Hi Jyve list
I have just sent the diffs about the new security feature of Jyve to
Jon *. I hope he will be able to commit it to CVS as soon as possible.
With the new feature it is possible e.g. to protect your existing
entries from unauthorized modifications. In this first step, there are
permissions for add_project...add_answer and
modify_project...modify_answer (plus the user admin permissions
from turbine). Soon there will be more permissions.
There are still some open issues:
- Localization of my new parts.
I was anyway thinking of a shorter java-instruction for calling the
localization service. Maybe a method in the Localization class.
Furthermore I thought comments with the English string would make the
code more readable.
- name, surname, email in the insert script (and PERL script)
- connection to turbine user administration (once the turbine side
about this is completed)
- adding a feature which allows a user to modify only his/her own
entries
- adding the feature, where a moderator has to release a new entry
first.
---
Short description what I changed (not committed yet):
- Turbine: RolePeer.java, VisitorRolePeer.java
added two methods: getTableName() and getColumnName (String name)
Only a copy - paste from TurbineUserPeer.java
- Jyve: screens/Edit*.java
screens/New*.java
actions/AddNew*.java
action/Delete*.java
action/Update*.java
To these files I added a section where the access rights are checked
against the database. If one doesn't have the permission, it loads the
last screen and show a message telling about, which access right is
missing.
- Jyve: actions/JLoginUser.java
I added some code which assigns a user the authenticated_user role,
right after setting the CONFIRMED flag.
- Jyve: INSTALL.TXT
I added some instructions, how to add the default access rights stuff to
the database.
---
Information about the SQL insert you can find in the new files
themselves. The script e.g also takes care, that all existing
CONFIRMED users get the role of a authenticated_user.
---
Don't hesitate to ask questions, in case something is not clear.
cheers,
Bernie
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
