taylor 2002/12/11 19:47:54
Modified: src/java/org/apache/jetspeed/modules/actions/portlets
CustomizeSetAction.java
Log:
im removing the ability to add refs unless the user has the admin role for 2 reasons:
1. i believe ive fixed all the security holes, but just in case i didn't,
i don't want to deal again with some asshole making a big security-buzzword
noise for his 2 minutes of open source fame
2. there are a number of bugs related with references, best to get them fixed before
letting average users at it
Once references are more stable, they should be enabled for the user role again
Revision Changes Path
1.36 +6 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java
Index: CustomizeSetAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/CustomizeSetAction.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- CustomizeSetAction.java 12 Dec 2002 03:17:50 -0000 1.35
+++ CustomizeSetAction.java 12 Dec 2002 03:47:54 -0000 1.36
@@ -261,6 +261,7 @@
context.put("allowpane", "false");
+ context.put("allowreference", "false");
// do not allow panes for wml profiles
if ((!mediaType.equalsIgnoreCase("wml")) && (set.getController() instanceof
PortletSetController))
@@ -273,6 +274,10 @@
else
{
context.put("allowportlet", "true");
+ if (JetspeedSecurity.hasRole(rundata.getUser().getUserName(),
JetspeedSecurity.JETSPEED_ROLE_ADMIN))
+ {
+ context.put("allowreference", "true");
+ }
}
//
--------------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
