You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2007/11/21 13:29:44 UTC
svn commit: r597055 - in /lenya/trunk/src/modules-core/administration:
java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java
resources/i18n/cmsui.xml resources/i18n/cmsui_de.xml
Author: andreas
Date: Wed Nov 21 04:29:42 2007
New Revision: 597055
URL: http://svn.apache.org/viewvc?rev=597055&view=rev
Log:
Don't allow to assign a non-assignable role to an accreditable via URL manipulation
Modified:
lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java
lenya/trunk/src/modules-core/administration/resources/i18n/cmsui.xml
lenya/trunk/src/modules-core/administration/resources/i18n/cmsui_de.xml
Modified: lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java?rev=597055&r1=597054&r2=597055&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java (original)
+++ lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java Wed Nov 21 04:29:42 2007
@@ -35,6 +35,7 @@
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Group;
import org.apache.lenya.ac.IPRange;
+import org.apache.lenya.ac.Item;
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
@@ -220,6 +221,9 @@
if (role == null) {
addErrorMessage("role_no_such_role", new String[] { roleId });
}
+ if (!role.isAssignable()) {
+ addErrorMessage("cannot-assign-role", new String[] { roleId });
+ }
manipulateCredential(item, role, operations[j], method);
setParameter(SUB_CREDENTIALS, getSubtreeCredentials());
}
@@ -309,9 +313,15 @@
try {
policy = (ModifiablePolicy) getPolicyManager().buildSubtreePolicy(
getAccreditableManager(), getPolicyURL());
-
+
if (operation.equals(ADD)) {
- policy.addRole(accreditable, role, method);
+ if (containsCredential(policy, accreditable, role)) {
+ addErrorMessage("credential-already-contained",
+ new String[] { ((Item) accreditable).getId(), role.getId() });
+ }
+ else {
+ policy.addRole(accreditable, role, method);
+ }
} else if (operation.equals(DELETE)) {
policy.removeRole(accreditable, role);
} else if (operation.equals(UP)) {
@@ -324,6 +334,20 @@
} catch (Exception e) {
throw new ProcessingException("Manipulating credential failed: ", e);
}
+ }
+
+ protected boolean containsCredential(ModifiablePolicy policy, Accreditable accreditable, Role role)
+ throws AccessControlException {
+ Credential[] credentials = policy.getCredentials();
+ boolean contains = false;
+ int i = 0;
+ while (!contains && i < credentials.length) {
+ Accreditable credAccr = credentials[i].getAccreditable();
+ Role credRole = credentials[i].getRole();
+ contains = credAccr.equals(accreditable) && credRole.equals(role);
+ i++;
+ }
+ return contains;
}
/**
Modified: lenya/trunk/src/modules-core/administration/resources/i18n/cmsui.xml
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/administration/resources/i18n/cmsui.xml?rev=597055&r1=597054&r2=597055&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/administration/resources/i18n/cmsui.xml (original)
+++ lenya/trunk/src/modules-core/administration/resources/i18n/cmsui.xml Wed Nov 21 04:29:42 2007
@@ -44,5 +44,10 @@
<message key="The password must be at least six characters long.">The password must be at least six characters long.</message>
<message key="The password must contain at least one number.">The password must contain at least one number.</message>
<message key="IP Range Groups">IP Range Groups</message>
+
+ <message key="cannot-assign-role">The role <xhtml:q>{0}</xhtml:q> cannot be assigned.</message>
+ <message key="credential-already-contained">
+ The role <xhtml:q>{1}</xhtml:q> is already assigned to the object <xhtml:q>{0}</xhtml:q>.
+ </message>
</catalogue>
Modified: lenya/trunk/src/modules-core/administration/resources/i18n/cmsui_de.xml
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/administration/resources/i18n/cmsui_de.xml?rev=597055&r1=597054&r2=597055&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/administration/resources/i18n/cmsui_de.xml (original)
+++ lenya/trunk/src/modules-core/administration/resources/i18n/cmsui_de.xml Wed Nov 21 04:29:42 2007
@@ -44,6 +44,11 @@
<message key="The password must be at least six characters long.">Das Passwort muss mindestens 6 Zeichen lang sein.</message>
<message key="The password must contain at least one number.">Das Passwort muss mindestens eine Ziffer enthalten.</message>
<message key="IP Range Groups">Gruppen des<br/>IP-Bereichs</message>
+
+ <message key="cannot-assign-role">Die Rolle <xhtml:q>{0}</xhtml:q> kann nicht zugeordnet werden.</message>
+ <message key="credential-already-contained">
+ Die Rolle <xhtml:q>{1}</xhtml:q> wurde dem Objekt <xhtml:q>{0}</xhtml:q> bereits zugeordnet.
+ </message>
</catalogue>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org