Is cloning a new feature in JSPWiki, or a plugin? I'm using 2.6.3.
--
Bobman
On Wed, Jul 9, 2008 at 2:43 PM, Dirk Frederickx <[EMAIL PROTECTED]>
wrote:
> > As far as security, I can imagine someone might try to view a page they
> > otherwise don't have access to by creating a 'clone' of it (as Dirk
> > suggests; I like that terminology, BTW). But isn't it possible to check
> the
> > permissions for the original page within the plugin? I think I've seen
> that
> > in the code I've been looking at so far.
>
> Good point! I need to add e permission check around the cloning
> functionality (next commit)
> Here is how you can do it yourself :
>
>
> String clone = request.getParameter( "clone" );
> if( clone != null )
> {
> WikiPage p = engine.getPage( clone );
> if( p != null )
> {
> AuthorizationManager mgr = engine.getAuthorizationManager();
> PagePermission pp = new PagePermission( p,
> PagePermission.VIEW_ACTION );
>
> try
> {
> if( mgr.checkPermission( context.getWikiSession(), pp ) )
> {
> usertext = engine.getPureText( p );
> }
> }
> catch( Exception e ) { /*log.error( "Accessing clone page
> "+clone, e );*/ }
> }
> }
>
> dirk
>
