Menu
▾
▴
[Ogoglio-commits] SF.net SVN: ogoglio: [685] maven/trunk/ogoglio-server/src/main/java/com/ ogoglio
|
From: <tre...@us...> - 2008-01-13 23:11:34
|
Revision: 685
http://ogoglio.svn.sourceforge.net/ogoglio/?rev=685&view=rev
Author: trevorolio
Date: 2008-01-13 15:11:36 -0800 (Sun, 13 Jan 2008)
Log Message:
-----------
Fixed a bug in body configuration delete when using admin access.
Modified Paths:
--------------
maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/AccountPersistTasks.java
maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/BodyPersistTasks.java
maven/trunk/ogoglio-server/src/main/java/com/ogoglio/site/AccountServlet.java
Modified: maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/AccountPersistTasks.java
===================================================================
--- maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/AccountPersistTasks.java 2008-01-13 23:11:30 UTC (rev 684)
+++ maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/AccountPersistTasks.java 2008-01-13 23:11:36 UTC (rev 685)
@@ -21,6 +21,7 @@
import com.ogoglio.appdev.persist.PersistException;
import com.ogoglio.util.Log;
import com.ogoglio.xml.AccountDocument;
+import com.ogoglio.xml.BodyDataDocument;
public class AccountPersistTasks {
@@ -165,10 +166,17 @@
Query bodyDataQuery = hibernateSession.getNamedQuery(BodyPersistTasks.BODY_DATA);
BodyDataRecord[] bodyDataRecords = (BodyDataRecord[]) bodyDataQuery.list().toArray(new BodyDataRecord[0]);
- if (bodyDataRecords.length == 0) {
- throw new IllegalStateException("No body data records!");
+ BodyDataRecord guestBodyDataRecord = null;
+ for (int i = 0; i < bodyDataRecords.length; i++) {
+ if(bodyDataRecords[i].getDisplayName().equals(BodyDataDocument.GUEST_BODY_NAME)){
+ guestBodyDataRecord = bodyDataRecords[i];
+ break;
+ }
}
- BodyConfigurationRecord bodyConfRecord = new BodyConfigurationRecord(username, "Body", bodyDataRecords[0].getBodyDataID(), null);
+ if (guestBodyDataRecord == null) {
+ throw new IllegalStateException("No guest body data record with name: " + BodyDataDocument.GUEST_BODY_NAME);
+ }
+ BodyConfigurationRecord bodyConfRecord = new BodyConfigurationRecord(username, "Body", guestBodyDataRecord.getBodyDataID(), null);
hibernateSession.save(bodyConfRecord);
record = new AccountRecord(username, accountlevel, email, false, bodyConfRecord.getBodyConfigurationID(), null, null);
Modified: maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/BodyPersistTasks.java
===================================================================
--- maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/BodyPersistTasks.java 2008-01-13 23:11:30 UTC (rev 684)
+++ maven/trunk/ogoglio-server/src/main/java/com/ogoglio/persist/BodyPersistTasks.java 2008-01-13 23:11:36 UTC (rev 685)
@@ -98,6 +98,7 @@
session.delete(settings[i]);
}
session.delete(record);
+
return Boolean.TRUE;
}
};
Modified: maven/trunk/ogoglio-server/src/main/java/com/ogoglio/site/AccountServlet.java
===================================================================
--- maven/trunk/ogoglio-server/src/main/java/com/ogoglio/site/AccountServlet.java 2008-01-13 23:11:30 UTC (rev 684)
+++ maven/trunk/ogoglio-server/src/main/java/com/ogoglio/site/AccountServlet.java 2008-01-13 23:11:36 UTC (rev 685)
@@ -175,7 +175,7 @@
return true;
}
if ("POST".equals(request.getMethod()) || "DELETE".equals(request.getMethod())) {
- return authedAccount != null && username.equals(authedAccount.getUsername());
+ return authedAccount != null && (username.equals(authedAccount.getUsername()) || authedAccount.getAccountlevel().equals(AccountDocument.ACCOUNT_LEVEL_ADMIN));
}
return false;
}
@@ -183,7 +183,7 @@
private boolean requestOkForBodyList(HttpServletRequest request, String[] pathElements, AccountRecord authedAccount) {
String username = pathElements[pathElements.length - 2];
if ("GET".equals(request.getMethod()) || "HEAD".equals(request.getMethod()) || "POST".equals(request.getMethod()) || "DELETE".equals(request.getMethod())) {
- return authedAccount != null && username.equals(authedAccount.getUsername());
+ return authedAccount != null && (username.equals(authedAccount.getUsername()) || authedAccount.getAccountlevel().equals(AccountDocument.ACCOUNT_LEVEL_ADMIN));
}
return false;
}
@@ -345,7 +345,12 @@
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
- BodyConfigurationRecord record = BodyPersistTasks.findBodyConfigurationByID(authedAccount.getDefaultBodyConfigurationID(), getSessionFactory());
+ AccountRecord requestedAccountRecord = AccountPersistTasks.findAccountByUsername(username, getSessionFactory());
+ if(requestedAccountRecord == null){
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ BodyConfigurationRecord record = BodyPersistTasks.findBodyConfigurationByID(requestedAccountRecord.getDefaultBodyConfigurationID(), getSessionFactory());
if (record == null) {
throw new IllegalStateException("Account has a bogus body configuration record.. " + authedAccount.getDefaultBodyConfigurationID());
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
