Rainer Schöpf schrieb:

[...]

 > > Another question: from the lenya startpage, I can create a new publication
 > > without logging in. On the usecases page, only the role sitemanager is
 > > listed for the usecase templating.createPublicationFromTemplate. I had
 > > expected a login screen when I try to create a new publication via the web
 > > gui.
> > Usecase policies don't have an effect outside publications, that's why the
 > usecase isn't protected when it is invoked on the Lenya start page. If you
 > want this protection, you could for instance add a menu item "Create new
 > publication" to your publication menu.

Yes, I understand, but how can I prevent anonymous execution of the usecase? Even if I remove the link on the welcome page, I can still execute it by adding

 ?lenya.usecase=templating.createPublicationFromTemplate

to the welcome page URL.


If you're using 2.0 and not the current SVN version, the most straightforward way I see is to add a new usecase, create a subclass of the CreatePublicationFromTemplate class and add a precondition check, e.g.

  URLInformation info = new URLInformation(getSourceUrl());
  String pubId = info.getPublicationId();
  DocumentFactory factory = getDocumentFactory();
  if (pubId == null || !factory.existsPublication(pubId)) {
      addErrorMessage("Can't invoke this usecase outside a pub.");
  }

If you're using the trunk and I find the time this evening, I could add a configuration option to the usecase which allows to disable it outside publications and you could use it after an SVN update.

HTH,

-- Andreas


--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to