import org.sakaiproject.authz.api.Role; //导入方法依赖的package包/类
public boolean setPermissionsForSite(String siteId, Map params) {
String userId = getCurrentUserId();
if (userId == null)
throw new SecurityException("This action (setPerms) is not accessible to anon and there is no current user.");
Site site = null;
try {
site = siteService.getSite(siteId);
} catch (IdUnusedException ide) {
log.warn(userId + " attempted to update COMMONS permissions for unknown site " + siteId);
return false;
}
boolean admin = securityService.isSuperUser(userId);
try {
AuthzGroup authzGroup = authzGroupService.getAuthzGroup(site.getReference());
// admin can update permissions. check for anyone else
if (!securityService.isSuperUser()) {
Role siteRole = getCurrentUserRoleForSite(site);
AuthzGroup siteHelperAuthzGroup = authzGroupService.getAuthzGroup("!site.helper");
Role siteHelperRole = siteHelperAuthzGroup.getRole(siteRole.getId());
if (!siteRole.isAllowed(SiteService.SECURE_UPDATE_SITE)) {
log.warn(userId + " attempted to update COMMONS permissions for site " + site.getTitle());
return false;
}
}
boolean changed = false;
for (String name : params.keySet()) {
if (!name.contains(":")) {
continue;
}
String value = (String) params.get(name);
String roleId = name.substring(0, name.indexOf(":"));
Role role = authzGroup.getRole(roleId);
if (role == null) {
throw new IllegalArgumentException("Invalid role id '" + roleId + "' provided in POST parameters.");
}
String function = name.substring(name.indexOf(":") + 1);
if ("true".equals(value)) {
role.allowFunction(function);
} else {
role.disallowFunction(function);
}
changed = true;
}
if (changed) {
try {
authzGroupService.save(authzGroup);
} catch (AuthzPermissionException ape) {
throw new SecurityException("The permissions for this site (" + siteId + ") cannot be updated by the current user.");
}
}
return true;
} catch (GroupNotDefinedException gnde) {
log.error("No realm defined for site (" + siteId + ").", gnde);
}
return false;
}
扫一扫
2602
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
