Re: [xwiki-devs] [xwiki-notifications] r33291 - platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging - xwiki-devs@xwiki.org

7 Dec 2010

On Tue, Dec 7, 2010 at 11:33, jvdrean &lt;platform-notifications(a)xwiki.org&gt; wrote:
...
  Author: jvdrean
 Date: 2010-12-07 11:33:35 +0100 (Tue, 07 Dec 2010)
 New Revision: 33291

 Modified:

platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
 Log:
 XWIKI-5724 : On import document author is not the current user

 Replaced the need of programming rights by a dedicated right retrieved from the packager
plugin (impl: admin rights on the same wiki). It is equivalent
 with one exception, this method allows guests to import the initial XAR as backup pack in
an empty wiki.

 Merged from trunk @ r33290.

 Modified:
platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
 ===================================================================
 ---
platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
      2010-12-07 10:26:25 UTC (rev 33290)
 +++
platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
      2010-12-07 10:33:35 UTC (rev 33291)
 @@ -121,6 +121,25 @@
     {
         this.plugin.setBackupPack(backupPack);
     }
 +
 +    /**
 +     * Indicate if the current user has the right to import a package as a backup pack.
In this implementation, to be
 +     * able to import has backup pack the user must have the admin right on the
XWiki.XWikiPreferences document from
 +     * the main wiki (xwiki:XWiki.XWikiPreferences). The goal is to prevent local wiki
administrators from importing
 +     * documents saved with a global administrator as the author (rights escalation).
 +     *
 +     * @return true if the current user has the rights to import a package as a backup
pack, false otherwise
 +     */
 +    public boolean hasBackupPackImportRights()
 +    {
 +        try {
 +            return context.getWiki().getRightService()
 +                .hasAccessLevel("admin", context.getUser(),
"xwiki:XWiki.XWikiPreferences", context); 
You should never use "xwiki" and instead as the main wiki name to the API.

...
  +        } catch (XWikiException e) {
 +            e.printStackTrace();
 +            return false;
 +        }
 +    }

     public boolean isVersionPreserved()
     {

 _______________________________________________
 notifications mailing list
 notifications(a)xwiki.org
 http://lists.xwiki.org/mailman/listinfo/notifications

-- 
Thomas Mortagne