You are viewing a plain text version of this content. The canonical link for it is here.
Posted to tdk-dev@turbine.apache.org by Eric Dobbs <er...@dobbse.net> on 2001/03/30 23:57:40 UTC
Patches+: Security additions to the peer app
Hi All.
Here's a little present for the TDK. I'm leaving right now
for vaccation. I'll be back on Thursday to answer any questions.
The short story is that I've added several users and roles,
one group, and several permission to the default installation.
And I've added several security checks in the templates and
actions.
Assuming that I understand turbine security correctly, I think
it will make a useful reference. I hope someone who knows they
understand turbine security will correct me if I've got it wrong.
It should also give folks a way to play with flux right away.
In the long run, I think the peer app should be called the
Turbine Manager, or Control Panel, or some such. It would be
cool if each app that illustrates a service could also be given
permission checks. That way a turbine administrator could
delegate administrative responsibilities.
Maybe that's scope creep. 8^)
Couple other notes. If I had more time before I had to catch a
plane I would try to replace my hard-coded strings with TR.props
values or constants in some shared class.
Hope you like it.
-Eric
ps. contents include many diffs and one new file.
--- share\conf\torque\templates\sql\security\default-roles-perms.vm.orig Thu Mar 29 23:16:14 2001
+++ share\conf\torque\templates\sql\security\default-roles-perms.vm Fri Mar 30 20:27:56 2001
@@ -6,49 +6,225 @@
---------------------------------------------------------------------------
-- Create the global group
-- this group is used to assign system-wide roles to users
+--
+-- Create the TurbineDataManager group
+-- this group is used to assign TurbineDataManager roles to users
---------------------------------------------------------------------------
INSERT INTO TURBINE_GROUP (GROUP_ID, GROUP_NAME) VALUES (1,'global');
+INSERT INTO TURBINE_GROUP (GROUP_ID, GROUP_NAME) VALUES
(2,'TurbineDataManager');
---------------------------------------------------------------------------
--- Create the root role
+-- Create the following roles:
+-- turbine_root
+-- admin
+-- editor
+-- contributor
+-- user
---------------------------------------------------------------------------
INSERT INTO TURBINE_ROLE (ROLE_ID, ROLE_NAME) VALUES (1, 'turbine_root');
+INSERT INTO TURBINE_ROLE (ROLE_ID, ROLE_NAME) VALUES (2, 'admin');
+INSERT INTO TURBINE_ROLE (ROLE_ID, ROLE_NAME) VALUES (3, 'editor');
+INSERT INTO TURBINE_ROLE (ROLE_ID, ROLE_NAME) VALUES (4, 'contributor');
+INSERT INTO TURBINE_ROLE (ROLE_ID, ROLE_NAME) VALUES (5, 'user');
---------------------------------------------------------------------------
-- Create an account 'turbine' for system administartor
-- Remeber to set a good password for this user in a production system!
+--
+-- Create the following additional users:
+-- Generic Admin
+-- Generic Editor
+-- Generic Contributor
+-- Generic User
---------------------------------------------------------------------------
-INSERT INTO TURBINE_USER
- (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
+INSERT INTO TURBINE_USER
+ (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
VALUES
(0, 'turbine', 'turbine', 'turbine', 'turbine');
+INSERT INTO TURBINE_USER
+ (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
+ VALUES
+ (1, 'admin', 'admin', 'Generic', 'Admin');
+INSERT INTO TURBINE_USER
+ (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
+ VALUES
+ (2, 'editor', 'editor', 'Generic', 'Editor');
+INSERT INTO TURBINE_USER
+ (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
+ VALUES
+ (3, 'contributor', 'contributor', 'Generic', 'Contributor');
+INSERT INTO TURBINE_USER
+ (USER_ID, LOGIN_NAME, PASSWORD_VALUE, FIRST_NAME, LAST_NAME)
+ VALUES
+ (4, 'user', 'user', 'Generic', 'User');
---------------------------------------------------------------------------
-- Assign the user 'turbine' a system-wide role 'turbine_root'
----------------------------------------------------------------------------
-INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
-SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
-TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
-WHERE TURBINE_USER.LOGIN_NAME = 'turbine' AND
+-- Also assign all the other users 'turbine_root' so they can login
+-- Assign 'admin' the 'admin' role in 'TurbineDataManager' group
+-- Assign 'editor' the 'editor' role in 'TurbineDataManager' group
+-- Assign 'contributor' the 'contributor' role in 'TurbineDataManager'
group
+-- Assign 'user' the 'user' role in 'TurbineDataManager' group
+---------------------------------------------------------------------------
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'turbine' AND
+TURBINE_GROUP.GROUP_NAME = 'global' AND TURBINE_ROLE.ROLE_NAME =
'turbine_root';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'admin' AND
+TURBINE_GROUP.GROUP_NAME = 'global' AND TURBINE_ROLE.ROLE_NAME =
'turbine_root';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'editor' AND
+TURBINE_GROUP.GROUP_NAME = 'global' AND TURBINE_ROLE.ROLE_NAME =
'turbine_root';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'contributor' AND
TURBINE_GROUP.GROUP_NAME = 'global' AND TURBINE_ROLE.ROLE_NAME =
'turbine_root';
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'user' AND
+TURBINE_GROUP.GROUP_NAME = 'global' AND TURBINE_ROLE.ROLE_NAME =
'turbine_root';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'admin' AND
+TURBINE_GROUP.GROUP_NAME = 'TurbineDataManager' AND
TURBINE_ROLE.ROLE_NAME = 'admin';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'editor' AND
+TURBINE_GROUP.GROUP_NAME = 'TurbineDataManager' AND
TURBINE_ROLE.ROLE_NAME = 'editor';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'contributor' AND
+TURBINE_GROUP.GROUP_NAME = 'TurbineDataManager' AND
TURBINE_ROLE.ROLE_NAME = 'contributor';
+
+INSERT INTO TURBINE_USER_GROUP_ROLE ( USER_ID, GROUP_ID, ROLE_ID )
+SELECT TURBINE_USER.USER_ID, TURBINE_GROUP.GROUP_ID,
TURBINE_ROLE.ROLE_ID from
+TURBINE_USER, TURBINE_GROUP, TURBINE_ROLE
+WHERE TURBINE_USER.LOGIN_NAME = 'user' AND
+TURBINE_GROUP.GROUP_NAME = 'TurbineDataManager' AND
TURBINE_ROLE.ROLE_NAME = 'user';
+
---------------------------------------------------------------------------
-- Add some default permissions
+-- Also add the following:
+-- login
+-- insert
+-- update
+-- delete
---------------------------------------------------------------------------
-INSERT INTO TURBINE_PERMISSION
- (PERMISSION_ID, PERMISSION_NAME)
- VALUES
- (1, 'admin_users');
+INSERT INTO TURBINE_PERMISSION (PERMISSION_ID, PERMISSION_NAME) VALUES
(1, 'admin_users');
+INSERT INTO TURBINE_PERMISSION (PERMISSION_ID, PERMISSION_NAME) VALUES
(2, 'login');
+INSERT INTO TURBINE_PERMISSION (PERMISSION_ID, PERMISSION_NAME) VALUES
(3, 'insert');
+INSERT INTO TURBINE_PERMISSION (PERMISSION_ID, PERMISSION_NAME) VALUES
(4, 'update');
+INSERT INTO TURBINE_PERMISSION (PERMISSION_ID, PERMISSION_NAME) VALUES
(5, 'delete');
---------------------------------------------------------------------------
-- Add some permissions for the root role
---------------------------------------------------------------------------
-INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
-SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
TURBINE_ROLE, TURBINE_PERMISSION
-WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'admin_users' AND
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'admin_users' AND
TURBINE_ROLE.ROLE_NAME = 'turbine_root';
+
+---------------------------------------------------------------------------
+-- Add default permissions for the admin
+-- login, insert, update, delete
+---------------------------------------------------------------------------
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'login' AND
+TURBINE_ROLE.ROLE_NAME = 'admin';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'insert' AND
+TURBINE_ROLE.ROLE_NAME = 'admin';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'update' AND
+TURBINE_ROLE.ROLE_NAME = 'admin';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'delete' AND
+TURBINE_ROLE.ROLE_NAME = 'admin';
+
+---------------------------------------------------------------------------
+-- Add default permissions for the editor
+-- login, insert, update, delete
+---------------------------------------------------------------------------
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'login' AND
+TURBINE_ROLE.ROLE_NAME = 'editor';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'insert' AND
+TURBINE_ROLE.ROLE_NAME = 'editor';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'update' AND
+TURBINE_ROLE.ROLE_NAME = 'editor';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'delete' AND
+TURBINE_ROLE.ROLE_NAME = 'editor';
+
+---------------------------------------------------------------------------
+-- Add default permissions for the contributor
+-- login, insert
+---------------------------------------------------------------------------
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'login' AND
+TURBINE_ROLE.ROLE_NAME = 'contributor';
+
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'insert' AND
+TURBINE_ROLE.ROLE_NAME = 'contributor';
+
+---------------------------------------------------------------------------
+-- Add default permissions for the user
+-- login
+---------------------------------------------------------------------------
+INSERT INTO TURBINE_ROLE_PERMISSION (ROLE_ID,PERMISSION_ID)
+SELECT TURBINE_ROLE.ROLE_ID, TURBINE_PERMISSION.PERMISSION_ID FROM
+TURBINE_ROLE, TURBINE_PERMISSION
+WHERE TURBINE_PERMISSION.PERMISSION_NAME = 'login' AND
+TURBINE_ROLE.ROLE_NAME = 'user';
--- share\velocity\peer\templates\layouts\Default.vm.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\templates\layouts\Default.vm Fri Mar 30 19:33:08 2001
@@ -5,7 +5,7 @@
</td>
</tr>
<tr>
- <td width="20" align="left" valign="top">
+ <td width="170" align="left" valign="top">
$navigation.setTemplate("/Menu.vm")
</td>
<td align="left" valign="top">
--- share\velocity\peer\templates\navigations\Menu.vm.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\templates\navigations\Menu.vm Fri Mar 30 19:31:50 2001
@@ -1,5 +1,7 @@
<font face="$ui.sansSerifFonts">
-<a href="$link.setPage("Insert.vm")">Insert Entry</a>
+<a href="$link.setAction("LogoutUser")">Logout</a>
+<p>
+<a href="$link.setPage("Index.vm")">Sample Application</a>
<p>
<b>Flux</b>
<br>
--- share\velocity\peer\templates\screens\Form.vm.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\templates\screens\Form.vm Fri Mar 30 20:33:32 2001
@@ -7,7 +7,7 @@
<form method="post" action="$link.setPage("Index.vm").setAction("SQL")">
<div align="left">
<table bgcolor="#ffffff" cellpadding="5">
- <tr>
+ <tr>
#formCell ("Title" "title" $entry.Title)
</tr>
<tr>
@@ -23,11 +23,19 @@
#formCell ("Body" "body" $entry.Body)
</tr>
</table>
-
+
<input type="hidden" name="rdfid" value="$entry.RdfId"/>
+#if ($acl.hasPermission("insert","TurbineDataManager"))
<input type="submit" name="eventSubmit_doInsert" value="Insert"/>
+#end
+
+#if ($acl.hasPermission("update","TurbineDataManager"))
<input type="submit" name="eventSubmit_doUpdate" value="Update"/>
+#end
+
+#if ($acl.hasPermission("delete","TurbineDataManager"))
<input type="submit" name="eventSubmit_doDelete" value="Delete"/>
+#end
</div>
</form>
</body>
--- share\velocity\peer\templates\screens\Index.vm.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\templates\screens\Index.vm Fri Mar 30 20:33:19 2001
@@ -2,6 +2,9 @@
$page.setBgColor("#ffffff")
#set ( $headings = ["Title", "Dept", "Author", "Url","Body"," "] )
+#set ( $insert = $acl.hasPermission("insert","TurbineDataManager") )
+#set ( $update = $acl.hasPermission("update","TurbineDataManager") )
+#set ( $delete = $acl.hasPermission("delete","TurbineDataManager") )
#if ($entries)
<table>
@@ -11,9 +14,9 @@
<tr>
#foreach ($heading in $headings)
#headerCell ($heading)
- #end
+ #end
</tr>
-
+
#foreach ($entry in $entries)
<tr>
#entryCell ($entry.Title)
@@ -21,11 +24,19 @@
#entryCell ($entry.Author)
#entryCell ($entry.Url)
#entryCell ($entry.Body)
- <td><a href="$link.setPage("Form.vm").addPathInfo("rdfid",
$entry.RdfId)">Edit</a></td>
- </tr>
+ <td>
+#if ( $insert || $update || $delete )
+ <a href="$link.setPage("Form.vm").addPathInfo("rdfid",
$entry.RdfId)">Edit</a>
+#end
+ </td>
+ </tr>
#end
</table>
</td>
</tr>
</table>
+#end
+
+#if ( $insert )
+<a href="$link.setPage("Insert.vm")">Add Entry</a>
#end
--- share\velocity\peer\templates\screens\Insert.vm.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\templates\screens\Insert.vm Fri Mar 30 20:37:42 2001
@@ -23,6 +23,8 @@
#formCell ("Body" "body" "")
</tr>
</table>
- <input type="submit" name="eventSubmit_doInsert" value="Insert"/>
+#if ( $acl.hasPermission("insert","TurbineDataManager") )
+ <input type="submit" name="eventSubmit_doInsert" value="Insert"/>
+#end
</div>
</form>
--- share\velocity\peer\WEB-INF\src\actions\SQL.java.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\WEB-INF\src\actions\SQL.java Fri Mar 30 21:35:12 2001
@@ -60,6 +60,7 @@
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.db.Criteria;
+import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.modules.actions.VelocityAction;
import @TARGET_PACKAGE@.om.Rdf;
@@ -80,15 +81,22 @@
* into the database. This is merely an
* example of how to use peers, this certainly
* wouldn't be secure.
+ *
+ * This action fails silently if the user
+ * does not have "insert" permission in the
+ * "TurbineDataManager" group
*/
public void doInsert(RunData data, Context context)
throws Exception
{
- Rdf entry = new Rdf();
- data.getParameters().setProperties(entry);
- entry.save();
+ if (data.getACL().hasPermission("insert","TurbineDataManager"))
+ {
+ Rdf entry = new Rdf();
+ data.getParameters().setProperties(entry);
+ entry.save();
+ }
}
-
+
/**
* Update a record in the database with the
* information present in the web form.
@@ -96,27 +104,41 @@
* Again, this is merely an example. The data
* should be checked before being allowed
* into the database.
+ *
+ * This action fails silently if the user
+ * does not have "update" permission in the
+ * "TurbineDataManager" group
*/
public void doUpdate(RunData data, Context context)
throws Exception
{
- Rdf entry = new Rdf();
- data.getParameters().setProperties(entry);
- entry.setModified(true);
- entry.setNew(false);
- entry.save();
+ if (data.getACL().hasPermission("update","TurbineDataManager"))
+ {
+ Rdf entry = new Rdf();
+ data.getParameters().setProperties(entry);
+ entry.setModified(true);
+ entry.setNew(false);
+ entry.save();
+ }
}
/**
* Delete a record from the database using
* the unique id gleaned from the web form.
+ *
+ * This action fails silently if the user
+ * does not have "delete" permission in the
+ * "TurbineDataManager" group
*/
public void doDelete(RunData data, Context context)
throws Exception
{
- Criteria criteria = new Criteria();
- criteria.add(RdfPeer.RDF_ID, data.getParameters().getInt("rdfid"));
- RdfPeer.doDelete(criteria);
+ if (data.getACL().hasPermission("delete","TurbineDataManager"))
+ {
+ Criteria criteria = new Criteria();
+ criteria.add(RdfPeer.RDF_ID,
data.getParameters().getInt("rdfid"));
+ RdfPeer.doDelete(criteria);
+ }
}
/**
--- share\velocity\peer\WEB-INF\src\screens\Form.java.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\WEB-INF\src\screens\Form.java Fri Mar 30 19:50:07 2001
@@ -83,13 +83,14 @@
*/
public void doBuildTemplate( RunData data, Context context )
{
+ super.doBuildTemplate(data,context);
try
{
int entry_id = data.getParameters().getInt("rdfid");
Criteria criteria = new Criteria();
criteria.add(RdfPeer.RDF_ID, entry_id);
Rdf rdf = (Rdf) RdfPeer.doSelect(criteria).elementAt(0);
- context.put("entry", rdf);
+ context.put("entry", rdf);
}
catch (Exception e)
{
--- share\velocity\peer\WEB-INF\src\screens\Index.java.orig Thu Mar 29 23:16:06 2001
+++ share\velocity\peer\WEB-INF\src\screens\Index.java Fri Mar 30 19:50:38 2001
@@ -81,6 +81,7 @@
*/
public void doBuildTemplate( RunData data, Context context )
{
+ super.doBuildTemplate(data,context);
context.put("entries", getEntries());
}
New File:
share\velocity\peer\WEB-INF\src\screens\Insert.java
package @TARGET_PACKAGE@.modules.screens;
/*
* Copyright (c) 1997-1999 The Java Apache Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Java Apache
* Project for use in the Apache JServ servlet engine project
* <http://java.apache.org/>."
*
* 4. The names "Apache JServ", "Apache JServ Servlet Engine", "Turbine",
* "Apache Turbine", "Turbine Project", "Apache Turbine Project" and
* "Java Apache Project" must not be used to endorse or promote products
* derived from this software without prior written permission.
*
* 5. Products derived from this software may not be called "Apache JServ"
* nor may "Apache" nor "Apache JServ" appear in their names without
* prior written permission of the Java Apache Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Java Apache
* Project for use in the Apache JServ servlet engine project
* <http://java.apache.org/>."
*
* THIS SOFTWARE IS PROVIDED BY THE JAVA APACHE PROJECT "AS IS" AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE JAVA APACHE PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Java Apache Group. For more information
* on the Java Apache Project and the Apache JServ Servlet Engine project,
* please see <http://java.apache.org/>.
*
*/
import java.util.Vector;
import org.apache.turbine.modules.screens.VelocityScreen;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.db.Criteria;
import @TARGET_PACKAGE@.om.Rdf;
import @TARGET_PACKAGE@.om.RdfPeer;
import org.apache.velocity.context.Context;
/**
* Grabs a record from a database and makes
* the data available in the template.
*
* @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
*/
public class Insert extends SecureScreen
{
/**
* Grab a record from the database based on the entry_id
* found in the form. Make the data available in the
* template.
*/
public void doBuildTemplate( RunData data, Context context )
{
super.doBuildTemplate(data,context);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-tdk-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-tdk-dev-help@jakarta.apache.org
Re: Patches+: Security additions to the peer app
Posted by Eric Dobbs <er...@dobbse.net>.
Hi All.
Looks like my email client wrapped the patches. I've
been improving these changes lately and will send
revised (and hopefully non-wrapped) patches soon.
I've modified 15 files and created two. Yesterday I
was having trouble getting all of them into the body
of a single email. Would you prefer a separate email
for each patch? Does it matter?
-Eric
Eric Dobbs wrote:
> Hi All.
>
> Here's a little present for the TDK. I'm leaving right now
> for vaccation. I'll be back on Thursday to answer any questions.
>
> The short story is that I've added several users and roles,
> one group, and several permission to the default installation.
> And I've added several security checks in the templates and
> actions.
...
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-tdk-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-tdk-dev-help@jakarta.apache.org