[Yanel-commits] rev 25306 - public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet

michi at wyona.com michi at wyona.com
Thu Jun 21 23:07:23 CEST 2007


Author: michi
Date: 2007-06-21 23:07:22 +0200 (Thu, 21 Jun 2007)
New Revision: 25306

Modified:
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
Log:
generic doPost protection fixed

Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2007-06-21 20:51:29 UTC (rev 25305)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2007-06-21 21:07:22 UTC (rev 25306)
@@ -947,6 +947,7 @@
 
         // TODO: Replace hardcoded roles by mapping between roles amd query strings ...
         String value = request.getParameter("yanel.resource.usecase");
+        String workflowTransitionValue = request.getParameter("yanel.resource.workflow.transition");
         String contentType = request.getContentType();
         String method = request.getMethod();
         if (value != null && value.equals("save")) {
@@ -962,12 +963,17 @@
             // TODO: Is posting atom entries different from a general post (see below)?!
             log.error("DEBUG: Write/Checkin Atom entry ...");
             role = new Role("write");
-        } else if (method.equals(METHOD_PUT) || method.equals(METHOD_POST)) {
+        // TODO: METHOD_POST is not generally protected, but save, checkin, application/atom+xml are being protected. See doPost(.... 
+        } else if (method.equals(METHOD_PUT)) {
             log.error("DEBUG: Upload data ...");
             role = new Role("write");
         } else if (method.equals(METHOD_DELETE)) {
             log.error("DEBUG: Delete resource ...");
             role = new Role("delete");
+        } else if (workflowTransitionValue != null) {
+            // TODO: How shall we protect workflow transitions?!
+            log.error("DEBUG: Workflow transition ...");
+            role = new Role("view");
         } else {
             role = new Role("view");
         }




More information about the Yanel-commits mailing list