[Yanel-commits] rev 55837 -
public/yanel/trunk/src/resources/tinymce/src/java/org/wyona/yanel/impl/resources/tinymce
michi at wyona.com
michi at wyona.com
Tue Jan 4 15:45:06 CET 2011
Author: michi
Date: 2011-01-04 15:45:05 +0100 (Tue, 04 Jan 2011)
New Revision: 55837
Modified:
public/yanel/trunk/src/resources/tinymce/src/java/org/wyona/yanel/impl/resources/tinymce/TinyMCEResource.java
Log:
check policy
Modified: public/yanel/trunk/src/resources/tinymce/src/java/org/wyona/yanel/impl/resources/tinymce/TinyMCEResource.java
===================================================================
--- public/yanel/trunk/src/resources/tinymce/src/java/org/wyona/yanel/impl/resources/tinymce/TinyMCEResource.java 2011-01-04 08:29:02 UTC (rev 55836)
+++ public/yanel/trunk/src/resources/tinymce/src/java/org/wyona/yanel/impl/resources/tinymce/TinyMCEResource.java 2011-01-04 14:45:05 UTC (rev 55837)
@@ -17,7 +17,6 @@
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
-import org.apache.log4j.Category;
import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.tidy.Tidy;
@@ -45,7 +44,6 @@
import org.apache.commons.io.IOUtils;
import org.apache.xml.resolver.tools.CatalogResolver;
-
/**
* Resource to edit another modifiable resource with TinyMCE
*/
@@ -121,6 +119,16 @@
* @see org.wyona.yanel.impl.resources.usecase.UsecaseResource#processUsecase(java.lang.String)
*/
protected View processUsecase(String viewID) throws UsecaseException {
+ log.warn("DEBUG: Edit path: " + getEditPath());
+ try {
+ if (!getRealm().getPolicyManager().authorize(getEditPath(), getEnvironment().getIdentity(), new org.wyona.security.core.api.Usecase("write"))) {
+ log.warn("Not authorized: " + getPath() + ", " + getEditPath());
+ return null; // TODO: Fix the security issue, but not very nice ...
+ }
+ } catch(Exception e) {
+ throw new UsecaseException(e);
+ }
+
String editorContent = getEditorContent();
String resourceContent = getResourceContent();
More information about the Yanel-commits
mailing list