#27516 include in 23.10.24

dotCMS · Apr 23, 2024 · 1aee274 · 1aee274
1 parent f40f86f
commit 1aee274
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 10 deletions.
diff --git a/dotCMS/hotfix_tracking.md b/dotCMS/hotfix_tracking.md
@@ -88,4 +88,5 @@ This maintenance release includes the following code fixes:
 81. https://github.com/dotCMS/core/issues/27894 : Security: Critical Vulnerability in Postgres JDBC Driver #27894
 82. https://github.com/dotCMS/core/issues/27909 : Invalid role check when accessing resource #27909
 83. https://github.com/dotCMS/core/issues/27910 : Log too verbose in certain situations #27910
-84. https://github.com/dotCMS/core/issues/27453 : Make experience plugin into a system plugin #27453
+84. https://github.com/dotCMS/core/issues/27453 : Make experience plugin into a system plugin #27453
+85. https://github.com/dotCMS/core/issues/27516 : Secrets can not find the inode on certain url #27516
diff --git a/dotCMS/src/main/java/com/dotcms/rendering/velocity/viewtools/SecretTool.java b/dotCMS/src/main/java/com/dotcms/rendering/velocity/viewtools/SecretTool.java
@@ -6,6 +6,7 @@
 import com.dotcms.rendering.velocity.viewtools.secrets.DotVelocitySecretAppConfig;
 import com.dotmarketing.business.APILocator;
 import com.dotmarketing.business.Role;
+import com.dotmarketing.business.Versionable;
 import com.dotmarketing.business.web.WebAPILocator;
 import com.dotmarketing.filters.CMSUrlUtil;
 import com.dotmarketing.portlets.contentlet.model.Contentlet;
@@ -164,9 +165,20 @@ private boolean checkRoleFromLastModUser(final Role role) {
 			String contentletInode = StringPool.BLANK;
 			try {
 				contentletInode = CMSUrlUtil.getInstance().getInodeFromUrlPath(resourcePath);
-				final Contentlet contentlet = APILocator.getContentletAPI().find(contentletInode, APILocator.systemUser(), true);
-				final User lastModifiedUser = APILocator.getUserAPI().loadUserById(contentlet.getModUser(), APILocator.systemUser(), true);
-				hasRole = APILocator.getRoleAPI().doesUserHaveRole(lastModifiedUser, role);
+				Versionable versionable = APILocator.getContentletAPI().find(contentletInode, APILocator.systemUser(), true);
+
+				if (null == versionable) {
+					versionable = APILocator.getContainerAPI().getLiveContainerById(contentletInode, APILocator.systemUser(), true);
+				}
+
+				if (null == versionable) {
+					versionable = APILocator.getTemplateAPI().findLiveTemplate(contentletInode, APILocator.systemUser(), true);
+				}
+
+				if (null != versionable) {
+					final User lastModifiedUser = APILocator.getUserAPI().loadUserById(versionable.getModUser(), APILocator.systemUser(), true);
+					hasRole = APILocator.getRoleAPI().doesUserHaveRole(lastModifiedUser, role);
+				}
 			} catch (final Exception e) {
 				Logger.warnAndDebug(SecretTool.class, String.format("Failed to find last " +
 						"modification user from Retrieved ID '%s' in URL Path '%s': %s",

diff --git a/dotCMS/src/main/java/com/dotmarketing/filters/CMSUrlUtil.java b/dotCMS/src/main/java/com/dotmarketing/filters/CMSUrlUtil.java
@@ -17,10 +17,7 @@
 import com.dotmarketing.portlets.contentlet.model.Contentlet;
 import com.dotmarketing.portlets.contentlet.model.ContentletVersionInfo;
 import com.dotmarketing.portlets.languagesmanager.model.Language;
-import com.dotmarketing.util.Config;
-import com.dotmarketing.util.Logger;
-import com.dotmarketing.util.PageMode;
-import com.dotmarketing.util.UtilMethods;
+import com.dotmarketing.util.*;
 import com.liferay.portal.model.User;
 import com.liferay.util.Xss;
 import io.vavr.Tuple;
@@ -45,8 +42,7 @@
 import static com.dotmarketing.filters.CMSFilter.CMS_INDEX_PAGE;
 import static com.dotmarketing.filters.Constants.CMS_FILTER_QUERY_STRING_OVERRIDE;
 import static com.dotmarketing.filters.Constants.CMS_FILTER_URI_OVERRIDE;
-import static com.liferay.util.StringPool.FORWARD_SLASH;
-import static com.liferay.util.StringPool.UNDERLINE;
+import static com.liferay.util.StringPool.*;
 import static java.util.stream.Collectors.toSet;
 
 /**
@@ -590,13 +586,33 @@ public static String getCurrentURI(final HttpServletRequest request)  {
 	 * @return The Inode of the Contentlet.
 	 */
 	public String getInodeFromUrlPath(final String urlPath) {
+		// tries the edit mode first
 		final PageMode[] modes = PageMode.values();
 		for (final PageMode mode : modes) {
 			if (urlPath.startsWith(FORWARD_SLASH + mode.name() + FORWARD_SLASH)) {
 				final String urlPathWithoutMode = urlPath.substring(mode.name().length() + 2);
 				return urlPathWithoutMode.substring(0, urlPathWithoutMode.indexOf(FORWARD_SLASH));
 			}
+			if (urlPath.startsWith(mode.name() + FORWARD_SLASH)) {
+				final String urlPathWithoutMode = urlPath.substring(mode.name().length() + 1);
+				int indexOf = urlPathWithoutMode.indexOf(FORWARD_SLASH);
+				if (indexOf == -1) {
+					indexOf = urlPathWithoutMode.indexOf(UNDERLINE);
+				}
+				if (indexOf == -1) {
+					indexOf = urlPathWithoutMode.indexOf(PERIOD);
+				}
+				return urlPathWithoutMode.substring(0, indexOf);
+			}
 		}
+
+		// tries the fe mode: /data/shared/assets/c/e/ce837ff5-dc6f-427a-8f60-d18afc395be9/fileAsset/openai-summarize.vtl
+		final Optional<String> inodeOPt = UUIDUtil.findInode(urlPath);
+		if (inodeOPt.isPresent()) {
+			return inodeOPt.get();
+		}
+
+		// tries the content mode: CONTENT/27e8f845c3bd21ad1c601b8fe005caa6_1695072095296.content
 		return urlPath.substring(urlPath.indexOf(FORWARD_SLASH) + 1, urlPath.indexOf(UNDERLINE));
 	}
 

diff --git a/dotCMS/src/main/java/com/dotmarketing/util/UUIDUtil.java b/dotCMS/src/main/java/com/dotmarketing/util/UUIDUtil.java
@@ -1,11 +1,19 @@
 package com.dotmarketing.util;
 
+import java.util.Optional;
 import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
+import com.dotcms.regex.MatcherTimeoutFactory;
+import com.liferay.util.StringPool;
 import org.apache.logging.log4j.core.util.UuidUtil;
 
+import static com.liferay.util.StringPool.FORWARD_SLASH;
+
 public final class UUIDUtil {
 
+  private static final Pattern INODE_PATTERN = Pattern.compile("/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/");
   public static boolean isUUID(final String uuid) {
     return uuid!=null && unUidIfy(uuid).matches("[a-fA-F0-9]{32}");
   }
@@ -40,6 +48,23 @@ public static String uuidTimeBased() {
     return UuidUtil.getTimeBasedUuid().toString();
   }
 
+  /**
+   * Extracts the inode from a string.
+   *
+   * @param someString the string to search
+   * @return the inode if found, otherwise an empty optional
+   */
+  public static Optional<String> findInode(final String someString) {
+
+    final Matcher matcher = INODE_PATTERN.matcher(someString);
+
+    if (matcher.find()) {
+      final String inode = matcher.group().replace(FORWARD_SLASH, StringPool.BLANK);
+      return Optional.ofNullable(inode);
+    }
+
+    return Optional.empty();
+  }
 
 
 }
diff --git a/dotCMS/src/test/java/com/dotmarketing/filters/CMSUrlUtilTest.java b/dotCMS/src/test/java/com/dotmarketing/filters/CMSUrlUtilTest.java
@@ -61,6 +61,16 @@ public void test_getIdentifierFromUrlPath() {
         final String contentIdentifier2 = CMSUrlUtil.getInstance().getInodeFromUrlPath(templateUrlPath);
         assertNotNull(contentIdentifier2);
         assertEquals("27e8f845c3bd21ad1c601b8fe005caa6", contentIdentifier2);
+        final String feUrlPath = "/data/shared/assets/c/e/ce837ff5-dc6f-427a-8f60-d18afc395be9/fileAsset/openai-summarize.vtl";
+        final String contentIdentifier3 = CMSUrlUtil.getInstance().getInodeFromUrlPath(feUrlPath);
+        assertNotNull(contentIdentifier3);
+        assertEquals("ce837ff5-dc6f-427a-8f60-d18afc395be9", contentIdentifier3);
+
+
+        final String template2UrlPath = "LIVE/d2e56042255158023d03164cd3852ead.templatelayout";
+        final String contentIdentifier4 = CMSUrlUtil.getInstance().getInodeFromUrlPath(template2UrlPath);
+        assertNotNull(contentIdentifier4);
+        assertEquals("d2e56042255158023d03164cd3852ead", contentIdentifier4);
     }
 
 }