Author: echatellier Date: 2014-07-17 14:10:47 +0200 (Thu, 17 Jul 2014) New Revision: 410 Url: http://forge.codelutin.com/projects/faxtomail/repository/revisions/410 Log: Application de la s?\195?\169curit?\195?\169 pour lister les demandes d'un dossier interm?\195?\169diaire (qu'un utilisateur n'a pas le droit de lire) Modified: trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/actions/LoadFolderEmailsAction.java Modified: trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java =================================================================== --- trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java 2014-07-17 10:32:01 UTC (rev 409) +++ trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java 2014-07-17 12:10:47 UTC (rev 410) @@ -35,6 +35,7 @@ import java.io.Writer; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; @@ -461,12 +462,42 @@ dao.update(email); } - public PaginationResult<Email> getEmailForFolder(MailFolder folder, PaginationParameter page) { - EmailTopiaDao dao = getPersistenceContext().getEmailDao(); - PaginationResult<Email> result = dao.forMailFolderEquals(folder) + /** + * Recupère les demandes d'un dossier visible par un utilisateur. + * + * La methode et les résultats sont paginés. + * + * @param folder folder to get demande + * @param currentUser user to check rigth + * @param page pagination + * @return paginated results + */ + public PaginationResult<Email> getEmailForFolder(MailFolder folder, FaxToMailUser currentUser, PaginationParameter page) { + + // check if user can read current folder + MailFolder loopFolder = folder; + boolean readable = false; + while (!readable && loopFolder != null) { + // user + readable = (loopFolder.getReadRightUsers() != null && loopFolder.getReadRightUsers().contains(currentUser)) || + // groups + (currentUser.getUserGroups() != null && loopFolder.getReadRightGroups() != null && CollectionUtils.containsAny(currentUser.getUserGroups(), loopFolder.getReadRightGroups())); + + loopFolder = loopFolder.getParent(); + } + + // perform request or not depending on rigths + PaginationResult<Email> result; + if (readable) { + EmailTopiaDao dao = getPersistenceContext().getEmailDao(); + result = dao.forMailFolderEquals(folder) .addNull(Email.PROPERTY_ARCHIVE_DATE) .addNotEquals(Email.PROPERTY_DEMAND_STATUS, DemandStatus.ARCHIVED) .findPage(page); + } else { + List<Email> elements = Collections.emptyList(); + result = PaginationResult.of(elements, 0, page); + } return result; } Modified: trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/actions/LoadFolderEmailsAction.java =================================================================== --- trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/actions/LoadFolderEmailsAction.java 2014-07-17 10:32:01 UTC (rev 409) +++ trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/actions/LoadFolderEmailsAction.java 2014-07-17 12:10:47 UTC (rev 410) @@ -24,7 +24,19 @@ * #L% */ +import static org.nuiton.i18n.I18n.t; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.jdesktop.swingx.JXTable; +import org.nuiton.util.pagination.PaginationResult; + import com.franciaflex.faxtomail.persistence.entities.Email; +import com.franciaflex.faxtomail.persistence.entities.FaxToMailUser; import com.franciaflex.faxtomail.persistence.entities.MailFolder; import com.franciaflex.faxtomail.persistence.entities.RangeRow; import com.franciaflex.faxtomail.ui.swing.content.demande.DemandeListUI; @@ -33,17 +45,6 @@ import com.franciaflex.faxtomail.ui.swing.content.demande.DemandeUIModel; import com.franciaflex.faxtomail.ui.swing.content.demande.RangeRowModel; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.jdesktop.swingx.JXTable; -import org.nuiton.util.pagination.PaginationResult; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import static org.nuiton.i18n.I18n.t; - /** * Action de chargement des demandes d'un dossier lors de la selection d'un dossier dans l'arbre * des dossiers. @@ -82,8 +83,9 @@ DemandeListUIHandler handler = getHandler(); DemandeListUIModel model = getModel(); MailFolder folder = model.getSelectedFolder(); + FaxToMailUser currentUser = getContext().getCurrentUser(); - PaginationResult<Email> paginationResult = getContext().getEmailService().getEmailForFolder(folder, model.getPaginationParameter()); + PaginationResult<Email> paginationResult = getContext().getEmailService().getEmailForFolder(folder, currentUser, model.getPaginationParameter()); List<Email> emails = paginationResult.getElements(); log.info(emails.size() + " emails in folder " + folder.getName());