Skip to content

Commit

Permalink
feat(actionlet): rollback the ajax method and change executeAction (#…
Browse files Browse the repository at this point in the history 
…28579)
  • Loading branch information
@gortiz-dotcms
gortiz-dotcms committed Oct 16, 2024
1 parent 93743ae commit 8d4f2d7
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 6 deletions.
2 changes: 1 addition & 1 deletion dotCMS/src/main/java/com/dotmarketing/business/ajax/PermissionAjax.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,7 @@ public void resetAssetPermissions (String assetId, Long languageId) throws DotDa
}

@CloseDBIfOpened
public static Permissionable retrievePermissionable (String assetId, Long language, User user, boolean respectFrontendRoles) throws DotDataException, DotSecurityException {
private Permissionable retrievePermissionable (String assetId, Long language, User user, boolean respectFrontendRoles) throws DotDataException, DotSecurityException {

HostAPI hostAPI = APILocator.getHostAPI();
Permissionable perm = null;
Expand Down
9 changes: 4 additions & 5 deletions ...rc/main/java/com/dotmarketing/portlets/workflows/actionlet/ResetPermissionsActionlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,14 @@ public void executeAction(WorkflowProcessor processor, Map<String, WorkflowActio
try {

User user = processor.getUser();
boolean respectFrontendRoles = user.isBackendUser();

PermissionAPI permissionAPI = APILocator.getPermissionAPI();
Permissionable asset = PermissionAjax.retrievePermissionable(processor.getContentlet().getIdentifier(), processor.getContentlet().getLanguageId(), user, respectFrontendRoles);
PermissionBitAPIImpl api = (PermissionBitAPIImpl) APILocator.getPermissionAPI();
if (!api.doesUserHavePermission(asset, PermissionAPI.PERMISSION_EDIT_PERMISSIONS, user)) {
if (!api.checkIfContentletTypeHasEditPermissions(asset, user)) {
Permissionable asset = processor.getContentlet();
if (!user.isAdmin() && !api.doesUserHavePermission(asset, PermissionAPI.PERMISSION_EDIT_PERMISSIONS, user) &&
!api.checkIfContentletTypeHasEditPermissions(asset, user)) {

throw new DotSecurityException("User id: " + user.getUserId() + " does not have permission to alter permissions on asset " + asset.getPermissionId());
}
}
permissionAPI.removePermissions(asset);
} catch ( Exception e) {
Expand Down

0 comments on commit 8d4f2d7

Please sign in to comment.