Menu
▾
▴
[Jboss-svn-commits] JBL Code SVN: r4452 - in labs/jbossforums/trunk/forums/src/resources/portal-forums-war: WEB-INF views views/admin views/category views/forums views/summary views/topics
Author: soh...@jb...
Date: 2006-05-26 21:27:09 -0400 (Fri, 26 May 2006)
New Revision: 4452
Modified:
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/WEB-INF/forums-config.xml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/admin/index.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/category/viewcategory_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/forums/viewforum_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/index.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/jumpbox.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/summary/viewsummary_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_edit_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_new_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_reply_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_body.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_ballot.xhtml
labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_result.xhtml
Log:
Integrated Security on the Admin Tool UI and the Message Board UI
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/WEB-INF/forums-config.xml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/WEB-INF/forums-config.xml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/WEB-INF/forums-config.xml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -8,11 +8,11 @@
<!-- general application configuration -->
<application>
<!-- jbossportal-facelets integration -->
- <property-resolver>org.jboss.portal.faces.el.DelegatingPropertyResolver</property-resolver>
- <view-handler>com.sun.facelets.FaceletPortletViewHandler</view-handler>
+ <!--property-resolver>org.jboss.portal.faces.el.DelegatingPropertyResolver</property-resolver>
+ <view-handler>com.sun.facelets.FaceletPortletViewHandler</view-handler-->
<!-- standalone facelets integration -->
- <!--view-handler>com.sun.facelets.FaceletViewHandler</view-handler-->
+ <view-handler>com.sun.facelets.FaceletViewHandler</view-handler>
<!-- custom action listener with integrated authorization checking -->
<action-listener>org.jboss.portlet.forums.auth.AuthorizationListener</action-listener>
@@ -281,6 +281,24 @@
<managed-bean-class>org.jboss.portlet.forums.ui.action.ModeratorAction</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
+ <navigation-rule>
+ <from-view-id>/views/moderator/modcp_body.xhtml</from-view-id>
+ <navigation-case>
+ <from-outcome>delete</from-outcome>
+ <to-view-id>/views/moderator/delete_topic.xhtml</to-view-id>
+ </navigation-case>
+ <navigation-case>
+ <from-outcome>move</from-outcome>
+ <to-view-id>/views/moderator/move_topic.xhtml</to-view-id>
+ </navigation-case>
+ </navigation-rule>
+ <navigation-rule>
+ <from-view-id>/views/moderator/delete_topic.xhtml</from-view-id>
+ <navigation-case>
+ <from-outcome>success</from-outcome>
+ <to-view-id>/views/moderator/modcp_body.xhtml</to-view-id>
+ </navigation-case>
+ </navigation-rule>
<!-- managedBean for deletePost usecase -->
<managed-bean>
@@ -335,30 +353,20 @@
</navigation-case>
</navigation-rule>
<navigation-rule>
+ <from-view-id>/views/admin/editForum.xhtml</from-view-id>
+ <navigation-case>
+ <from-outcome>editForum</from-outcome>
+ <to-view-id>/views/admin/index.xhtml</to-view-id>
+ </navigation-case>
+ </navigation-rule>
+ <navigation-rule>
<from-view-id>/views/admin/deleteForum.xhtml</from-view-id>
<navigation-case>
<from-outcome>deleteForum</from-outcome>
<to-view-id>/views/admin/index.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
- <navigation-rule>
- <from-view-id>/views/moderator/modcp_body.xhtml</from-view-id>
- <navigation-case>
- <from-outcome>delete</from-outcome>
- <to-view-id>/views/moderator/delete_topic.xhtml</to-view-id>
- </navigation-case>
- <navigation-case>
- <from-outcome>move</from-outcome>
- <to-view-id>/views/moderator/move_topic.xhtml</to-view-id>
- </navigation-case>
- </navigation-rule>
- <navigation-rule>
- <from-view-id>/views/moderator/delete_topic.xhtml</from-view-id>
- <navigation-case>
- <from-outcome>success</from-outcome>
- <to-view-id>/views/moderator/modcp_body.xhtml</to-view-id>
- </navigation-case>
- </navigation-rule>
+
<!-- managedBean for the user preference usecase -->
<managed-bean>
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/admin/index.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/admin/index.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/admin/index.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -30,7 +30,7 @@
xmlns:forums="http://www.jboss.com/products/jbossportal/forums" class="bb">
<ui:composition template="/views/common/common.xhtml">
- <ui:define name="mainContent">
+ <ui:define name="mainContent">
<!-- Forum admin tool title/messages -->
<h1>${resource.Forum_admin}</h1>
@@ -47,7 +47,8 @@
</tr>
<!-- display a list of categories -->
- <c:forEach items="#{adminPanel.categories}" var="category">
+ <c:forEach items="#{adminPanel.categories}" var="category">
+ <forums:isAllowed fragment="acl://viewCategory" contextData="#{category}">
<tr>
<td class="catLeft" colspan="3">
<span class="cattitle">
@@ -59,9 +60,8 @@
</b>
</span>
</td>
- <td class="cat" align="center" valign="middle">
- <!-- security check to make sure this link should be displayed or not -->
- <forums:isAllowed fragment="acl://editCategory/editLink" contextData="#{category}">
+ <td class="cat" align="center" valign="middle">
+ <forums:isAllowed fragment="acl://editCategory" contextData="#{category}">
<span class="gen">
<h:outputLink value="#{forums:outputLink('/views/admin/editCategory.jsf',true)}">
<f:param name="c" value="#{category.id}"/>
@@ -70,9 +70,8 @@
</span>
</forums:isAllowed>
</td>
- <td class="cat" align="center" valign="middle">
- <!-- security check to make sure this link should be displayed or not -->
- <forums:isAllowed fragment="acl://deleteCategory/deleteLink" contextData="#{category}">
+ <td class="cat" align="center" valign="middle">
+ <forums:isAllowed fragment="acl://deleteCategory" contextData="#{category}">
<span class="gen">
<h:outputLink value="#{forums:outputLink('/views/admin/deleteCategory.jsf',true)}">
<f:param name="c" value="#{category.id}"/>
@@ -100,7 +99,8 @@
</td>
</tr>
<!-- display the forums in this category -->
- <c:forEach items="#{category.forums}" var="forum">
+ <c:forEach items="#{category.forums}" var="forum">
+ <forums:isAllowed fragment="acl://viewForum" contextData="#{forum}">
<tr>
<td class="row2">
<span class="gen">
@@ -117,9 +117,8 @@
<td class="row2" align="center" valign="middle">
<span class="gen">${forum.postCount}</span>
</td>
- <td class="row1" align="center" valign="middle">
- <!-- security check to make sure this link should be displayed or not -->
- <forums:isAllowed fragment="acl://editForum/editLink" contextData="#{forum}">
+ <td class="row1" align="center" valign="middle">
+ <forums:isAllowed fragment="acl://editForum" contextData="#{forum}">
<span class="gen">
<h:outputLink value="#{forums:outputLink('/views/admin/editForum.jsf',true)}">
<f:param name="f" value="#{forum.id}"/>
@@ -128,9 +127,8 @@
</span>
</forums:isAllowed>
</td>
- <td class="row2" align="center" valign="middle">
- <!-- security check to make sure this link should be displayed or not -->
- <forums:isAllowed fragment="acl://deleteForum/deleteLink" contextData="#{forum}">
+ <td class="row2" align="center" valign="middle">
+ <forums:isAllowed fragment="acl://deleteForum" contextData="#{forum}">
<span class="gen">
<h:outputLink value="#{forums:outputLink('/views/admin/deleteForum.jsf',true)}">
<f:param name="f" value="#{forum.id}"/>
@@ -156,35 +154,42 @@
<td class="row2" align="center" valign="middle">
<!--span class="gen"><a href="">Resync</a></span-->
</td>
- </tr>
- </c:forEach>
+ </tr>
+ </forums:isAllowed>
+ </c:forEach>
+ <forums:isAllowed fragment="acl://addForum">
<!-- create new forum widget for each category -->
- <h:form>
+ <h:form>
+ <tr>
+ <td colspan="7" class="row2">
+ <input type="hidden" name="c" value="#{category.id}"/>
+ <h:inputText styleClass="post" value="#{adminController.forumName}" required="true"/>
+ <h:commandButton styleClass="liteoption" value="${resource.Create_forum}" action="#{adminController.addForum}"/>
+ </td>
+ </tr>
+ </h:form>
+ </forums:isAllowed>
<tr>
- <td colspan="7" class="row2">
- <input type="hidden" name="c" value="#{category.id}"/>
- <h:inputText styleClass="post" value="#{adminController.forumName}" required="true"/>
- <h:commandButton styleClass="liteoption" value="${resource.Create_forum}" action="#{adminController.addForum}"/>
- </td>
- </tr>
- </h:form>
- <tr>
<td colspan="7" height="1" class="spaceRow">
<img src="/subSilver/images/spacer.gif" alt="" width="1" height="1"/>
</td>
</tr>
+ </forums:isAllowed>
</c:forEach>
- <!-- Add new category widget -->
- <h:form>
- <tr>
- <td colspan="7" class="catBottom">
- <h:inputText id="Category" styleClass="post" value="#{adminController.categoryName}" required="true"/>
- <h:commandButton styleClass="liteoption" value="${resource.Create_category}" action="#{adminController.addCategory}"/>
- &nbsp;<h:message for="Category" style="color:red" styleClass="liteoption"/>&nbsp;
- </td>
- </tr>
- </h:form>
+ <forums:isAllowed fragment="acl://addCategory">
+ <!-- Add new category widget -->
+ <h:form>
+ <tr>
+ <td colspan="7" class="catBottom">
+ <h:inputText id="Category" styleClass="post" value="#{adminController.categoryName}" required="true"/>
+ <h:commandButton styleClass="liteoption" value="${resource.Create_category}" action="#{adminController.addCategory}"/>
+ &nbsp;<h:message for="Category" style="color:red" styleClass="liteoption"/>&nbsp;
+ </td>
+ </tr>
+ </h:form>
+ </forums:isAllowed>
+
</table>
<!-- integrate the jump box -->
@@ -195,7 +200,7 @@
</td>
</tr>
</table>
-
+
</ui:define>
</ui:composition>
</div>
\ No newline at end of file
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/category/viewcategory_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/category/viewcategory_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/category/viewcategory_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -53,7 +53,7 @@
<!-- display each category and its corresponding forums -->
<c:forEach items="#{category.categories}" var="catrow">
- <!-- TODO: insert security check to make sure "viewing this category" is allowed -->
+ <forums:isAllowed fragment="acl://readCategory" contextData="#{catrow}">
<tr>
<td class="catLeft" colspan="2" height="28">
<span class="cattitle">
@@ -68,7 +68,7 @@
<td class="rowpic" colspan="3" align="right">&nbsp;</td>
</tr>
<c:forEach items="#{category.forums[catrow.id]}" var="forumrow">
- <!-- TODO: insert security check to make sure "viewing this forum" is allowed -->
+ <forums:isAllowed fragment="acl://readForum" contextData="#{forumrow}">
<tr>
<td class="row1" align="center" valign="middle" height="50">
<img src="#{category.forumImages[forumrow.id]}" width="46" height="25"
@@ -119,7 +119,9 @@
</span>
</td>
</tr>
- </c:forEach>
+ </forums:isAllowed>
+ </c:forEach>
+ </forums:isAllowed>
</c:forEach>
</table>
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/forums/viewforum_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/forums/viewforum_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/forums/viewforum_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -35,6 +35,11 @@
<c:if test="#{forum.initialized && forum.forum!=null && forum.forum.id!=-1}">
+ <!-- make sure the user is allowed to access both the specified forum and the category that this forum belongs to -->
+ <forums:isAllowed fragment="acl://readCategory" contextData="#{forum.forum.category}">
+ <forums:isAllowed fragment="acl://readForum" contextData="#{forum.forum}">
+
+
<!-- title, newtopic, forum, and page navigation -->
<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
<tr>
@@ -45,9 +50,10 @@
</h:outputLink>
</td>
</tr>
- <tr>
+ <tr>
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{forum}">
<td align="left" valign="middle" width="50" colspan="2">
- <!-- TODO: insert security check to make sure "posting" is allowed -->
+
<h:commandLink id="newTopic" action="#{newTopic.start}">
<f:param name="f" value="#{forum.forum.id}"/>
<c:if test="#{forum.forum.status == forums:constantInt('FORUM_LOCKED')}">
@@ -66,8 +72,9 @@
/>
</f:verbatim>
</c:if>
- </h:commandLink>
+ </h:commandLink>
</td>
+ </forums:isAllowed>
<td align="left" valign="middle" class="nav" width="100%">
<span class="nav">
&nbsp;&nbsp;&nbsp;
@@ -468,9 +475,9 @@
<!-- newtopic, forum, and page navigation -->
<table width="100%" cellspacing="2" border="0" align="center" cellpadding="2">
- <tr>
- <td align="left" valign="middle" width="50">
- <!-- TODO: insert security check to make sure "posting" is allowed -->
+ <tr>
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{forum}">
+ <td align="left" valign="middle" width="50">
<h:commandLink id="newTopic2" action="#{newTopic.start}">
<f:param name="f" value="#{forum.forum.id}"/>
<c:if test="#{forum.forum.status == forums:constantInt('FORUM_LOCKED')}">
@@ -489,8 +496,9 @@
/>
</f:verbatim>
</c:if>
- </h:commandLink>
+ </h:commandLink>
</td>
+ </forums:isAllowed>
<td align="left" valign="middle" width="100%">
<span class="nav">
&nbsp;&nbsp;&nbsp;
@@ -629,13 +637,16 @@
<td align="right">
<span class="gensmall">
<!-- a list of allowed actions on this forum for this user -->
- <span class="gensmall">
- <!-- TODO: insert security check to make sure "posting new topics" is allowed in "this forum" -->
- You <b>cannot</b> post new topics in this forum <br/>
- <!-- TODO: insert security check to make sure "poll creation" is allowed in "this forum" -->
- You <b>cannot</b> create polls in this forum <br/>
- <!-- TODO: insert security check to make sure "placing votes" is allowed in "this forum" -->
- You <b>cannot</b> vote in polls in this forum <br/>
+ <span class="gensmall">
+ <forums:isAllowed fragment="acl://newTopic">
+ You <b>cannot</b> post new topics in this forum <br/>
+ </forums:isAllowed>
+ <forums:isAllowed fragment="acl://managePoll">
+ You <b>cannot</b> create polls in this forum <br/>
+ </forums:isAllowed>
+ <forums:isAllowed fragment="acl://votePoll">
+ You <b>cannot</b> vote in polls in this forum <br/>
+ </forums:isAllowed>
<!-- TODO: insert security check to make sure "moderator access" is allowed on "this forum" -->
You <b>cannot</b> moderate this forum <b/>
</span>
@@ -644,6 +655,8 @@
</td>
</tr>
</table>
+ </forums:isAllowed>
+ </forums:isAllowed>
</c:if>
<c:if test="#{forum.forum==null}">
@@ -665,9 +678,10 @@
</table>
</td>
</tr>
- </table>
+ </table>
</c:if>
-
+
+
</ui:define>
</ui:composition>
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/index.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/index.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/index.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -30,18 +30,16 @@
class="bb"
>
-<c:if test="#{summary.initialized}">
-
- <!-- load forums summary page if summary is not empty -->
+<!--c:if test="#{summary.initialized}">
<c:if test="#{summary.numberOfTopicsFound>0}">
<ui:include src="/views/summary/viewsummary_body.xhtml"/>
</c:if>
-
- <!-- if summary is empty load the main category page -->
+
<c:if test="#{summary.numberOfTopicsFound==0}">
<ui:include src="/views/category/viewcategory_body.xhtml"/>
</c:if>
+</c:if-->
-</c:if>
+<ui:include src="/views/category/viewcategory_body.xhtml"/>
</div>
\ No newline at end of file
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/jumpbox.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/jumpbox.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/jumpbox.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -42,20 +42,23 @@
<option value="-1">${resource.Select_forum}</option>
<c:forEach items="${jumpbox.categories}"
var="category">
+ <forums:isAllowed fragment="acl://readCategory" contextData="#{category}">
<option value="-1"></option>
<option value="-1">${category.title}</option>
<option value="-1">----------------</option>
<c:forEach items="${category.forums}"
var="forum">
+ <forums:isAllowed fragment="acl://readForum" contextData="#{forum}">
<option value="${forum.id}">
${forum.name}
</option>
+ </forums:isAllowed>
</c:forEach>
+ </forums:isAllowed>
</c:forEach>
</select>
&nbsp;
- <input type="submit" value="${resource.Go}"
- class="liteoption"/>
+ <input type="submit" value="${resource.Go}" class="liteoption"/>
</span>
</td>
</tr>
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/summary/viewsummary_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/summary/viewsummary_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/summary/viewsummary_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -48,11 +48,11 @@
<!-- topic type -->
<tr>
<th class="thSides" colspan="1" height="25" valign="middle">
- #{resource[summary.blockTopicsType]}
+ ${resource[summary.blockTopicsType]}
</th>
</tr>
- <!-- a list of topics for the specified forum -->
+ <!-- a list of topics for the summary-->
<c:forEach items="#{summary.topics}" var="topicrow">
<tr>
<td class="row1" width="100%">
@@ -64,7 +64,7 @@
</tr>
</c:forEach>
- <!-- a list of no topics for the specified forum -->
+ <!-- number of topics found in the summary -->
<tr>
<td class="row3" height="30" align="center" valign="middle">
<span class="postdetails">
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_edit_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_edit_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_edit_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -476,9 +476,9 @@
</td>
</tr>
+ <forums:isAllowed fragment="acl://managePoll">
<c:if test="#{editPost.pollPresent}">
- <!-- poll ui -->
- <!-- TODO: security check to make sure this user has permission to "ADD/EDIT" "Poll" in the Post -->
+ <!-- poll ui -->
<!-- title -->
<tr>
<th class="thHead" colspan="2">${resource.Add_poll}</th>
@@ -536,19 +536,18 @@
</td>
</tr>
- <!-- enable/disable delete option -->
- <!-- TODO: security check to make sure this user has permission to "EDIT" "Post" in the Forum -->
+ <!-- enable/disable delete option -->
<tr>
<td colspan="2" align="center">
<input type="button" value="${resource.Delete_poll}"
onclick="javascript:document.location='#{forums:outputLink('/views/topics/delete_poll.jsf',true)}';"/>
</td>
</tr>
- </c:if>
+ </c:if>
+ </forums:isAllowed>
-
- <!-- attachment ui -->
- <!-- TODO: security check to make sure this user has permission to "AddAttachmentInPost" -->
+ <forums:isAllowed fragment="acl://managePostAttachments">
+ <!-- attachment ui -->
<tr>
<th class="thHead" colspan="2">${resource.Add_attachment_title}</th>
</tr>
@@ -617,7 +616,8 @@
</td>
</tr>
</c:forEach>
- </c:if>
+ </c:if>
+ </forums:isAllowed>
<!-- hookup the buttons -->
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_new_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_new_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_new_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -477,8 +477,8 @@
</tr>
- <!-- poll ui -->
- <!-- TODO: security check to make sure this user has permission to "ADD/EDIT" "Poll" in the Post -->
+ <!-- poll ui -->
+ <forums:isAllowed fragment="acl://managePoll">
<tr>
<th class="thHead" colspan="2">${resource.Add_poll}</th>
</tr>
@@ -539,10 +539,11 @@
<span class="gen"><b>${resource.Days}</b></span> &nbsp; <span class="gensmall">${resource.Poll_for_explain}</span>
</td>
</tr>
+ </forums:isAllowed>
- <!-- attachment ui -->
- <!-- TODO: security check to make sure this user has permission to "AddAttachmentInPost" -->
+ <!-- attachment ui -->
+ <forums:isAllowed fragment="acl://managePostAttachments">
<tr>
<th class="thHead" colspan="2">${resource.Add_attachment_title}</th>
</tr>
@@ -612,9 +613,9 @@
</span>
</td>
</tr>
- </c:forEach>
-
+ </c:forEach>
</c:if>
+ </forums:isAllowed>
<!-- hookup the buttons -->
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_reply_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_reply_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/posting_reply_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -448,9 +448,8 @@
</tr>
-
- <!-- attachment ui -->
- <!-- TODO: security check to make sure this user has permission to "AddAttachmentInPost" -->
+ <forums:isAllowed fragment="acl://managePostAttachments">
+ <!-- attachment ui -->
<tr>
<th class="thHead" colspan="2">${resource.Add_attachment_title}</th>
</tr>
@@ -520,9 +519,9 @@
</span>
</td>
</tr>
- </c:forEach>
-
+ </c:forEach>
</c:if>
+ </forums:isAllowed>
<!-- hookup the buttons -->
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_body.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_body.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_body.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -34,6 +34,10 @@
<c:choose>
<c:when test="#{topic.initialized && topic.topic!=null && topic.topic.id!=-1}">
+ <!-- make sure the user is allowed to access both the forum and the category that the specified topic belongs to -->
+ <forums:isAllowed fragment="acl://readCategory" contextData="#{topic.topic.forum.category}">
+ <forums:isAllowed fragment="acl://readForum" contextData="#{topic.topic.forum}">
+
<table width="100%" cellspacing="2" cellpadding="2" border="0">
<tr>
<td align="left" valign="bottom" colspan="2">
@@ -92,8 +96,7 @@
</c:if>
</tr>
<tr>
- <!-- insert the newTopic and replyTopic buttons here -->
- <!-- TODO: insert security check to make sure "posting" is allowed -->
+ <!-- insert the newTopic and replyTopic buttons here -->
<td align="left" valign="bottom" nowrap="nowrap" class="nav" >
<c:choose>
@@ -109,8 +112,9 @@
</c:when>
<c:when test="#{(topic.topic.status == forums:constantInt('TOPIC_LOCKED'))
- && (topic.topic.forum.status != forums:constantInt('FORUM_LOCKED'))}">
-
+ && (topic.topic.forum.status != forums:constantInt('FORUM_LOCKED'))}">
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{topic.topic.forum}">
+ <!-- new topic -->
<h:commandLink id="newTopic" action="#{newTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:verbatim>
@@ -119,6 +123,9 @@
alt="${resource.Post_new_topic}"/>
</f:verbatim>
</h:commandLink>
+ </forums:isAllowed>
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
+ <!-- reply -->
<h:commandLink id="replyTopic" action="#{replyTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
@@ -128,11 +135,12 @@
alt="${resource.Topic_locked}" />
</f:verbatim>
</h:commandLink>
-
+ </forums:isAllowed>
</c:when>
<c:otherwise>
-
+ <!-- new topic -->
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{topic.topic.forum}">
<h:commandLink id="newTopic" action="#{newTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:verbatim>
@@ -141,6 +149,9 @@
alt="${resource.Post_new_topic}"/>
</f:verbatim>
</h:commandLink>
+ </forums:isAllowed>
+ <!-- reply -->
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
<h:commandLink id="replyTopic" action="#{replyTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
@@ -149,8 +160,8 @@
src="#{forums:themeURL('resourceReplyNewURL')}"
alt="${resource.Reply_to_topic}" />
</f:verbatim>
- </h:commandLink>
-
+ </h:commandLink>
+ </forums:isAllowed>
</c:otherwise>
</c:choose>
@@ -261,6 +272,7 @@
<!-- "Quote", "Edit", and "Delete" buttons -->
<td valign="top" nowrap="">
<!-- add the quote link -->
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
<h:commandLink action="#{replyTopic.startQuote}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
@@ -269,14 +281,18 @@
<img border="0" src="#{forums:themeURL('resourceIconQuoteURL')}"/>
</f:verbatim>
</h:commandLink>
+ </forums:isAllowed>
<!-- add the edit post link -->
+ <forums:isAllowed fragment="acl://editPost" contextData="#{postrow}">
<h:commandLink action="#{editPost.start}" style="text-decoration: none;">
<f:param name="p" value="#{postrow.id}"/>
<f:verbatim>
<img border="0" src="#{forums:themeURL('resourceIconEditURL')}"/>
</f:verbatim>
</h:commandLink>
+ </forums:isAllowed>
<!-- add the delete post link -->
+ <forums:isAllowed fragment="acl://deletePost" contextData="#{postrow}">
<h:outputLink value="#{forums:outputLink('/views/topics/delete_post.jsf',true)}" style="text-decoration: none;">
<f:param name="p" value="#{postrow.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
@@ -285,6 +301,7 @@
<img border="0" src="#{forums:themeURL('resourceIconDelpostURL')}"/>
</f:verbatim>
</h:outputLink>
+ </forums:isAllowed>
</td>
</tr>
<tr>
@@ -494,9 +511,8 @@
<table width="100%" cellspacing="2" cellpadding="2" border="0"
align="center">
<tr>
- <!-- insert the newTopic and replyTopic buttons here -->
- <!-- TODO: insert security check to make sure "posting" is allowed -->
- <td align="left" valign="bottom" nowrap="nowrap">
+ <!-- insert the newTopic and replyTopic buttons here -->
+ <td align="left" valign="bottom" nowrap="nowrap" class="nav" >
<c:choose>
<c:when test="#{topic.topic.forum.status == forums:constantInt('FORUM_LOCKED')}">
@@ -511,9 +527,10 @@
</c:when>
<c:when test="#{(topic.topic.status == forums:constantInt('TOPIC_LOCKED'))
- && (topic.topic.forum.status != forums:constantInt('FORUM_LOCKED'))}">
-
- <h:commandLink action="#{newTopic.start}" style="text-decoration: none;">
+ && (topic.topic.forum.status != forums:constantInt('FORUM_LOCKED'))}">
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{topic.topic.forum}">
+ <!-- new topic -->
+ <h:commandLink id="newTopicBelow" action="#{newTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:verbatim>
<img border="0"
@@ -521,7 +538,10 @@
alt="${resource.Post_new_topic}"/>
</f:verbatim>
</h:commandLink>
- <h:commandLink action="#{replyTopic.start}" style="text-decoration: none;">
+ </forums:isAllowed>
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
+ <!-- reply -->
+ <h:commandLink id="replyTopicBelow" action="#{replyTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
<f:verbatim>
@@ -530,12 +550,13 @@
alt="${resource.Topic_locked}" />
</f:verbatim>
</h:commandLink>
-
+ </forums:isAllowed>
</c:when>
- <c:otherwise>
-
- <h:commandLink action="#{newTopic.start}" style="text-decoration: none;">
+ <c:otherwise>
+ <!-- new topic -->
+ <forums:isAllowed fragment="acl://newTopic" contextData="#{topic.topic.forum}">
+ <h:commandLink id="newTopicBelow" action="#{newTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:verbatim>
<img border="0"
@@ -543,7 +564,10 @@
alt="${resource.Post_new_topic}"/>
</f:verbatim>
</h:commandLink>
- <h:commandLink action="#{replyTopic.start}" style="text-decoration: none;">
+ </forums:isAllowed>
+ <!-- reply -->
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
+ <h:commandLink id="replyTopicBelow" action="#{replyTopic.start}" style="text-decoration: none;">
<f:param name="f" value="#{topic.topic.forum.id}"/>
<f:param name="t" value="#{topic.topic.id}"/>
<f:verbatim>
@@ -551,15 +575,15 @@
src="#{forums:themeURL('resourceReplyNewURL')}"
alt="${resource.Reply_to_topic}" />
</f:verbatim>
- </h:commandLink>
-
+ </h:commandLink>
+ </forums:isAllowed>
</c:otherwise>
</c:choose>
- <br />
- </td>
+
+ </td>
- <td align="left" valign="middle" class="nav" width="100%">
+ <td align="left" valign="middle" class="nav" width="100%">
&nbsp;&nbsp;&nbsp;
<h:outputLink value="#{forums:outputLink(shared.links['category'],true)}"
styleClass="nav">
@@ -661,9 +685,9 @@
<br/>
</td>
-->
-
- <!-- instant reply widget -->
- <!-- TODO: security check needed here to check if "replying" to this topic is allowed -->
+
+ <!-- instant reply widget -->
+ <forums:isAllowed fragment="acl://reply" contextData="#{topic.topic}">
<script language='JavaScript' type='text/javascript'>
function checkForm()
{
@@ -705,6 +729,7 @@
</span>
</h:form>
</td>
+ </forums:isAllowed>
<!-- integrate jumpbox here -->
<td align="right" valign="top" nowrap="nowrap">
<ui:include src="/views/jumpbox.xhtml"/>
@@ -739,6 +764,8 @@
</td>
</tr>
</table>
+ </forums:isAllowed>
+ </forums:isAllowed>
</c:when>
<c:otherwise>
<table class="forumline" width="100%" cellspacing="1" cellpadding="4" border="0">
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_ballot.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_ballot.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_ballot.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -47,11 +47,13 @@
<td align="center">
<table cellspacing="0" cellpadding="2" border="0">
<c:forEach items="#{poll.options}" var="optionrow" varStatus="status">
- <tr>
+ <tr>
+ <forums:isAllowed fragment="acl://votePoll" contextData="#{poll}">
<td>
<input type="radio" name="vote" value="#{(status.index)-1}"/>
&nbsp;
</td>
+ </forums:isAllowed>
<td>
<span class="gen">#{optionrow.question}</span>
</td>
@@ -59,12 +61,14 @@
</c:forEach>
</table>
</td>
- </tr>
+ </tr>
+ <forums:isAllowed fragment="acl://votePoll" contextData="#{poll}">
<tr>
<td align="center">
<h:commandButton action="#{pollController.vote}" value="${resource.Submit_vote}" styleClass="liteoption"/>
</td>
</tr>
+ </forums:isAllowed>
<tr>
<td align="center"><span class="gensmall">
<b>
Modified: labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_result.xhtml
===================================================================
--- labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_result.xhtml 2006-05-26 18:11:29 UTC (rev 4451)
+++ labs/jbossforums/trunk/forums/src/resources/portal-forums-war/views/topics/viewtopic_poll_result.xhtml 2006-05-27 01:27:09 UTC (rev 4452)
@@ -87,7 +87,8 @@
<td colspan="4" align="center">
<span class="gen"><b>${resource.Total_votes} : #{poll.votesSum}</b></span>
</td>
- </tr>
+ </tr>
+ <forums:isAllowed fragment="acl://votePoll" contextData="#{poll}">
<!-- switch back to the voting screen -->
<tr>
<td align="center"><span class="gensmall">
@@ -101,6 +102,7 @@
</span>
</td>
</tr>
+ </forums:isAllowed>
</table>
</td>
</tr>
|
