[jboss-cvs] jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action ...
Christian Bauer
christian at hibernate.org
Thu Apr 19 07:27:48 EDT 2007
User: cbauer
Date: 07/04/19 07:27:48
Modified: examples/wiki/src/main/org/jboss/seam/wiki/core/action
WikiIdentity.java CommentHome.java
Log:
Permission check for comment deletion
Revision Changes Path
1.4 +12 -0 jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/WikiIdentity.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: WikiIdentity.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/WikiIdentity.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- WikiIdentity.java 4 Apr 2007 10:38:13 -0000 1.3
+++ WikiIdentity.java 19 Apr 2007 11:27:48 -0000 1.4
@@ -62,6 +62,9 @@
} else
if ("User".equals(name) && "isAdmin".equals(action)) {
return checkIsAdmin((User)args[0]);
+ } else
+ if ("Comment".equals(name) && "delete".equals(action)) {
+ return checkCommentDelete((Node)args[0]);
}
@@ -178,4 +181,13 @@
return false;
}
+ /*
+ Only admins or document creator can delete comments
+ */
+ private boolean checkCommentDelete(Node node) {
+ if (currentAccessLevel == UserRoleAccessFactory.ADMINROLE_ACCESSLEVEL) return true;
+ if (node.getCreatedBy().getId().equals(currentUser.getId())) return true;
+ return false;
+ }
+
}
1.3 +5 -0 jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/CommentHome.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: CommentHome.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/src/main/org/jboss/seam/wiki/core/action/CommentHome.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- CommentHome.java 19 Apr 2007 09:48:39 -0000 1.2
+++ CommentHome.java 19 Apr 2007 11:27:48 -0000 1.3
@@ -3,6 +3,8 @@
import org.jboss.seam.annotations.*;
import org.jboss.seam.ScopeType;
import org.jboss.seam.Component;
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.AuthorizationException;
import org.jboss.seam.core.FacesMessages;
import org.jboss.seam.wiki.core.model.Document;
import org.jboss.seam.wiki.core.model.User;
@@ -106,6 +108,9 @@
@Transactional
public void remove(Long commentId) {
entityManager.joinTransaction();
+ if (!Identity.instance().hasPermission("Comment", "delete", entityManager.merge(currentDocument)) ) {
+ throw new AuthorizationException("You don't have permission for this operation");
+ }
Comment foundCommment = entityManager.find(Comment.class, commentId);
if (foundCommment != null) {
More information about the jboss-cvs-commits
mailing list