You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/07/31 15:42:35 UTC
svn commit: r561329 - in
/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business:
GuiceWebloggerProvider.java WebloggerFactory.java WebloggerProvider.java
Author: snoopdave
Date: Tue Jul 31 06:42:33 2007
New Revision: 561329
URL: http://svn.apache.org/viewvc?view=rev&rev=561329
Log:
Restoring ability to get instance from injector, need this to add custom managers and other extensions to backend.
Modified:
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java?view=diff&rev=561329&r1=561328&r2=561329
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java Tue Jul 31 06:42:33 2007
@@ -30,10 +30,10 @@
public class GuiceWebloggerProvider implements WebloggerProvider {
// Guice injector
- private final Injector injector;
+ protected final Injector injector;
// maintain our own singleton instance of Weblogger
- private Weblogger webloggerInstance = null;
+ protected Weblogger webloggerInstance = null;
/**
@@ -95,4 +95,10 @@
return webloggerInstance;
}
+ /**
+ * Get injected instance, for custom managers.
+ */
+ public <T> T getInstance(Class<T> type) {
+ return injector.getInstance(type);
+ }
}
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java?view=diff&rev=561329&r1=561328&r2=561329
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java Tue Jul 31 06:42:33 2007
@@ -65,6 +65,18 @@
/**
+ * Get injected instance, for custom managers.
+ */
+ public <T> T getInstance(Class<T> type) {
+ if (webloggerProvider == null) {
+ throw new IllegalStateException("Roller Weblogger has not been bootstrapped yet");
+ }
+
+ return webloggerProvider.getInstance(type);
+ }
+
+
+ /**
* Bootstrap the Roller Weblogger business tier, uses default WebloggerProvider.
*
* Bootstrapping the application effectively instantiates all the necessary
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java?view=diff&rev=561329&r1=561328&r2=561329
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java Tue Jul 31 06:42:33 2007
@@ -35,4 +35,9 @@
*/
public Weblogger getWeblogger();
+
+ /**
+ * Get injected instance, for custom managers.
+ */
+ public <T> T getInstance(Class<T> type);
}
Access to Comment Management page through email link results in
Permission Denied except for global administrator
Posted by he...@gsa.gov.
Use Case:
Blog entry creator clicks on "Link to comment management page:" in the
email and enters Comment Management page.
Result:
Only global administrator can access Comment Management page, other users
get a "Permission Denied" page.
Reason:
The code snippet is quoted from CommentManagementAction:query() method.
The logic expects weblog handle in request but the email link does not
provide it.
if (rreq.getWebsite() != null &&
rses.isUserAuthorized(rreq.getWebsite())) {
fwd = mapping.findForward("commentManagement.page");
}
// Ensure only global admins can see all comments
else if (rses.isGlobalAdminUser()) {
fwd = mapping.findForward("commentManagementGlobal.page");
}
else {
// And everybody else gets...
return mapping.findForward("access-denied");
}
The email sends to a blog entry creator has a link to Comment Management
page. This link is sent to roller-ui/authoring/commentManagement.do and
contains two parameters, method and entryId. The
CommentManagementAction:query() expects to find a weblog handle in request
object to check for authorization but it could not find one, that breaks
the if clause. Only the global administrator satisfies the else clause.
Other users will be forward to "access-denied" page.
Suggest Fix:
The email link is generated by the sendEmailNotification() method in
src\org\apache\roller\ui\rendering\servlets\CommentServlet.java and I
quote:
deleteURL.append("/roller-ui/authoring/commentManagement.do?method=query&entryId="
+ entry.getId());
Add weblog handle to this link:
deleteURL.append("/roller-ui/authoring/commentManagement.do?method=query"
+ "&weblog=" + site.getName() + "&entryId=" + entry.getId());
The weblog handle will be passed from email link into the request object
and can be checked for authorization. The entryId can be used to bring up
comment management page for this entry.
I'll log this bug in the "Roller Weblogger JIRA" and hope you can fix it
in the next release.
-hc
Re: svn commit: r561329 - in
/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business:
GuiceWebloggerProvider.java WebloggerFactory.java WebloggerProvider.java
Posted by Allen Gilliland <al...@sun.com>.
Dave,
i'm not sure that i understand why you want to provide a generic method
like you did for accessing managers or other things that Weblogger can't
possibly know about or make use of.
i think a better way to do what you want is to use subclassing and
casting. so instead of what you are suggesting ...
WebloggerFactory.getInstance(MyCustomManager.class);
... you would do this ...
MyWeblogger myWeblogger = (MyWeblogger) WebloggerFactory.getWeblogger();
MyCustomManager myManager = myWeblogger.getMyManager();
... which follows our current design patterns a bit more and is more in
line with our process of bootstrapping the app once and not using the
Injector again after that.
-- Allen
snoopdave@apache.org wrote:
> Author: snoopdave
> Date: Tue Jul 31 06:42:33 2007
> New Revision: 561329
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=561329
> Log:
> Restoring ability to get instance from injector, need this to add custom managers and other extensions to backend.
>
> Modified:
> roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java
> roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java
> roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java
>
> Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java
> URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java?view=diff&rev=561329&r1=561328&r2=561329
> ==============================================================================
> --- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java (original)
> +++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/GuiceWebloggerProvider.java Tue Jul 31 06:42:33 2007
> @@ -30,10 +30,10 @@
> public class GuiceWebloggerProvider implements WebloggerProvider {
>
> // Guice injector
> - private final Injector injector;
> + protected final Injector injector;
>
> // maintain our own singleton instance of Weblogger
> - private Weblogger webloggerInstance = null;
> + protected Weblogger webloggerInstance = null;
>
>
> /**
> @@ -95,4 +95,10 @@
> return webloggerInstance;
> }
>
> + /**
> + * Get injected instance, for custom managers.
> + */
> + public <T> T getInstance(Class<T> type) {
> + return injector.getInstance(type);
> + }
> }
>
> Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java
> URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java?view=diff&rev=561329&r1=561328&r2=561329
> ==============================================================================
> --- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java (original)
> +++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerFactory.java Tue Jul 31 06:42:33 2007
> @@ -65,6 +65,18 @@
>
>
> /**
> + * Get injected instance, for custom managers.
> + */
> + public <T> T getInstance(Class<T> type) {
> + if (webloggerProvider == null) {
> + throw new IllegalStateException("Roller Weblogger has not been bootstrapped yet");
> + }
> +
> + return webloggerProvider.getInstance(type);
> + }
> +
> +
> + /**
> * Bootstrap the Roller Weblogger business tier, uses default WebloggerProvider.
> *
> * Bootstrapping the application effectively instantiates all the necessary
>
> Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java
> URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java?view=diff&rev=561329&r1=561328&r2=561329
> ==============================================================================
> --- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java (original)
> +++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/WebloggerProvider.java Tue Jul 31 06:42:33 2007
> @@ -35,4 +35,9 @@
> */
> public Weblogger getWeblogger();
>
> +
> + /**
> + * Get injected instance, for custom managers.
> + */
> + public <T> T getInstance(Class<T> type);
> }
>
>