portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Orciuch" <morci...@apache.org>
Subject Redundant permission checking
Date Thu, 26 Dec 2002 21:13:48 GMT
Is there any purpose for checking portlet view permission in
StatefulPortletWrapper.isClosed and in StatefulPortletWrapper.isMinimized:

    /**
     * Returns true if this portlet is currently closed
     */
    public final boolean isClosed(RunData rundata)
    {
        if( checkPermission(rundata,
                            JetspeedSecurity.PERMISSION_VIEW ) )
        {
            return wrappedState.isClosed( rundata );
        }
        else
        {
            //FIXME: for the moment we will allow this call to succeed...
            //throw new TurbineRuntimeException( "Security check failed" );
            return wrappedState.isClosed( rundata );
        }
    }

    /**
     * Returns true if this portlet is currently minimized
     */
    public boolean isMinimized(RunData rundata)
    {
        if( checkPermission(rundata,
                            JetspeedSecurity.PERMISSION_VIEW ) )
        {
            return wrappedState.isMinimized( rundata );
        }
        else
        {
            //FIXME: for the moment we will allow this call to succeed...
            //throw new TurbineRuntimeException( "Security check failed" );
            return wrappedState.isMinimized( rundata );
        }
    }

I can't see a reason why to do this and it screws up the portlet access
logging (each portlet view is logged 3 times per page). Does anyone have any
objections to remove this check?

Best regards,

Mark Orciuch - morciuch@apache.org
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/


--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message