Rainer Schöpf schrieb:
[...]
> > Another question: from the lenya startpage, I can create a new publication
> > without logging in. On the usecases page, only the role sitemanager is
> > listed for the usecase templating.createPublicationFromTemplate. I had
> > expected a login screen when I try to create a new publication via the web
> > gui.
>
> Usecase policies don't have an effect outside publications, that's why the
> usecase isn't protected when it is invoked on the Lenya start page. If you
> want this protection, you could for instance add a menu item "Create new
> publication" to your publication menu.
Yes, I understand, but how can I prevent anonymous execution of the usecase?
Even if I remove the link on the welcome page, I can still execute it by adding
?lenya.usecase=templating.createPublicationFromTemplate
to the welcome page URL.
If you're using 2.0 and not the current SVN version, the most
straightforward way I see is to add a new usecase, create a subclass of
the CreatePublicationFromTemplate class and add a precondition check, e.g.
URLInformation info = new URLInformation(getSourceUrl());
String pubId = info.getPublicationId();
DocumentFactory factory = getDocumentFactory();
if (pubId == null || !factory.existsPublication(pubId)) {
addErrorMessage("Can't invoke this usecase outside a pub.");
}
If you're using the trunk and I find the time this evening, I could add
a configuration option to the usecase which allows to disable it outside
publications and you could use it after an SVN update.
HTH,
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]