Author: thomas.heute(a)jboss.com Date: 2007-02-09 11:02:20 -0500 (Fri, 09 Feb 2007) New Revision: 6196 Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java Log: Fixed bug while viewing files in the admin browser Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-02-09 12:50:04 UTC (rev 6195) +++ trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-02-09 16:02:20 UTC (rev 6196) @@ -43,6 +43,7 @@ import org.jboss.portal.cms.CMSInterceptor; import org.jboss.portal.cms.impl.jcr.JCRCommand; import org.jboss.portal.cms.impl.jcr.JCRCMS; +import org.jboss.portal.cms.impl.jcr.command.SearchCommand; import org.jboss.portal.cms.model.File; import org.jboss.portal.cms.model.Folder; import org.jboss.portal.cms.hibernate.state.Tools; @@ -168,22 +169,21 @@ protected Object invoke(JCRCommand invocation) throws Exception, InvocationException { if(ACLInterceptor.turnOff.get()==null ) - { - Session session = Tools.getOpenSession(); - Transaction tx = session.beginTransaction(); - + { //make the acl check before this command is executed - User user = (User)JCRCMS.getUserInfo().get(); + + // Get the user executing the command + User user = (User)JCRCMS.getUserInfo().get(); - //setup the security context with enough information for the authorization provider //to be able to make an enforcement decision PortalCMSSecurityContext securityContext = new PortalCMSSecurityContext(user); securityContext.setAttribute("command",invocation); - //perform access check PortalPermission cmsPermission = new CMSPermission(securityContext); + Session session = Tools.getOpenSession(); + Transaction tx = session.beginTransaction(); boolean allowAccess = this.authorizationManager.checkPermission(cmsPermission); tx.commit(); Tools.closeSession(session); @@ -222,6 +222,8 @@ Transaction tx = session.beginTransaction(); Object filteredResponse = response; + JCRCommand command = (JCRCommand)securityContext.getAttribute("command"); + try { @@ -257,7 +259,7 @@ folder.setFolders(filteredFolders); folder.setFiles(filteredFiles); } - else if (filteredResponse instanceof List) + else if ((filteredResponse instanceof List) && (command instanceof SearchCommand)) { List list = (List)filteredResponse; List filteredFiles = new ArrayList();