jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk Frederickx" <dirk.frederi...@gmail.com>
Subject Re: create a new page from a template?
Date Wed, 09 Jul 2008 19:43:31 GMT
> As far as security, I can imagine someone might try to view a page they
> otherwise don't have access to by creating a 'clone' of it (as Dirk
> suggests; I like that terminology, BTW). But isn't it possible to check the
> permissions for the original page within the plugin? I think I've seen that
> in the code I've been looking at so far.

Good point! I need to add e permission check around the cloning
functionality (next commit)
Here is how you can do it yourself :


  String clone = request.getParameter( "clone" );
  if( clone != null )
  {
    WikiPage p = engine.getPage( clone );
    if( p != null )
    {
        AuthorizationManager mgr = engine.getAuthorizationManager();
        PagePermission pp = new PagePermission( p, PagePermission.VIEW_ACTION );

        try
        {
          if( mgr.checkPermission( context.getWikiSession(), pp ) )
          {
            usertext = engine.getPureText( p );
          }
        }
        catch( Exception e ) {  /*log.error( "Accessing clone page
"+clone, e );*/ }
    }
  }

dirk

Mime
View raw message