From 90a259d1e72f4938fef227337c5ef25b1f38d3b7 Mon Sep 17 00:00:00 2001 From: jensp Date: Mon, 19 Dec 2011 20:30:34 +0000 Subject: [PATCH] =?UTF-8?q?Pr=C3=BCfung=20f=C3=BCr=20Preview-Berechtiung?= =?UTF-8?q?=20korrigiert.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://svn.libreccm.org/ccm/trunk@1379 8810af33-2d31-482b-a856-94f89814c4df --- .../PublicPersonalProfilesServlet.java | 37 +++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/ccm-cms-publicpersonalprofile/src/com/arsdigita/cms/publicpersonalprofile/PublicPersonalProfilesServlet.java b/ccm-cms-publicpersonalprofile/src/com/arsdigita/cms/publicpersonalprofile/PublicPersonalProfilesServlet.java index b726a6583..9f0b4879a 100644 --- a/ccm-cms-publicpersonalprofile/src/com/arsdigita/cms/publicpersonalprofile/PublicPersonalProfilesServlet.java +++ b/ccm-cms-publicpersonalprofile/src/com/arsdigita/cms/publicpersonalprofile/PublicPersonalProfilesServlet.java @@ -26,13 +26,14 @@ import com.arsdigita.cms.contenttypes.PublicPersonalProfileNavItemCollection; import com.arsdigita.cms.contenttypes.PublicPersonalProfileXmlUtil; import com.arsdigita.cms.dispatcher.CMSDispatcher; import com.arsdigita.cms.dispatcher.ItemResolver; -import com.arsdigita.cms.dispatcher.XMLGenerator; +import com.arsdigita.cms.dispatcher.Utilities; import com.arsdigita.cms.publicpersonalprofile.ui.PublicPersonalProfileNavItemsAddForm; +import com.arsdigita.dispatcher.AccessDeniedException; import com.arsdigita.dispatcher.DispatcherHelper; import com.arsdigita.domain.DataObjectNotFoundException; import com.arsdigita.domain.DomainObjectFactory; import com.arsdigita.globalization.GlobalizationHelper; -import com.arsdigita.kernel.permissions.PrivilegeDescriptor; +import com.arsdigita.kernel.Kernel; import com.arsdigita.persistence.DataCollection; import com.arsdigita.persistence.DataObject; import com.arsdigita.persistence.OID; @@ -43,6 +44,7 @@ import com.arsdigita.templating.Templating; import com.arsdigita.toolbox.ui.ApplicationAuthenticationListener; import com.arsdigita.web.Application; import com.arsdigita.web.BaseApplicationServlet; +import com.arsdigita.web.LoginSignal; import com.arsdigita.web.RedirectSignal; import com.arsdigita.xml.Document; import com.arsdigita.xml.Element; @@ -153,11 +155,6 @@ public class PublicPersonalProfilesServlet extends BaseApplicationServlet { } } - if (preview) { - page.addRequestListener( - new ApplicationAuthenticationListener(PrivilegeDescriptor.EDIT)); - } - page.lock(); Document document = page.buildDocument(request, response); @@ -195,6 +192,32 @@ public class PublicPersonalProfilesServlet extends BaseApplicationServlet { newInstance(profiles.getDataObject()); profiles.close(); + if (preview) { + if (Kernel.getContext().getParty() == null) { + throw new LoginSignal(request); + } else { + + com.arsdigita.cms.SecurityManager securityManager = + Utilities. + getSecurityManager(state); + + final boolean canEdit = securityManager.canAccess( + state.getRequest(), + com.arsdigita.cms.SecurityManager.PREVIEW_PAGES, + profile); + + if (!canEdit) { + throw new AccessDeniedException("user " + Kernel. + getContext().getParty().getOID() + + " doesn't have the " + + com.arsdigita.cms.SecurityManager.EDIT_ITEM + + " privilege on " + + profile.getOID(). + toString()); + } + } + } + if (config.getEmbedded()) { final ContentSection section = profile.getContentSection();