Author: andre Date: 2009-10-28 21:27:35 +0100 (Wed, 28 Oct 2009) New Revision: 39420
Modified: openimages/trunk/src/main/java/eu/openimages/Authorization.java Log: a user has to be at least 'basic user' to be able to edit other users nodes (thus preventing site users to edit anonymous f.e.) Modified: openimages/trunk/src/main/java/eu/openimages/Authorization.java =================================================================== --- openimages/trunk/src/main/java/eu/openimages/Authorization.java 2009-10-28 20:06:00 UTC (rev 39419) +++ openimages/trunk/src/main/java/eu/openimages/Authorization.java 2009-10-28 20:27:35 UTC (rev 39420) @@ -47,7 +47,9 @@ } if (node.getBuilder() == up.getUserBuilder()) { - if (user.getRank().getInt() > up.getRank(node).getInt()) { + if (user.getRank().getInt() >= Rank.BASICUSER_INT && + user.getRank().getInt() > up.getRank(node).getInt()) { + if (log.isDebugEnabled()) { log.debug("Higher rank so may read, write or delete user node #" + node.getNumber()); } @@ -83,7 +85,9 @@ MMObjectNode node = getNode(contextNode.getNumber(), false); if (node.getBuilder() == up.getUserBuilder()) { - if (up.getRank(userNode).getInt() > up.getRank(node).getInt()) { + if (up.getRank(userNode).getInt() >= Rank.BASICUSER_INT && + up.getRank(userNode).getInt() > up.getRank(node).getInt()) { + if (log.isDebugEnabled()) { log.debug("Higher rank so may read, write or delete other user's node #" + node.getNumber()); } _______________________________________________ Cvs mailing list Cvs@lists.mmbase.org http://lists.mmbase.org/mailman/listinfo/cvs