Skip to content

Commit

Permalink
LPD-2612 prevent to check permission for a resource more than once wh…
Browse files Browse the repository at this point in the history 
…en multiples portlets from the same type are instanciated
  • Loading branch information
@marcosapmf
marcosapmf committed Jun 7, 2024
1 parent 0820942 commit fa7b8d0
Showing 1 changed file with 32 additions and 14 deletions.
46 changes: 32 additions & 14 deletions ...al/product/navigation/control/menu/AnalyticsReportsProductNavigationControlMenuEntry.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,13 @@
import java.io.Writer;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;

import javax.portlet.PortletRequest;

Expand Down Expand Up @@ -325,35 +328,50 @@ private InfoItemReference _getInfoItemReference(
return infoItemReference;
}

private List<String> _getResourceNames(
String portletId, Map<String, List<String>> resourceNames) {

for (Map.Entry<String, List<String>> entry : resourceNames.entrySet()) {
if (portletId.contains(entry.getKey())) {
return entry.getValue();
}
}

return Collections.emptyList();
}

private boolean _hasResourcePermission(
String actionId, long groupId, String plid,
Map<String, List<String>> resourceNames) {
String actionId, String plid, Map<String, List<String>> resourceNames,
ThemeDisplay themeDisplay) {

if (!themeDisplay.isSignedIn()) {
return false;
}

if (Validator.isNotNull(plid)) {
PermissionChecker permissionChecker =
PermissionThreadLocal.getPermissionChecker();

Set<String> resourceNamesSet = new HashSet<>();

List<PortletPreferences> portletPreferencesList =
_portletPreferencesLocalService.getPortletPreferencesByPlid(
GetterUtil.getLong(plid));

for (PortletPreferences portletPreferences :
portletPreferencesList) {

String portletId = portletPreferences.getPortletId();

for (Map.Entry<String, List<String>> entry :
resourceNames.entrySet()) {
resourceNamesSet.addAll(
_getResourceNames(
portletPreferences.getPortletId(), resourceNames));
}

if (portletId.contains(entry.getKey())) {
for (String resourceName : entry.getValue()) {
if (permissionChecker.hasPermission(
groupId, resourceName, "0", actionId)) {
for (String resourceName : resourceNamesSet) {
if (permissionChecker.hasPermission(
themeDisplay.getScopeGroupId(), resourceName, "0",
actionId)) {

return true;
}
}
}
return true;
}
}
}
Expand Down

0 comments on commit fa7b8d0

Please sign in to comment.