[Yanel-commits] rev 25306 -
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet
michi at wyona.com
michi at wyona.com
Thu Jun 21 23:07:23 CEST 2007
Author: michi
Date: 2007-06-21 23:07:22 +0200 (Thu, 21 Jun 2007)
New Revision: 25306
Modified:
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
Log:
generic doPost protection fixed
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java 2007-06-21 20:51:29 UTC (rev 25305)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java 2007-06-21 21:07:22 UTC (rev 25306)
@@ -947,6 +947,7 @@
// TODO: Replace hardcoded roles by mapping between roles amd query strings ...
String value = request.getParameter("yanel.resource.usecase");
+ String workflowTransitionValue = request.getParameter("yanel.resource.workflow.transition");
String contentType = request.getContentType();
String method = request.getMethod();
if (value != null && value.equals("save")) {
@@ -962,12 +963,17 @@
// TODO: Is posting atom entries different from a general post (see below)?!
log.error("DEBUG: Write/Checkin Atom entry ...");
role = new Role("write");
- } else if (method.equals(METHOD_PUT) || method.equals(METHOD_POST)) {
+ // TODO: METHOD_POST is not generally protected, but save, checkin, application/atom+xml are being protected. See doPost(....
+ } else if (method.equals(METHOD_PUT)) {
log.error("DEBUG: Upload data ...");
role = new Role("write");
} else if (method.equals(METHOD_DELETE)) {
log.error("DEBUG: Delete resource ...");
role = new Role("delete");
+ } else if (workflowTransitionValue != null) {
+ // TODO: How shall we protect workflow transitions?!
+ log.error("DEBUG: Workflow transition ...");
+ role = new Role("view");
} else {
role = new Role("view");
}
More information about the Yanel-commits
mailing list