[Cobricks-cvscommit] cobricks2/src/org/cobricks/item ItemManager.java ItemManagerImpl.java ItemServlet.java item.ucd

[Michael K. <ko...@us...>]

Update of /cvsroot/cobricks/cobricks2/src/org/cobricks/item
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30586

Modified Files:
	ItemManager.java ItemManagerImpl.java ItemServlet.java 
Removed Files:
	item.ucd 
Log Message:


Index: ItemManager.java
===================================================================
RCS file: /cvsroot/cobricks/cobricks2/src/org/cobricks/item/ItemManager.java,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- ItemManager.java	16 Jan 2006 09:23:44 -0000	1.28
+++ ItemManager.java	2 Feb 2006 11:39:12 -0000	1.29
@@ -27,12 +27,8 @@
  *
  * @author   mic...@ac...
  * @author   ma...@in...
-<<<<<<< ItemManager.java
  * @author   Alexander Gafriller - gaf...@in...
  * @version  $Date$
-=======
- * @version  $Date$
->>>>>>> 1.27
  */
 
 public interface ItemManager extends ComponentManagerInterface 

Index: ItemManagerImpl.java
===================================================================
RCS file: /cvsroot/cobricks/cobricks2/src/org/cobricks/item/ItemManagerImpl.java,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -r1.64 -r1.65
--- ItemManagerImpl.java	1 Feb 2006 20:35:41 -0000	1.64
+++ ItemManagerImpl.java	2 Feb 2006 11:39:12 -0000	1.65
@@ -1604,21 +1604,32 @@
     /**
      * This method deletes an item from the persistent data bases and from
      * the item cache.
-     * At this time (TBD) you can be sure that both ids will never be assigned
-     * again - all references to the item to be deleted will then point to an
-     * id which does not exist.
-     * This method has no user id as parameter, it assumes that only user
-     * with administrator privileges use this method.
+     * Access right checking is done, except when userid is -1. 
      *
      * @param localid The local id is needed to determine the item to be
      *   deleted
+     * @param userid The user id of the user deleting the item
      * @throws CobricksException This can be thrown if there was an internal
      *   XML database exception while handling this request.
      */
-    public void deleteItem(int localid) 
+    public void deleteItem(int localid, int userid) 
         throws CobricksException 
     {
-        this.removeAllItemAttachments(this.getItem(localid));
+        Item item = this.getItem(localid);
+
+        if (userid > -1) {
+            boolean allowed =
+                this.performPermissionQuery(userid, item, "delete");
+            /*
+            if (!allowed) {
+                logger.info("Access denied for deleting item: userid ="
+                            + Integer.toString(userid));
+                return;
+            }
+            */
+        }
+
+        this.removeAllItemAttachments(item);
 
         // Remove it from the relational db
         this.removeItemFromDB(localid);
@@ -1629,30 +1640,18 @@
         ComponentEvent event = 
             new ComponentEventImpl("org.cobricks.item", "item", "delete");
         event.setObjectId(localid);
+        event.setUserId(userid);
         this.publishEvent(event);
     }
 
     
     /**
-     * This method does the same as deleteItem(int), but with additional
-     * access right checking.
-     * @param localid The local id is used to determine the item to be deleted.
-     * @param userid The user id is used to check if the user has the
-     *   permission to do so.
-     * @throws CobricksException This can be thrown if there was an internal
-     *   XML database exception while handling this request.
+     *
      */
-    public void deleteItem(int localid, int userid)
+    public void deleteItem(int localid)
         throws CobricksException 
     {
-        Item item = this.getItem(localid);
-        boolean allowed = this.performPermissionQuery(userid, item, "delete");
-        if (allowed) {
-            this.deleteItem(localid);
-        } else {
-            logger.info("Access denied for deleting item: userid ="
-                        + Integer.toString(userid));
-        }
+        deleteItem(localid, -1);
     }
 
     

Index: ItemServlet.java
===================================================================
RCS file: /cvsroot/cobricks/cobricks2/src/org/cobricks/item/ItemServlet.java,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- ItemServlet.java	23 Jan 2006 15:14:11 -0000	1.40
+++ ItemServlet.java	2 Feb 2006 11:39:12 -0000	1.41
@@ -400,14 +400,25 @@
     public final String performDeletion(PortalRequest prequest,
                                         PrintWriter out) 
     {
-        try {
-            // Get the itemid of the item to be deleted
-            String itemid = prequest.getRequestParameter("itemid");
+        // Get the itemid of the item to be deleted
+        String itemid = prequest.getRequestParameter("itemid");
 
+        // check access rights
+        PortalUser portalUser = prequest.getPortalUser();
+        /*
+        if (!userManager.getAccessControl().checkPermission(portalUser
+                        .getUserId(), "item", "delete", "itemid=$!itemid")) {
+            prequest.setReturnCode(2000);
+            return "noaccess";
+        }
+        */
+
+        try {
             int id = Integer.parseInt(itemid.trim());
 
-            // Delete the item
-            this.itemManager.deleteItem(id);
+            // Delete the item - permission checking is done in this
+            // function ...
+            this.itemManager.deleteItem(id, portalUser.getUser().getId());
 
             prequest.setReturnCode(1002);
             return "success";

--- item.ucd DELETED ---