diff --git a/Backend/alfresco/common/src/main/java/org/edu_sharing/repository/client/tools/CCConstants.java b/Backend/alfresco/common/src/main/java/org/edu_sharing/repository/client/tools/CCConstants.java index 4a6339b97..45e495e93 100644 --- a/Backend/alfresco/common/src/main/java/org/edu_sharing/repository/client/tools/CCConstants.java +++ b/Backend/alfresco/common/src/main/java/org/edu_sharing/repository/client/tools/CCConstants.java @@ -1748,6 +1748,7 @@ public static ArrayList getDetailPropList(){ public final static String PERMISSION_READ_ALL = "ReadAll"; public final static String PERMISSION_DOWNLOAD_CONTENT = "DownloadContent"; + public final static String PERMISSION_EMBED = "Embed"; public final static String PERMISSION_READ_PREVIEW = "ReadPreview"; public final static String PERMISSION_COMMENT = "Comment"; diff --git a/Backend/alfresco/module/src/main/amp/config/alfresco/extension/custom-permissionDefinitions.xml b/Backend/alfresco/module/src/main/amp/config/alfresco/extension/custom-permissionDefinitions.xml index d6d7a67d1..5fac6ad53 100644 --- a/Backend/alfresco/module/src/main/amp/config/alfresco/extension/custom-permissionDefinitions.xml +++ b/Backend/alfresco/module/src/main/amp/config/alfresco/extension/custom-permissionDefinitions.xml @@ -100,6 +100,7 @@ + @@ -227,6 +228,10 @@ + + + + @@ -388,6 +393,7 @@ + diff --git a/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingException.java b/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingException.java index 569ccea3d..fd8a978aa 100644 --- a/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingException.java +++ b/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingException.java @@ -1,28 +1,27 @@ package org.edu_sharing.repository.server.rendering; -import com.google.gson.JsonObject; -import org.apache.commons.io.FileUtils; -import org.apache.log4j.Logger; +import jakarta.servlet.http.HttpServletResponse; +import org.alfresco.repo.security.permissions.AccessDeniedException; +import org.edu_sharing.repository.client.tools.CCConstants; import org.edu_sharing.repository.server.ErrorFilter; import org.edu_sharing.repository.server.tools.HttpException; import org.edu_sharing.service.InsufficientPermissionException; import org.json.JSONObject; -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServlet; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import java.io.File; -import java.io.IOException; - public class RenderingException extends ErrorFilter.ErrorFilterException { public static RenderingException fromThrowable(Throwable throwable) { - if(throwable instanceof InsufficientPermissionException) { + if(throwable instanceof InsufficientPermissionException || throwable instanceof AccessDeniedException) { + I18N i18nKey = I18N.permissions_missing; + + if(throwable instanceof AccessDeniedException && CCConstants.PERMISSION_EMBED.equals(((AccessDeniedException) throwable).getMsgId())){ + i18nKey = I18N.permissions_embed_missing; + } + return new RenderingException( HttpServletResponse.SC_FORBIDDEN, throwable.getMessage(), - I18N.permissions_missing, + i18nKey, throwable ); } @@ -41,6 +40,7 @@ public enum I18N{ node_missing, usage_missing_permissions, permissions_missing, + permissions_embed_missing, internal, unknown, } diff --git a/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingServlet.java b/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingServlet.java index 7fdb6c920..9df36903d 100644 --- a/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingServlet.java +++ b/Backend/services/core/src/main/java/org/edu_sharing/repository/server/rendering/RenderingServlet.java @@ -4,13 +4,16 @@ import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import org.alfresco.repo.security.permissions.AccessDeniedException; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.StoreRef; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; +import org.edu_sharing.repository.client.tools.CCConstants; import org.edu_sharing.repository.server.SecurityHeadersFilter; import org.edu_sharing.repository.tools.URLHelper; import org.edu_sharing.service.config.ConfigServiceFactory; +import org.edu_sharing.service.permission.PermissionServiceFactory; import org.edu_sharing.service.rendering.RenderingService; import org.edu_sharing.service.rendering.RenderingServiceFactory; import org.edu_sharing.service.rendering.RenderingTool; @@ -35,6 +38,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) node_id = req.getParameter("node_id"); } String version = req.getParameter("version"); + RenderingService renderingService = RenderingServiceFactory.getLocalService(); Map params=new HashMap<>(); for(Object key: req.getParameterMap().keySet()){ @@ -59,6 +63,12 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) resp.getWriter().write(""); String response; try { + if(!PermissionServiceFactory.getLocalService().hasPermission(StoreRef.PROTOCOL_WORKSPACE, + StoreRef.STORE_REF_WORKSPACE_SPACESSTORE.getIdentifier(), + node_id, + CCConstants.PERMISSION_EMBED)){ + throw new AccessDeniedException(CCConstants.PERMISSION_EMBED); + } response = renderingService.getDetails(node_id, version,DEFAULT_DISPLAY_MODE, params).getDetails(); response = response.replace("{{{LMS_INLINE_HELPER_SCRIPT}}}", URLHelper.getNgRenderNodeUrl(node_id,version)+"?"); TrackingServiceFactory.getTrackingService().trackActivityOnNode(new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, node_id), null, TrackingService.EventType.VIEW_MATERIAL_EMBEDDED); diff --git a/Frontend/src/app/features/dialogs/dialog-modules/share-dialog/share-dialog.component.ts b/Frontend/src/app/features/dialogs/dialog-modules/share-dialog/share-dialog.component.ts index 28c977ae8..de3702205 100644 --- a/Frontend/src/app/features/dialogs/dialog-modules/share-dialog/share-dialog.component.ts +++ b/Frontend/src/app/features/dialogs/dialog-modules/share-dialog/share-dialog.component.ts @@ -86,6 +86,7 @@ export class ShareDialogComponent implements OnInit, AfterViewInit { 'Comment', 'Feedback', 'Deny', + 'Embed', ]; readonly PERMISSIONS_FORCES = [ ['Read', ['ConsumerMetadata']], @@ -97,6 +98,7 @@ export class ShareDialogComponent implements OnInit, AfterViewInit { ['Comment', ['Consumer']], ['Feedback', ['Consumer']], ['Rate', ['Consumer']], + ['Embed', ['Consumer']], ['Write', ['Editor']], ['DeleteChildren', ['Delete']], ['DeleteNode', ['Delete']], diff --git a/config/defaults/src/main/resources/metadatasets/i18n/mds.properties b/config/defaults/src/main/resources/metadatasets/i18n/mds.properties index fccc20706..bd63c4f5d 100644 --- a/config/defaults/src/main/resources/metadatasets/i18n/mds.properties +++ b/config/defaults/src/main/resources/metadatasets/i18n/mds.properties @@ -768,5 +768,6 @@ rendering_error_node_missing: The requested element was deleted or is not availa rendering_error_usage_missing: There are no permissions available for the requested element. Maybe the permissions have been removed. rendering_error_usage_missing_permissions: There are no permissions available for the requested element. Maybe the permissions have been removed.\nYou have the appropriate rights to re-embed this element in order to fix the permissions. rendering_error_permissions_missing: There are no permissions available for the requested element. +rendering_error_permissions_embed_missing: There are no permissions available to embed the requested element in other systems. rendering_error_internal: An internal error occured rendering_error_unknown: An error occured diff --git a/config/defaults/src/main/resources/metadatasets/i18n/mds_de_DE.properties b/config/defaults/src/main/resources/metadatasets/i18n/mds_de_DE.properties index 8e75123a9..7fe92bcb0 100644 --- a/config/defaults/src/main/resources/metadatasets/i18n/mds_de_DE.properties +++ b/config/defaults/src/main/resources/metadatasets/i18n/mds_de_DE.properties @@ -789,5 +789,6 @@ rendering_error_node_missing: Das angeforderte Objekt wurde gel rendering_error_usage_missing: Für das angeforderte Objekt sind keine Berechtigungen vorhanden. Eventuell wurden die Berechtigungen entfernt. rendering_error_usage_missing_permissions: Für das angeforderte Objekt sind keine Berechtigungen vorhanden. Eventuell wurden die Berechtigungen entfernt.\nSie verfügen über die notwendigen Berechtigungen, um dieses Objekt neu einzubinden. Sie können das Objekt erneut im angeschlossenen System einfügen. rendering_error_permissions_missing: Für das angeforderte Objekt sind keine Berechtigungen vorhanden. +rendering_error_permissions_embed_missing: Für das angeforderte Objekt sind keine Berechtigungen für die Einbettung in andere Systeme vorhanden. rendering_error_internal: Ein interner Fehler ist aufgetreten rendering_error_unknown: Ein Fehler ist aufgetreten