Re: [xwiki-devs] [xwiki-notifications] r33291 - platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging

Tue, 07 Dec 2010 03:01:48 -0800 

On Tue, Dec 7, 2010 at 11:33, jvdrean <[email protected]> wrote:
> Author: jvdrean
> Date: 2010-12-07 11:33:35 +0100 (Tue, 07 Dec 2010)
> New Revision: 33291
>
> Modified:
>   
> platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
> Log:
> XWIKI-5724 : On import document author is not the current user
>
> Replaced the need of programming rights by a dedicated right retrieved from 
> the packager plugin (impl: admin rights on the same wiki). It is equivalent
> with one exception, this method allows guests to import the initial XAR as 
> backup pack in an empty wiki.
>
> Merged from trunk @ r33290.
>
>
>
> Modified: 
> platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
> ===================================================================
> --- 
> platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
>        2010-12-07 10:26:25 UTC (rev 33290)
> +++ 
> platform/core/branches/xwiki-core-2.6/xwiki-core/src/main/java/com/xpn/xwiki/plugin/packaging/PackageAPI.java
>        2010-12-07 10:33:35 UTC (rev 33291)
> @@ -121,6 +121,25 @@
>     {
>         this.plugin.setBackupPack(backupPack);
>     }
> +
> +    /**
> +     * Indicate if the current user has the right to import a package as a 
> backup pack. In this implementation, to be
> +     * able to import has backup pack the user must have the admin right on 
> the XWiki.XWikiPreferences document from
> +     * the main wiki (xwiki:XWiki.XWikiPreferences). The goal is to prevent 
> local wiki administrators from importing
> +     * documents saved with a global administrator as the author (rights 
> escalation).
> +     *
> +     * @return true if the current user has the rights to import a package 
> as a backup pack, false otherwise
> +     */
> +    public boolean hasBackupPackImportRights()
> +    {
> +        try {
> +            return context.getWiki().getRightService()
> +                .hasAccessLevel("admin", context.getUser(), 
> "xwiki:XWiki.XWikiPreferences", context);

You should never use "xwiki" and instead as the main wiki name to the API.

> +        } catch (XWikiException e) {
> +            e.printStackTrace();
> +            return false;
> +        }
> +    }
>
>     public boolean isVersionPreserved()
>     {
>
> _______________________________________________
> notifications mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/notifications
>



-- 
Thomas Mortagne
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to