
4278: Messages.ERR_READ_RESOURCE_1,
4279: dbc.removeSiteRoot(resourcePath)), e);
4280: } finally {
4281: dbc.clear();
4282: }
4283: return result;
4284: }
4285:
4286: /**
4287: * Reads an historical resource in the current project with the given publish tag from the historical archive.<p>
4288: *
4289: * @param context the current request context
4290: * @param resource the resource to read from the archive
4291: * @param publishTag the publish tag of the resource
4292: *
4293: * @return the resource in the current project with the given publish tag from the historical archive, or
4294: * {@link CmsVfsResourceNotFoundException} if not found
4295: *
4296: * @throws CmsException if something goes wrong
4297: *
4298: * @see CmsObject#readResource(CmsUUID, int)
4299: * @see CmsObject#readResourceByPublishTag(CmsUUID, int)
4300: *
4301: * @deprecated use {@link #readResource(CmsRequestContext, CmsResource, int)} instead
4302: * but notice that the <code>publishTag != version</code>
4303: */
4304: public I_CmsHistoryResource readResourceForPublishTag(
4305: CmsRequestContext context, CmsResource resource,
4306: int publishTag) throws CmsException {
4307:
4308: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4309: I_CmsHistoryResource result = null;
4310: try {
4311: checkPermissions(dbc, resource,
4312: CmsPermissionSet.ACCESS_READ, false,
4313: CmsResourceFilter.ALL);
4314: result = m_driverManager.readResourceForPublishTag(dbc,
4315: resource, publishTag);
4316: } catch (CmsException e) {
4317: dbc.report(null, Messages.get().container(
4318: Messages.ERR_READ_HISTORY_FILE_2,
4319: context.getSitePath(resource),
4320: new Integer(publishTag)), e);
4321: } finally {
4322: dbc.clear();
4323: }
4324: return result;
4325: }
4326:
4327: /**
4328: * Reads all resources below the given path matching the filter criteria,
4329: * including the full tree below the path only in case the <code>readTree</code>
4330: * parameter is <code>true</code>.<p>
4331: *
4332: * @param context the current request context
4333: * @param parent the parent path to read the resources from
4334: * @param filter the filter
4335: * @param readTree <code>true</code> to read all subresources
4336: *
4337: * @return a list of <code>{@link CmsResource}</code> objects matching the filter criteria
4338: *
4339: * @throws CmsSecurityException if the user has insufficient permission for the given resource (read is required)
4340: * @throws CmsException if something goes wrong
4341: *
4342: */
4343: public List readResources(CmsRequestContext context,
4344: CmsResource parent, CmsResourceFilter filter,
4345: boolean readTree) throws CmsException, CmsSecurityException {
4346:
4347: List result = null;
4348: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4349: try {
4350: // check the access permissions
4351: checkPermissions(dbc, parent, CmsPermissionSet.ACCESS_READ,
4352: true, CmsResourceFilter.ALL);
4353: result = m_driverManager.readResources(dbc, parent, filter,
4354: readTree);
4355: } catch (Exception e) {
4356: dbc.report(null, Messages.get().container(
4357: Messages.ERR_READ_RESOURCES_1,
4358: context.removeSiteRoot(parent.getRootPath())), e);
4359: } finally {
4360: dbc.clear();
4361: }
4362: return result;
4363: }
4364:
4365: /**
4366: * Reads all resources that have a value (containing the specified value) set
4367: * for the specified property (definition) in the given path.<p>
4368: *
4369: * If the <code>value</code> parameter is <code>null</code>, all resources having the
4370: * given property set are returned.<p>
4371: *
4372: * Both individual and shared properties of a resource are checked.<p>
4373: *
4374: * @param context the current request context
4375: * @param folder the folder to get the resources with the property from
4376: * @param propertyDefinition the name of the property (definition) to check for
4377: * @param value the string to search in the value of the property
4378: * @param filter the resource filter to apply to the result set
4379: *
4380: * @return a list of all <code>{@link CmsResource}</code> objects
4381: * that have a value set for the specified property.
4382: *
4383: * @throws CmsException if something goes wrong
4384: */
4385: public List readResourcesWithProperty(CmsRequestContext context,
4386: CmsResource folder, String propertyDefinition,
4387: String value, CmsResourceFilter filter) throws CmsException {
4388:
4389: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4390: List result = null;
4391: try {
4392: result = m_driverManager.readResourcesWithProperty(dbc,
4393: folder, propertyDefinition, value, filter);
4394: } catch (Exception e) {
4395: dbc.report(null, Messages.get().container(
4396: Messages.ERR_READ_RESOURCES_FOR_PROP_VALUE_3,
4397: context.removeSiteRoot(folder.getRootPath()),
4398: propertyDefinition, value), e);
4399: } finally {
4400: dbc.clear();
4401: }
4402: return result;
4403: }
4404:
4405: /**
4406: * Returns a set of users that are responsible for a specific resource.<p>
4407: *
4408: * @param context the current request context
4409: * @param resource the resource to get the responsible users from
4410: *
4411: * @return the set of users that are responsible for a specific resource
4412: *
4413: * @throws CmsException if something goes wrong
4414: */
4415: public Set readResponsiblePrincipals(CmsRequestContext context,
4416: CmsResource resource) throws CmsException {
4417:
4418: Set result = null;
4419: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4420: try {
4421: result = m_driverManager.readResponsiblePrincipals(dbc,
4422: resource);
4423: } catch (Exception e) {
4424: dbc.report(null, Messages.get().container(
4425: Messages.ERR_READ_RESPONSIBLE_USERS_1,
4426: resource.getRootPath()), e);
4427: } finally {
4428: dbc.clear();
4429: }
4430: return result;
4431: }
4432:
4433: /**
4434: * Returns a set of users that are responsible for a specific resource.<p>
4435: *
4436: * @param context the current request context
4437: * @param resource the resource to get the responsible users from
4438: *
4439: * @return the set of users that are responsible for a specific resource
4440: *
4441: * @throws CmsException if something goes wrong
4442: */
4443: public Set readResponsibleUsers(CmsRequestContext context,
4444: CmsResource resource) throws CmsException {
4445:
4446: Set result = null;
4447: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4448: try {
4449: result = m_driverManager
4450: .readResponsibleUsers(dbc, resource);
4451: } catch (Exception e) {
4452: dbc.report(null, Messages.get().container(
4453: Messages.ERR_READ_RESPONSIBLE_USERS_1,
4454: resource.getRootPath()), e);
4455: } finally {
4456: dbc.clear();
4457: }
4458: return result;
4459: }
4460:
4461: /**
4462: * Returns a List of all siblings of the specified resource,
4463: * the specified resource being always part of the result set.<p>
4464: *
4465: * @param context the request context
4466: * @param resource the specified resource
4467: * @param filter a filter object
4468: *
4469: * @return a list of <code>{@link CmsResource}</code>s that
4470: * are siblings to the specified resource,
4471: * including the specified resource itself
4472: *
4473: * @throws CmsException if something goes wrong
4474: */
4475: public List readSiblings(CmsRequestContext context,
4476: CmsResource resource, CmsResourceFilter filter)
4477: throws CmsException {
4478:
4479: List result = null;
4480: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4481: try {
4482: result = m_driverManager
4483: .readSiblings(dbc, resource, filter);
4484: } catch (Exception e) {
4485: dbc.report(null, Messages.get().container(
4486: Messages.ERR_READ_SIBLINGS_1,
4487: context.getSitePath(resource)), e);
4488: } finally {
4489: dbc.clear();
4490: }
4491: return result;
4492: }
4493:
4494: /**
4495: * Returns the parameters of a resource in the table of all published template resources.<p>
4496: *
4497: * @param context the current request context
4498: * @param rfsName the rfs name of the resource
4499: *
4500: * @return the parameter string of the requested resource
4501: *
4502: * @throws CmsException if something goes wrong
4503: */
4504: public String readStaticExportPublishedResourceParameters(
4505: CmsRequestContext context, String rfsName)
4506: throws CmsException {
4507:
4508: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4509: String result = null;
4510: try {
4511: result = m_driverManager
4512: .readStaticExportPublishedResourceParameters(dbc,
4513: rfsName);
4514: } catch (Exception e) {
4515: dbc
4516: .report(
4517: null,
4518: Messages
4519: .get()
4520: .container(
4521: Messages.ERR_READ_STATEXP_PUBLISHED_RESOURCE_PARAMS_1,
4522: rfsName), e);
4523: } finally {
4524: dbc.clear();
4525: }
4526: return result;
4527: }
4528:
4529: /**
4530: * Returns a list of all template resources which must be processed during a static export.<p>
4531: *
4532: * @param context the current request context
4533: * @param parameterResources flag for reading resources with parameters (1) or without (0)
4534: * @param timestamp for reading the data from the db
4535: *
4536: * @return a list of template resources as <code>{@link String}</code> objects
4537: *
4538: * @throws CmsException if something goes wrong
4539: */
4540: public List readStaticExportResources(CmsRequestContext context,
4541: int parameterResources, long timestamp) throws CmsException {
4542:
4543: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4544: List result = null;
4545: try {
4546: result = m_driverManager.readStaticExportResources(dbc,
4547: parameterResources, timestamp);
4548: } catch (Exception e) {
4549: dbc.report(null, Messages.get().container(
4550: Messages.ERR_READ_STATEXP_RESOURCES_1,
4551: new Date(timestamp)), e);
4552: } finally {
4553: dbc.clear();
4554: }
4555: return result;
4556: }
4557:
4558: /**
4559: * Returns a user object based on the id of a user.<p>
4560: *
4561: * @param context the current request context
4562: * @param id the id of the user to read
4563: *
4564: * @return the user read
4565: *
4566: * @throws CmsException if something goes wrong
4567: */
4568: public CmsUser readUser(CmsRequestContext context, CmsUUID id)
4569: throws CmsException {
4570:
4571: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4572: CmsUser result = null;
4573: try {
4574: result = m_driverManager.readUser(dbc, id);
4575: } catch (Exception e) {
4576: dbc.report(null, Messages.get().container(
4577: Messages.ERR_READ_USER_FOR_ID_1, id.toString()), e);
4578: } finally {
4579: dbc.clear();
4580: }
4581: return result;
4582: }
4583:
4584: /**
4585: * Returns a user object.<p>
4586: *
4587: * @param context the current request context
4588: * @param username the name of the user that is to be read
4589: *
4590: * @return user read form the cms
4591: *
4592: * @throws CmsException if operation was not successful
4593: */
4594: public CmsUser readUser(CmsRequestContext context, String username)
4595: throws CmsException {
4596:
4597: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4598: CmsUser result = null;
4599: try {
4600: result = m_driverManager.readUser(dbc,
4601: CmsOrganizationalUnit
4602: .removeLeadingSeparator(username));
4603: } catch (Exception e) {
4604: dbc.report(null, Messages.get().container(
4605: Messages.ERR_READ_USER_FOR_NAME_1, username), e);
4606: } finally {
4607: dbc.clear();
4608: }
4609: return result;
4610: }
4611:
4612: /**
4613: * Returns a user object if the password for the user is correct.<p>
4614: *
4615: * If the user/password pair is not valid a <code>{@link CmsException}</code> is thrown.<p>
4616: *
4617: * @param context the current request context
4618: * @param username the user name of the user that is to be read
4619: * @param password the password of the user that is to be read
4620: *
4621: * @return user read
4622: *
4623: * @throws CmsException if operation was not successful
4624: */
4625: public CmsUser readUser(CmsRequestContext context, String username,
4626: String password) throws CmsException {
4627:
4628: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4629: CmsUser result = null;
4630: try {
4631: result = m_driverManager
4632: .readUser(dbc, CmsOrganizationalUnit
4633: .removeLeadingSeparator(username), password);
4634: } catch (Exception e) {
4635: dbc.report(null, Messages.get().container(
4636: Messages.ERR_READ_USER_FOR_NAME_1, username), e);
4637: } finally {
4638: dbc.clear();
4639: }
4640: return result;
4641: }
4642:
4643: /**
4644: * Removes an access control entry for a given resource and principal.<p>
4645: *
4646: * @param context the current request context
4647: * @param resource the resource
4648: * @param principal the id of the principal to remove the the access control entry for
4649: *
4650: * @throws CmsException if something goes wrong
4651: * @throws CmsSecurityException if the user has insufficient permission for the given resource (control of access control is required).
4652: *
4653: */
4654: public void removeAccessControlEntry(CmsRequestContext context,
4655: CmsResource resource, CmsUUID principal)
4656: throws CmsException, CmsSecurityException {
4657:
4658: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4659: try {
4660: checkOfflineProject(dbc);
4661: checkPermissions(dbc, resource,
4662: CmsPermissionSet.ACCESS_CONTROL, true,
4663: CmsResourceFilter.ALL);
4664: m_driverManager.removeAccessControlEntry(dbc, resource,
4665: principal);
4666: } catch (Exception e) {
4667: dbc.report(null, Messages.get()
4668: .container(Messages.ERR_REMOVE_ACL_ENTRY_2,
4669: context.getSitePath(resource),
4670: principal.toString()), e);
4671: } finally {
4672: dbc.clear();
4673: }
4674: }
4675:
4676: /**
4677: * Removes a resource from the given organizational unit.<p>
4678: *
4679: * @param context the current request context
4680: * @param orgUnit the organizational unit to remove the resource from
4681: * @param resource the resource that is to be removed from the organizational unit
4682: *
4683: * @throws CmsException if something goes wrong
4684: *
4685: * @see org.opencms.security.CmsOrgUnitManager#addResourceToOrgUnit(CmsObject, String, String)
4686: * @see org.opencms.security.CmsOrgUnitManager#addResourceToOrgUnit(CmsObject, String, String)
4687: */
4688: public void removeResourceFromOrgUnit(CmsRequestContext context,
4689: CmsOrganizationalUnit orgUnit, CmsResource resource)
4690: throws CmsException {
4691:
4692: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4693: try {
4694: checkRole(dbc, CmsRole.ADMINISTRATOR.forOrgUnit(orgUnit
4695: .getName()));
4696: checkOfflineProject(dbc);
4697: m_driverManager.removeResourceFromOrgUnit(dbc, orgUnit,
4698: resource);
4699: } catch (Exception e) {
4700: dbc.report(null, Messages.get().container(
4701: Messages.ERR_REMOVE_RESOURCE_FROM_ORGUNIT_2,
4702: orgUnit.getName(),
4703: dbc.removeSiteRoot(resource.getRootPath())), e);
4704: } finally {
4705: dbc.clear();
4706: }
4707: }
4708:
4709: /**
4710: * Removes a resource from the current project of the user.<p>
4711: *
4712: * @param context the current request context
4713: * @param resource the resource to apply this operation to
4714: *
4715: * @throws CmsException if something goes wrong
4716: * @throws CmsRoleViolationException if the current user does not have management access to the project
4717: *
4718: * @see org.opencms.file.types.I_CmsResourceType#copyResourceToProject(CmsObject, CmsSecurityManager, CmsResource)
4719: */
4720: public void removeResourceFromProject(CmsRequestContext context,
4721: CmsResource resource) throws CmsException,
4722: CmsRoleViolationException {
4723:
4724: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4725: try {
4726: checkOfflineProject(dbc);
4727: checkManagerOfProjectRole(dbc, context.currentProject());
4728:
4729: m_driverManager.removeResourceFromProject(dbc, resource);
4730: } catch (Exception e) {
4731: dbc.report(null, Messages.get().container(
4732: Messages.ERR_COPY_RESOURCE_TO_PROJECT_2,
4733: context.getSitePath(resource),
4734: context.currentProject().getName()), e);
4735: } finally {
4736: dbc.clear();
4737: }
4738: }
4739:
4740: /**
4741: * Removes a user from a group.<p>
4742: *
4743: * @param context the current request context
4744: * @param username the name of the user that is to be removed from the group
4745: * @param groupname the name of the group
4746: * @param readRoles if to read roles or groups
4747: *
4748: * @throws CmsException if operation was not successful
4749: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
4750: *
4751: */
4752: public void removeUserFromGroup(CmsRequestContext context,
4753: String username, String groupname, boolean readRoles)
4754: throws CmsException, CmsRoleViolationException {
4755:
4756: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4757: try {
4758: CmsRole role = CmsRole.ACCOUNT_MANAGER
4759: .forOrgUnit(getParentOrganizationalUnit(groupname));
4760: checkRoleForUserModification(dbc, username, role);
4761: m_driverManager.removeUserFromGroup(dbc,
4762: CmsOrganizationalUnit
4763: .removeLeadingSeparator(username),
4764: CmsOrganizationalUnit
4765: .removeLeadingSeparator(groupname),
4766: readRoles);
4767: } catch (Exception e) {
4768: dbc.report(null, Messages.get().container(
4769: Messages.ERR_REMOVE_USER_FROM_GROUP_2, username,
4770: groupname), e);
4771: } finally {
4772: dbc.clear();
4773: }
4774: }
4775:
4776: /**
4777: * Replaces the content, type and properties of a resource.<p>
4778: *
4779: * @param context the current request context
4780: * @param resource the name of the resource to apply this operation to
4781: * @param type the new type of the resource
4782: * @param content the new content of the resource
4783: * @param properties the new properties of the resource
4784: *
4785: * @throws CmsException if something goes wrong
4786: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
4787: *
4788: * @see CmsObject#replaceResource(String, int, byte[], List)
4789: * @see org.opencms.file.types.I_CmsResourceType#replaceResource(CmsObject, CmsSecurityManager, CmsResource, int, byte[], List)
4790: */
4791: public void replaceResource(CmsRequestContext context,
4792: CmsResource resource, int type, byte[] content,
4793: List properties) throws CmsException, CmsSecurityException {
4794:
4795: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4796: try {
4797: checkOfflineProject(dbc);
4798: checkPermissions(dbc, resource,
4799: CmsPermissionSet.ACCESS_WRITE, true,
4800: CmsResourceFilter.ALL);
4801: m_driverManager.replaceResource(dbc, resource, type,
4802: content, properties);
4803: } catch (Exception e) {
4804: dbc.report(null, Messages.get().container(
4805: Messages.ERR_REPLACE_RESOURCE_1,
4806: context.getSitePath(resource)), e);
4807: } finally {
4808: dbc.clear();
4809: }
4810: }
4811:
4812: /**
4813: * Resets the password for a specified user.<p>
4814: *
4815: * @param context the current request context
4816: * @param username the name of the user
4817: * @param oldPassword the old password
4818: * @param newPassword the new password
4819: *
4820: * @throws CmsException if the user data could not be read from the database
4821: * @throws CmsSecurityException if the specified user name and old password could not be verified
4822: */
4823: public void resetPassword(CmsRequestContext context,
4824: String username, String oldPassword, String newPassword)
4825: throws CmsException, CmsSecurityException {
4826:
4827: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4828: try {
4829: m_driverManager.resetPassword(dbc, CmsOrganizationalUnit
4830: .removeLeadingSeparator(username), oldPassword,
4831: newPassword);
4832: } catch (Exception e) {
4833: dbc.report(null, Messages.get().container(
4834: Messages.ERR_RESET_PASSWORD_1, username), e);
4835: } finally {
4836: dbc.clear();
4837: }
4838: }
4839:
4840: /**
4841: * Returns the original path of given resource, that is the online path for the resource.<p>
4842: *
4843: * If it differs from the offline path, the resource has been moved.<p>
4844: *
4845: * @param context the current request context
4846: * @param resource the resource to get the path for
4847: *
4848: * @return the online path
4849: *
4850: * @throws CmsException if something goes wrong
4851: *
4852: * @see org.opencms.workplace.commons.CmsUndoChanges#resourceOriginalPath(CmsObject, String)
4853: */
4854: public String resourceOriginalPath(CmsRequestContext context,
4855: CmsResource resource) throws CmsException {
4856:
4857: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4858: String result = null;
4859: try {
4860: checkOfflineProject(dbc);
4861: result = m_driverManager.getVfsDriver().readResource(dbc,
4862: CmsProject.ONLINE_PROJECT_ID,
4863: resource.getStructureId(), true).getRootPath();
4864: } catch (Exception e) {
4865: dbc.report(null, Messages.get().container(
4866: Messages.ERR_TEST_MOVED_RESOURCE_1,
4867: dbc.removeSiteRoot(resource.getRootPath())), e);
4868: } finally {
4869: dbc.clear();
4870: }
4871: return result;
4872: }
4873:
4874: /**
4875: * Restores a deleted resource identified by its structure id from the historical archive.<p>
4876: *
4877: * @param context the current request context
4878: * @param structureId the structure id of the resource to restore
4879: *
4880: * @throws CmsException if something goes wrong
4881: *
4882: * @see CmsObject#restoreDeletedResource(CmsUUID)
4883: */
4884: public void restoreDeletedResource(CmsRequestContext context,
4885: CmsUUID structureId) throws CmsException {
4886:
4887: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4888: try {
4889: checkOfflineProject(dbc);
4890: // write permissions on parent folder are checked later
4891: m_driverManager.restoreDeletedResource(dbc, structureId);
4892: } catch (Exception e) {
4893: dbc.report(null, Messages.get().container(
4894: Messages.ERR_RESTORE_DELETED_RESOURCE_1,
4895: structureId), e);
4896: } finally {
4897: dbc.clear();
4898: }
4899: }
4900:
4901: /**
4902: * Restores a resource in the current project with the given version from the historical archive.<p>
4903: *
4904: * @param context the current request context
4905: * @param resource the resource to restore from the archive
4906: * @param version the version number to restore
4907: *
4908: * @throws CmsException if something goes wrong
4909: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
4910: *
4911: * @see CmsObject#restoreResourceVersion(CmsUUID, int)
4912: * @see org.opencms.file.types.I_CmsResourceType#restoreResource(CmsObject, CmsSecurityManager, CmsResource, int)
4913: */
4914: public void restoreResource(CmsRequestContext context,
4915: CmsResource resource, int version) throws CmsException,
4916: CmsSecurityException {
4917:
4918: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4919: try {
4920: checkOfflineProject(dbc);
4921: checkPermissions(dbc, resource,
4922: CmsPermissionSet.ACCESS_WRITE, true,
4923: CmsResourceFilter.ALL);
4924: m_driverManager.restoreResource(dbc, resource, version);
4925: } catch (Exception e) {
4926: dbc.report(null, Messages.get()
4927: .container(Messages.ERR_RESTORE_RESOURCE_2,
4928: context.getSitePath(resource),
4929: new Integer(version)), e);
4930: } finally {
4931: dbc.clear();
4932: }
4933: }
4934:
4935: /**
4936: * Changes the "expire" date of a resource.<p>
4937: *
4938: * @param context the current request context
4939: * @param resource the resource to touch
4940: * @param dateExpired the new expire date of the changed resource
4941: *
4942: * @throws CmsException if something goes wrong
4943: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
4944: *
4945: * @see CmsObject#setDateExpired(String, long, boolean)
4946: * @see org.opencms.file.types.I_CmsResourceType#setDateExpired(CmsObject, CmsSecurityManager, CmsResource, long, boolean)
4947: */
4948: public void setDateExpired(CmsRequestContext context,
4949: CmsResource resource, long dateExpired)
4950: throws CmsException, CmsSecurityException {
4951:
4952: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4953: try {
4954: checkOfflineProject(dbc);
4955: checkPermissions(dbc, resource,
4956: CmsPermissionSet.ACCESS_WRITE, true,
4957: CmsResourceFilter.IGNORE_EXPIRATION);
4958: m_driverManager.setDateExpired(dbc, resource, dateExpired);
4959: } catch (Exception e) {
4960: dbc.report(null, Messages.get().container(
4961: Messages.ERR_SET_DATE_EXPIRED_2,
4962: new Object[] { new Date(dateExpired),
4963: context.getSitePath(resource) }), e);
4964: } finally {
4965: dbc.clear();
4966: }
4967: }
4968:
4969: /**
4970: * Changes the "last modified" time stamp of a resource.<p>
4971: *
4972: * @param context the current request context
4973: * @param resource the resource to touch
4974: * @param dateLastModified the new time stamp of the changed resource
4975: *
4976: * @throws CmsException if something goes wrong
4977: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
4978: *
4979: * @see CmsObject#setDateLastModified(String, long, boolean)
4980: * @see org.opencms.file.types.I_CmsResourceType#setDateLastModified(CmsObject, CmsSecurityManager, CmsResource, long, boolean)
4981: */
4982: public void setDateLastModified(CmsRequestContext context,
4983: CmsResource resource, long dateLastModified)
4984: throws CmsException, CmsSecurityException {
4985:
4986: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
4987: try {
4988: checkOfflineProject(dbc);
4989: checkPermissions(dbc, resource,
4990: CmsPermissionSet.ACCESS_WRITE, true,
4991: CmsResourceFilter.IGNORE_EXPIRATION);
4992: m_driverManager.setDateLastModified(dbc, resource,
4993: dateLastModified);
4994: } catch (Exception e) {
4995: dbc.report(null, Messages.get().container(
4996: Messages.ERR_SET_DATE_LAST_MODIFIED_2,
4997: new Object[] { new Date(dateLastModified),
4998: context.getSitePath(resource) }), e);
4999: } finally {
5000: dbc.clear();
5001: }
5002: }
5003:
5004: /**
5005: * Changes the "release" date of a resource.<p>
5006: *
5007: * @param context the current request context
5008: * @param resource the resource to touch
5009: * @param dateReleased the new release date of the changed resource
5010: *
5011: * @throws CmsException if something goes wrong
5012: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
5013: *
5014: * @see CmsObject#setDateReleased(String, long, boolean)
5015: * @see org.opencms.file.types.I_CmsResourceType#setDateReleased(CmsObject, CmsSecurityManager, CmsResource, long, boolean)
5016: */
5017: public void setDateReleased(CmsRequestContext context,
5018: CmsResource resource, long dateReleased)
5019: throws CmsException, CmsSecurityException {
5020:
5021: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5022: try {
5023: checkOfflineProject(dbc);
5024: checkPermissions(dbc, resource,
5025: CmsPermissionSet.ACCESS_WRITE, true,
5026: CmsResourceFilter.IGNORE_EXPIRATION);
5027: m_driverManager
5028: .setDateReleased(dbc, resource, dateReleased);
5029: } catch (Exception e) {
5030: dbc.report(null, Messages.get().container(
5031: Messages.ERR_SET_DATE_RELEASED_2,
5032: new Object[] { new Date(dateReleased),
5033: context.getSitePath(resource) }), e);
5034: } finally {
5035: dbc.clear();
5036: }
5037: }
5038:
5039: /**
5040: * Sets a new parent-group for an already existing group.<p>
5041: *
5042: * @param context the current request context
5043: * @param groupName the name of the group that should be written
5044: * @param parentGroupName the name of the parent group to set,
5045: * or <code>null</code> if the parent
5046: * group should be deleted.
5047: *
5048: * @throws CmsException if operation was not successful
5049: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
5050: *
5051: */
5052: public void setParentGroup(CmsRequestContext context,
5053: String groupName, String parentGroupName)
5054: throws CmsException, CmsRoleViolationException {
5055:
5056: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5057:
5058: try {
5059: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
5060: .forOrgUnit(getParentOrganizationalUnit(groupName)));
5061: m_driverManager.setParentGroup(dbc, CmsOrganizationalUnit
5062: .removeLeadingSeparator(groupName),
5063: CmsOrganizationalUnit
5064: .removeLeadingSeparator(parentGroupName));
5065: } catch (Exception e) {
5066: dbc.report(null, Messages.get().container(
5067: Messages.ERR_SET_PARENT_GROUP_2, parentGroupName,
5068: groupName), e);
5069: } finally {
5070: dbc.clear();
5071: }
5072: }
5073:
5074: /**
5075: * Sets the password for a user.<p>
5076: *
5077: * @param context the current request context
5078: * @param username the name of the user
5079: * @param newPassword the new password
5080: *
5081: * @throws CmsException if operation was not successful
5082: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
5083: */
5084: public void setPassword(CmsRequestContext context, String username,
5085: String newPassword) throws CmsException,
5086: CmsRoleViolationException {
5087:
5088: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5089: try {
5090: CmsRole role = CmsRole.ACCOUNT_MANAGER
5091: .forOrgUnit(getParentOrganizationalUnit(username));
5092: checkRoleForUserModification(dbc, username, role);
5093: m_driverManager.setPassword(dbc, CmsOrganizationalUnit
5094: .removeLeadingSeparator(username), newPassword);
5095: } catch (Exception e) {
5096: dbc.report(null, Messages.get().container(
5097: Messages.ERR_SET_PASSWORD_1, username), e);
5098: } finally {
5099: dbc.clear();
5100: }
5101: }
5102:
5103: /**
5104: * Moves an user to the given organizational unit.<p>
5105: *
5106: * @param context the current request context
5107: * @param orgUnit the organizational unit to add the principal to
5108: * @param user the user that is to be move to the organizational unit
5109: *
5110: * @throws CmsException if something goes wrong
5111: *
5112: * @see org.opencms.security.CmsOrgUnitManager#setUsersOrganizationalUnit(CmsObject, String, String)
5113: */
5114: public void setUsersOrganizationalUnit(CmsRequestContext context,
5115: CmsOrganizationalUnit orgUnit, CmsUser user)
5116: throws CmsException {
5117:
5118: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5119: try {
5120: checkRole(dbc, CmsRole.ADMINISTRATOR.forOrgUnit(orgUnit
5121: .getName()));
5122: checkOfflineProject(dbc);
5123: m_driverManager.setUsersOrganizationalUnit(dbc, orgUnit,
5124: user);
5125: } catch (Exception e) {
5126: dbc.report(null, Messages.get().container(
5127: Messages.ERR_SET_USERS_ORGUNIT_2,
5128: orgUnit.getName(), user.getName()), e);
5129: } finally {
5130: dbc.clear();
5131: }
5132: }
5133:
5134: /**
5135: * Undelete the resource by resetting it's state.<p>
5136: *
5137: * @param context the current request context
5138: * @param resource the name of the resource to apply this operation to
5139: *
5140: * @throws CmsException if something goes wrong
5141: *
5142: * @see CmsObject#undeleteResource(String, boolean)
5143: * @see org.opencms.file.types.I_CmsResourceType#undelete(CmsObject, CmsSecurityManager, CmsResource, boolean)
5144: */
5145: public void undelete(CmsRequestContext context, CmsResource resource)
5146: throws CmsException {
5147:
5148: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5149: try {
5150: checkOfflineProject(dbc);
5151: checkPermissions(dbc, resource,
5152: CmsPermissionSet.ACCESS_WRITE, true,
5153: CmsResourceFilter.ALL);
5154: checkSystemLocks(dbc, resource);
5155:
5156: m_driverManager.undelete(dbc, resource);
5157: } catch (Exception e) {
5158: dbc.report(null, Messages.get().container(
5159: Messages.ERR_UNDELETE_FOR_RESOURCE_1,
5160: context.getSitePath(resource)), e);
5161: } finally {
5162: dbc.clear();
5163: }
5164: }
5165:
5166: /**
5167: * Undos all changes in the resource by restoring the version from the
5168: * online project to the current offline project.<p>
5169: *
5170: * @param context the current request context
5171: * @param resource the name of the resource to apply this operation to
5172: * @param mode the undo mode, one of the <code>{@link CmsResource}#UNDO_XXX</code> constants
5173: *
5174: * @throws CmsException if something goes wrong
5175: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
5176: *
5177: * @see CmsObject#undoChanges(String, CmsResource.CmsResourceUndoMode)
5178: * @see org.opencms.file.types.I_CmsResourceType#undoChanges(CmsObject, CmsSecurityManager, CmsResource, CmsResource.CmsResourceUndoMode)
5179: */
5180: public void undoChanges(CmsRequestContext context,
5181: CmsResource resource, CmsResource.CmsResourceUndoMode mode)
5182: throws CmsException, CmsSecurityException {
5183:
5184: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5185: try {
5186: checkOfflineProject(dbc);
5187: checkPermissions(dbc, resource,
5188: CmsPermissionSet.ACCESS_WRITE, true,
5189: CmsResourceFilter.ALL);
5190: checkSystemLocks(dbc, resource);
5191:
5192: m_driverManager.undoChanges(dbc, resource, mode);
5193: } catch (Exception e) {
5194: dbc.report(null, Messages.get().container(
5195: Messages.ERR_UNDO_CHANGES_FOR_RESOURCE_1,
5196: context.getSitePath(resource)), e);
5197: } finally {
5198: dbc.clear();
5199: }
5200: }
5201:
5202: /**
5203: * Unlocks all resources in this project.<p>
5204: *
5205: * @param context the current request context
5206: * @param projectId the id of the project to be published
5207: *
5208: * @throws CmsException if something goes wrong
5209: * @throws CmsRoleViolationException if the current user does not own the required permissions
5210: */
5211: public void unlockProject(CmsRequestContext context,
5212: CmsUUID projectId) throws CmsException,
5213: CmsRoleViolationException {
5214:
5215: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5216: CmsProject project = m_driverManager
5217: .readProject(dbc, projectId);
5218:
5219: try {
5220: checkManagerOfProjectRole(dbc, project);
5221: m_driverManager.unlockProject(project);
5222: } catch (Exception e) {
5223: dbc.report(null, Messages.get().container(
5224: Messages.ERR_UNLOCK_PROJECT_2, projectId,
5225: dbc.currentUser().getName()), e);
5226: } finally {
5227: dbc.clear();
5228: }
5229: }
5230:
5231: /**
5232: * Unlocks a resource.<p>
5233: *
5234: * @param context the current request context
5235: * @param resource the resource to unlock
5236: *
5237: * @throws CmsException if something goes wrong
5238: * @throws CmsSecurityException if the user has insufficient permission for the given resource (write access permission is required)
5239: *
5240: * @see CmsObject#unlockResource(String)
5241: * @see org.opencms.file.types.I_CmsResourceType#unlockResource(CmsObject, CmsSecurityManager, CmsResource)
5242: */
5243: public void unlockResource(CmsRequestContext context,
5244: CmsResource resource) throws CmsException,
5245: CmsSecurityException {
5246:
5247: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5248: try {
5249: checkOfflineProject(dbc);
5250: checkPermissions(dbc, resource,
5251: CmsPermissionSet.ACCESS_WRITE, true,
5252: CmsResourceFilter.ALL);
5253: m_driverManager.unlockResource(dbc, resource, false, false);
5254: } catch (CmsException e) {
5255: dbc.report(null, Messages.get().container(
5256: Messages.ERR_UNLOCK_RESOURCE_3,
5257: context.getSitePath(resource),
5258: dbc.currentUser().getName(),
5259: e.getLocalizedMessage(dbc.getRequestContext()
5260: .getLocale())), e);
5261: } finally {
5262: dbc.clear();
5263: }
5264: }
5265:
5266: /**
5267: * Updates/Creates the relations for the given resource.<p>
5268: *
5269: * @param context the current user context
5270: * @param resource the resource to update the relations for
5271: * @param relations the relations to update
5272: *
5273: * @throws CmsException if something goes wrong
5274: *
5275: * @see CmsDriverManager#updateRelationsForResource(CmsDbContext, CmsResource, List)
5276: */
5277: public void updateRelationsForResource(CmsRequestContext context,
5278: CmsResource resource, List relations) throws CmsException {
5279:
5280: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5281: try {
5282: m_driverManager.updateRelationsForResource(dbc, resource,
5283: relations);
5284: } catch (Exception e) {
5285: dbc.report(null, Messages.get().container(
5286: Messages.ERR_UPDATE_RELATIONS_1,
5287: dbc.removeSiteRoot(resource.getRootPath())), e);
5288: } finally {
5289: dbc.clear();
5290: }
5291: }
5292:
5293: /**
5294: * Tests if a user is member of the given group.<p>
5295: *
5296: * @param context the current request context
5297: * @param username the name of the user to check
5298: * @param groupname the name of the group to check
5299: *
5300: * @return <code>true</code>, if the user is in the group; or <code>false</code> otherwise
5301: *
5302: * @throws CmsException if operation was not successful
5303: */
5304: public boolean userInGroup(CmsRequestContext context,
5305: String username, String groupname) throws CmsException {
5306:
5307: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5308: boolean result = false;
5309: try {
5310: result = m_driverManager.userInGroup(dbc,
5311: CmsOrganizationalUnit
5312: .removeLeadingSeparator(username),
5313: CmsOrganizationalUnit
5314: .removeLeadingSeparator(groupname), false);
5315: } catch (Exception e) {
5316: dbc.report(null, Messages.get().container(
5317: Messages.ERR_USER_IN_GROUP_2, username, groupname),
5318: e);
5319: } finally {
5320: dbc.clear();
5321: }
5322: return result;
5323: }
5324:
5325: /**
5326: * Checks if a new password follows the rules for
5327: * new passwords, which are defined by a Class implementing the
5328: * <code>{@link org.opencms.security.I_CmsPasswordHandler}</code>
5329: * interface and configured in the opencms.properties file.<p>
5330: *
5331: * If this method throws no exception the password is valid.<p>
5332: *
5333: * @param password the new password that has to be checked
5334: *
5335: * @throws CmsSecurityException if the password is not valid
5336: */
5337: public void validatePassword(String password)
5338: throws CmsSecurityException {
5339:
5340: m_driverManager.validatePassword(password);
5341: }
5342:
5343: /**
5344: * Validates the relations for the given resources.<p>
5345: *
5346: * @param context the current request context
5347: * @param publishList the resources to validate during publishing
5348: * @param report a report to write the messages to
5349: *
5350: * @return a map with lists of invalid links
5351: * (<code>{@link org.opencms.relations.CmsRelation}}</code> objects)
5352: * keyed by root paths
5353: *
5354: * @throws Exception if something goes wrong
5355: */
5356: public Map validateRelations(CmsRequestContext context,
5357: CmsPublishList publishList, I_CmsReport report)
5358: throws Exception {
5359:
5360: Map result = null;
5361: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5362: try {
5363: result = m_driverManager.validateRelations(dbc,
5364: publishList, report);
5365: } catch (Exception e) {
5366: dbc.report(null, Messages.get().container(
5367: Messages.ERR_VALIDATE_RELATIONS_0), e);
5368: } finally {
5369: dbc.clear();
5370: }
5371: return result;
5372: }
5373:
5374: /**
5375: * Writes an access control entries to a given resource.<p>
5376: *
5377: * @param context the current request context
5378: * @param resource the resource
5379: * @param ace the entry to write
5380: *
5381: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_CONTROL} required)
5382: * @throws CmsException if something goes wrong
5383: */
5384: public void writeAccessControlEntry(CmsRequestContext context,
5385: CmsResource resource, CmsAccessControlEntry ace)
5386: throws CmsException, CmsSecurityException {
5387:
5388: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5389: try {
5390: checkOfflineProject(dbc);
5391: checkPermissions(dbc, resource,
5392: CmsPermissionSet.ACCESS_CONTROL, true,
5393: CmsResourceFilter.ALL);
5394: if (ace.getPrincipal().equals(
5395: CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) {
5396: // only vfs managers can set the overwrite all ACE
5397: checkRoleForResource(dbc, CmsRole.VFS_MANAGER, resource);
5398: }
5399: m_driverManager.writeAccessControlEntry(dbc, resource, ace);
5400: } catch (Exception e) {
5401: dbc.report(null, Messages.get().container(
5402: Messages.ERR_WRITE_ACL_ENTRY_1,
5403: context.getSitePath(resource)), e);
5404: } finally {
5405: dbc.clear();
5406: }
5407: }
5408:
5409: /**
5410: * Writes a resource to the OpenCms VFS, including it's content.<p>
5411: *
5412: * Applies only to resources of type <code>{@link CmsFile}</code>
5413: * i.e. resources that have a binary content attached.<p>
5414: *
5415: * Certain resource types might apply content validation or transformation rules
5416: * before the resource is actually written to the VFS. The returned result
5417: * might therefore be a modified version from the provided original.<p>
5418: *
5419: * @param context the current request context
5420: * @param resource the resource to apply this operation to
5421: *
5422: * @return the written resource (may have been modified)
5423: *
5424: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_WRITE} required)
5425: * @throws CmsException if something goes wrong
5426: *
5427: * @see CmsObject#writeFile(CmsFile)
5428: * @see org.opencms.file.types.I_CmsResourceType#writeFile(CmsObject, CmsSecurityManager, CmsFile)
5429: */
5430: public CmsFile writeFile(CmsRequestContext context, CmsFile resource)
5431: throws CmsException, CmsSecurityException {
5432:
5433: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5434: CmsFile result = null;
5435: try {
5436: checkOfflineProject(dbc);
5437: checkPermissions(dbc, resource,
5438: CmsPermissionSet.ACCESS_WRITE, true,
5439: CmsResourceFilter.ALL);
5440: result = m_driverManager.writeFile(dbc, resource);
5441: } catch (Exception e) {
5442: dbc.report(null, Messages.get().container(
5443: Messages.ERR_WRITE_FILE_1,
5444: context.getSitePath(resource)), e);
5445: } finally {
5446: dbc.clear();
5447: }
5448: return result;
5449: }
5450:
5451: /**
5452: * Writes an already existing group.<p>
5453: *
5454: * The group id has to be a valid OpenCms group id.<br>
5455: *
5456: * The group with the given id will be completely overridden
5457: * by the given data.<p>
5458: *
5459: * @param context the current request context
5460: * @param group the group that should be written
5461: *
5462: * @throws CmsRoleViolationException if the current user does not own the role {@link CmsRole#ACCOUNT_MANAGER} for the current project
5463: * @throws CmsException if operation was not successful
5464: */
5465: public void writeGroup(CmsRequestContext context, CmsGroup group)
5466: throws CmsException, CmsRoleViolationException {
5467:
5468: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5469: try {
5470: checkRole(dbc, CmsRole.ACCOUNT_MANAGER
5471: .forOrgUnit(getParentOrganizationalUnit(group
5472: .getName())));
5473: m_driverManager.writeGroup(dbc, group);
5474: } catch (Exception e) {
5475: dbc.report(null, Messages.get().container(
5476: Messages.ERR_WRITE_GROUP_1, group.getName()), e);
5477: } finally {
5478: dbc.clear();
5479: }
5480: }
5481:
5482: /**
5483: * Creates a historical entry of the current project.<p>
5484: *
5485: * @param context the current request context
5486: * @param publishTag the correlative publish tag
5487: * @param publishDate the date of publishing
5488: *
5489: * @throws CmsException if operation was not successful
5490: */
5491: public void writeHistoryProject(CmsRequestContext context,
5492: int publishTag, long publishDate) throws CmsException {
5493:
5494: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5495: try {
5496: m_driverManager.writeHistoryProject(dbc, publishTag,
5497: publishDate);
5498: } catch (Exception e) {
5499: dbc.report(null, Messages.get().container(
5500: Messages.ERR_HISTORY_PROJECT_4,
5501: new Object[] { new Integer(publishTag),
5502: dbc.currentProject().getName(),
5503: dbc.currentProject().getUuid(),
5504: new Long(publishDate) }), e);
5505: } finally {
5506: dbc.clear();
5507: }
5508: }
5509:
5510: /**
5511: * Writes the locks that are currently stored in-memory to the database to allow restoring them in
5512: * later startups.<p>
5513: *
5514: * This overwrites the locks previously stored in the underlying database table.<p>
5515: *
5516: * @throws CmsException if something goes wrong
5517: */
5518: public void writeLocks() throws CmsException {
5519:
5520: if (m_dbContextFactory == null) {
5521: // already shutdown
5522: return;
5523: }
5524: CmsDbContext dbc = m_dbContextFactory.getDbContext();
5525: try {
5526: m_driverManager.writeLocks(dbc);
5527: } finally {
5528: dbc.clear();
5529: }
5530: }
5531:
5532: /**
5533: * Writes an already existing organizational unit.<p>
5534: *
5535: * The organizational unit id has to be a valid OpenCms organizational unit id.<p>
5536: *
5537: * The organizational unit with the given id will be completely overridden
5538: * by the given data.<p>
5539: *
5540: * @param context the current request context
5541: * @param organizationalUnit the organizational unit that should be written
5542: *
5543: * @throws CmsException if operation was not successful
5544: *
5545: * @see org.opencms.security.CmsOrgUnitManager#writeOrganizationalUnit(CmsObject, CmsOrganizationalUnit)
5546: */
5547: public void writeOrganizationalUnit(CmsRequestContext context,
5548: CmsOrganizationalUnit organizationalUnit)
5549: throws CmsException {
5550:
5551: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5552: try {
5553: checkRole(dbc, CmsRole.ADMINISTRATOR
5554: .forOrgUnit(organizationalUnit.getName()));
5555: checkOfflineProject(dbc);
5556: m_driverManager.writeOrganizationalUnit(dbc,
5557: organizationalUnit);
5558: } catch (Exception e) {
5559: dbc.report(null, Messages.get().container(
5560: Messages.ERR_WRITE_ORGUNIT_1,
5561: organizationalUnit.getName()), e);
5562: } finally {
5563: dbc.clear();
5564: }
5565: }
5566:
5567: /**
5568: * Writes an already existing project.<p>
5569: *
5570: * The project id has to be a valid OpenCms project id.<br>
5571: *
5572: * The project with the given id will be completely overridden
5573: * by the given data.<p>
5574: *
5575: * @param project the project that should be written
5576: * @param context the current request context
5577: *
5578: * @throws CmsRoleViolationException if the current user does not own the required permissions
5579: * @throws CmsException if operation was not successful
5580: */
5581: public void writeProject(CmsRequestContext context,
5582: CmsProject project) throws CmsRoleViolationException,
5583: CmsException {
5584:
5585: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5586: try {
5587: checkManagerOfProjectRole(dbc, project);
5588: m_driverManager.writeProject(dbc, project);
5589: } catch (Exception e) {
5590: dbc
5591: .report(null, Messages.get().container(
5592: Messages.ERR_WRITE_PROJECT_1,
5593: project.getName()), e);
5594: } finally {
5595: dbc.clear();
5596: }
5597: }
5598:
5599: /**
5600: * Writes a property for a specified resource.<p>
5601: *
5602: * @param context the current request context
5603: * @param resource the resource to write the property for
5604: * @param property the property to write
5605: *
5606: * @throws CmsException if something goes wrong
5607: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_WRITE} required)
5608: *
5609: * @see CmsObject#writePropertyObject(String, CmsProperty)
5610: * @see org.opencms.file.types.I_CmsResourceType#writePropertyObject(CmsObject, CmsSecurityManager, CmsResource, CmsProperty)
5611: */
5612: public void writePropertyObject(CmsRequestContext context,
5613: CmsResource resource, CmsProperty property)
5614: throws CmsException, CmsSecurityException {
5615:
5616: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5617: try {
5618: checkOfflineProject(dbc);
5619: checkPermissions(dbc, resource,
5620: CmsPermissionSet.ACCESS_WRITE, true,
5621: CmsResourceFilter.IGNORE_EXPIRATION);
5622: m_driverManager
5623: .writePropertyObject(dbc, resource, property);
5624: } catch (Exception e) {
5625: dbc.report(null, Messages.get().container(
5626: Messages.ERR_WRITE_PROP_2, property.getName(),
5627: context.getSitePath(resource)), e);
5628: } finally {
5629: dbc.clear();
5630: }
5631: }
5632:
5633: /**
5634: * Writes a list of properties for a specified resource.<p>
5635: *
5636: * Code calling this method has to ensure that the no properties
5637: * <code>a, b</code> are contained in the specified list so that <code>a.equals(b)</code>,
5638: * otherwise an exception is thrown.<p>
5639: *
5640: * @param context the current request context
5641: * @param resource the resource to write the properties for
5642: * @param properties the list of properties to write
5643: *
5644: * @throws CmsException if something goes wrong
5645: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_WRITE} required)
5646: *
5647: * @see CmsObject#writePropertyObjects(String, List)
5648: * @see org.opencms.file.types.I_CmsResourceType#writePropertyObjects(CmsObject, CmsSecurityManager, CmsResource, List)
5649: */
5650: public void writePropertyObjects(CmsRequestContext context,
5651: CmsResource resource, List properties) throws CmsException,
5652: CmsSecurityException {
5653:
5654: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5655: try {
5656: checkOfflineProject(dbc);
5657: checkPermissions(dbc, resource,
5658: CmsPermissionSet.ACCESS_WRITE, true,
5659: CmsResourceFilter.IGNORE_EXPIRATION);
5660: // write the properties
5661: m_driverManager.writePropertyObjects(dbc, resource,
5662: properties, true);
5663: } catch (Exception e) {
5664: dbc.report(null, Messages.get().container(
5665: Messages.ERR_WRITE_PROPS_1,
5666: context.getSitePath(resource)), e);
5667: } finally {
5668: dbc.clear();
5669: }
5670: }
5671:
5672: /**
5673: * Writes a resource to the OpenCms VFS.<p>
5674: *
5675: * @param context the current request context
5676: * @param resource the resource to write
5677: *
5678: * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_WRITE} required)
5679: * @throws CmsException if something goes wrong
5680: */
5681: public void writeResource(CmsRequestContext context,
5682: CmsResource resource) throws CmsException,
5683: CmsSecurityException {
5684:
5685: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5686: try {
5687: checkOfflineProject(dbc);
5688: checkPermissions(dbc, resource,
5689: CmsPermissionSet.ACCESS_WRITE, true,
5690: CmsResourceFilter.ALL);
5691: m_driverManager.writeResource(dbc, resource);
5692: } catch (Exception e) {
5693: dbc.report(null, Messages.get().container(
5694: Messages.ERR_WRITE_RESOURCE_1,
5695: context.getSitePath(resource)), e);
5696: } finally {
5697: dbc.clear();
5698: }
5699: }
5700:
5701: /**
5702: * Inserts an entry in the published resource table.<p>
5703: *
5704: * This is done during static export.<p>
5705: *
5706: * @param context the current request context
5707: * @param resourceName The name of the resource to be added to the static export
5708: * @param linkType the type of resource exported (0= non-parameter, 1=parameter)
5709: * @param linkParameter the parameters added to the resource
5710: * @param timestamp a time stamp for writing the data into the db
5711: *
5712: * @throws CmsException if something goes wrong
5713: */
5714: public void writeStaticExportPublishedResource(
5715: CmsRequestContext context, String resourceName,
5716: int linkType, String linkParameter, long timestamp)
5717: throws CmsException {
5718:
5719: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5720: try {
5721: m_driverManager.writeStaticExportPublishedResource(dbc,
5722: resourceName, linkType, linkParameter, timestamp);
5723: } catch (Exception e) {
5724: dbc.report(null, Messages.get().container(
5725: Messages.ERR_WRITE_STATEXP_PUBLISHED_RESOURCES_3,
5726: resourceName, linkParameter, new Date(timestamp)),
5727: e);
5728: } finally {
5729: dbc.clear();
5730: }
5731: }
5732:
5733: /**
5734: * Updates the user information. <p>
5735: *
5736: * The user id has to be a valid OpenCms user id.<br>
5737: *
5738: * The user with the given id will be completely overridden
5739: * by the given data.<p>
5740: *
5741: * @param context the current request context
5742: * @param user the user to be updated
5743: *
5744: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER} for the current project
5745: * @throws CmsException if operation was not successful
5746: */
5747: public void writeUser(CmsRequestContext context, CmsUser user)
5748: throws CmsException, CmsRoleViolationException {
5749:
5750: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5751: try {
5752: CmsRole role = CmsRole.ACCOUNT_MANAGER
5753: .forOrgUnit(getParentOrganizationalUnit(user
5754: .getName()));
5755: checkRoleForUserModification(dbc, user.getName(), role);
5756: m_driverManager.writeUser(dbc, user);
5757: } catch (Exception e) {
5758: dbc.report(null, Messages.get().container(
5759: Messages.ERR_WRITE_USER_1, user.getName()), e);
5760: } finally {
5761: dbc.clear();
5762: }
5763: }
5764:
5765: /**
5766: * Performs a blocking permission check on a resource.<p>
5767: *
5768: * If the required permissions are not satisfied by the permissions the user has on the resource,
5769: * an exception is thrown.<p>
5770: *
5771: * @param dbc the current database context
5772: * @param resource the resource on which permissions are required
5773: * @param requiredPermissions the set of permissions required to access the resource
5774: * @param checkLock if true, the lock status of the resource is also checked
5775: * @param filter the filter for the resource
5776: *
5777: * @throws CmsException in case of any i/o error
5778: * @throws CmsSecurityException if the required permissions are not satisfied
5779: *
5780: * @see #hasPermissions(CmsRequestContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter)
5781: */
5782: protected void checkPermissions(CmsDbContext dbc,
5783: CmsResource resource, CmsPermissionSet requiredPermissions,
5784: boolean checkLock, CmsResourceFilter filter)
5785: throws CmsException, CmsSecurityException {
5786:
5787: // get the permissions
5788: I_CmsPermissionHandler.CmsPermissionCheckResult permissions = hasPermissions(
5789: dbc, resource, requiredPermissions, checkLock, filter);
5790: if (!permissions.isAllowed()) {
5791: checkPermissions(dbc.getRequestContext(), resource,
5792: requiredPermissions, permissions);
5793: }
5794: }
5795:
5796: /**
5797: * Applies the permission check result of a previous call
5798: * to {@link #hasPermissions(CmsRequestContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter)}.<p>
5799: *
5800: * @param context the current request context
5801: * @param resource the resource on which permissions are required
5802: * @param requiredPermissions the set of permissions required to access the resource
5803: * @param permissions the permissions to check
5804: *
5805: * @throws CmsSecurityException if the required permissions are not satisfied
5806: * @throws CmsLockException if the lock status is not as required
5807: * @throws CmsVfsResourceNotFoundException if the required resource has been filtered
5808: */
5809: protected void checkPermissions(CmsRequestContext context,
5810: CmsResource resource, CmsPermissionSet requiredPermissions,
5811: I_CmsPermissionHandler.CmsPermissionCheckResult permissions)
5812: throws CmsSecurityException, CmsLockException,
5813: CmsVfsResourceNotFoundException {
5814:
5815: if (permissions == I_CmsPermissionHandler.PERM_FILTERED) {
5816: throw new CmsVfsResourceNotFoundException(Messages.get()
5817: .container(Messages.ERR_PERM_FILTERED_1,
5818: context.getSitePath(resource)));
5819: }
5820: if (permissions == I_CmsPermissionHandler.PERM_DENIED) {
5821: throw new CmsPermissionViolationException(Messages.get()
5822: .container(Messages.ERR_PERM_DENIED_2,
5823: context.getSitePath(resource),
5824: requiredPermissions.getPermissionString()));
5825: }
5826: if (permissions == I_CmsPermissionHandler.PERM_NOTLOCKED) {
5827: throw new CmsLockException(Messages.get().container(
5828: Messages.ERR_PERM_NOTLOCKED_2,
5829: context.getSitePath(resource),
5830: context.currentUser().getName()));
5831: }
5832: }
5833:
5834: /**
5835: * Checks that the current user has enough permissions to modify the given user.<p>
5836: *
5837: * @param dbc the database context
5838: * @param username the name of the user to modify
5839: * @param role the needed role
5840: *
5841: * @throws CmsDataAccessException if something goes wrong
5842: * @throws CmsRoleViolationException if the user has not the needed permissions
5843: */
5844: protected void checkRoleForUserModification(CmsDbContext dbc,
5845: String username, CmsRole role)
5846: throws CmsDataAccessException, CmsRoleViolationException {
5847:
5848: CmsUser user = m_driverManager.readUser(dbc,
5849: CmsOrganizationalUnit.removeLeadingSeparator(username));
5850: // a user is allowed to write his own data
5851: if (!dbc.currentUser().equals(user)) {
5852: // check if the user to be modified is root admin
5853: if (hasRole(dbc, user, CmsRole.ROOT_ADMIN)) {
5854: // check the user that is going to do the modification is root admin
5855: checkRole(dbc, CmsRole.ROOT_ADMIN);
5856: // check if the user to be modified is administrator
5857: } else if (hasRole(dbc, user, CmsRole.ADMINISTRATOR)) {
5858: // check the user that is going to do the modification is administrator
5859: checkRole(dbc, CmsRole.ADMINISTRATOR);
5860: } else {
5861: // check the user that is going to do the modification has the given role
5862: checkRole(dbc, role);
5863: }
5864: }
5865: }
5866:
5867: /**
5868: * Checks if the given resource contains a resource that has a system lock.<p>
5869: *
5870: * @param dbc the current database context
5871: * @param resource the resource to check
5872: *
5873: * @throws CmsException in case there is a system lock contained in the given resource
5874: */
5875: protected void checkSystemLocks(CmsDbContext dbc,
5876: CmsResource resource) throws CmsException {
5877:
5878: if (m_lockManager.hasSystemLocks(dbc, resource)) {
5879: throw new CmsLockException(Messages.get().container(
5880: Messages.ERR_RESOURCE_SYSTEM_LOCKED_1,
5881: dbc.removeSiteRoot(resource.getRootPath())));
5882: }
5883: }
5884:
5885: /**
5886: * Internal recursive method for deleting a resource.<p>
5887: *
5888: * @param dbc the db context
5889: * @param resource the name of the resource to delete (full path)
5890: * @param siblingMode indicates how to handle siblings of the deleted resource
5891: *
5892: * @throws CmsException if something goes wrong
5893: */
5894: protected void deleteResource(CmsDbContext dbc,
5895: CmsResource resource,
5896: CmsResource.CmsResourceDeleteMode siblingMode)
5897: throws CmsException {
5898:
5899: if (resource.isFolder()) {
5900: // collect all resources in the folder (but exclude deleted ones)
5901: List resources = m_driverManager.readChildResources(dbc,
5902: resource, CmsResourceFilter.IGNORE_EXPIRATION,
5903: true, true, false);
5904:
5905: Set deletedResources = new HashSet();
5906: // now walk through all sub-resources in the folder
5907: for (int i = 0; i < resources.size(); i++) {
5908: CmsResource childResource = (CmsResource) resources
5909: .get(i);
5910: if ((siblingMode == CmsResource.DELETE_REMOVE_SIBLINGS)
5911: && deletedResources.contains(childResource
5912: .getResourceId())) {
5913: // sibling mode is "delete all siblings" and another sibling of the current child resource has already
5914: // been deleted- do nothing and continue with the next child resource.
5915: continue;
5916: }
5917: if (childResource.isFolder()) {
5918: // recurse into this method for subfolders
5919: deleteResource(dbc, childResource, siblingMode);
5920: } else {
5921: // handle child resources
5922: m_driverManager.deleteResource(dbc, childResource,
5923: siblingMode);
5924: }
5925: deletedResources.add(childResource.getResourceId());
5926: }
5927: deletedResources.clear();
5928: }
5929: // handle the resource itself
5930: m_driverManager.deleteResource(dbc, resource, siblingMode);
5931: }
5932:
5933: /**
5934: * Deletes a user, where all permissions and resources attributes of the user
5935: * were transfered to a replacement user, if given.<p>
5936: *
5937: * @param context the current request context
5938: * @param user the user to be deleted
5939: * @param replacement the user to be transfered, can be <code>null</code>
5940: *
5941: * @throws CmsRoleViolationException if the current user does not own the rule {@link CmsRole#ACCOUNT_MANAGER}
5942: * @throws CmsSecurityException in case the user is a default user
5943: * @throws CmsException if something goes wrong
5944: */
5945: protected void deleteUser(CmsRequestContext context, CmsUser user,
5946: CmsUser replacement) throws CmsException,
5947: CmsSecurityException, CmsRoleViolationException {
5948:
5949: if (OpenCms.getDefaultUsers().isDefaultUser(user.getName())) {
5950: throw new CmsSecurityException(
5951: org.opencms.security.Messages
5952: .get()
5953: .container(
5954: org.opencms.security.Messages.ERR_CANT_DELETE_DEFAULT_USER_1,
5955: user.getName()));
5956: }
5957: if (context.currentUser().equals(user)) {
5958: throw new CmsSecurityException(Messages.get().container(
5959: Messages.ERR_USER_CANT_DELETE_ITSELF_USER_0));
5960: }
5961: CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
5962: try {
5963: CmsRole role = CmsRole.ACCOUNT_MANAGER
5964: .forOrgUnit(getParentOrganizationalUnit(user
5965: .getName()));
5966: checkRoleForUserModification(dbc, user.getName(), role);
5967: // this is needed because
5968: // I_CmsUserDriver#removeAccessControlEntriesForPrincipal(CmsDbContext, CmsProject, CmsProject, CmsUUID)
5969: // expects an offline project, if not data will become inconsistent
5970: checkOfflineProject(dbc);
5971: if (replacement == null) {
5972: m_driverManager.deleteUser(dbc, context
5973: .currentProject(), user.getName(), null);
5974: } else {
5975: m_driverManager.deleteUser(dbc, context
5976: .currentProject(), user.getName(), replacement
5977: .getName());
5978: }
5979: } catch (Exception e) {
5980: dbc.report(null, Messages.get().container(
5981: Messages.ERR_DELETE_USER_1, user.getName()), e);
5982: } finally {
5983: dbc.clear();
5984: }
5985: }
5986:
5987: /**
5988: * Returns all resources of organizational units for which the current user has
5989: * the given role role.<p>
5990: *
5991: * @param dbc the current database context
5992: * @param role the role to check
5993: *
5994: * @return a list of {@link org.opencms.file.CmsResource} objects
5995: *
5996: * @throws CmsException if something goes wrong
5997: */
5998: protected List getManageableResources(CmsDbContext dbc, CmsRole role)
5999: throws CmsException {
6000:
6001: CmsOrganizationalUnit ou = m_driverManager
6002: .readOrganizationalUnit(dbc, role.getOuFqn());
6003: if (hasRole(dbc, dbc.currentUser(), role)) {
6004: return m_driverManager.getResourcesForOrganizationalUnit(
6005: dbc, ou);
6006: }
6007: List resources = new ArrayList();
6008: Iterator it = m_driverManager.getOrganizationalUnits(dbc, ou,
6009: false).iterator();
6010: while (it.hasNext()) {
6011: CmsOrganizationalUnit orgUnit = (CmsOrganizationalUnit) it
6012: .next();
6013: resources.addAll(getManageableResources(dbc, role
6014: .forOrgUnit(orgUnit.getName())));
6015: }
6016: return resources;
6017: }
6018:
6019: /**
6020: * Returns the organizational unit for the parent of the given fully qualified name.<p>
6021: *
6022: * @param fqn the fully qualified name to get the parent organizational unit for
6023: *
6024: * @return the parent organizational unit for the fully qualified name
6025: */
6026: protected String getParentOrganizationalUnit(String fqn) {
6027:
6028: String ouFqn = CmsOrganizationalUnit
6029: .getParentFqn(CmsOrganizationalUnit
6030: .removeLeadingSeparator(fqn));
6031: if (ouFqn == null) {
6032: ouFqn = "";
6033: }
6034: return ouFqn;
6035: }
6036:
6037: /**
6038: * Performs a non-blocking permission check on a resource.<p>
6039: *
6040: * This test will not throw an exception in case the required permissions are not
6041: * available for the requested operation. Instead, it will return one of the
6042: * following values:<ul>
6043: * <li><code>{@link I_CmsPermissionHandler#PERM_ALLOWED}</code></li>
6044: * <li><code>{@link I_CmsPermissionHandler#PERM_FILTERED}</code></li>
6045: * <li><code>{@link I_CmsPermissionHandler#PERM_DENIED}</code></li></ul><p>
6046: *
6047: * @param dbc the current database context
6048: * @param resource the resource on which permissions are required
6049: * @param requiredPermissions the set of permissions required for the operation
6050: * @param checkLock if true, a lock for the current user is required for
6051: * all write operations, if false it's ok to write as long as the resource
6052: * is not locked by another user
6053: * @param filter the resource filter to use
6054: *
6055: * @return <code>{@link I_CmsPermissionHandler#PERM_ALLOWED}</code> if the user has sufficient permissions on the resource
6056: * for the requested operation
6057: *
6058: * @throws CmsException in case of i/o errors (NOT because of insufficient permissions)
6059: */
6060: protected I_CmsPermissionHandler.CmsPermissionCheckResult hasPermissions(
6061: CmsDbContext dbc, CmsResource resource,
6062: CmsPermissionSet requiredPermissions, boolean checkLock,
6063: CmsResourceFilter filter) throws CmsException {
6064:
6065: return m_permissionHandler.hasPermissions(dbc, resource,
6066: requiredPermissions, checkLock, filter);
6067: }
6068:
6069: /**
6070: * Returns <code>true</code> if at least one of the given group names is equal to a group name
6071: * of the given role in the given organizational unit.<p>
6072: *
6073: * This checks the given list against the group of the given role as well as against the role group
6074: * of all parent roles.<p>
6075: *
6076: * If the organizational unit is <code>null</code>, this method will check if the
6077: * given user has the given role for at least one organizational unit.<p>
6078: *
6079: * @param role the role to check
6080: * @param roles the groups to match the role groups against
6081: *
6082: * @return <code>true</code> if at last one of the given group names is equal to a group name
6083: * of this role
6084: */
6085: protected boolean hasRole(CmsRole role, List roles) {
6086:
6087: // iterates the roles the user are in
6088: Iterator itGroups = roles.iterator();
6089: while (itGroups.hasNext()) {
6090: String groupName = ((CmsGroup) itGroups.next()).getName();
6091: // iterate the role hierarchy
6092: Iterator itDistinctGroupNames = role
6093: .getDistinctGroupNames().iterator();
6094: while (itDistinctGroupNames.hasNext()) {
6095: String distictGroupName = (String) itDistinctGroupNames
6096: .next();
6097: if (distictGroupName
6098: .startsWith(CmsOrganizationalUnit.SEPARATOR)) {
6099: // this is a ou independent role
6100: // we need an exact match, and we ignore the ou parameter
6101: if (groupName.equals(distictGroupName.substring(1))) {
6102: return true;
6103: }
6104: } else {
6105: // first check if the user has the role at all
6106: if (groupName
6107: .endsWith(CmsOrganizationalUnit.SEPARATOR
6108: + distictGroupName)
6109: || groupName.equals(distictGroupName)) {
6110: // this is a ou dependent role
6111: if (role.getOuFqn() == null) {
6112: // ou parameter is null, so the user needs to have the role in at least one ou does not matter which
6113: return true;
6114: } else {
6115: // the user needs to have the role in the given ou or in a parent ou
6116: // now check that the ou matches
6117: String groupFqn = CmsOrganizationalUnit
6118: .getParentFqn(groupName);
6119: if (role.getOuFqn().startsWith(groupFqn)) {
6120: return true;
6121: }
6122: }
6123: }
6124: }
6125: }
6126: }
6127: return false;
6128: }
6129:
6130: /**
6131: * Internal recursive method to move a resource.<p>
6132: *
6133: * @param dbc the db context
6134: * @param source the source resource
6135: * @param destination the destination path
6136: *
6137: * @throws CmsException if something goes wrong
6138: */
6139: protected void moveResource(CmsDbContext dbc, CmsResource source,
6140: String destination) throws CmsException {
6141:
6142: List resources = null;
6143:
6144: if (source.isFolder()) {
6145: if (!CmsResource.isFolder(destination)) {
6146: // ensure folder name end's with a /
6147: destination = destination.concat("/");
6148: }
6149: // collect all resources in the folder without checking permissions
6150: resources = m_driverManager.readChildResources(dbc, source,
6151: CmsResourceFilter.ALL, true, true, false);
6152: }
6153:
6154: // target permissions will be checked later
6155: m_driverManager.moveResource(dbc, source, destination, false);
6156:
6157: // make sure lock is set
6158: CmsResource destinationResource = m_driverManager.readResource(
6159: dbc, destination, CmsResourceFilter.ALL);
6160: try {
6161: // the destination must always get a new lock
6162: m_driverManager.lockResource(dbc, destinationResource,
6163: CmsLockType.EXCLUSIVE);
6164: } catch (Exception e) {
6165: // could happen with with shared locks on single files
6166: if (LOG.isWarnEnabled()) {
6167: LOG.warn(e);
6168: }
6169: }
6170:
6171: if (resources != null) {
6172: // now walk through all sub-resources in the folder
6173: for (int i = 0; i < resources.size(); i++) {
6174: CmsResource childResource = (CmsResource) resources
6175: .get(i);
6176: String childDestination = destination
6177: .concat(childResource.getName());
6178: // recurse with child resource
6179: moveResource(dbc, childResource, childDestination);
6180: }
6181: }
6182: }
6183:
6184: /**
6185: * Reads a folder from the VFS, using the specified resource filter.<p>
6186: *
6187: * @param dbc the current database context
6188: * @param resourcename the name of the folder to read (full path)
6189: * @param filter the resource filter to use while reading
6190: *
6191: * @return the folder that was read
6192: *
6193: * @throws CmsException if something goes wrong
6194: */
6195: protected CmsFolder readFolder(CmsDbContext dbc,
6196: String resourcename, CmsResourceFilter filter)
6197: throws CmsException {
6198:
6199: CmsResource resource = readResource(dbc, resourcename, filter);
6200: return m_driverManager.convertResourceToFolder(resource);
6201: }
6202:
6203: /**
6204: * Reads a resource from the OpenCms VFS, using the specified resource filter.<p>
6205: *
6206: * @param dbc the current database context
6207: * @param structureID the ID of the structure to read
6208: * @param filter the resource filter to use while reading
6209: *
6210: * @return the resource that was read
6211: *
6212: * @throws CmsException if something goes wrong
6213: *
6214: * @see CmsObject#readResource(CmsUUID, CmsResourceFilter)
6215: * @see CmsObject#readResource(CmsUUID)
6216: * @see CmsObject#readFile(CmsResource)
6217: */
6218: protected CmsResource readResource(CmsDbContext dbc,
6219: CmsUUID structureID, CmsResourceFilter filter)
6220: throws CmsException {
6221:
6222: // read the resource from the VFS
6223: CmsResource resource = m_driverManager.readResource(dbc,
6224: structureID, filter);
6225:
6226: // check if the user has read access to the resource
6227: checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_READ,
6228: true, filter);
6229:
6230: // access was granted - return the resource
6231: return resource;
6232: }
6233:
6234: /**
6235: * Reads a resource from the OpenCms VFS, using the specified resource filter.<p>
6236: *
6237: * @param dbc the current database context
6238: * @param resourcePath the name of the resource to read (full path)
6239: * @param filter the resource filter to use while reading
6240: *
6241: * @return the resource that was read
6242: *
6243: * @throws CmsException if something goes wrong
6244: *
6245: * @see CmsObject#readResource(String, CmsResourceFilter)
6246: * @see CmsObject#readResource(String)
6247: * @see CmsObject#readFile(CmsResource)
6248: */
6249: protected CmsResource readResource(CmsDbContext dbc,
6250: String resourcePath, CmsResourceFilter filter)
6251: throws CmsException {
6252:
6253: // read the resource from the VFS
6254: CmsResource resource = m_driverManager.readResource(dbc,
6255: resourcePath, filter);
6256:
6257: // check if the user has read access to the resource
6258: checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_READ,
6259: true, filter);
6260:
6261: // access was granted - return the resource
6262: return resource;
6263: }
6264:
6265: }
|