Return-Path: X-Original-To: apmail-incubator-rave-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-rave-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C3A2F7A0C for ; Fri, 28 Oct 2011 15:04:01 +0000 (UTC) Received: (qmail 9275 invoked by uid 500); 28 Oct 2011 15:04:01 -0000 Delivered-To: apmail-incubator-rave-commits-archive@incubator.apache.org Received: (qmail 9225 invoked by uid 500); 28 Oct 2011 15:04:01 -0000 Mailing-List: contact rave-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: rave-dev@incubator.apache.org Delivered-To: mailing list rave-commits@incubator.apache.org Received: (qmail 9218 invoked by uid 99); 28 Oct 2011 15:04:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Oct 2011 15:04:01 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Oct 2011 15:04:00 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id E89D1238888F; Fri, 28 Oct 2011 15:03:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1190386 - /incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java Date: Fri, 28 Oct 2011 15:03:39 -0000 To: rave-commits@incubator.apache.org From: carlucci@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111028150339.E89D1238888F@eris.apache.org> Author: carlucci Date: Fri Oct 28 15:03:39 2011 New Revision: 1190386 URL: http://svn.apache.org/viewvc?rev=1190386&view=rev Log: RAVE-310: fixed incorrect security annotation on updateWidget (admins can now update non-owned widgets) Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java?rev=1190386&r1=1190385&r2=1190386&view=diff ============================================================================== --- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java (original) +++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetService.java Fri Oct 28 15:03:39 2011 @@ -119,7 +119,11 @@ public interface WidgetService { * * @param widget new Widget to store * @return Widget if it is new and can be stored, otherwise {@literal null} - */ + * + * TODO: change the security annotation to: + * @PostAuthorize("hasPermission(returnObject, 'create')") + * once RAVE-319 has been resolved + */ @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#widget.owner.entityId, 'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.Widget', 'create')") Widget registerNewWidget(Widget widget); @@ -145,6 +149,6 @@ public interface WidgetService { * * @param widget to save */ - @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#widget.owner.entityId, 'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.Widget', 'update')") + @PreAuthorize("hasPermission(#widget.entityId, 'org.apache.rave.portal.model.Widget', 'update')") void updateWidget(Widget widget); }