branch develop updated (bf124e7 -> de67fa9)
This is an automated email from the git hooks/post-receive script. New change to branch develop in repository bow. See http://git.chorem.org/bow.git from bf124e7 - add wikitty AppAdminGroup when admin login - WikittyClient has now correct Wikitty SecurityToken and with AppAdminGroup can check if user can read/write bookmark new de67fa9 hack to support public alias with new security constraints The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit de67fa914018fb08a49d3c443b423513d7f78293 Author: Benjamin POUSSIN <poussin@codelutin.com> Date: Mon Jul 20 17:00:17 2015 +0200 hack to support public alias with new security constraints Summary of changes: .../java/org/chorem/bow/action/AliasAction.java | 26 ++++++++++++++-------- 1 file changed, 17 insertions(+), 9 deletions(-) -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository bow. See http://git.chorem.org/bow.git commit de67fa914018fb08a49d3c443b423513d7f78293 Author: Benjamin POUSSIN <poussin@codelutin.com> Date: Mon Jul 20 17:00:17 2015 +0200 hack to support public alias with new security constraints --- .../java/org/chorem/bow/action/AliasAction.java | 26 ++++++++++++++-------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java b/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java index f3d90da..fef0d45 100644 --- a/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java +++ b/bow-ui/src/main/java/org/chorem/bow/action/AliasAction.java @@ -73,13 +73,20 @@ public class AliasAction extends BowBaseAction { if (StringUtils.isNotEmpty(alias)) { BowProxy proxy = getBowProxy(); - WikittyQuery criteria = new WikittyQueryMaker().or() + // HACK: poussin 20150720, security access is check for read/write + // with wikitty security. No logged user can't restore not readable by him + // without security exception. We use wikitty security problem + // with select query that permit to access all field (but not object) + // to support public alias. But we must find better way. + // with this hack, we can't count bookmark access via public alias + WikittyQuery criteria = new WikittyQueryMaker() + .select(BowBookmark.ELEMENT_FIELD_BOWBOOKMARK_LINK).where().or() .ideq(alias) .eq(BowBookmark.FQ_FIELD_BOWBOOKMARK_PUBLICALIAS, alias) .end(); - BowBookmark bookmark = proxy.findByQuery(BowBookmark.class, criteria); - if (bookmark == null) { + String link = proxy.findByQuery(criteria); + if (link == null) { // not id or public alias, looking for private if user is logged BowUser user = getBowSession().getUser(); if (user != null) { @@ -87,14 +94,15 @@ public class AliasAction extends BowBaseAction { .eq(BowBookmark.FQ_FIELD_WIKITTYAUTHORISATION_OWNER, user.getWikittyId()) .eq(BowBookmark.FQ_FIELD_BOWBOOKMARK_PRIVATEALIAS, alias) .end(); - bookmark = proxy.findByQuery(BowBookmark.class, criteria); + BowBookmark bookmark = proxy.findByQuery(BowBookmark.class, criteria); + link = bookmark.getLink(); + int clicks = bookmark.getClick() + 1; + bookmark.setClick(clicks); + proxy.store(bookmark); } } - if (bookmark != null) { - redirectTo = bookmark.getLink(); - int clicks = bookmark.getClick() + 1; - bookmark.setClick(clicks); - proxy.store(bookmark); + if (link != null) { + redirectTo = link; } else { log.error(String.format("No bookmark with alias or id '%s'", alias)); addActionError(t("bow.alias.bookmarkId.unknown", alias)); -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.
participants (1)
-
chorem.org scm