Author: andre
Date: 2009-10-28 21:27:35 +0100 (Wed, 28 Oct 2009)
New Revision: 39420
Modified:
openimages/trunk/src/main/java/eu/openimages/Authorization.java
Log:
a user has to be at least 'basic user' to be able to edit other users nodes
(thus preventing site users to edit anonymous f.e.)
Modified: openimages/trunk/src/main/java/eu/openimages/Authorization.java
===================================================================
--- openimages/trunk/src/main/java/eu/openimages/Authorization.java
2009-10-28 20:06:00 UTC (rev 39419)
+++ openimages/trunk/src/main/java/eu/openimages/Authorization.java
2009-10-28 20:27:35 UTC (rev 39420)
@@ -47,7 +47,9 @@
}
if (node.getBuilder() == up.getUserBuilder()) {
- if (user.getRank().getInt() >
up.getRank(node).getInt()) {
+ if (user.getRank().getInt() >= Rank.BASICUSER_INT &&
+ user.getRank().getInt() >
up.getRank(node).getInt()) {
+
if (log.isDebugEnabled()) {
log.debug("Higher rank so may read, write or
delete user node #" + node.getNumber());
}
@@ -83,7 +85,9 @@
MMObjectNode node = getNode(contextNode.getNumber(), false);
if (node.getBuilder() == up.getUserBuilder()) {
- if (up.getRank(userNode).getInt() >
up.getRank(node).getInt()) {
+ if (up.getRank(userNode).getInt() >= Rank.BASICUSER_INT &&
+ up.getRank(userNode).getInt() >
up.getRank(node).getInt()) {
+
if (log.isDebugEnabled()) {
log.debug("Higher rank so may read, write or
delete other user's node #" + node.getNumber());
}
_______________________________________________
Cvs mailing list
Cvs@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/cvs
