[Aplaws-commit] r1731 - trunk/ccm-cms/src/com/arsdigita/cms/ui/portlet

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Author: terry
Date: 2008-07-29 10:36:02 +0000 (Tue, 29 Jul 2008)
New Revision: 1731

Modified:
   trunk/ccm-cms/src/com/arsdigita/cms/ui/portlet/ContentItemPortletRenderer.java
Log:
Content item portlet now checks read permissions

Modified: trunk/ccm-cms/src/com/arsdigita/cms/ui/portlet/ContentItemPortletRenderer.java
===================================================================

--- trunk/ccm-cms/src/com/arsdigita/cms/ui/portlet/ContentItemPortletRenderer.java	2008-07-29 10:34:02 UTC (rev 1730)
+++ trunk/ccm-cms/src/com/arsdigita/cms/ui/portlet/ContentItemPortletRenderer.java	2008-07-29 10:36:02 UTC (rev 1731)
@@ -25,12 +25,15 @@
 import com.arsdigita.cms.SecurityManager;
 import com.arsdigita.cms.dispatcher.SimpleXMLGenerator;
 import com.arsdigita.cms.portlet.ContentItemPortlet;
+import com.arsdigita.dispatcher.AccessDeniedException;
 import com.arsdigita.domain.DomainObjectXMLRenderer;
 import com.arsdigita.kernel.Kernel;
 import com.arsdigita.kernel.Party;
 import com.arsdigita.kernel.permissions.PermissionDescriptor;
 import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
+import com.arsdigita.web.LoginSignal;
+import com.arsdigita.web.Web;
 import com.arsdigita.xml.Element;
 
 
@@ -52,6 +55,18 @@
         ContentItem item = m_portlet.getContentItem();
         
         Party currentParty = Kernel.getContext().getParty();
+        if (currentParty == null) {
+            currentParty = Kernel.getPublicUser();
+        }
+        
+        PermissionDescriptor read = new PermissionDescriptor(PrivilegeDescriptor.get(SecurityManager.CMS_READ_ITEM), item, currentParty);
+        if (!PermissionService.checkPermission(read)) {
+            if (Web.getUserContext().isLoggedIn()) {
+                throw new AccessDeniedException("User does cannot read content item " + item.getName());
+            }
+            throw new LoginSignal(Web.getRequest());
+        }
+        
         PermissionDescriptor edit = new PermissionDescriptor(PrivilegeDescriptor.get(SecurityManager.CMS_EDIT_ITEM), item, currentParty);
         if (PermissionService.checkPermission(edit)) {
             content.addAttribute("canEdit", "true");



