Author: jonathan
Date: Fri Feb 29 14:00:12 2008
New Revision: 14378
Log:
MASHUP-634, ensure user is still logged in changing anything through Ajax.
Modified:
trunk/mashup/java/modules/www/ajax_rating.jsp
trunk/mashup/java/modules/www/ajax_tag.jsp
trunk/mashup/java/modules/www/ajax_userQuery.jsp
Modified: trunk/mashup/java/modules/www/ajax_rating.jsp
==============================================================================
--- trunk/mashup/java/modules/www/ajax_rating.jsp (original)
+++ trunk/mashup/java/modules/www/ajax_rating.jsp Fri Feb 29 14:00:12 2008
@@ -15,23 +15,25 @@
--%>
<%@ page import="org.wso2.mashup.webapp.utils.RegistryUtils" %>
<%@ page import="org.wso2.registry.Registry" %>
+<%@ page import="org.wso2.registry.RegistryConstants" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
Registry registry = RegistryUtils.getRegistry(request);
+ String currentUser = RegistryUtils.getCurrentUser(registry);
+
String path = request.getParameter("path");
String ratingDivId = request.getParameter("ratingDivId");
int rating = Integer.parseInt(request.getParameter("rating"));
- if (rating == 0) {
- rating = registry.getRating(path,
RegistryUtils.getCurrentUser(registry));
+ if (rating == 0 || !RegistryUtils.isLoggedIn(registry)) {
+ rating = registry.getRating(path, currentUser);
} else {
registry.rateResource(path, rating);
}
-
float averageRating = registry.getAverageRating(path);
String userStar;
Modified: trunk/mashup/java/modules/www/ajax_tag.jsp
==============================================================================
--- trunk/mashup/java/modules/www/ajax_tag.jsp (original)
+++ trunk/mashup/java/modules/www/ajax_tag.jsp Fri Feb 29 14:00:12 2008
@@ -36,7 +36,7 @@
author = path.split("/")[2];
tagger = request.getParameter("tagger");
- if (!currentUser.equals(tagger)) {
+ if (!RegistryUtils.isLoggedIn(registry) ||
!currentUser.equals(tagger)) {
success = false;
reason = "Unauthorized attempt to add tag - please log in and try
again.";
}
Modified: trunk/mashup/java/modules/www/ajax_userQuery.jsp
==============================================================================
--- trunk/mashup/java/modules/www/ajax_userQuery.jsp (original)
+++ trunk/mashup/java/modules/www/ajax_userQuery.jsp Fri Feb 29 14:00:12 2008
@@ -18,65 +18,72 @@
<%@ page import="org.wso2.mashup.webapp.utils.QueryParamUtils" %>
<%@ page import="org.wso2.mashup.webapp.utils.RegistryUtils" %>
<%@ page import="org.wso2.registry.Registry" %>
+<%@ page import="org.wso2.registry.RegistryConstants" %>
<%@ page import="org.wso2.registry.RegistryException" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
Registry registry = RegistryUtils.getRegistry(request);
+ String currentUser = RegistryUtils.getCurrentUser(registry);
+
boolean success = true;
- String title="", queryParams="", path="", direction="";
- String[] params = new String[] {};
+ if (RegistryUtils.isLoggedIn(registry)) {
- try {
- title = request.getParameter("queryTitle");
- direction = request.getParameter("direction");
- queryParams = request.getParameter("queryParams");
- if (params != null) {
- params = queryParams.split("\\|");
- }
- path = request.getParameter("queryPath");
- String pathString = QueryParamUtils.paramsFromQuery(path, params);
+ String title="", queryParams="", path="", direction="";
+ String[] params = new String[] {};
- if (request.getMethod().equals("POST")) {
+ try {
+ title = request.getParameter("queryTitle");
+ direction = request.getParameter("direction");
+ queryParams = request.getParameter("queryParams");
+ if (params != null) {
+ params = queryParams.split("\\|");
+ }
+ path = request.getParameter("queryPath");
+ String pathString = QueryParamUtils.paramsFromQuery(path, params);
- User user =
RegistryUtils.getUserProfile(RegistryUtils.getCurrentUser(registry), registry);
+ if (request.getMethod().equals("POST")) {
- // Prototype.js simulates a DELETE with a POST with an additional
method. YUK?!
- String method = request.getParameter("_method");
- if (method != null && method.equals("delete")) {
- UserQuery[] queries = user.getQueries();
- for (int i = 0; i < queries.length; i++) {
- UserQuery q = queries[i];
- if
(pathString.equals(QueryParamUtils.paramsFromQuery(q.getQueryPath(),
q.getQueryParameters()))) {
- user.removeQuery(q);
- }
- }
- } else {
- if (direction == null) {
- user.addQuery(title, path, params);
- } else {
+ User user = RegistryUtils.getUserProfile(currentUser,
registry);
+
+ // Prototype.js simulates a DELETE with a POST with an
additional method. YUK?!
+ String method = request.getParameter("_method");
+ if (method != null && method.equals("delete")) {
UserQuery[] queries = user.getQueries();
for (int i = 0; i < queries.length; i++) {
UserQuery q = queries[i];
if
(pathString.equals(QueryParamUtils.paramsFromQuery(q.getQueryPath(),
q.getQueryParameters()))) {
- if (direction.equals("up")) {
- user.moveQueryUp(q);
- } else if (direction.equals("down")) {
- user.moveQueryDown(q);
+ user.removeQuery(q);
+ }
+ }
+ } else {
+ if (direction == null) {
+ user.addQuery(title, path, params);
+ } else {
+ UserQuery[] queries = user.getQueries();
+ for (int i = 0; i < queries.length; i++) {
+ UserQuery q = queries[i];
+ if
(pathString.equals(QueryParamUtils.paramsFromQuery(q.getQueryPath(),
q.getQueryParameters()))) {
+ if (direction.equals("up")) {
+ user.moveQueryUp(q);
+ } else if (direction.equals("down")) {
+ user.moveQueryDown(q);
+ }
}
}
}
}
+
+ RegistryUtils.setUserProfile(currentUser, registry, user);
}
-
RegistryUtils.setUserProfile(RegistryUtils.getCurrentUser(registry), registry,
user);
+ } catch (RegistryException e) {
+ out.print(e);
+ success = false;
}
-
- } catch (RegistryException e) {
- out.print(e);
+ } else {
success = false;
}
-
%>
-<div/>
\ No newline at end of file
+<div><%=success%></div>
\ No newline at end of file
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
