[jbossseam-issues] [JBoss JIRA] Resolved: (JBSEAM-3871) Member cann't access wikiNode which read_access_level setted to himself
wu haixing (JIRA)
jira-events at lists.jboss.org
Sat Dec 27 01:26:54 EST 2008
[ https://jira.jboss.org/jira/browse/JBSEAM-3871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
wu haixing resolved JBSEAM-3871.
--------------------------------
Resolution: Done
DatabaseObjects.hbm.xml
<!-- Add param currentUserId to judge whether the User is the Node's createdBy User -->
<filter-def name="accessLevelFilter">
<filter-param name="currentAccessLevel" type="integer"/>
<filter-param name="currentUserId" type="long"/>
</filter-def>
components.xml
<persistence:filter name="accessLevelFilter">
<persistence:name>accessLevelFilter</persistence:name>
<persistence:parameters>
<key>currentAccessLevel</key><value>#{currentAccessLevel}</value>
<!-- set currentUserId as currentUser's id -->
<key>currentUserId</key><value>#{currentUser.id}</value>
</persistence:parameters>
</persistence:filter>
WikiNode.java
//we need the bracket,ignore readAccessLevel if the user is the document's owner
//I think no one will create a document himself cann't read,so this condition can resolve the problem!
@org.hibernate.annotations.Filter(
name = "accessLevelFilter",
condition = "(READ_ACCESS_LEVEL <= :currentAccessLevel or CREATED_BY_USER_ID = :currentUserId)"
)
> Member cann't access wikiNode which read_access_level setted to himself
> -----------------------------------------------------------------------
>
> Key: JBSEAM-3871
> URL: https://jira.jboss.org/jira/browse/JBSEAM-3871
> Project: Seam
> Issue Type: Bug
> Components: Wiki
> Affects Versions: 2.1.1.GA
> Reporter: wu haixing
> Assignee: Christian Bauer
> Original Estimate: 10 minutes
> Remaining Estimate: 10 minutes
>
> If a member create a document want to see by himself,currentAccessLevel Filter cann't get the document because the member's access level obviously less than WikiNode's READ_ACCESS_LEVEL setted to administrator's accessLevel.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list