Author: julien_viet
Date: 2010-02-26 09:32:31 -0500 (Fri, 26 Feb 2010)
New Revision: 1884
Modified:
portal/trunk/portlet/dashboard/src/main/java/org/exoplatform/dashboard/webui/component/UIDashboardPortlet.java
Log:
fix security NPE when editing dashboard in edit page
Modified:
portal/trunk/portlet/dashboard/src/main/java/org/exoplatform/dashboard/webui/component/UIDashboardPortlet.java
===================================================================
---
portal/trunk/portlet/dashboard/src/main/java/org/exoplatform/dashboard/webui/component/UIDashboardPortlet.java 2010-02-26
12:08:54 UTC (rev 1883)
+++
portal/trunk/portlet/dashboard/src/main/java/org/exoplatform/dashboard/webui/component/UIDashboardPortlet.java 2010-02-26
14:32:31 UTC (rev 1884)
@@ -20,7 +20,10 @@
package org.exoplatform.dashboard.webui.component;
import org.exoplatform.portal.application.PortalRequestContext;
+import org.exoplatform.portal.config.DataStorage;
import org.exoplatform.portal.config.UserACL;
+import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.portal.config.model.PageNode;
import org.exoplatform.portal.webui.container.UIContainer;
import org.exoplatform.portal.webui.page.UIPage;
import org.exoplatform.portal.webui.page.UIPageBody;
@@ -68,10 +71,31 @@
PortalRequestContext prc =
(PortalRequestContext)context.getParentAppRequestContext();
UIPortalApplication portalApp = (UIPortalApplication)prc.getUIApplication();
UIPortal portal = portalApp.getShowedUIPortal();
- UIPageBody body = portal.findFirstComponentOfType(UIPageBody.class);
- UIPage page = body.findFirstComponentOfType(UIPage.class);
- UserACL userACL = portal.getApplicationComponent(UserACL.class);
- return userACL.hasPermission(page.getEditPermission());
+
+ //
+ try
+ {
+ PageNode node = portal.getSelectedNode();
+ if (node != null)
+ {
+ String pageRef = node.getPageReference();
+ DataStorage storage = portal.getApplicationComponent(DataStorage.class);
+ Page page = storage.getPage(pageRef);
+ if (page != null)
+ {
+ UserACL userACL = portal.getApplicationComponent(UserACL.class);
+ return userACL.hasPermission(page.getEditPermission());
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ log.error("Could not check dashboard edition" ,e);
+ }
+
+
+ //
+ return false;
}
/**
Show replies by date