You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2020/03/29 09:39:30 UTC
[jspwiki] 30/36: Honor page ACLs on SisterSites.jsp + proper
attachment detection
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit d223f2a4e14e0d569231a9f30952a52d96482a38
Author: juanpablo <ju...@apache.org>
AuthorDate: Sat Mar 28 18:25:01 2020 +0100
Honor page ACLs on SisterSites.jsp + proper attachment detection
---
jspwiki-war/src/main/webapp/SisterSites.jsp | 30 +++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/jspwiki-war/src/main/webapp/SisterSites.jsp b/jspwiki-war/src/main/webapp/SisterSites.jsp
index 18aad79..90481cc 100644
--- a/jspwiki-war/src/main/webapp/SisterSites.jsp
+++ b/jspwiki-war/src/main/webapp/SisterSites.jsp
@@ -22,7 +22,10 @@
<%@ page import="org.apache.log4j.*" %>
<%@ page import="org.apache.wiki.api.core.*" %>
<%@ page import="org.apache.wiki.api.spi.Wiki" %>
+<%@ page import="org.apache.wiki.attachment.AttachmentManager" %>
<%@ page import="org.apache.wiki.auth.AuthorizationManager" %>
+<%@ page import="org.apache.wiki.auth.permissions.*" %>
+<%@ page import="org.apache.wiki.pages.PageManager" %>
<%@ page import="org.apache.wiki.preferences.Preferences" %>
<%@ page import="org.apache.wiki.references.ReferenceManager" %>
<%@ page import="org.apache.wiki.rss.*" %>
@@ -32,28 +35,27 @@
%>
<%
/*
- * This JSP creates support for the SisterSites standard,
- * as specified by http://usemod.com/cgi-bin/mb.pl?SisterSitesImplementationGuide
- *
- * FIXME: Does not honor the ACL's on the pages.
+ * This JSP creates support for the SisterSites standard, as specified by
+ * http://usemod.com/cgi-bin/mb.pl?SisterSitesImplementationGuide
*/
Engine wiki = Wiki.engine().find( getServletConfig() );
// Create wiki context and check for authorization
Context wikiContext = Wiki.context().create( wiki, request, ContextEnum.PAGE_RSS.getRequestContext() );
- if(!wiki.getManager( AuthorizationManager.class ).hasAccess( wikiContext, response )) return;
+ if( !wiki.getManager( AuthorizationManager.class ).hasAccess( wikiContext, response ) ) return;
Set< String > allPages = wiki.getManager( ReferenceManager.class ).findCreated();
response.setContentType("text/plain; charset=UTF-8");
- for( Iterator< String > i = allPages.iterator(); i.hasNext(); ) {
- String pageName = i.next();
-
+ for( String pageName : allPages ) {
// Let's not add attachments.
- // TODO: This is a kludge and not forward-compatible.
-
- if( pageName.indexOf("/") != -1 ) continue;
- String url = wikiContext.getViewURL( pageName );
-
- out.write( url + " " + pageName + "\n" );
+ if( wiki.getManager( AttachmentManager.class ).getAttachmentInfoName( wikiContext, pageName ) != null ) continue;
+
+ Page wikiPage = wiki.getManager( PageManager.class ).getPage( pageName );
+ PagePermission permission = PermissionFactory.getPagePermission( wikiPage, "view" );
+ boolean allowed = wiki.getManager( AuthorizationManager.class ).checkPermission( wikiContext.getWikiSession(), permission );
+ if( allowed ) {
+ String url = wikiContext.getViewURL( pageName );
+ out.write( url + " " + pageName + "\n" );
+ }
}
%>
\ No newline at end of file