Mark Dimon wrote:
>I found another related problem , with 'entry' being null in
>checkPermisson() in jetspeedDBSecurityService and not caught now that that
>the function is being executed due to the &&. + I got problems after making
>that change .. not sure if related , will do some more checking tommorow
>
Yes. I took the security conscious approach (no entry, no permission).
Maybe someone can check why entry is null sometimes...
I think the patch you sent was not really needed. The problem is with
AbstractPortlet.allowXXX(), which is not making the security checks. I'm
currently testing this. I'll report on this one.
>
>
>Regards Mark.
>
>----- Original Message -----
>From: "Santiago Gala" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, October 16, 2001 11:22 AM
>Subject: Re: AbstractPortletControl Bug ???
>
>
>>Mark Dimon wrote:
>>
>>>Hi,
>>>
>>>I've noticed that in
>>>
>>>org.apache.jetspeed.portal.controls.AbstractPortletControl
>>>
>>>the methods *like* allowClose() do the security check with a || rather
>>>
>than
>
>>>an && , if I change this to && then the permissions behave as
>>>expected and you can now disable the close icon's ect for users with the
>>>admin pane.
>>>
>>>Is this a bug ? or something unfinished ?
>>>
>>It *was* a bug :-)
>>
>>Thanks a lot. I was trying to find just now why this feature was not
>>working. I'll patch this in a few hours.
>>
>>>
>>---------------------------------------------------------------------------
>>
>>> public boolean allowClose( RunData rundata )
>>> {
>>> Portlet p = getPortlet();
>>>
>>> if (p==null) return false;
>>>
>>> if ((p instanceof PortletSet)
>>> /*** this should be && not || ??? ***/ ||
>>>(JetspeedSecurity.checkPermission(rundata,
>>>
>>>JetspeedSecurity.PERMISSION_CLOSE,
>>> p)))
>>> {
>>> if (p instanceof PortletState)
>>> {
>>> return ((PortletState)p).allowClose(rundata);
>>> }
>>> }
>>>
>>> return false;
>>> }
>>>
>>---------------------------------------------------------------------------
>>
>-
>
>>>-
>>>
>>>
>>>
>>>Regards Mark
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
