Package org.craftercms.engine.security
Class CrafterPageAccessManager
java.lang.Object
org.craftercms.engine.security.CrafterPageAccessManager
Manages access to Crafter pages, depending on the roles specified in the page and the current user's roles.
- Author:
- Russ Danner, Alfonso Vásquez
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckAccess(SiteItem page) Checks if the user has sufficient rights to access the specified page: If the page doesn't contain any required role, no authentication is needed. If the page has the role "Anonymous", no authentication is needed. If the page has the role "Authenticated", just authentication is needed. If the page has any other the roles, the user needs to have any of those roles.protected booleancontainsRole(String role, List<String> roles) protected booleanhasAnyRole(org.springframework.security.core.Authentication auth, List<String> roles) voidsetAuthorizedRolesXPathQuery(String authorizedRolesXPathQuery)
-
Field Details
-
authorizedRolesXPathQuery
-
-
Constructor Details
-
CrafterPageAccessManager
public CrafterPageAccessManager()
-
-
Method Details
-
setAuthorizedRolesXPathQuery
-
checkAccess
Checks if the user has sufficient rights to access the specified page:- If the page doesn't contain any required role, no authentication is needed.
- If the page has the role "Anonymous", no authentication is needed.
- If the page has the role "Authenticated", just authentication is needed.
- If the page has any other the roles, the user needs to have any of those roles.
-
getAuthorizedRolesForPage
-
containsRole
-
hasAnyRole
-