Author: fdesbois Date: 2012-04-30 12:45:20 +0200 (Mon, 30 Apr 2012) New Revision: 3330 Url: http://chorem.org/repositories/revision/pollen/3330 Log: #535 : publicResults check is not necessary for an admin or the poll creator Modified: trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/ResultAccessRequired.java Modified: trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/ResultAccessRequired.java =================================================================== --- trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/ResultAccessRequired.java 2012-04-30 10:45:14 UTC (rev 3329) +++ trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/ResultAccessRequired.java 2012-04-30 10:45:20 UTC (rev 3330) @@ -39,9 +39,15 @@ private static final Log log = LogFactory.getLog(ResultAccessRequired.class); + protected final AdminUserRequired adminFilter; + + protected final PollCreatorRequired pollCreatorFilter; + protected final PollAccessRequired pollAccountFilter; public ResultAccessRequired() { + adminFilter = new AdminUserRequired(); + pollCreatorFilter = new PollCreatorRequired(); pollAccountFilter = new PollAccessRequired(); } @@ -52,9 +58,20 @@ boolean isAccessAllowed; - // Must be a valid user - if (pollAccountFilter.isAccessAllowed(request, response, mappedValue)) { + if (adminFilter.isAccessAllowed(request, response, mappedValue)) { + // user is connected ans admin, so + isAccessAllowed = true; + + } + else if (pollCreatorFilter.isAccessAllowed(request, response, mappedValue)) { + + // account is creator + isAccessAllowed = true; + + } + else if (pollAccountFilter.isAccessAllowed(request, response, mappedValue)) { + PollUri pollUri = getPollUri(request); PollenServiceContext serviceContext = @@ -82,7 +99,8 @@ isAccessAllowed = false; } - } else { + } + else { isAccessAllowed = false; }