From 2a35e50c45f3d4d5646f7e2d4190c89042b2f141 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Wed, 2 Jul 2014 17:29:21 +0200
Subject: [PATCH] OO-984: hardened against guests
---
.../gui/components/rating/RatingFormItem.java | 1 +
.../gui/components/rating/RatingRenderer.java | 4 ++--
.../rating/RatingWithAverageFormItem.java | 15 +++++++++++-
.../course/nodes/CheckListCourseNode.java | 14 +++++++++--
.../olat/modules/wiki/WikiMainController.java | 14 +++++++----
.../org/olat/portfolio/site/EPSiteDef.java | 10 ++++----
.../AuthoringEntryDetailsController.java | 2 --
.../RepositoryEntryDetailsController.java | 24 ++++++++++++-------
.../list/RepositoryEntryListController.java | 18 ++++++++++----
.../repository/ui/list/_content/details.html | 20 ++++++++--------
.../repository/ui/list/_content/row_1.html | 2 ++
11 files changed, 84 insertions(+), 40 deletions(-)
diff --git a/src/main/java/org/olat/core/gui/components/rating/RatingFormItem.java b/src/main/java/org/olat/core/gui/components/rating/RatingFormItem.java
index dc622bfec35..43ab49bcb28 100644
--- a/src/main/java/org/olat/core/gui/components/rating/RatingFormItem.java
+++ b/src/main/java/org/olat/core/gui/components/rating/RatingFormItem.java
@@ -66,6 +66,7 @@ public class RatingFormItem extends FormItemImpl {
protected void rootFormAvailable() {
if(component == null) {
component = new RatingComponent(null, getName(), intialRating, maxRating, allowUserInput, getRootForm());
+ component.setEnabled(isEnabled());
}
}
diff --git a/src/main/java/org/olat/core/gui/components/rating/RatingRenderer.java b/src/main/java/org/olat/core/gui/components/rating/RatingRenderer.java
index 20120eb9ed2..07bb0e57dc0 100644
--- a/src/main/java/org/olat/core/gui/components/rating/RatingRenderer.java
+++ b/src/main/java/org/olat/core/gui/components/rating/RatingRenderer.java
@@ -93,7 +93,7 @@ public class RatingRenderer extends DefaultComponentRenderer {
}
sb.append("'");
// Add action
- if (rating.isAllowUserInput()) {
+ if (rating.isAllowUserInput() && rating.isEnabled()) {
if(rating.getForm() == null) {
// Add link
sb.append(" href=\"");
@@ -117,7 +117,7 @@ public class RatingRenderer extends DefaultComponentRenderer {
} else {
// Disabled link
- sb.append(" href='#' onclick='return false;'");
+ sb.append(" href='javascript:;' onclick='return false;'");
}
// Add item label
String label = rating.getRatingLabel(i);
diff --git a/src/main/java/org/olat/core/gui/components/rating/RatingWithAverageFormItem.java b/src/main/java/org/olat/core/gui/components/rating/RatingWithAverageFormItem.java
index c8b9b7e5c21..1603e7e6f9c 100644
--- a/src/main/java/org/olat/core/gui/components/rating/RatingWithAverageFormItem.java
+++ b/src/main/java/org/olat/core/gui/components/rating/RatingWithAverageFormItem.java
@@ -44,7 +44,7 @@ public class RatingWithAverageFormItem extends FormItemImpl implements FormItemC
private RatingFormItem userComponent;
private RatingFormItem averageComponent;
- private RatingWithAverageComponent component;
+ private final RatingWithAverageComponent component;
public RatingWithAverageFormItem(String name, float userRating, float averageRating, int maxRating, long numOfRatings) {
super(name);
@@ -70,6 +70,17 @@ public class RatingWithAverageFormItem extends FormItemImpl implements FormItemC
return component;
}
+ @Override
+ public void setEnabled(boolean isEnabled) {
+ super.setEnabled(isEnabled);
+ if(userComponent != null) {
+ userComponent.setEnabled(isEnabled);
+ }
+ if(averageComponent != null) {
+ averageComponent.setEnabled(isEnabled);
+ }
+ }
+
@Override
public Iterable<FormItem> getFormItems() {
List<FormItem> items = new ArrayList<FormItem>();
@@ -94,6 +105,7 @@ public class RatingWithAverageFormItem extends FormItemImpl implements FormItemC
userComponent = new RatingFormItem("rusr_" + getName(), initialUserRating, maxRating, true);
userComponent.setRootForm(getRootForm());
userComponent.rootFormAvailable();
+ userComponent.setEnabled(isEnabled());
userComponent.getComponent().addListener(component);
userComponent.getFormItemComponent().setTranslateExplanation(true);
@@ -102,6 +114,7 @@ public class RatingWithAverageFormItem extends FormItemImpl implements FormItemC
averageComponent = new RatingFormItem("ravg_" + getName(), averageRating, maxRating, false);
averageComponent.setRootForm(getRootForm());
averageComponent.rootFormAvailable();
+ averageComponent.setEnabled(isEnabled());
String[] args = new String[]{ Long.toString(numOfRatings)};
String explanation = translator.translate("rating.average.explanation", args);
diff --git a/src/main/java/org/olat/course/nodes/CheckListCourseNode.java b/src/main/java/org/olat/course/nodes/CheckListCourseNode.java
index 44a020e0c49..1901fa14d1f 100644
--- a/src/main/java/org/olat/course/nodes/CheckListCourseNode.java
+++ b/src/main/java/org/olat/course/nodes/CheckListCourseNode.java
@@ -35,10 +35,13 @@ import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.stack.BreadcrumbPanel;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.WindowControl;
+import org.olat.core.gui.control.generic.messages.MessageUIFactory;
import org.olat.core.gui.control.generic.tabbable.TabbableController;
+import org.olat.core.gui.translator.Translator;
import org.olat.core.id.Identity;
import org.olat.core.id.IdentityEnvironment;
import org.olat.core.id.OLATResourceable;
+import org.olat.core.id.Roles;
import org.olat.core.logging.OLATRuntimeException;
import org.olat.core.util.FileUtils;
import org.olat.core.util.Formatter;
@@ -129,14 +132,21 @@ public class CheckListCourseNode extends AbstractAccessableCourseNode implements
public NodeRunConstructionResult createNodeRunConstructionResult(UserRequest ureq, WindowControl wControl,
final UserCourseEnvironment userCourseEnv, NodeEvaluation ne, String nodecmd) {
updateModuleConfigDefaults(false);
-
+
Controller ctrl;
OLATResourceable ores = OresHelper.createOLATResourceableInstance("CourseModule", userCourseEnv.getCourseEnvironment().getCourseResourceableId());
- if(userCourseEnv.isCoach() || userCourseEnv.isAdmin()) {
+ Roles roles = ureq.getUserSession().getRoles();
+ if (roles.isGuestOnly()) {
+ Translator trans = Util.createPackageTranslator(CheckListCourseNode.class, ureq.getLocale());
+ String title = trans.translate("guestnoaccess.title");
+ String message = trans.translate("guestnoaccess.message");
+ ctrl = MessageUIFactory.createInfoMessage(ureq, wControl, title, message);
+ } else if(userCourseEnv.isCoach() || userCourseEnv.isAdmin()) {
ctrl = new CheckListRunForCoachController(ureq, wControl, userCourseEnv, ores, this);
} else {
ctrl = new CheckListRunController(ureq, wControl, userCourseEnv, ores, this);
}
+
Controller cont = TitledWrapperHelper.getWrapper(ureq, wControl, ctrl, this, ICON_CSS_CLASS);
return new NodeRunConstructionResult(cont);
}
diff --git a/src/main/java/org/olat/modules/wiki/WikiMainController.java b/src/main/java/org/olat/modules/wiki/WikiMainController.java
index 280c4b1abe3..986ef0ee863 100644
--- a/src/main/java/org/olat/modules/wiki/WikiMainController.java
+++ b/src/main/java/org/olat/modules/wiki/WikiMainController.java
@@ -191,6 +191,8 @@ public class WikiMainController extends BasicController implements CloneableCont
this.ores = ores;
this.securityCallback = securityCallback;
this.subsContext = securityCallback.getSubscriptionContext();
+ boolean guestOnly = ureq.getUserSession().getRoles().isGuestOnly();
+
WikiPage page = null;
Wiki wiki = getWiki();
if(wiki == null) {
@@ -257,15 +259,17 @@ public class WikiMainController extends BasicController implements CloneableCont
archiveLink.setDomReplacementWrapperRequired(false);
archiveLink.setTitle("archive.wiki.title");
- createLink = LinkFactory.createLink("navigation.create.article", navigationContent, this);
- createLink.setIconLeftCSS("o_icon o_icon_create");
- createLink.setElementCssClass("o_sel_wiki_create_page");
- createLink.setDomReplacementWrapperRequired(false);
+ if(!guestOnly) {
+ createLink = LinkFactory.createLink("navigation.create.article", navigationContent, this);
+ createLink.setIconLeftCSS("o_icon o_icon_create");
+ createLink.setElementCssClass("o_sel_wiki_create_page");
+ createLink.setDomReplacementWrapperRequired(false);
+ }
content.put("navigation", navigationContent);
//search
- if(!ureq.getUserSession().getRoles().isGuestOnly()) {
+ if(!guestOnly) {
SearchServiceUIFactory searchServiceUIFactory = (SearchServiceUIFactory)CoreSpringFactory.getBean(SearchServiceUIFactory.class);
searchCtrl = searchServiceUIFactory.createInputController(ureq, wControl, DisplayOption.STANDARD, null);
listenTo(searchCtrl);
diff --git a/src/main/java/org/olat/portfolio/site/EPSiteDef.java b/src/main/java/org/olat/portfolio/site/EPSiteDef.java
index df0cea0b881..67b27d75b0d 100644
--- a/src/main/java/org/olat/portfolio/site/EPSiteDef.java
+++ b/src/main/java/org/olat/portfolio/site/EPSiteDef.java
@@ -39,13 +39,13 @@ public class EPSiteDef extends AbstractSiteDefinition implements SiteDefinition
@Override
protected SiteInstance createSite(UserRequest ureq, WindowControl wControl, SiteConfiguration config) {
- if(StringHelper.containsNonWhitespace(config.getSecurityCallbackBeanId())) {
- return new EPSite(this, ureq.getLocale());
- } else if(!ureq.getUserSession().getRoles().isGuestOnly()) {
- // only for registered users and invitee but not guests
+ if(ureq.getUserSession().getRoles().isGuestOnly()) {
+ return null;
+ } else if(StringHelper.containsNonWhitespace(config.getSecurityCallbackBeanId())) {
return new EPSite(this, ureq.getLocale());
}
- return null;
+ // only for registered users and invitee but not guests
+ return new EPSite(this, ureq.getLocale());
}
@Override
diff --git a/src/main/java/org/olat/repository/ui/author/AuthoringEntryDetailsController.java b/src/main/java/org/olat/repository/ui/author/AuthoringEntryDetailsController.java
index 0e07f8c97ea..2fb1e602278 100644
--- a/src/main/java/org/olat/repository/ui/author/AuthoringEntryDetailsController.java
+++ b/src/main/java/org/olat/repository/ui/author/AuthoringEntryDetailsController.java
@@ -150,8 +150,6 @@ public class AuthoringEntryDetailsController extends RepositoryEntryDetailsContr
isAuthor = isOlatAdmin || roles.isAuthor() | isInstitutionalResourceManager;
isGuestOnly = roles.isGuestOnly();
- initForm(ureq);
-
if(stackPanel != null) {
String displayName = entry.getDisplayname();
stackPanel.pushController(displayName, this);
diff --git a/src/main/java/org/olat/repository/ui/list/RepositoryEntryDetailsController.java b/src/main/java/org/olat/repository/ui/list/RepositoryEntryDetailsController.java
index a648a1c840a..ed9c2574b5e 100644
--- a/src/main/java/org/olat/repository/ui/list/RepositoryEntryDetailsController.java
+++ b/src/main/java/org/olat/repository/ui/list/RepositoryEntryDetailsController.java
@@ -133,6 +133,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
protected ReferenceManager referenceManager;
private String baseUrl;
+ private final boolean guestOnly;
public RepositoryEntryDetailsController(UserRequest ureq, WindowControl wControl, RepositoryEntryRow row) {
super(ureq, wControl, Util.getPackageVelocityRoot(RepositoryEntryDetailsController.class) + "/details.html");
@@ -140,6 +141,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
this.row = row;
entry = repositoryService.loadByKey(row.getKey());
+ guestOnly = ureq.getUserSession().getRoles().isGuestOnly();
initForm(ureq);
}
@@ -148,6 +150,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
setTranslator(Util.createPackageTranslator(RepositoryService.class, getLocale(), getTranslator()));
entry = repositoryService.loadByKey(ref.getKey());
+ guestOnly = ureq.getUserSession().getRoles().isGuestOnly();
initForm(ureq);
}
@@ -156,6 +159,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
setTranslator(Util.createPackageTranslator(RepositoryService.class, getLocale(), getTranslator()));
this.entry = entry;
+ guestOnly = ureq.getUserSession().getRoles().isGuestOnly();
initForm(ureq);
}
@@ -183,6 +187,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
if(formLayout instanceof FormLayoutContainer) {
FormLayoutContainer layoutCont = (FormLayoutContainer)formLayout;
layoutCont.contextPut("v", entry);
+ layoutCont.contextPut("guestOnly", new Boolean(guestOnly));
String cssClass = RepositoyUIFactory.getIconCssClass(entry);
layoutCont.contextPut("cssClass", cssClass);
@@ -230,15 +235,17 @@ public class RepositoryEntryDetailsController extends FormBasicController {
layoutCont.contextPut("categories", categoriesLink);
}
- boolean marked;
- if(row == null) {
- marked = markManager.isMarked(entry, getIdentity(), null);
- } else {
- marked = row.isMarked();
+ if(!guestOnly) {
+ boolean marked;
+ if(row == null) {
+ marked = markManager.isMarked(entry, getIdentity(), null);
+ } else {
+ marked = row.isMarked();
+ }
+ markLink = uifactory.addFormLink("mark", "mark", marked ? "details.bookmark.remove" : "details.bookmark", null, layoutCont, Link.LINK);
+ markLink.setElementCssClass("o_bookmark");
+ markLink.setIconLeftCSS(marked ? Mark.MARK_CSS_LARGE : Mark.MARK_ADD_CSS_LARGE);
}
- markLink = uifactory.addFormLink("mark", "mark", marked ? "details.bookmark.remove" : "details.bookmark", null, layoutCont, Link.LINK);
- markLink.setElementCssClass("o_bookmark");
- markLink.setIconLeftCSS(marked ? Mark.MARK_CSS_LARGE : Mark.MARK_ADD_CSS_LARGE);
Integer myRating;
if(row == null) {
@@ -253,6 +260,7 @@ public class RepositoryEntryDetailsController extends FormBasicController {
float ratingValue = myRating == null ? 0f : myRating.floatValue();
float averageRatingValue = averageRating == null ? 0f : averageRating.floatValue();
ratingEl = new RatingWithAverageFormItem("rating", ratingValue, averageRatingValue, 5, numOfRatings);
+ ratingEl.setEnabled(!guestOnly);
layoutCont.add("rating", ratingEl);
long numOfComments = statistics.getNumOfComments();
diff --git a/src/main/java/org/olat/repository/ui/list/RepositoryEntryListController.java b/src/main/java/org/olat/repository/ui/list/RepositoryEntryListController.java
index a1cb9169f42..5d6c85e6477 100644
--- a/src/main/java/org/olat/repository/ui/list/RepositoryEntryListController.java
+++ b/src/main/java/org/olat/repository/ui/list/RepositoryEntryListController.java
@@ -104,6 +104,8 @@ public class RepositoryEntryListController extends FormBasicController
@Autowired
private UserRatingsDAO userRatingsDao;
+ private final boolean guestOnly;
+
public RepositoryEntryListController(UserRequest ureq, WindowControl wControl,
SearchMyRepositoryEntryViewParams searchParams, boolean load,
boolean startExtendedSearch, String name, BreadcrumbPanel stackPanel) {
@@ -113,6 +115,7 @@ public class RepositoryEntryListController extends FormBasicController
this.name = name;
this.stackPanel = stackPanel;
this.startExtendedSearch = startExtendedSearch;
+ guestOnly = ureq.getUserSession().getRoles().isGuestOnly();
this.searchParams = searchParams;
dataSource = new DefaultRepositoryEntryDataSource(searchParams, this);
@@ -174,7 +177,9 @@ public class RepositoryEntryListController extends FormBasicController
FlexiTableColumnModel columnsModel = FlexiTableDataModelFactory.createFlexiTableColumnModel();
columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(false, Cols.key.i18nKey(), Cols.key.ordinal(), false, null));
- columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(Cols.mark.i18nKey(), Cols.mark.ordinal()));
+ if(!guestOnly) {
+ columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(Cols.mark.i18nKey(), Cols.mark.ordinal()));
+ }
columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(Cols.displayName.i18nKey(), Cols.displayName.ordinal()));
columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(Cols.lifecycleLabel.i18nKey(), Cols.lifecycleLabel.ordinal()));
columnsModel.addFlexiColumnModel(new DefaultFlexiColumnModel(Cols.lifecycleSoftkey.i18nKey(), Cols.lifecycleSoftkey.ordinal()));
@@ -419,10 +424,12 @@ public class RepositoryEntryListController extends FormBasicController
@Override
public void forgeMarkLink(RepositoryEntryRow row) {
- FormLink markLink = uifactory.addFormLink("mark_" + row.getKey(), "mark", "", null, null, Link.NONTRANSLATED);
- markLink.setIconLeftCSS(row.isMarked() ? Mark.MARK_CSS_LARGE : Mark.MARK_ADD_CSS_LARGE);
- markLink.setUserObject(row);
- row.setMarkLink(markLink);
+ if(!guestOnly) {
+ FormLink markLink = uifactory.addFormLink("mark_" + row.getKey(), "mark", "", null, null, Link.NONTRANSLATED);
+ markLink.setIconLeftCSS(row.isMarked() ? Mark.MARK_CSS_LARGE : Mark.MARK_ADD_CSS_LARGE);
+ markLink.setUserObject(row);
+ row.setMarkLink(markLink);
+ }
}
@Override
@@ -473,6 +480,7 @@ public class RepositoryEntryListController extends FormBasicController
float averageRatingValue = averageRating == null ? 0f : averageRating.floatValue();
RatingWithAverageFormItem ratingCmp
= new RatingWithAverageFormItem("rat_" + row.getKey(), ratingValue, averageRatingValue, 5, numOfRatings);
+ ratingCmp.setEnabled(!guestOnly);
row.setRatingFormItem(ratingCmp);
ratingCmp.setUserObject(row);
}
diff --git a/src/main/java/org/olat/repository/ui/list/_content/details.html b/src/main/java/org/olat/repository/ui/list/_content/details.html
index b49200ad20f..e710c9b9928 100644
--- a/src/main/java/org/olat/repository/ui/list/_content/details.html
+++ b/src/main/java/org/olat/repository/ui/list/_content/details.html
@@ -45,9 +45,10 @@
</div>
#end
</div>
+
<div class="o_social o_block">
<h4>$r.translate("ratings")</h4>
- $r.render("rating")
+ #if($r.available("rating")) $r.render("rating") #end
$r.render("comments")
</div>
#if($v.authors)
@@ -85,7 +86,8 @@
$r.render("start")
</div>
-
+
+ #if(!$guestOnly)
<div class="col-xs-6 col-sm-12 o_subcolumn">
<div class="o_personal">
<h3>$r.translate("details.personal")</h3>
@@ -118,13 +120,13 @@
<td>$r.formatDateAndTime($recentLaunch)
<tr>
#end
-
+ #if($r.available("mark"))
<tr class="o_bookmark">
<th>$r.translate("details.bookmark.label"):</th>
<td>$r.render("mark")</td>
<tr>
-
- #if($groups && $groups.size() > 0)
+ #end
+ #if($groups && $groups.size() > 0)
<tr class="o_groups">
<th>$r.translate("cif.groups")</th>
<td>
@@ -135,14 +137,12 @@
</ul>
</td>
</tr>
- #end
-
+ #end
</tbody>
- </table>
-
+ </table>
</div>
</div>
-
+ #end
</div></div>
## START LEFT COLUMN
diff --git a/src/main/java/org/olat/repository/ui/list/_content/row_1.html b/src/main/java/org/olat/repository/ui/list/_content/row_1.html
index 92144731834..ef15f5b77ca 100644
--- a/src/main/java/org/olat/repository/ui/list/_content/row_1.html
+++ b/src/main/java/org/olat/repository/ui/list/_content/row_1.html
@@ -30,7 +30,9 @@
<div class="o_desc">
$row.shortenedDescription
</div>
+ #if($row.markLinkName)
<div class="o_bookmark">$r.render($row.markLinkName)</div>
+ #end
</div>
<div class="o_access container">
#if($r.get("ac_$row.key"))
--
GitLab