16 Dec
2008
16 Dec
'08
9:27 a.m.
On Tue, Dec 16, 2008 at 8:16 AM, Sergiu Dumitriu <sergiu(a)xwiki.com> wrote:
asiri (SVN) wrote:
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
> Fixed.
> Modified:
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
> Modified:
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
Fixed by introducing an intermediate access level named 'overwrite'. I hope
this is not breaking any laws. So it's something like:
if (right.equals("overwrite")) {
String overwriteAccess = exists(fullDocName) ? "delete" :
"edit";
hasAccess = hasAccess(overwriteAccess, fullDocName);
} else
Thanks.
- Asiri
Author: asiri
Date: 2008-12-15 17:45:22 +0100 (Mon, 15 Dec 2008)
New Revision: 14754
Modified:
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
Log:
XWIKI-2982: Not possible to rename pages / spaces via the WebDAV
interface
===================================================================
---
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
2008-12-15 16:44:07 UTC (rev 14753)
+++
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/domain/DavPage.java
2008-12-15 16:45:22 UTC (rev 14754)
@@ -284,7 +284,9 @@
*/
public void move(DavResource destination) throws DavException
{
- getContext().checkAccess("delete", this.name);
+ // Renaming a page requires edit rights on the current document,
delete
rights on the
+ // target document (if it exists) and
edit rights on all the
children of current document.
+
getContext().checkAccess("edit", this.name);
XWikiDavResource dResource = (XWikiDavResource) destination;
String dSpaceName = null;
String dPageName = null;
@@ -302,8 +304,10 @@
String sql = "where doc.parent='" + this.name +
"'";
List<String> childDocNames =
getContext().searchDocumentsNames(sql);
// Validate access rights for the
destination page.
- getContext().checkAccess("edit", newDocName);
- // Validate access rights for all the renamed pages.
+ if (getContext().exists(newDocName)) {
+ getContext().checkAccess("delete", newDocName);
+ }
You still have to check for edit right:
} else {
getContext().checkAccess("edit", newDocName);
}
> + // Validate access rights for all the child pages.
> for (String childDocName : childDocNames) {
> getContext().checkAccess("edit", childDocName);
> }
===================================================================
---
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
2008-12-15 16:44:07 UTC (rev 14753)
+++
platform/core/trunk/xwiki-webdav/src/main/java/com/xpn/xwiki/plugin/webdav/resources/views/pages/PagesBySpaceNameSubView.java
2008-12-15 16:45:22 UTC (rev 14754)
@@ -168,11 +168,10 @@
removeTempResource((DavTempFile) member);
} else if (member instanceof DavPage) {
String pName = ((DavPage) member).getDisplayName();
- if (getContext().hasAccess("delete", pName)) {
- XWikiDocument childDoc =
getContext().getDocument(pName);
- if (!childDoc.isNew()) {
- getContext().deleteDocument(childDoc);
- }
+ getContext().checkAccess("delete", pName);
+ XWikiDocument childDoc = getContext().getDocument(pName);
+ if (!childDoc.isNew()) {
+ getContext().deleteDocument(childDoc);
}
} else {
throw new DavException(DavServletResponse.SC_BAD_REQUEST);
@@ -192,13 +191,15 @@
if (getCollection().equals(dSpace.getCollection())) {
String sql = "where doc.web='" + this.name +
"'";
List<String> docNames =
getContext().searchDocumentsNames(sql);
- // To rename an entire
space, user should have
delete rights on all the
- // documents in the current
space and edit rights on
all the documents that
- // will be created after the
rename operation.
+ // To rename an entire space, user should have edit
rights on
all the
+ // documents in the current
space and delete rights
on all the documents that
+ // will be replaced (if they
exist).
for (String docName : docNames) {
String newDocName = dSpace.getDisplayName() +
"." + docName;
-
getContext().checkAccess("delete", docName);
- getContext().checkAccess("edit", newDocName);
+ getContext().checkAccess("edit", docName);
+ if (getContext().exists(newDocName)) {
+ getContext().checkAccess("delete",
newDocName);
+ }
This looks like duplication. Can you move this check in a common method?
}
for (String docName : docNames) {
XWikiDocument doc =
getContext().getDocument(docName);
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs