Page Security: Interface

src/main/java/com/viglet/shiohara/api/object/ShObjectAPI.java

@@ -47,7 +47,9 @@
 import com.viglet.shiohara.api.folder.ShFolderPath;
 import com.viglet.shiohara.bean.ShFolderTinyBean;
 import com.viglet.shiohara.bean.ShPostTinyBean;
-import com.viglet.shiohara.bean.ShSecurityBean;
+import com.viglet.shiohara.bean.security.ShConsoleSecurityBean;
+import com.viglet.shiohara.bean.security.ShPageSecurityBean;
+import com.viglet.shiohara.bean.security.ShSecurityBean;
 import com.viglet.shiohara.persistence.model.auth.ShGroup;
 import com.viglet.shiohara.persistence.model.auth.ShUser;
 import com.viglet.shiohara.persistence.model.folder.ShFolder;
@@ -157,8 +159,17 @@ public ShSecurityBean shObjectGroupsGet(@PathVariable String id) {
 		List<ShObject> shObjects = new ArrayList<>();
 		shObjects.add(shObject);
 		ShSecurityBean shSecurityBean = new ShSecurityBean();
-		shSecurityBean.setShGroups(shObject.getShGroups());
-		shSecurityBean.setShUsers(shObject.getShUsers());
+		ShConsoleSecurityBean shConsoleSecurityBean = new ShConsoleSecurityBean();
+		shConsoleSecurityBean.setShGroups(shObject.getShGroups());
+		shConsoleSecurityBean.setShUsers(shObject.getShUsers());
+
+		ShPageSecurityBean shPageSecurityBean = new ShPageSecurityBean();
+		shPageSecurityBean.setAllowGuestUser(shObject.isPageAllowGuestUser());
+		shPageSecurityBean.setAllowRegisterUser(shObject.isPageAllowRegisterUser());
+		shPageSecurityBean.setShGroups(shObject.getShPageGroups());
+
+		shSecurityBean.setConsole(shConsoleSecurityBean);
+		shSecurityBean.setPage(shPageSecurityBean);
 		return shSecurityBean;
 	}
 
@@ -167,9 +178,18 @@ public ShSecurityBean shObjectGroupsGet(@PathVariable String id) {
 	@JsonView({ ShJsonView.ShJsonViewObject.class })
 	public ShSecurityBean shObjectGroupsUpdate(@PathVariable String id, @RequestBody ShSecurityBean shSecurityBean) {
 		ShObject shObject = shObjectRepository.findById(id).orElse(null);
-		if (shObject != null) {
-			shObject.setShGroups(shSecurityBean.getShGroups());
-			shObject.setShUsers(shSecurityBean.getShUsers());
+		if (shObject != null && shSecurityBean != null) {
+			if (shSecurityBean.getConsole() != null) {
+				shObject.setShGroups(shSecurityBean.getConsole().getShGroups());
+				shObject.setShUsers(shSecurityBean.getConsole().getShUsers());
+			}
+
+			if (shSecurityBean.getPage() != null) {
+				shObject.setPageAllowGuestUser(shSecurityBean.getPage().isAllowGuestUser());
+				shObject.setPageAllowRegisterUser(shSecurityBean.getPage().isAllowRegisterUser());
+				shObject.setShPageGroups(shSecurityBean.getPage().getShGroups());
+			}
+
 			shObjectRepository.saveAndFlush(shObject);
 		}
 		return shSecurityBean;
@@ -307,7 +327,7 @@ private Set<ShFolderTinyBean> allowedFolders(ShUser shUser, ShObject shObject) {
 				return folders;
 			} else {
 				Set<ShFolderTinyBean> shFolders = new HashSet<>();
-				
+
 				for (ShGroup shGroup : shUser.getShGroups()) {
 					shGroups.add(shGroup.getName());
 				}
@@ -348,7 +368,7 @@ private List<ShPostTinyBean> allowedPosts(ShUser shUser, ShObject shObject) {
 				List<ShPostTinyBean> shPosts = new ArrayList<>();
 				for (ShGroup shGroup : shUser.getShGroups()) {
 					shGroups.add(shGroup.getName());
-				}				
+				}
 				shUsers.add(shUser.getUsername());
 				for (ShPostTinyBean post : posts)
 					if (shObjectRepository.countByIdAndShGroupsInOrIdAndShUsersInOrIdAndShGroupsIsNullAndShUsersIsNull(

src/main/java/com/viglet/shiohara/bean/security/ShConsoleSecurityBean.java

@@ -0,0 +1,27 @@
+package com.viglet.shiohara.bean.security;
+
+import java.util.Set;
+
+public class ShConsoleSecurityBean {
+
+	private Set<String> shUsers;
+
+	private Set<String> shGroups;
+
+	public Set<String> getShUsers() {
+		return shUsers;
+	}
+
+	public void setShUsers(Set<String> shUsers) {
+		this.shUsers = shUsers;
+	}
+
+	public Set<String> getShGroups() {
+		return shGroups;
+	}
+
+	public void setShGroups(Set<String> shGroups) {
+		this.shGroups = shGroups;
+	}
+
+}

src/main/java/com/viglet/shiohara/bean/security/ShPageSecurityBean.java

@@ -0,0 +1,37 @@
+package com.viglet.shiohara.bean.security;
+
+import java.util.Set;
+
+public class ShPageSecurityBean {
+
+	private boolean allowRegisterUser;
+
+	private boolean allowGuestUser;
+
+	private Set<String> shGroups;
+
+	public boolean isAllowRegisterUser() {
+		return allowRegisterUser;
+	}
+
+	public void setAllowRegisterUser(boolean allowRegisterUser) {
+		this.allowRegisterUser = allowRegisterUser;
+	}
+
+	public boolean isAllowGuestUser() {
+		return allowGuestUser;
+	}
+
+	public void setAllowGuestUser(boolean allowGuestUser) {
+		this.allowGuestUser = allowGuestUser;
+	}
+
+	public Set<String> getShGroups() {
+		return shGroups;
+	}
+
+	public void setShGroups(Set<String> shGroups) {
+		this.shGroups = shGroups;
+	}
+
+}

src/main/java/com/viglet/shiohara/bean/security/ShSecurityBean.java

@@ -1,26 +1,25 @@
-package com.viglet.shiohara.bean;
-
-import java.util.Set;
+package com.viglet.shiohara.bean.security;
 
 public class ShSecurityBean {
 
-	private Set<String> shUsers;
-	private Set<String> shGroups;
+	private ShConsoleSecurityBean console;
+
+	private ShPageSecurityBean page;
 
-	public Set<String> getShUsers() {
-		return shUsers;
+	public ShConsoleSecurityBean getConsole() {
+		return console;
 	}
 
-	public void setShUsers(Set<String> shUsers) {
-		this.shUsers = shUsers;
+	public void setConsole(ShConsoleSecurityBean console) {
+		this.console = console;
 	}
 
-	public Set<String> getShGroups() {
-		return shGroups;
+	public ShPageSecurityBean getPage() {
+		return page;
 	}
 
-	public void setShGroups(Set<String> shGroups) {
-		this.shGroups = shGroups;
+	public void setPage(ShPageSecurityBean page) {
+		this.page = page;
 	}
 
 }

src/main/java/com/viglet/shiohara/sites/ShSitesContext.java

@@ -21,7 +21,9 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import javax.activation.MimetypesFileTypeMap;
 import javax.annotation.Resource;
@@ -30,25 +32,18 @@
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
 
+import com.viglet.shiohara.persistence.model.auth.ShGroup;
 import com.viglet.shiohara.persistence.model.auth.ShUser;
 import com.viglet.shiohara.persistence.model.post.ShPost;
 import com.viglet.shiohara.persistence.model.site.ShSite;
@@ -110,21 +105,40 @@ private void sitesFullGeneric(HttpServletRequest request, HttpServletResponse re
 		ShSitesContextURL shSitesContextURL = shSitesContextURLProcess.getContextURL(request, response);
 
 		String username = (String) session.getAttribute("shUsername");
+		String[] groups = (String[]) session.getAttribute("shUserGroups");
 
 		if (username == null && shSitesContextURL.getInfo().isPageAllowGuestUser())
 			showPage = true;
-		else if (username != null && shSitesContextURL.getInfo().isPageAllowRegisterUser())
-			showPage = true;
+		else if (username != null && shSitesContextURL.getInfo().isPageAllowRegisterUser()) {
+			String[] pageGroups = shSitesContextURL.getInfo().getShPageGroups();
+
+			if (pageGroups != null && pageGroups.length > 0) {
+				if (groups.length > 0)
+					for (String group : groups)
+						if (StringUtils.indexOfAny(group, pageGroups) >= 0)
+							showPage = true;
+
+			} else
+				showPage = true;
+		}
 
 		if (showPage) {
 			if (shSitesContextURL.getInfo().getSiteId() != null)
 				this.siteContext(shSitesContextURL);
 			else
 				response.sendError(HttpServletResponse.SC_NOT_FOUND);
 		} else {
+			if (username != null) {
+				if (shSitesContextURL.getInfo().isPageAllowGuestUser())
+					response.sendError(HttpServletResponse.SC_NOT_FOUND);
+				else 
+					response.sendError(HttpServletResponse.SC_FORBIDDEN);
+			}
+			else {
 			String callback = this.getCurrentUrlFromRequest(request);
 			session.setAttribute("shLoginCallBack", callback);
 			response.sendRedirect("/login-page");
+			}
 		}
 	}
 
@@ -154,7 +168,17 @@ private void sitesLoginPagePost(HttpServletRequest request, HttpServletResponse
 
 			if (shUser != null && passwordEncoder.matches(password, shUser.getPassword())) {
 				String callback = (String) session.getAttribute("shLoginCallBack");
+
+				List<String> groupList = new ArrayList<>();
+				for (ShGroup group : shUser.getShGroups()) {
+					groupList.add(group.getName());
+				}
+
+				String[] groups = groupList.toArray(new String[groupList.size()]);
+
 				session.setAttribute("shUsername", username);
+				session.setAttribute("shUserGroups", groups);
+
 				if (callback != null)
 					response.sendRedirect(callback);
 				else

src/main/java/com/viglet/shiohara/sites/ShSitesContextURLInfo.java

@@ -35,6 +35,7 @@ public class ShSitesContextURLInfo implements Serializable {
 	private boolean staticFile = false;
 	private boolean pageAllowGuestUser = true;
 	private boolean pageAllowRegisterUser = true;
+	private String[] shPageGroups = null;
 
 	public String toString() {
 		return String.format(
@@ -138,6 +139,14 @@ public void setPageAllowRegisterUser(boolean pageAllowRegisterUser) {
 		this.pageAllowRegisterUser = pageAllowRegisterUser;
 	}
 
+	public String[] getShPageGroups() {
+		return shPageGroups;
+	}
+
+	public void setShPageGroups(String[] shPageGroups) {
+		this.shPageGroups = shPageGroups;
+	}
+
 	public static long getSerialversionuid() {
 		return serialVersionUID;
 	}

src/main/java/com/viglet/shiohara/sites/ShSitesContextURLProcess.java

@@ -75,11 +75,10 @@ public ShSitesContextURL getContextURL(HttpServletRequest request, HttpServletRe
 			if (request.getParameter("sh-format") != null) {
 				String[] contexts = context.split("/");
 				contexts[3] = request.getParameter("sh-format");
-				context = StringUtils.join(contexts, "/");
-				shSitesContextURL.getInfo().setContextURLOriginal(context);
-			} else {
-				shSitesContextURL.getInfo().setContextURLOriginal(context);
+				context = StringUtils.join(contexts, "/");			
 			}
+
+			shSitesContextURL.getInfo().setContextURLOriginal(context);
 			shSitesContextURL.getInfo().setContextURL(shSitesContextURL.getInfo().getContextURLOriginal());
 		}
 

src/main/java/com/viglet/shiohara/sites/ShSitesContextURLProcessCache.java

@@ -25,10 +25,12 @@
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.stereotype.Component;
 
+import com.viglet.shiohara.persistence.model.folder.ShFolder;
 import com.viglet.shiohara.persistence.model.object.ShObject;
 import com.viglet.shiohara.persistence.model.post.ShPost;
 import com.viglet.shiohara.persistence.repository.object.ShObjectRepository;
 import com.viglet.shiohara.post.type.ShSystemPostType;
+import com.viglet.shiohara.utils.ShFolderUtils;
 
 @Component
 public class ShSitesContextURLProcessCache {
@@ -37,6 +39,8 @@ public class ShSitesContextURLProcessCache {
 	ShSitesContextURLProcess shSitesContextURLProcess;
 	@Autowired
 	ShObjectRepository shObjectRepository;
+	@Autowired
+	ShFolderUtils shFolderUtils;
 
 	@Cacheable(value = "url", key = "{#shSitesContextURL.getInfo().getContextURL(), #shSitesContextURL.getInfo().getContextURLOriginal()}", sync = true)
 	public ShSitesContextURLInfo detectContextURL(ShSitesContextURL shSitesContextURL) {
@@ -63,12 +67,26 @@ public ShSitesContextURLInfo detectContextURL(ShSitesContextURL shSitesContextUR
 			else
 				shSitesContextURLInfo.setStaticFile(false);
 
-			shSitesContextURLInfo.setPageAllowGuestUser(shObject.isPageAllowGuestUser());
-			shSitesContextURLInfo.setPageAllowRegisterUser(shObject.isPageAllowRegisterUser());
+			if (shObject instanceof ShPost && shObject.getFurl().equals("index")) {
+				ShFolder shFolder = shFolderUtils.getParentFolder(shObject);
+				shSitesContextURLInfo.setPageAllowGuestUser(shFolder.isPageAllowGuestUser());
+				shSitesContextURLInfo.setPageAllowRegisterUser(shFolder.isPageAllowRegisterUser());
+
+				shSitesContextURLInfo.setShPageGroups(shFolder.getShPageGroups() != null
+						? shFolder.getShPageGroups().toArray(new String[shFolder.getShPageGroups().size()])
+						: null);
+			} else {
+				shSitesContextURLInfo.setPageAllowGuestUser(shObject.isPageAllowGuestUser());
+				shSitesContextURLInfo.setPageAllowRegisterUser(shObject.isPageAllowRegisterUser());
+				shSitesContextURLInfo.setShPageGroups(shObject.getShPageGroups() != null
+						? (String[]) shObject.getShPageGroups().toArray(new String[shObject.getShPageGroups().size()])
+						: null);
+			}
 		} else {
 			shSitesContextURLInfo.setPageAllowGuestUser(true);
 			shSitesContextURLInfo.setPageAllowRegisterUser(false);
 			shSitesContextURLInfo.setStaticFile(false);
+			shSitesContextURLInfo.setShPageGroups(null);
 		}
 
 		if (logger.isDebugEnabled())