rave-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From carlu...@apache.org
Subject svn commit: r1190386 - /incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java
Date Fri, 28 Oct 2011 15:03:39 GMT
Author: carlucci
Date: Fri Oct 28 15:03:39 2011
New Revision: 1190386

URL: http://svn.apache.org/viewvc?rev=1190386&view=rev
Log:
RAVE-310: fixed incorrect security annotation on updateWidget (admins can now update non-owned
widgets)

Modified:
    incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java

Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java?rev=1190386&r1=1190385&r2=1190386&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java
(original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java
Fri Oct 28 15:03:39 2011
@@ -119,7 +119,11 @@ public interface WidgetService {
      *
      * @param widget new Widget to store
      * @return Widget if it is new and can be stored, otherwise {@literal null}
-     */
+     * 
+     * TODO: change the security annotation to:
+     * @PostAuthorize("hasPermission(returnObject, 'create')") 
+     * once RAVE-319 has been resolved
+     */        
     @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#widget.owner.entityId,
'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.Widget', 'create')") 
  
     Widget registerNewWidget(Widget widget);
     
@@ -145,6 +149,6 @@ public interface WidgetService {
      *
      * @param widget to save
      */
-    @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#widget.owner.entityId,
'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.Widget', 'update')") 
      
+    @PreAuthorize("hasPermission(#widget.entityId, 'org.apache.rave.portal.model.Widget',
'update')")        
     void updateWidget(Widget widget);
 }



Mime
View raw message