This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository bow. See http://git.chorem.org/bow.git commit de67fa914018fb08a49d3c443b423513d7f78293 Author: Benjamin POUSSIN <poussin@codelutin.com> Date: Mon Jul 20 17:00:17 2015 +0200 hack to support public alias with new security constraints --- .../java/org/chorem/bow/action/AliasAction.java | 26 ++++++++++++++-------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java b/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java index f3d90da..fef0d45 100644 --- a/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java +++ b/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java @@ -73,13 +73,20 @@ public class AliasAction extends BowBaseAction { if (StringUtils.isNotEmpty(alias)) { BowProxy proxy = getBowProxy(); - WikittyQuery criteria = new WikittyQueryMaker().or() + // HACK: poussin 20150720, security access is check for read/write + // with wikitty security. No logged user can't restore not readable by him + // without security exception. We use wikitty security problem + // with select query that permit to access all field (but not object) + // to support public alias. But we must find better way. + // with this hack, we can't count bookmark access via public alias + WikittyQuery criteria = new WikittyQueryMaker() + .select(BowBookmark.ELEMENT_FIELD_BOWBOOKMARK_LINK).where().or() .ideq(alias) .eq(BowBookmark.FQ_FIELD_BOWBOOKMARK_PUBLICALIAS, alias) .end(); - BowBookmark bookmark = proxy.findByQuery(BowBookmark.class, criteria); - if (bookmark == null) { + String link = proxy.findByQuery(criteria); + if (link == null) { // not id or public alias, looking for private if user is logged BowUser user = getBowSession().getUser(); if (user != null) { @@ -87,14 +94,15 @@ public class AliasAction extends BowBaseAction { .eq(BowBookmark.FQ_FIELD_WIKITTYAUTHORISATION_OWNER, user.getWikittyId()) .eq(BowBookmark.FQ_FIELD_BOWBOOKMARK_PRIVATEALIAS, alias) .end(); - bookmark = proxy.findByQuery(BowBookmark.class, criteria); + BowBookmark bookmark = proxy.findByQuery(BowBookmark.class, criteria); + link = bookmark.getLink(); + int clicks = bookmark.getClick() + 1; + bookmark.setClick(clicks); + proxy.store(bookmark); } } - if (bookmark != null) { - redirectTo = bookmark.getLink(); - int clicks = bookmark.getClick() + 1; - bookmark.setClick(clicks); - proxy.store(bookmark); + if (link != null) { + redirectTo = link; } else { log.error(String.format("No bookmark with alias or id '%s'", alias)); addActionError(t("bow.alias.bookmarkId.unknown", alias)); -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.