rajkowski · rajkowski · Mar 22, 2026 · Mar 22, 2026 · Mar 22, 2026
diff --git a/src/main/java/com/simisinc/platform/ApplicationInfo.java b/src/main/java/com/simisinc/platform/ApplicationInfo.java
@@ -32,7 +32,7 @@ public class ApplicationInfo {
   // Use: Change the date, increment the decimal on same day updates
   // then reset back to 10000
   //                         VERSION = "--------.10000";
-  public static final String VERSION = "20260305.10000";
+  public static final String VERSION = "20260317.10000";
 
   /**
    * Outputs the version from the command line

diff --git a/src/main/java/com/simisinc/platform/application/json/JsonCommand.java b/src/main/java/com/simisinc/platform/application/json/JsonCommand.java
@@ -32,7 +32,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
- * Functinos for working with JSON data
+ * Functions for working with JSON data
  *
  * @author matt rajkowski
  * @created 9/9/19 10:47 AM

diff --git a/src/main/java/com/simisinc/platform/presentation/widgets/admin/PermissionGroupsWidget.java b/src/main/java/com/simisinc/platform/presentation/widgets/admin/PermissionGroupsWidget.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2026 Matt Rajkowski (https://github.com/rajkowski)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.simisinc.platform.presentation.widgets.admin;
+
+import com.simisinc.platform.application.admin.PermissionEngine;
+import com.simisinc.platform.presentation.controller.WidgetContext;
+import com.simisinc.platform.presentation.widgets.GenericWidget;
+
+/**
+ * Read-only admin view of loaded Cedar permission groups and their component members.
+ *
+ * @author matt rajkowski
+ * @created 3/6/26 8:00 AM
+ */
+public class PermissionGroupsWidget extends GenericWidget {
+
+  static final long serialVersionUID = 7812340985623401287L;
+  static String JSP = "/admin/permission-groups.jsp";
+
+  @Override
+  public WidgetContext execute(WidgetContext context) {
+    if (!context.hasRole("admin")) {
+      LOG.debug("No permission to: " + PermissionGroupsWidget.class.getSimpleName());
+      return context;
+    }
+    context.getRequest().setAttribute("permissionGroupList", PermissionEngine.getAllGroups());
+    context.getRequest().setAttribute("icon", context.getPreferences().get("icon"));
+    context.getRequest().setAttribute("title", context.getPreferences().get("title"));
+    context.setJsp(JSP);
+    return context;
+  }
+}
diff --git a/src/main/java/com/simisinc/platform/presentation/widgets/admin/cms/SubFolderFormWidget.java b/src/main/java/com/simisinc/platform/presentation/widgets/admin/cms/SubFolderFormWidget.java
@@ -16,15 +16,21 @@
 
 package com.simisinc.platform.presentation.widgets.admin.cms;
 
-import com.simisinc.platform.application.DataException;
-import com.simisinc.platform.application.cms.*;
-import com.simisinc.platform.domain.model.cms.SubFolder;
-import com.simisinc.platform.presentation.widgets.GenericWidget;
-import com.simisinc.platform.presentation.controller.WidgetContext;
+import java.lang.reflect.InvocationTargetException;
+
 import org.apache.commons.beanutils.BeanUtils;
 import org.apache.commons.lang3.StringUtils;
 
-import java.lang.reflect.InvocationTargetException;
+import com.simisinc.platform.application.DataException;
+import com.simisinc.platform.application.admin.PermissionEngine;
+import com.simisinc.platform.application.cms.CheckFolderPermissionCommand;
+import com.simisinc.platform.application.cms.FolderException;
+import com.simisinc.platform.application.cms.LoadSubFolderCommand;
+import com.simisinc.platform.application.cms.SaveSubFolderCommand;
+import com.simisinc.platform.application.cms.UrlCommand;
+import com.simisinc.platform.domain.model.cms.SubFolder;
+import com.simisinc.platform.presentation.controller.WidgetContext;
+import com.simisinc.platform.presentation.widgets.GenericWidget;
 
 /**
  * Widget for displaying a system administration form to add/update sub-folders
@@ -65,7 +71,7 @@ public WidgetContext execute(WidgetContext context) {
     }
 
     // Check permissions
-    if (!context.hasRole("admin") && !context.hasRole("content-manager")) {
+    if (!PermissionEngine.checkAccess(getClass().getName(), context.getUserSession())) {
       if (!CheckFolderPermissionCommand.userHasAddPermission(subFolder.getFolderId(), context.getUserId())) {
         return null;
       }
@@ -87,7 +93,7 @@ public WidgetContext post(WidgetContext context) throws InvocationTargetExceptio
     String returnPage = UrlCommand.getValidReturnPage(context.getParameter("returnPage"));
 
     // Check permissions
-    if (!context.hasRole("admin") && !context.hasRole("content-manager")) {
+    if (!PermissionEngine.checkAccess(getClass().getName(), context.getUserSession())) {
       if (!CheckFolderPermissionCommand.userHasAddPermission(subFolderBean.getFolderId(), context.getUserId())) {
         return null;
       }
@@ -112,7 +118,7 @@ public WidgetContext post(WidgetContext context) throws InvocationTargetExceptio
     if (StringUtils.isNotBlank(returnPage)) {
       context.setRedirect(returnPage);
     } else {
-//      context.setRedirect("/admin/folder-details?folderId=" + subFolder.getFolderId());
+      // context.setRedirect("/admin/folder-details?folderId=" + subFolder.getFolderId());
       context.setRedirect("/admin/sub-folder-details?subFolderId=" + subFolder.getId() + "&folderId=" + subFolder.getFolderId());
     }
     return context;

diff --git a/src/main/java/com/simisinc/platform/presentation/widgets/cms/BlogsListJsonService.java b/src/main/java/com/simisinc/platform/presentation/widgets/cms/BlogsListJsonService.java
@@ -22,11 +22,12 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import com.simisinc.platform.application.admin.PermissionEngine;
 import com.simisinc.platform.application.json.JsonCommand;
 import com.simisinc.platform.domain.model.cms.Blog;
 import com.simisinc.platform.infrastructure.persistence.cms.BlogRepository;
-import com.simisinc.platform.presentation.controller.WidgetContext;
-import com.simisinc.platform.presentation.widgets.GenericWidget;
+import com.simisinc.platform.presentation.controller.JsonServiceContext;
+import com.simisinc.platform.presentation.services.GenericJsonService;
 
 /**
  * Handles JSON/AJAX GET requests for /json/blogs/list endpoint
@@ -35,7 +36,7 @@
  * @author matt rajkowski
  * @created 2/7/26 3:00 PM
  */
-public class BlogsListJsonService extends GenericWidget {
+public class BlogsListJsonService extends GenericJsonService {
 
   static final long serialVersionUID = -8484048371911908893L;
   private static Log LOG = LogFactory.getLog(BlogsListJsonService.class);
@@ -46,11 +47,12 @@ public class BlogsListJsonService extends GenericWidget {
    * @param context the widget context
    * @return context with JSON response
    */
-  public WidgetContext execute(WidgetContext context) {
+  public JsonServiceContext get(JsonServiceContext context) {
 
-    // Check permissions - require admin or content-manager role
-    if (!context.hasRole("admin") && !context.hasRole("content-manager")) {
-      return writeError(context, "Permission denied");
+    // Check permissions
+    if (!PermissionEngine.checkAccess(getClass().getName(), context.getUserSession())) {
+      LOG.debug("No permission to: " + BlogsListJsonService.class.getSimpleName());
+      return context.writeError("Permission denied");
     }
 
     try {
@@ -79,33 +81,12 @@ public WidgetContext execute(WidgetContext context) {
 
       json.append("]");
 
-      return writeOk(context, json.toString(), null);
+      return context.writeOk(json.toString(), null);
 
     } catch (Exception e) {
       LOG.error("Error loading blogs: " + e.getMessage(), e);
-      return writeError(context, e.getMessage());
+      return context.writeError(e.getMessage());
     }
   }
 
-  private WidgetContext writeOk(WidgetContext context, String dataJson, String metaJson) {
-    StringBuilder json = new StringBuilder();
-    json.append("{");
-    json.append("\"status\":\"ok\"");
-    if (dataJson != null) {
-      json.append(",\"data\":").append(dataJson);
-    }
-    if (metaJson != null) {
-      json.append(",\"meta\":").append(metaJson);
-    }
-    json.append("}");
-    context.setJson(json.toString());
-    return context;
-  }
-
-  private WidgetContext writeError(WidgetContext context, String message) {
-    context.setJson("{\"status\":\"error\",\"error\":\"" + JsonCommand.toJson(StringUtils.defaultString(message)) + "\"}");
-    context.setSuccess(false);
-    return context;
-  }
-
 }
diff --git a/src/main/java/com/simisinc/platform/presentation/widgets/cms/BlogsPostsJsonService.java b/src/main/java/com/simisinc/platform/presentation/widgets/cms/BlogsPostsJsonService.java
@@ -22,12 +22,13 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import com.simisinc.platform.application.admin.PermissionEngine;
 import com.simisinc.platform.application.json.JsonCommand;
 import com.simisinc.platform.domain.model.cms.BlogPost;
 import com.simisinc.platform.infrastructure.persistence.cms.BlogPostRepository;
 import com.simisinc.platform.infrastructure.persistence.cms.BlogPostSpecification;
-import com.simisinc.platform.presentation.controller.WidgetContext;
-import com.simisinc.platform.presentation.widgets.GenericWidget;
+import com.simisinc.platform.presentation.controller.JsonServiceContext;
+import com.simisinc.platform.presentation.services.GenericJsonService;
 
 /**
  * Handles JSON/AJAX GET requests for /json/blogs/posts endpoint
@@ -36,7 +37,7 @@
  * @author matt rajkowski
  * @created 2/7/26 3:00 PM
  */
-public class BlogsPostsJsonService extends GenericWidget {
+public class BlogsPostsJsonService extends GenericJsonService {
 
   static final long serialVersionUID = -8484048371911908893L;
   private static Log LOG = LogFactory.getLog(BlogsPostsJsonService.class);
@@ -47,19 +48,19 @@ public class BlogsPostsJsonService extends GenericWidget {
    * @param context the widget context
    * @return context with JSON response
    */
-  public WidgetContext execute(WidgetContext context) {
+  public JsonServiceContext get(JsonServiceContext context) {
 
-    // Check permissions - require admin or content-manager role
-    if (!context.hasRole("admin") && !context.hasRole("content-manager")) {
-      // Return empty array on permission denied for FullCalendar
+    // Check permissions
+    if (!PermissionEngine.checkAccess(getClass().getName(), context.getUserSession())) {
+      LOG.debug("No permission to: " + BlogsPostsJsonService.class.getSimpleName());
       context.setJson("[]");
       return context;
     }
 
     try {
       // Get comma-separated blog IDs
       String blogIdsParam = context.getParameter("blogIds");
-      
+
       if (StringUtils.isBlank(blogIdsParam)) {
         // Return empty array for FullCalendar
         context.setJson("[]");
@@ -83,13 +84,14 @@ public WidgetContext execute(WidgetContext context) {
 
       boolean first = true;
       for (long blogId : blogIds) {
-        if (blogId <= 0) continue;
-
+        if (blogId <= 0)
+          continue;
+
         // Load blog posts for this blog using BlogPostSpecification
         BlogPostSpecification spec = new BlogPostSpecification();
         spec.setBlogId(blogId);
         List<BlogPost> posts = BlogPostRepository.findAll(spec, null);
-        
+
         if (posts != null && !posts.isEmpty()) {
           for (BlogPost post : posts) {
             if (!first) {
@@ -101,7 +103,7 @@ public WidgetContext execute(WidgetContext context) {
             json.append("\"id\": ").append(post.getId()).append(",");
             json.append("\"title\": \"").append(JsonCommand.toJson(post.getTitle())).append("\",");
             json.append("\"blogId\": ").append(blogId).append(",");
-            
+
             if (post.getPublished() != null) {
               json.append("\"publishDate\": \"").append(JsonCommand.toJson(post.getPublished().toString())).append("\",");
             } else if (post.getStartDate() != null) {
@@ -113,7 +115,7 @@ public WidgetContext execute(WidgetContext context) {
               json.append("\"created\": \"").append(JsonCommand.toJson(post.getCreated().toString())).append("\",");
             }
             json.append("\"content\": \"").append(JsonCommand.toJson(StringUtils.defaultString(post.getBody()))).append("\"");
-            
+
             json.append("}");
           }
         }
@@ -127,7 +129,6 @@ public WidgetContext execute(WidgetContext context) {
 
     } catch (Exception e) {
       LOG.error("Error loading blog posts: " + e.getMessage(), e);
-      // Return empty array on error for FullCalendar
       context.setJson("[]");
       return context;
     }

diff --git a/src/main/java/com/simisinc/platform/presentation/widgets/cms/CalendarsEventsJsonService.java b/src/main/java/com/simisinc/platform/presentation/widgets/cms/CalendarsEventsJsonService.java
@@ -22,12 +22,13 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import com.simisinc.platform.application.admin.PermissionEngine;
 import com.simisinc.platform.application.json.JsonCommand;
 import com.simisinc.platform.domain.model.cms.CalendarEvent;
 import com.simisinc.platform.infrastructure.persistence.cms.CalendarEventRepository;
 import com.simisinc.platform.infrastructure.persistence.cms.CalendarEventSpecification;
-import com.simisinc.platform.presentation.controller.WidgetContext;
-import com.simisinc.platform.presentation.widgets.GenericWidget;
+import com.simisinc.platform.presentation.controller.JsonServiceContext;
+import com.simisinc.platform.presentation.services.GenericJsonService;
 
 /**
  * Handles JSON/AJAX GET requests for /json/calendars/events endpoint
@@ -36,7 +37,7 @@
  * @author matt rajkowski
  * @created 2/7/26 3:00 PM
  */
-public class CalendarsEventsJsonService extends GenericWidget {
+public class CalendarsEventsJsonService extends GenericJsonService {
 
   static final long serialVersionUID = -8484048371911908893L;
   private static Log LOG = LogFactory.getLog(CalendarsEventsJsonService.class);
@@ -47,19 +48,19 @@ public class CalendarsEventsJsonService extends GenericWidget {
    * @param context the widget context
    * @return context with JSON response
    */
-  public WidgetContext execute(WidgetContext context) {
+  public JsonServiceContext get(JsonServiceContext context) {
 
-    // Check permissions - require admin or content-manager role
-    if (!context.hasRole("admin") && !context.hasRole("content-manager")) {
-      // Return empty array on permission denied for FullCalendar
+    // Check permissions
+    if (!PermissionEngine.checkAccess(getClass().getName(), context.getUserSession())) {
+      LOG.debug("No permission to: " + CalendarsEventsJsonService.class.getSimpleName());
       context.setJson("[]");
       return context;
     }
 
     try {
       // Get comma-separated calendar IDs
       String calendarIdsParam = context.getParameter("calendarIds");
-      
+
       if (StringUtils.isBlank(calendarIdsParam)) {
         // Return empty array for FullCalendar
         context.setJson("[]");
@@ -83,13 +84,14 @@ public WidgetContext execute(WidgetContext context) {
 
       boolean first = true;
       for (long calendarId : calendarIds) {
-        if (calendarId <= 0) continue;
-
+        if (calendarId <= 0)
+          continue;
+
         // Load events for this calendar using CalendarEventSpecification
         CalendarEventSpecification spec = new CalendarEventSpecification();
         spec.setCalendarId(calendarId);
         List<CalendarEvent> events = CalendarEventRepository.findAll(spec, null);
-        
+
         if (events != null && !events.isEmpty()) {
           for (CalendarEvent event : events) {
             if (!first) {
@@ -101,7 +103,7 @@ public WidgetContext execute(WidgetContext context) {
             json.append("\"id\": ").append(event.getId()).append(",");
             json.append("\"title\": \"").append(JsonCommand.toJson(event.getTitle())).append("\",");
             json.append("\"calendarId\": ").append(calendarId).append(",");
-            
+
             if (event.getStartDate() != null) {
               json.append("\"startDate\": \"").append(JsonCommand.toJson(event.getStartDate().toString())).append("\",");
             } else {
@@ -113,7 +115,7 @@ public WidgetContext execute(WidgetContext context) {
               json.append("\"endDate\": \"\",");
             }
             json.append("\"description\": \"").append(JsonCommand.toJson(StringUtils.defaultString(event.getSummary()))).append("\"");
-            
+
             json.append("}");
           }
         }