LibreCCM
/
libreccm-legacy
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prüfung für Preview-Berechtiung korrigiert. 

git-svn-id: https://svn.libreccm.org/ccm/trunk@1379 8810af33-2d31-482b-a856-94f89814c4df
master
jensp 2011-12-19 20:30:34 +00:00
parent b477086130
commit 90a259d1e7
1 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
ccm-cms-publicpersonalprofile/src/com/arsdigita/cms/publicpersonalprofile/PublicPersonalProfilesServlet.java
View File

@ -26,13 +26,14 @@ import com.arsdigita.cms.contenttypes.PublicPersonalProfileNavItemCollection;
import com.arsdigita.cms.contenttypes.PublicPersonalProfileXmlUtil; import com.arsdigita.cms.contenttypes.PublicPersonalProfileXmlUtil;
import com.arsdigita.cms.dispatcher.CMSDispatcher; import com.arsdigita.cms.dispatcher.CMSDispatcher;
import com.arsdigita.cms.dispatcher.ItemResolver; import com.arsdigita.cms.dispatcher.ItemResolver;
import com.arsdigita.cms.dispatcher.XMLGenerator; import com.arsdigita.cms.dispatcher.Utilities;
import com.arsdigita.cms.publicpersonalprofile.ui.PublicPersonalProfileNavItemsAddForm; import com.arsdigita.cms.publicpersonalprofile.ui.PublicPersonalProfileNavItemsAddForm;
import com.arsdigita.dispatcher.AccessDeniedException;
import com.arsdigita.dispatcher.DispatcherHelper; import com.arsdigita.dispatcher.DispatcherHelper;
import com.arsdigita.domain.DataObjectNotFoundException; import com.arsdigita.domain.DataObjectNotFoundException;
import com.arsdigita.domain.DomainObjectFactory; import com.arsdigita.domain.DomainObjectFactory;
import com.arsdigita.globalization.GlobalizationHelper; import com.arsdigita.globalization.GlobalizationHelper;
import com.arsdigita.kernel.permissions.PrivilegeDescriptor; import com.arsdigita.kernel.Kernel;
import com.arsdigita.persistence.DataCollection; import com.arsdigita.persistence.DataCollection;
import com.arsdigita.persistence.DataObject; import com.arsdigita.persistence.DataObject;
import com.arsdigita.persistence.OID; import com.arsdigita.persistence.OID;
@ -43,6 +44,7 @@ import com.arsdigita.templating.Templating;
import com.arsdigita.toolbox.ui.ApplicationAuthenticationListener; import com.arsdigita.toolbox.ui.ApplicationAuthenticationListener;
import com.arsdigita.web.Application; import com.arsdigita.web.Application;
import com.arsdigita.web.BaseApplicationServlet; import com.arsdigita.web.BaseApplicationServlet;
import com.arsdigita.web.LoginSignal;
import com.arsdigita.web.RedirectSignal; import com.arsdigita.web.RedirectSignal;
import com.arsdigita.xml.Document; import com.arsdigita.xml.Document;
import com.arsdigita.xml.Element; import com.arsdigita.xml.Element;
@ -153,11 +155,6 @@ public class PublicPersonalProfilesServlet extends BaseApplicationServlet {
} }
} }
if (preview) {
page.addRequestListener(
new ApplicationAuthenticationListener(PrivilegeDescriptor.EDIT));
}
page.lock(); page.lock();
Document document = page.buildDocument(request, response); Document document = page.buildDocument(request, response);
@ -195,6 +192,32 @@ public class PublicPersonalProfilesServlet extends BaseApplicationServlet {
newInstance(profiles.getDataObject()); newInstance(profiles.getDataObject());
profiles.close(); profiles.close();
if (preview) {
if (Kernel.getContext().getParty() == null) {
throw new LoginSignal(request);
} else {
com.arsdigita.cms.SecurityManager securityManager =
Utilities.
getSecurityManager(state);
final boolean canEdit = securityManager.canAccess(
state.getRequest(),
com.arsdigita.cms.SecurityManager.PREVIEW_PAGES,
profile);
if (!canEdit) {
throw new AccessDeniedException("user " + Kernel.
getContext().getParty().getOID()
+ " doesn't have the "
+ com.arsdigita.cms.SecurityManager.EDIT_ITEM
+ " privilege on "
+ profile.getOID().
toString());
}
}
}
if (config.getEmbedded()) { if (config.getEmbedded()) {
final ContentSection section = final ContentSection section =
profile.getContentSection(); profile.getContentSection();