You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by sg...@apache.org on 2001/12/04 18:00:31 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets NewRSSPortlet.java VelocityPortlet.java
sgala 01/12/04 09:00:31
Modified: src/java/org/apache/jetspeed/portal/portlets
NewRSSPortlet.java VelocityPortlet.java
Log:
Security checks
Revision Changes Path
1.12 +10 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java
Index: NewRSSPortlet.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/NewRSSPortlet.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- NewRSSPortlet.java 2001/09/13 13:53:02 1.11
+++ NewRSSPortlet.java 2001/12/04 17:00:31 1.12
@@ -69,6 +69,7 @@
import org.apache.jetspeed.xml.JetspeedXMLEntityResolver;
import org.apache.jetspeed.capability.*;
+import org.apache.jetspeed.services.JetspeedSecurity;
//turbine
import org.apache.turbine.util.*;
@@ -99,7 +100,7 @@
is only used for this mime-type</dd>
</dl>
@author <A HREF="mailto:raphael@apache.org">Rapha�l Luta</A>
-@version $Id: NewRSSPortlet.java,v 1.11 2001/09/13 13:53:02 sgala Exp $
+@version $Id: NewRSSPortlet.java,v 1.12 2001/12/04 17:00:31 sgala Exp $
*/
public class NewRSSPortlet extends FileWatchPortlet {
@@ -228,6 +229,14 @@
}
}
}
+
+ if (!JetspeedSecurity.checkPermission(data,
+ JetspeedSecurity.PERMISSION_VIEW,
+ this))
+ {
+ return new ClearElement("Sorry, you have no permission to see this portlet");
+ }
+
return content;
}
1.10 +13 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java
Index: VelocityPortlet.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/portal/portlets/VelocityPortlet.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- VelocityPortlet.java 2001/11/30 10:53:59 1.9
+++ VelocityPortlet.java 2001/12/04 17:00:31 1.10
@@ -66,10 +66,11 @@
import org.apache.jetspeed.portal.PortletException;
import org.apache.jetspeed.services.TemplateLocator;
import org.apache.jetspeed.util.template.PortletTemplateLink;
+import org.apache.jetspeed.services.JetspeedSecurity;
// Ecs stuff
import org.apache.ecs.ConcreteElement;
-import org.apache.ecs.StringElement;
+import org.apache.ecs.ClearElement;
// Velocity Stuff
import org.apache.velocity.context.Context;
@@ -94,6 +95,16 @@
public ConcreteElement getContent( RunData rundata )
{
+
+ //Are we allowed to see it?
+ if (!JetspeedSecurity.checkPermission(rundata,
+ JetspeedSecurity.PERMISSION_VIEW,
+ this))
+ {
+ return new ClearElement("Sorry, you have no permission to see this portlet");
+ }
+
+
// create a blank context and with all the global application
// Pull Tools inside
Context context = TurbineVelocity.getContext();
@@ -159,7 +170,7 @@
if (s == null) s = "";
- return new StringElement( s );
+ return new ClearElement( s );
}
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>