[jbossseam-issues] [JBoss JIRA] Resolved: (JBSEAM-3871) Member cann't access wikiNode which read_access_level setted to himself

wu haixing (JIRA) jira-events at lists.jboss.org
Sat Dec 27 01:26:54 EST 2008 

     [ https://jira.jboss.org/jira/browse/JBSEAM-3871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

wu haixing resolved JBSEAM-3871.
--------------------------------

    Resolution: Done


DatabaseObjects.hbm.xml
   <!-- Add param currentUserId to judge whether the User is the  Node's createdBy User -->
    <filter-def name="accessLevelFilter">
        <filter-param name="currentAccessLevel" type="integer"/>
        <filter-param name="currentUserId" type="long"/> 
    </filter-def>
components.xml
    <persistence:filter name="accessLevelFilter">
        <persistence:name>accessLevelFilter</persistence:name>
        <persistence:parameters>
            <key>currentAccessLevel</key><value>#{currentAccessLevel}</value>
           <!-- set currentUserId as currentUser's id -->
            <key>currentUserId</key><value>#{currentUser.id}</value> 
        </persistence:parameters>
    </persistence:filter>

WikiNode.java
//we need the bracket,ignore readAccessLevel if the user is the document's owner
//I think no one will create a document himself cann't read,so this condition can resolve the problem!
@org.hibernate.annotations.Filter(
    name = "accessLevelFilter",
    condition = "(READ_ACCESS_LEVEL <= :currentAccessLevel or CREATED_BY_USER_ID = :currentUserId)"
)

> Member cann't access wikiNode which read_access_level setted to himself
> -----------------------------------------------------------------------
>
>                 Key: JBSEAM-3871
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3871
>             Project: Seam
>          Issue Type: Bug
>          Components: Wiki
>    Affects Versions: 2.1.1.GA
>            Reporter: wu haixing
>            Assignee: Christian Bauer
>   Original Estimate: 10 minutes
>  Remaining Estimate: 10 minutes
>
> If a member create a document want to see by himself,currentAccessLevel Filter cann't get the document because the member's access level obviously less than WikiNode's READ_ACCESS_LEVEL setted to administrator's accessLevel.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list