inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

- AWC-1034: Changing inherit permissions can cause an Access Denied exception but operation still works.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5011 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Gavin Cornwell
2007-02-02 11:20:24 +00:00
parent 0aacdf3ee3
commit 09c7da5cef
1 changed files with 69 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
source/java/org/alfresco/web/bean/users/UserMembersBean.java
View File

@@ -48,7 +48,9 @@ import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.web.app.Application; import org.alfresco.web.app.Application;
import org.alfresco.web.app.context.IContextListener; import org.alfresco.web.app.context.IContextListener;
import org.alfresco.web.app.context.UIContextService; import org.alfresco.web.app.context.UIContextService;
import org.alfresco.web.app.servlet.FacesHelper;
import org.alfresco.web.bean.BrowseBean; import org.alfresco.web.bean.BrowseBean;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.bean.repository.MapNode; import org.alfresco.web.bean.repository.MapNode;
import org.alfresco.web.bean.repository.Node; import org.alfresco.web.bean.repository.Node;
import org.alfresco.web.bean.repository.Repository; import org.alfresco.web.bean.repository.Repository;
@@ -545,8 +547,40 @@ public abstract class UserMembersBean implements IContextListener
{ {
msg = Application.getMessage(context, MSG_SUCCESS_INHERIT_NOT); msg = Application.getMessage(context, MSG_SUCCESS_INHERIT_NOT);
} }
FacesMessage facesMsg = new FacesMessage(FacesMessage.SEVERITY_INFO, msg, msg);
context.addMessage(event.getComponent().getClientId(context), facesMsg); // see if the user still has permissions to the node, if not, we need
// to go back to the root of the current "area" by simulating the user
// pressing the top level navigation button i.e. My Home
if (this.permissionService.hasPermission(getNode().getNodeRef(),
PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED)
{
FacesMessage facesMsg = new FacesMessage(FacesMessage.SEVERITY_INFO, msg, msg);
context.addMessage(event.getComponent().getClientId(context), facesMsg);
}
else
{
NavigationBean nb = (NavigationBean)FacesHelper.getManagedBean(
context, NavigationBean.BEAN_NAME);
if (nb != null)
{
try
{
nb.processToolbarLocation(nb.getToolbarLocation(), true);
}
catch (InvalidNodeRefException refErr)
{
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(
FacesContext.getCurrentInstance(), Repository.ERROR_NOHOME),
Application.getCurrentUser(context).getHomeSpaceId()), refErr );
}
catch (Exception err)
{
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(
FacesContext.getCurrentInstance(), Repository.ERROR_GENERIC),
err.getMessage()), err);
}
}
}
} }
catch (Throwable e) catch (Throwable e)
{ {
@@ -641,11 +675,12 @@ public abstract class UserMembersBean implements IContextListener
*/ */
public String removeOK() public String removeOK()
{ {
String outcome = OUTCOME_FINISH;
UserTransaction tx = null; UserTransaction tx = null;
FacesContext context = FacesContext.getCurrentInstance();
try try
{ {
FacesContext context = FacesContext.getCurrentInstance();
tx = Repository.getUserTransaction(context); tx = Repository.getUserTransaction(context);
tx.begin(); tx.begin();
@@ -667,7 +702,37 @@ public abstract class UserMembersBean implements IContextListener
.getCurrentInstance(), ERROR_DELETE), e.getMessage()), e); .getCurrentInstance(), ERROR_DELETE), e.getMessage()), e);
} }
return OUTCOME_FINISH; // see if the user still has permissions to the node, if not, we need
// to go back to the root of the current "area" by simulating the user
// pressing the top level navigation button i.e. My Home
if (this.permissionService.hasPermission(getNode().getNodeRef(),
PermissionService.CHANGE_PERMISSIONS) == AccessStatus.DENIED)
{
NavigationBean nb = (NavigationBean)FacesHelper.getManagedBean(
context, NavigationBean.BEAN_NAME);
if (nb != null)
{
try
{
nb.processToolbarLocation(nb.getToolbarLocation(), true);
outcome = "browse";
}
catch (InvalidNodeRefException refErr)
{
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(
FacesContext.getCurrentInstance(), Repository.ERROR_NOHOME),
Application.getCurrentUser(context).getHomeSpaceId()), refErr );
}
catch (Exception err)
{
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(
FacesContext.getCurrentInstance(), Repository.ERROR_GENERIC),
err.getMessage()), err);
}
}
}
return outcome;
} }