You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by David Sean Taylor <da...@bluesunrise.com> on 2003/01/06 08:28:20 UTC
Re: Redundant permission checking
On Thursday, December 26, 2002, at 01:13 PM, Mark Orciuch wrote:
> Is there any purpose for checking portlet view permission in
> StatefulPortletWrapper.isClosed and in
> StatefulPortletWrapper.isMinimized:
>
> /**
> * Returns true if this portlet is currently closed
> */
> public final boolean isClosed(RunData rundata)
> {
> if( checkPermission(rundata,
> JetspeedSecurity.PERMISSION_VIEW ) )
> {
> return wrappedState.isClosed( rundata );
> }
> else
> {
> //FIXME: for the moment we will allow this call to
> succeed...
> //throw new TurbineRuntimeException( "Security check
> failed" );
> return wrappedState.isClosed( rundata );
> }
> }
>
> /**
> * Returns true if this portlet is currently minimized
> */
> public boolean isMinimized(RunData rundata)
> {
> if( checkPermission(rundata,
> JetspeedSecurity.PERMISSION_VIEW ) )
> {
> return wrappedState.isMinimized( rundata );
> }
> else
> {
> //FIXME: for the moment we will allow this call to
> succeed...
> //throw new TurbineRuntimeException( "Security check
> failed" );
> return wrappedState.isMinimized( rundata );
> }
> }
>
> I can't see a reason why to do this and it screws up the portlet access
> logging (each portlet view is logged 3 times per page). Does anyone
> have any
> objections to remove this check?
>
+1 for removing it
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>