Re: [xwiki-devs] [xwiki-notifications] r33290 - in platform: core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging web/trunk/standard/src/main/webapp/resources/js/xwiki/importer web/trunk/standard/src/main/webapp/templates

Author: jvdrean Date: 2010-12-07 11:26:25 +0100 (Tue, 07 Dec 2010) New Revision: 33290 Modified:   platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java   platform/web/trunk/standard/src/main/webapp/resources/js/xwiki/importer/import.js   platform/web/trunk/standard/src/main/webapp/templates/importinline.vm   platform/web/trunk/standard/src/main/webapp/templates/javascript.vm Log: XWIKI-5724 : On import document author is not the current user Replaced the need of programming rights by a dedicated right retrieved from the packager plugin (impl: admin rights on the same wiki).

Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java =================================================================== --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java 2010-12-07 04:42:49 UTC (rev 33289) +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java 2010-12-07 10:26:25 UTC (rev 33290) @@ -121,6 +121,25 @@     {         this.plugin.setBackupPack(backupPack);     } + +    /** +     * Indicate if the current user has the right to import a package as a backup pack. In this implementation, to be +     * able to import has backup pack the user must have the admin right on the XWiki.XWikiPreferences document from +     * the main wiki (xwiki:XWiki.XWikiPreferences). The goal is to prevent local wiki administrators from importing +     * documents saved with a global administrator as the author (rights escalation). +     * +     * @return true if the current user has the rights to import a package as a backup pack, false otherwise +     */ +    public boolean hasBackupPackImportRights() +    { +        try { +            return context.getWiki().getRightService() +                .hasAccessLevel("admin", context.getUser(), "xwiki:XWiki.XWikiPreferences", context); +        } catch (XWikiException e) { +            e.printStackTrace(); +            return false; +        } +    }     public boolean isVersionPreserved()     { Modified: platform/web/trunk/standard/src/main/webapp/resources/js/xwiki/importer/import.js =================================================================== --- platform/web/trunk/standard/src/main/webapp/resources/js/xwiki/importer/import.js   2010-12-07 04:42:49 UTC (rev 33289) +++ platform/web/trunk/standard/src/main/webapp/resources/js/xwiki/importer/import.js   2010-12-07 10:26:25 UTC (rev 33290) @@ -252,7 +252,7 @@                                        .insert( new Element("input", { 'type':'radio','name':'historyStrategy', 'value': 'reset' }) )                                        .insert(translations["resetHistory"] )  ); -            if (XWiki.hasProgramming) { +            if (XWiki.hasBackupPackImportRights) {                    var importAsBackupCheckbox = new Element("input", { 'type':'checkbox', 'name':'importAsBackup', 'value':'true' });                    if (infos.backup) {                      importAsBackupCheckbox.checked = true; Modified: platform/web/trunk/standard/src/main/webapp/templates/importinline.vm =================================================================== --- platform/web/trunk/standard/src/main/webapp/templates/importinline.vm       2010-12-07 04:42:49 UTC (rev 33289) +++ platform/web/trunk/standard/src/main/webapp/templates/importinline.vm       2010-12-07 10:26:25 UTC (rev 33290) @@ -194,7 +194,7 @@                      $msg.get('core.importer.resetHistory')                   </div>                 </div> -                #if($xwiki.hasProgrammingRights()) +                #if($packager.hasBackupPackImportRights())                 <div class="importOption">                   <input type="checkbox" name="importAsBackup" value="true" #if($packager.isBackupPack())checked="checked"#end/>                   $msg.get('core.importer.importAsBackup') Modified: platform/web/trunk/standard/src/main/webapp/templates/javascript.vm =================================================================== --- platform/web/trunk/standard/src/main/webapp/templates/javascript.vm 2010-12-07 04:42:49 UTC (rev 33289) +++ platform/web/trunk/standard/src/main/webapp/templates/javascript.vm 2010-12-07 10:26:25 UTC (rev 33290) @@ -40,6 +40,7 @@  XWiki.blacklistedSpaces = [ #foreach($space in $blacklistedSpaces)#if($velocityCount > 1),#end"$space"#end ];  XWiki.hasEdit = $hasEdit;  XWiki.hasProgramming = $hasProgramming; +XWiki.hasBackupPackImportRights = $xwiki.package.hasBackupPackImportRights();  window.docviewurl = "${doc.getURL('view')}";  window.docediturl = "${doc.getURL('edit')}";  window.docsaveurl = "${doc.getURL('save')}"; _______________________________________________ notifications mailing list notifications(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/notifications