r1277 - in xwiki/trunk/src/main/java/com/xpn/xwiki: render/filter user/impl/xwiki

Ludovic Dubost ludovic at users.forge.objectweb.org
Mon Sep 4 21:30:36 CEST 2006 

Author: ludovic
Date: 2006-09-04 21:30:35 +0200 (Mon, 04 Sep 2006)
New Revision: 1277

Modified:
   xwiki/trunk/src/main/java/com/xpn/xwiki/render/filter/XWikiHeadingFilter.java
   xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java
Log:
Fix XWikiHeadingFilter to be more safe when checking for section editing

Modified: xwiki/trunk/src/main/java/com/xpn/xwiki/render/filter/XWikiHeadingFilter.java
===================================================================
--- xwiki/trunk/src/main/java/com/xpn/xwiki/render/filter/XWikiHeadingFilter.java	2006-09-04 15:45:59 UTC (rev 1276)
+++ xwiki/trunk/src/main/java/com/xpn/xwiki/render/filter/XWikiHeadingFilter.java	2006-09-04 19:30:35 UTC (rev 1277)
@@ -113,40 +113,41 @@
 			}
 		}
 
+        String heading = formatter.format(new Object[]{id, level.replace('.', '-'), numbering, text, hlevel});
+
+
         Object beforeAction = xcontext.get("action");
         boolean showEditButton = false;
         // only show sectional edit button for view action
-        if (xcontext.getAction().equals("view"))
-            showEditButton = true;
-        if (beforeAction != null) {
-            if(!beforeAction.toString().equals("HeadingFilter")) {
-                xcontext.put("action","HeadingFilter");
-                sectionNumber = 0;
-            }
+        if (xcontext.getWiki().hasSectionEdit(xcontext)&&("view".equals(xcontext.getAction()))) {
+            try {
+             if ((doc!=null)&&(xcontext.getWiki().checkAccess("edit", doc, xcontext)))
+              showEditButton = true;
+            } catch  (Exception e) {}
         }
 
-        boolean accessRight = false ;
-        try {
-            accessRight = xcontext.getWiki().checkAccess("edit", doc, xcontext);
-        } catch (XWikiException e){
-            e.printStackTrace();
-        }
+        if (showEditButton) {
+            if (beforeAction != null) {
+                if(!beforeAction.toString().equals("HeadingFilter")) {
+                    xcontext.put("action","HeadingFilter");
+                    sectionNumber = 0;
+                }
+            }
 
-        if (level.equals("1") || level.equals("1.1") ) {
-            if(doc.getContent().indexOf(title) != -1 && accessRight && xcontext.getWiki().hasSectionEdit(xcontext) && showEditButton) {
-                sectionNumber++;
-                String url =xcontext.getDoc().getURL("edit",xcontext);
-                String textfomat = formatter.format(new Object[]{id, level.replace('.', '-'), numbering, text, hlevel});
-                if(xcontext.getWiki().getEditorPreference(xcontext).equals("wysiwyg")) {
-                    url += "?xpage=wysiwyg&section=" + sectionNumber;
-                } else {
-                    url +="?section=" + sectionNumber;
+            if (level.equals("1") || level.equals("1.1") ) {
+                if(doc.getContent().indexOf(title) != -1) {
+                    sectionNumber++;
+                    String url = xcontext.getDoc().getURL("edit",xcontext);
+                    if(xcontext.getWiki().getEditorPreference(xcontext).equals("wysiwyg")) {
+                        url += "?xpage=wysiwyg&section=" + sectionNumber;
+                    } else {
+                        url +="?section=" + sectionNumber;
+                    }
+                    return heading + "<span style='float:right;margin-left:5px;margin-right:5px;'>&#91;<a style='text-decoration: none;' title='Edit section: "+text+"' href='"+ url+"'>"+"edit"+"</a>&#93;</span>";
                 }
-                textfomat += "<span style='float:right;margin-left:5px;margin-right:5px;'>&#91;<a style='text-decoration: none;' title='Edit section: "+text+"' href='"+ url+"'>"+"edit"+"</a>&#93;</span>";
-                return textfomat;
             }
         }
 
-        return formatter.format(new Object[]{id, level.replace('.', '-'), numbering, text, hlevel});
+        return heading;
     }
 }

Modified: xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java
===================================================================
--- xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java	2006-09-04 15:45:59 UTC (rev 1276)
+++ xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java	2006-09-04 19:30:35 UTC (rev 1277)
@@ -187,14 +187,14 @@
             }
         } catch (Exception e) {
 // This should not happen..
-            logDeny(username, doc.getFullName(), action, "access manager exception " + e.getMessage());
+            logDeny(username, (doc==null) ? "" : doc.getFullName(), action, "access manager exception " + e.getMessage());
             e.printStackTrace();
             return false;
         }
 
         if (user == null) {
 // Denied Guest need to be authenticated
-            logDeny("unauthentified", doc.getFullName(), action, "Guest has been denied - Redirecting to authentication");
+            logDeny("unauthentified", (doc==null) ? "" : doc.getFullName(), action, "Guest has been denied - Redirecting to authentication");
             if (context.getRequest() != null)
                 context.getWiki().getAuthService().showLogin(context);
             return false;

More information about the Xwiki-notifications mailing list