On Tue, Dec 16, 2008 at 8:16 AM, Sergiu Dumitriu <[email protected]> wrote:
> asiri (SVN) wrote:
> > Author: asiri
> > Date: 2008-12-15 17:45:22 +0100 (Mon, 15 Dec 2008)
> > New Revision: 14754
> >
> > Modified:
> >
>
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
> >
>
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
> > Log:
> > XWIKI-2982: Not possible to rename pages / spaces via the WebDAV
> interface
> >
> > Fixed.
> >
> > Modified:
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
> > ===================================================================
> > ---
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
> 2008-12-15 16:44:07 UTC (rev 14753)
> > +++
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
> 2008-12-15 16:45:22 UTC (rev 14754)
> > @@ -284,7 +284,9 @@
> > */
> > public void move(DavResource destination) throws DavException
> > {
> > - getContext().checkAccess("delete", this.name);
> > + // Renaming a page requires edit rights on the current document,
> delete rights on the
> > + // target document (if it exists) and edit rights on all the
> children of current document.
> > + getContext().checkAccess("edit", this.name);
> > XWikiDavResource dResource = (XWikiDavResource) destination;
> > String dSpaceName = null;
> > String dPageName = null;
> > @@ -302,8 +304,10 @@
> > String sql = "where doc.parent='" + this.name + "'";
> > List<String> childDocNames =
> getContext().searchDocumentsNames(sql);
> > // Validate access rights for the destination page.
> > - getContext().checkAccess("edit", newDocName);
> > - // Validate access rights for all the renamed pages.
> > + if (getContext().exists(newDocName)) {
> > + getContext().checkAccess("delete", newDocName);
> > + }
>
> You still have to check for edit right:
>
> } else {
> getContext().checkAccess("edit", newDocName);
> }
>
> > + // Validate access rights for all the child pages.
> > for (String childDocName : childDocNames) {
> > getContext().checkAccess("edit", childDocName);
> > }
> >
> > Modified:
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
> > ===================================================================
> > ---
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
> 2008-12-15 16:44:07 UTC (rev 14753)
> > +++
> platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
> 2008-12-15 16:45:22 UTC (rev 14754)
> > @@ -168,11 +168,10 @@
> > removeTempResource((DavTempFile) member);
> > } else if (member instanceof DavPage) {
> > String pName = ((DavPage) member).getDisplayName();
> > - if (getContext().hasAccess("delete", pName)) {
> > - XWikiDocument childDoc =
> getContext().getDocument(pName);
> > - if (!childDoc.isNew()) {
> > - getContext().deleteDocument(childDoc);
> > - }
> > + getContext().checkAccess("delete", pName);
> > + XWikiDocument childDoc = getContext().getDocument(pName);
> > + if (!childDoc.isNew()) {
> > + getContext().deleteDocument(childDoc);
> > }
> > } else {
> > throw new DavException(DavServletResponse.SC_BAD_REQUEST);
> > @@ -192,13 +191,15 @@
> > if (getCollection().equals(dSpace.getCollection())) {
> > String sql = "where doc.web='" + this.name + "'";
> > List<String> docNames =
> getContext().searchDocumentsNames(sql);
> > - // To rename an entire space, user should have
> delete rights on all the
> > - // documents in the current space and edit rights on
> all the documents that
> > - // will be created after the rename operation.
> > + // To rename an entire space, user should have edit
> rights on all the
> > + // documents in the current space and delete rights
> on all the documents that
> > + // will be replaced (if they exist).
> > for (String docName : docNames) {
> > String newDocName = dSpace.getDisplayName() +
> "." + docName;
> > - getContext().checkAccess("delete", docName);
> > - getContext().checkAccess("edit", newDocName);
> > + getContext().checkAccess("edit", docName);
> > + if (getContext().exists(newDocName)) {
> > + getContext().checkAccess("delete",
> newDocName);
> > + }
>
> This looks like duplication. Can you move this check in a common method?
>
Fixed by introducing an intermediate access level named 'overwrite'. I hope
this is not breaking any laws. So it's something like:
if (right.equals("overwrite")) {
String overwriteAccess = exists(fullDocName) ? "delete" : "edit";
hasAccess = hasAccess(overwriteAccess, fullDocName);
} else
Thanks.
- Asiri
>
> > }
> > for (String docName : docNames) {
> > XWikiDocument doc =
> getContext().getDocument(docName);
>
>
> --
> Sergiu Dumitriu
> http://purl.org/net/sergiu/
> _______________________________________________
> devs mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/devs
>
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
