On Mon, 10 Mar 2008, Andreas Hartmann wrote:
> Rainer Schöpf schrieb:
>
> [...]
>
> > > > Another question: from the lenya startpage, I can create a new
> > publication
> > > > without logging in. On the usecases page, only the role sitemanager is
> > > > listed for the usecase templating.createPublicationFromTemplate. I had
> > > > expected a login screen when I try to create a new publication via the
> > web
> > > > gui.
> > > > Usecase policies don't have an effect outside publications, that's
> > why the
> > > usecase isn't protected when it is invoked on the Lenya start page. If
> > you
> > > want this protection, you could for instance add a menu item "Create new
> > > publication" to your publication menu.
> >
> > Yes, I understand, but how can I prevent anonymous execution of the
> > usecase? Even if I remove the link on the welcome page, I can still execute
> > it by adding
> >
> > ?lenya.usecase=templating.createPublicationFromTemplate
> >
> > to the welcome page URL.
>
>
> If you're using 2.0 and not the current SVN version, the most straightforward
> way I see is to add a new usecase, create a subclass of the
> CreatePublicationFromTemplate class and add a precondition check, e.g.
>
> URLInformation info = new URLInformation(getSourceUrl());
> String pubId = info.getPublicationId();
> DocumentFactory factory = getDocumentFactory();
> if (pubId == null || !factory.existsPublication(pubId)) {
> addErrorMessage("Can't invoke this usecase outside a pub.");
> }
>
> If you're using the trunk and I find the time this evening, I could add a
> configuration option to the usecase which allows to disable it outside
> publications and you could use it after an SVN update.
At the moment, I'm using 2.0.
However, it just occured to me that - since I'm using apache and the ajp proxy
to access tomcat from the outside - I can filter the URL from within apache.
So, I'm happy with the current state of affairs ;-)
Thanks a lot
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]