[Yanel-commits] rev 48125 - public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet

michi at wyona.com michi at wyona.com
Tue Mar 16 14:10:33 CET 2010 

Author: michi
Date: 2010-03-16 14:10:33 +0100 (Tue, 16 Mar 2010)
New Revision: 48125

Modified:
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
Log:
also allow other users to delete checkout locks if they have the right permissions

Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2010-03-16 13:09:25 UTC (rev 48124)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2010-03-16 13:10:33 UTC (rev 48125)
@@ -329,8 +329,11 @@
                 if (ResourceAttributeHelper.hasAttributeImplemented(resource, "Versionable", "2")) {
                     VersionableV2 versionable  = (VersionableV2)resource;
                         String checkoutUserID = versionable.getCheckoutUserID(); 
-                        String userID = getEnvironment(request, response).getIdentity().getUsername();
-                        if (checkoutUserID.equals(userID)) {
+                        Identity identity = getEnvironment(request, response).getIdentity();
+                        String userID = identity.getUsername();
+                        Usecase usecase = new Usecase(RELEASE_LOCK);
+                        String path = resource.getPath();
+                        if (checkoutUserID.equals(userID) || resource.getRealm().getPolicyManager().authorize(path, identity, usecase)) {
                             try {
                                 versionable.cancelCheckout();
                                 log.debug("Lock has been released.");
@@ -346,12 +349,18 @@
                                 throw new ServletException("Releasing the lock of <" + resource.getPath() + "> failed because of: " + e.getMessage(), e);
                             }
                         } else {
-                            String eMessage = "Releasing the lock of '" + resource.getPath() + "' failed because checkout user '" + checkoutUserID + "' and session user '" + userID + "' are not the same!";
+                            String eMessage = "Releasing the lock of '" + resource.getPath() + "' failed because";
+                            if (checkoutUserID.equals(userID)) {
+                                eMessage = " user '" + userID + "' has no right to release her/his own lock!";
+                            } else {
+                                eMessage = " checkout user '" + checkoutUserID + "' and session user '" + userID + "' are not the same and session user '" + userID + "' has no right to release the lock of the checkout user '" + checkoutUserID + "'!";
+                            }
                             log.warn(eMessage);
                             throw new ServletException(eMessage);
                         }
+                } else {
+                    throw new ServletException("Resource '" + resource.getPath() + "' is not VersionableV2!");
                 }
-                return;
             } else if (value != null && value.equals("roll-back")) {
                 log.debug("Roll back ...");
                 org.wyona.yanel.core.util.VersioningUtil.rollBack(resource, request.getParameter(YANEL_RESOURCE_REVISION), getIdentity(request, map).getUsername());

More information about the Yanel-commits mailing list