[jboss-cvs] jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action ...

Christian Bauer christian at hibernate.org
Thu Apr 19 07:27:48 EDT 2007 

  User: cbauer  
  Date: 07/04/19 07:27:48

  Modified:    examples/wiki/src/main/org/jboss/seam/wiki/core/action  
                        WikiIdentity.java CommentHome.java
  Log:
  Permission check for comment deletion
  
  Revision  Changes    Path
  1.4       +12 -0     jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/WikiIdentity.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: WikiIdentity.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/WikiIdentity.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -b -r1.3 -r1.4
  --- WikiIdentity.java	4 Apr 2007 10:38:13 -0000	1.3
  +++ WikiIdentity.java	19 Apr 2007 11:27:48 -0000	1.4
  @@ -62,6 +62,9 @@
           } else
           if ("User".equals(name) && "isAdmin".equals(action)) {
               return checkIsAdmin((User)args[0]);
  +        } else
  +        if ("Comment".equals(name) && "delete".equals(action)) {
  +            return checkCommentDelete((Node)args[0]);
           }
   
   
  @@ -178,4 +181,13 @@
           return false;
       }
   
  +    /*
  +        Only admins or document creator can delete comments
  +    */
  +    private boolean checkCommentDelete(Node node) {
  +        if (currentAccessLevel == UserRoleAccessFactory.ADMINROLE_ACCESSLEVEL) return true;
  +        if (node.getCreatedBy().getId().equals(currentUser.getId())) return true;
  +        return false;
  +    }
  +
   }
  
  
  
  1.3       +5 -0      jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/CommentHome.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: CommentHome.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/CommentHome.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -b -r1.2 -r1.3
  --- CommentHome.java	19 Apr 2007 09:48:39 -0000	1.2
  +++ CommentHome.java	19 Apr 2007 11:27:48 -0000	1.3
  @@ -3,6 +3,8 @@
   import org.jboss.seam.annotations.*;
   import org.jboss.seam.ScopeType;
   import org.jboss.seam.Component;
  +import org.jboss.seam.security.Identity;
  +import org.jboss.seam.security.AuthorizationException;
   import org.jboss.seam.core.FacesMessages;
   import org.jboss.seam.wiki.core.model.Document;
   import org.jboss.seam.wiki.core.model.User;
  @@ -106,6 +108,9 @@
       @Transactional
       public void remove(Long commentId) {
           entityManager.joinTransaction();
  +        if (!Identity.instance().hasPermission("Comment", "delete", entityManager.merge(currentDocument)) ) {
  +            throw new AuthorizationException("You don't have permission for this operation");
  +        }
   
           Comment foundCommment = entityManager.find(Comment.class, commentId);
           if (foundCommment != null) {

More information about the jboss-cvs-commits mailing list