taylor 01/09/04 22:53:19
Modified: src/java/org/apache/jetspeed/modules/actions/portlets
CustomizeAction.java CustomizeSetAction.java
Log:
- When customizing, the list of registry entries are now filtered to only show
entries that a user has permission to customize.
Revision Changes Path
1.4 +1 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeAction.java
Index: CustomizeAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeAction.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CustomizeAction.java 2001/07/29 13:41:52 1.3
+++ CustomizeAction.java 2001/09/05 05:53:19 1.4
@@ -118,6 +118,7 @@
if ( (!param.isHidden()) && (name.charAt(0)!='_') )
{
// check the user role
+ System.out.println("checking role for portlet:" + p.getName() + "
parm:" + name);
String role =
(param.getSecurity()!=null)?param.getSecurity().getRole():null;
if ((role==null)||(rundata.getACL().hasRole(role)))
{
1.9 +9 -8
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java
Index: CustomizeSetAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- CustomizeSetAction.java 2001/07/29 13:41:52 1.8
+++ CustomizeSetAction.java 2001/09/05 05:53:19 1.9
@@ -74,6 +74,7 @@
import org.apache.jetspeed.xml.api.portletmarkup.Metainfo;
import org.apache.jetspeed.xml.api.portletmarkup.Controller;
import org.apache.jetspeed.xml.api.portletmarkup.Control;
+import org.apache.jetspeed.services.JetspeedSecurity;
// Turbine stuff
import org.apache.turbine.util.Log;
@@ -433,10 +434,10 @@
PortletEntry entry = (PortletEntry)Registry.getEntry(Registry.PORTLET,
(String)i.next());
- //FIXME: we should add security testing
- if ((!entry.isHidden())
+ if (JetspeedSecurity.checkPermission(data,
JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) &&
+ ((!entry.isHidden())
&& (!entry.getType().equals(PortletEntry.TYPE_ABSTRACT))
- && entry.hasMediaType(mediaName))
+ && entry.hasMediaType(mediaName)))
{
list.add(entry);
}
@@ -493,9 +494,9 @@
PortletInfoEntry entry = (PortletInfoEntry)Registry.getEntry(regName,
(String)i.next());
- //FIXME: we should add security testing
- if ((!entry.isHidden())
- && entry.hasMediaType(mediaName))
+ if (JetspeedSecurity.checkPermission(data,
JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) &&
+ ((!entry.isHidden())
+ && entry.hasMediaType(mediaName)))
{
list.add(entry);
}
@@ -528,8 +529,8 @@
{
RegistryEntry entry = Registry.getEntry(regName,(String)i.next());
- //FIXME: we should add security testing
- if (!entry.isHidden())
+ if (JetspeedSecurity.checkPermission(data,
JetspeedSecurity.PERMISSION_CUSTOMIZE, entry) &&
+ (!entry.isHidden()))
{
list.add(entry);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
