taylor 01/09/04 22:53:19 Modified: src/java/org/apache/jetspeed/modules/actions/portlets CustomizeAction.java CustomizeSetAction.java Log: - When customizing, the list of registry entries are now filtered to only show entries that a user has permission to customize. Revision Changes Path 1.4 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeAction.java Index: CustomizeAction.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeAction.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- CustomizeAction.java 2001/07/29 13:41:52 1.3 +++ CustomizeAction.java 2001/09/05 05:53:19 1.4 @@ -118,6 +118,7 @@ if ( (!param.isHidden()) && (name.charAt(0)!='_') ) { // check the user role + System.out.println("checking role for portlet:" + p.getName() + " parm:" + name); String role = (param.getSecurity()!=null)?param.getSecurity().getRole():null; if ((role==null)||(rundata.getACL().hasRole(role))) { 1.9 +9 -8 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java Index: CustomizeSetAction.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- CustomizeSetAction.java 2001/07/29 13:41:52 1.8 +++ CustomizeSetAction.java 2001/09/05 05:53:19 1.9 @@ -74,6 +74,7 @@ import org.apache.jetspeed.xml.api.portletmarkup.Metainfo; import org.apache.jetspeed.xml.api.portletmarkup.Controller; import org.apache.jetspeed.xml.api.portletmarkup.Control; +import org.apache.jetspeed.services.JetspeedSecurity; // Turbine stuff import org.apache.turbine.util.Log; @@ -433,10 +434,10 @@ PortletEntry entry = (PortletEntry)Registry.getEntry(Registry.PORTLET, (String)i.next()); - //FIXME: we should add security testing - if ((!entry.isHidden()) + if (JetspeedSecurity.checkPermission(data, JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) && + ((!entry.isHidden()) && (!entry.getType().equals(PortletEntry.TYPE_ABSTRACT)) - && entry.hasMediaType(mediaName)) + && entry.hasMediaType(mediaName))) { list.add(entry); } @@ -493,9 +494,9 @@ PortletInfoEntry entry = (PortletInfoEntry)Registry.getEntry(regName, (String)i.next()); - //FIXME: we should add security testing - if ((!entry.isHidden()) - && entry.hasMediaType(mediaName)) + if (JetspeedSecurity.checkPermission(data, JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) && + ((!entry.isHidden()) + && entry.hasMediaType(mediaName))) { list.add(entry); } @@ -528,8 +529,8 @@ { RegistryEntry entry = Registry.getEntry(regName,(String)i.next()); - //FIXME: we should add security testing - if (!entry.isHidden()) + if (JetspeedSecurity.checkPermission(data, JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) && + (!entry.isHidden())) { list.add(entry); } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]