[Aplaws-commit] r965 - trunk/ccm-cms/src/com/arsdigita/cms

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Author: sskracic
Date: 2005-10-28 20:08:42 +0200 (Fri, 28 Oct 2005)
New Revision: 965

Modified:
   trunk/ccm-cms/src/com/arsdigita/cms/ContentBundle.java
Log:
  Fix for SF bug [ 1338725 ] Security context broken when copying
items.  Although there's a DomainObjectObserver that intercepts
ContentItem.setParent() so that the security context is maintained, the
problem was in the fact that item-to-bundle association is two-way.
The fault was being triggerred when using DomainCopier to copy
selected bundles/items, and which is fully metadata driven.  There, the
cms_items.parent_id was being set two times: first time it was copied
from the source article when ContentItem.parent property was copied,
after which the security context to the original (and not newly created
copy) bundle is set through DomainObjectObserver.  Second time it is
set as the ContentBundle.instances association, which ultimately set
the correct parent_id (and denormalized ancestors path through triggers
in sql layer).  However, security context of the article (or any other
content item that is bundled) still points to the original bundle,
since ContentItem.parent property is not being considered changed.

  The solution, which seems to work, was to add DomainObjectObserver
that intercepts operations on ContentBundle.instances property.



Modified: trunk/ccm-cms/src/com/arsdigita/cms/ContentBundle.java
===================================================================

--- trunk/ccm-cms/src/com/arsdigita/cms/ContentBundle.java	2005-10-27 14:33:38 UTC (rev 964)
+++ trunk/ccm-cms/src/com/arsdigita/cms/ContentBundle.java	2005-10-28 18:08:42 UTC (rev 965)
@@ -22,8 +22,12 @@
 import com.arsdigita.categorization.CategoryCollection;
 import com.arsdigita.cms.lifecycle.Lifecycle;
 import com.arsdigita.cms.lifecycle.LifecycleDefinition;
+import com.arsdigita.domain.AbstractDomainObjectObserver;
 import com.arsdigita.domain.DataObjectNotFoundException;
+import com.arsdigita.domain.DomainObject;
 import com.arsdigita.domain.DomainObjectFactory;
+import com.arsdigita.domain.DomainObjectObserver;
+import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.persistence.DataAssociation;
 import com.arsdigita.persistence.DataAssociationCursor;
 import com.arsdigita.persistence.DataObject;
@@ -33,7 +37,6 @@
 import com.arsdigita.web.Web;
 import com.arsdigita.workflow.simple.Workflow;
 import com.arsdigita.workflow.simple.WorkflowTemplate;
-
 import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -41,7 +44,6 @@
 import java.util.Enumeration;
 import java.util.List;
 import java.util.Locale;
-
 import org.apache.log4j.Logger;
 
 /**
@@ -61,6 +63,18 @@
 
     private static final Logger s_log = Logger.getLogger(ContentBundle.class);
 
+    private static DomainObjectObserver s_instancesObserver =
+        new AbstractDomainObjectObserver() {
+            public void add(DomainObject dom, String name,
+                            DataObject dobj) {
+                if (INSTANCES.equals(name)) {
+                    if (dobj != null) {
+                        PermissionService.setContext(dobj.getOID(), dom.getOID());
+                    }
+                }
+            }
+        };
+
     /**
      * The base data object type of a bundle
      */
@@ -594,6 +608,7 @@
 
     protected void initialize() {
         super.initialize();
+        addObserver(s_instancesObserver);
 
         m_wasNew = isNew();
     }



