Author: mhabersack
Date: 2007-05-29 08:42:46 -0400 (Tue, 29 May 2007)
New Revision: 78114
Modified:
trunk/mcs/class/System.Web/System.Web/ChangeLog
trunk/mcs/class/System.Web/System.Web/SiteMapProvider.cs
Log:
2007-05-29 Marek Habersack <[EMAIL PROTECTED]>
* SiteMapProvider.cs: updated the node accessibility comments.
If Roles not null and user is not in at least one of the
configured roles (or the collection is empty), return false.
If there Url is null or empty, return false.
Modified: trunk/mcs/class/System.Web/System.Web/ChangeLog
===================================================================
--- trunk/mcs/class/System.Web/System.Web/ChangeLog 2007-05-29 12:08:47 UTC
(rev 78113)
+++ trunk/mcs/class/System.Web/System.Web/ChangeLog 2007-05-29 12:42:46 UTC
(rev 78114)
@@ -1,3 +1,10 @@
+2007-05-29 Marek Habersack <[EMAIL PROTECTED]>
+
+ * SiteMapProvider.cs: updated the node accessibility comments.
+ If Roles not null and user is not in at least one of the
+ configured roles (or the collection is empty), return false.
+ If there Url is null or empty, return false.
+
2007-05-28 Marek Habersack <[EMAIL PROTECTED]>
* HttpRequest.cs: since Path is used from within
Modified: trunk/mcs/class/System.Web/System.Web/SiteMapProvider.cs
===================================================================
--- trunk/mcs/class/System.Web/System.Web/SiteMapProvider.cs 2007-05-29
12:08:47 UTC (rev 78113)
+++ trunk/mcs/class/System.Web/System.Web/SiteMapProvider.cs 2007-05-29
12:42:46 UTC (rev 78114)
@@ -171,33 +171,32 @@
if (!SecurityTrimmingEnabled)
return true;
- /* the node is accessible (according to msdn2)
- * if:
+ /* The node is accessible (according to msdn2) if:
*
- * 1. the current user is in the node's Roles.
+ * 1. The Roles exists on node and the current user is
in at least one of the specified roles.
*
- * 2. the current thread's WindowsIdentity has
- * file access to the url. (and the url is
- * located within the current application).
+ * 2. The current thread has an associated
WindowsIdentity that has file access to the requested URL and
+ * the URL is located within the directory structure
for the application.
*
- * 3. the <authorization> configuration element
- * lists the current user as being authorized
- * for the node's url. (and the url is located
- * within the current application)
+ * 3. The current user is authorized specifically for
the requested URL in the authorization element for
+ * the current application and the URL is located
within the directory structure for the application.
*/
/* 1. */
- if (node.Roles != null)
+ if (node.Roles != null) {
foreach (string rolename in node.Roles)
if (rolename == "*" ||
context.User.IsInRole (rolename))
return true;
+ return false;
+ }
/* 2. */
/* XXX */
+ /* 3. */
string url = node.Url;
if(String.IsNullOrEmpty(url))
- return true;
+ return false;
// TODO check url is located within the current
application
if (VirtualPathUtility.IsAppRelative (url) ||
!VirtualPathUtility.IsAbsolute (url))
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
