SAK-7630

Adding the ability for tools using the inputRichText tag (melete) to use non standard collection bases in the FCK file browser by setting the "collectionBase" attribute of the tag with the ref Id of the collection.

If the collection will not have the proper authz for the user through ContentHostingService a SecurityAdvisor can be saved to the user's Session with an id of:
"fck.security.advisor." + collecitonBase

Ex:
SessionManager.getCurrentSession().setAttribute("fck.security.advisor."+collecitonBase, YourToolsSecurityAdvisor);

    * The SecurityAdvisor should be non trivial and do some user role checking to ensure security.

If the tool would like the user to see extra top level folders in the FCK File browser they can be passed in by putting a List of collection Id's into the user's Session with an id of:
"fck.extra.collections." + collectionBase

Ex:
List collections = new Vector();                
//add the ref Ids
SessionManager.getCurrentSession().setAttribute("fck.extra.collections."+collectionBase, collections);
 


git-svn-id: https://source.sakaiproject.org/svn/textarea/trunk@22210 66ffb92e-73f9-0310-93c1-f5514f145a0a

textarea/FCKeditor/connector/pom.xml

@@ -45,6 +45,21 @@
       <version>${sakai.version}</version>
       <scope>provided</scope>
     </dependency>
+
+    <dependency>
+      <groupId>org.sakaiproject</groupId>
+      <artifactId>sakai-authz-api</artifactId>
+      <version>${sakai.version}</version>
+      <scope>provided</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.sakaiproject</groupId>
+      <artifactId>sakai-tool-api</artifactId>
+      <version>${sakai.version}</version>
+      <scope>provided</scope>
+    </dependency>
+
     <dependency>
 
       <groupId>commons-logging</groupId>

textarea/FCKeditor/connector/project.xml

@@ -62,14 +62,26 @@
 			<version>${pom.currentVersion}</version>
 		</dependency>
 
-                <dependency>
-                        <groupId>sakaiproject</groupId>
-                        <artifactId>sakai-util</artifactId>
-                        <version>${pom.currentVersion}</version>
-                        <properties>
-                                <war.bundle>true</war.bundle>
-                        </properties>
-                </dependency>
+		<dependency>
+			<groupId>sakaiproject</groupId>
+			<artifactId>sakai-authz-api</artifactId>
+			<version>${pom.currentVersion}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>sakaiproject</groupId>
+			<artifactId>sakai-tool-api</artifactId>
+			<version>${pom.currentVersion}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>sakaiproject</groupId>
+			<artifactId>sakai-util</artifactId>
+			<version>${pom.currentVersion}</version>
+			<properties>
+				<war.bundle>true</war.bundle>
+			</properties>
+		</dependency>
 
 		<dependency>
       		<groupId>jspapi</groupId>

textarea/FCKeditor/connector/src/java/org/sakaiproject/connector/fck/FCKConnectorServlet.java

@@ -23,6 +23,7 @@
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -42,6 +43,8 @@
 
 import org.apache.commons.fileupload.DiskFileUpload;
 import org.apache.commons.fileupload.FileItem;
+import org.sakaiproject.authz.api.SecurityAdvisor;
+import org.sakaiproject.authz.cover.SecurityService;
 import org.sakaiproject.content.api.ContentCollection;
 import org.sakaiproject.content.api.ContentCollectionEdit;
 import org.sakaiproject.content.api.ContentResource;
@@ -52,6 +55,7 @@
 import org.sakaiproject.event.cover.NotificationService;
 import org.sakaiproject.exception.IdUsedException;
 import org.sakaiproject.exception.PermissionException;
+import org.sakaiproject.tool.cover.SessionManager;
 import org.sakaiproject.util.Validator;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -82,6 +86,9 @@
 public class FCKConnectorServlet extends HttpServlet {
 
 	private static final long serialVersionUID = 1L;
+
+    private static final String FCK_ADVISOR_BASE = "fck.security.advisor.";
+    private static final String FCK_EXTRA_COLLECTIONS_BASE = "fck.extra.collections.";
 
 	/**
       * Manage the Get requests (GetFolders, GetFoldersAndFiles, CreateFolder).<br>
@@ -103,6 +110,14 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
           String type = request.getParameter("Type");
           String currentFolder = request.getParameter("CurrentFolder");
 
+          String collectionBase = request.getPathInfo();
+
+          SecurityAdvisor advisor = (SecurityAdvisor) SessionManager.getCurrentSession()
+               .getAttribute(FCK_ADVISOR_BASE + collectionBase);
+          if (advisor != null) {
+               SecurityService.pushAdvisor(advisor);
+          }
+
           Document document = null;
           try {
                DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
@@ -113,13 +128,14 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
                pce.printStackTrace();
           }
 
-          Node root = createCommonXml(document, commandStr, type, currentFolder, "/access/content"+currentFolder);
+          Node root = createCommonXml(document, commandStr, type, currentFolder, 
+        	   ContentHostingService.getUrl(currentFolder));
 
           if ("GetFolders".equals(commandStr)) {
-               getFolders(currentFolder, root, document);
+               getFolders(currentFolder, root, document, collectionBase);
           }
           else if ("GetFoldersAndFiles".equals(commandStr)) {
-               getFolders(currentFolder, root, document);
+               getFolders(currentFolder, root, document, collectionBase);
                getFiles(currentFolder, root, document, type);
           }
           else if ("CreateFolder".equals(commandStr)) {
@@ -166,6 +182,10 @@ else if ("CreateFolder".equals(commandStr)) {
 	        	  out.close();
 	          }
           }
+
+          if (advisor != null) {
+        	  SecurityService.clearAdvisors();
+          }
      }
 
 
@@ -187,8 +207,14 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
           String command = request.getParameter("Command");
 
           String currentFolder = request.getParameter("CurrentFolder");
+          String collectionBase = request.getPathInfo();
+
+          SecurityAdvisor advisor = (SecurityAdvisor) SessionManager.getCurrentSession()
+               .getAttribute(FCK_ADVISOR_BASE + collectionBase);
+          if (advisor != null) {
+               SecurityService.pushAdvisor(advisor);
+          }
 
-          String currentDirPath = "/access/content" + currentFolder;
           String fileName = "";
           String errorMessage = "";
 
@@ -272,7 +298,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
                out.println("<script type=\"text/javascript\">");
 
                if ("QuickUpload".equals(command)) {
-                    out.println("window.parent.OnUploadCompleted("+status+",'"+currentDirPath+fileName+"','"+fileName+"','"+errorMessage+"');");
+                    out.println("window.parent.OnUploadCompleted(" + status + ",'"
+                    		+ ContentHostingService.getUrl(currentFolder) + fileName
+                    		+ "','" + fileName + "','" + errorMessage + "');");
                }
                else {
                     out.println("window.parent.frames['frmUpload'].OnUploadCompleted("+status+",'"+fileName+"');");
@@ -288,6 +316,10 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
                     out.close();
                }
           }
+
+          if (advisor != null) {
+        	  SecurityService.clearAdvisors();
+          }
      }
 
      private void setCreateFolderResponse(String status, Node root, Document doc) {
@@ -297,7 +329,7 @@ private void setCreateFolderResponse(String status, Node root, Document doc) {
      }
 
 
-     private void getFolders(String dir, Node root, Document doc) {
+     private void getFolders(String dir, Node root, Document doc, String collectionBase) {
           Element folders = doc.createElement("Folders");
           root.appendChild(folders);
 
@@ -308,11 +340,20 @@ private void getFolders(String dir, Node root, Document doc) {
 
           try {
                //hides the real root level stuff and just shows the users the
-               //the root folders of all the sites they actually have access to.
+               //the root folders of all the top collections they actually have access to.
                if (dir.split("/").length == 2) {
+                    List collections = new ArrayList();
                     map = ContentHostingService.getCollectionMap();
-                    if (map != null && map.keySet() != null)
-                         foldersIterator = map.keySet().iterator();
+                    if (map != null && map.keySet() != null) {
+                         collections.addAll(map.keySet());
+                    }
+                    List extras = (List) SessionManager.getCurrentSession()
+                         .getAttribute(FCK_EXTRA_COLLECTIONS_BASE + collectionBase);
+                    if (extras != null) {
+                         collections.addAll(extras);
+                    }
+
+                    foldersIterator = collections.iterator();
                }
                else if (dir.split("/").length > 2) {
                     collection = ContentHostingService.getCollection(dir);

textarea/FCKeditor/connector/src/webapp/WEB-INF/web.xml

@@ -31,7 +31,12 @@
 
     <servlet-mapping>
         <servlet-name>Connector</servlet-name>
-        <url-pattern>/web/editor/filemanager/browser/default/connectors/jsp/connector</url-pattern>
+        <url-pattern>/web/editor/filemanager/browser/default/connectors/jsp/connector/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Connector</servlet-name>
+        <url-pattern>/filemanager/connector/*</url-pattern>
     </servlet-mapping>
 
 </web-app>