inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

ALF-10182: Activity Feed shows activities where user does not have read permission on the item

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32469 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2011-12-02 12:49:26 +00:00
parent 81898b9154
commit 695f555c36
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
source/java/org/alfresco/repo/web/scripts/blogs/AbstractBlogWebScript.java
View File

@@ -21,6 +21,7 @@ package org.alfresco.repo.web.scripts.blogs;
import java.io.IOException; import java.io.IOException;
import java.util.Map; import java.util.Map;
import org.alfresco.repo.activities.post.lookup.PostLookup;
import org.alfresco.repo.blog.BlogServiceImpl; import org.alfresco.repo.blog.BlogServiceImpl;
import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.model.Repository; import org.alfresco.repo.model.Repository;
@@ -36,6 +37,7 @@ import org.alfresco.service.cmr.site.SiteService;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.json.JSONStringer; import org.json.JSONStringer;
import org.json.JSONWriter;
import org.json.simple.JSONObject; import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser; import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException; import org.json.simple.parser.ParseException;
@@ -114,7 +116,7 @@ public abstract class AbstractBlogWebScript extends DeclarativeWebScript
* @param event One of created, updated, deleted * @param event One of created, updated, deleted
*/ */
protected void addActivityEntry(String event, BlogPostInfo blog, protected void addActivityEntry(String event, BlogPostInfo blog,
SiteInfo site, WebScriptRequest req, JSONObject json) SiteInfo site, WebScriptRequest req, JSONObject json, NodeRef nodeRef)
{ {
// We can only add activities against a site // We can only add activities against a site
if (site == null) if (site == null)
@@ -147,11 +149,19 @@ public abstract class AbstractBlogWebScript extends DeclarativeWebScript
try try
{ {
String data = new JSONStringer() JSONWriter jsonWriter = new JSONStringer()
.object() .object()
.key(TITLE).value(title) .key(TITLE).value(title)
.key(PAGE).value(page) .key(PAGE).value(page);
.endObject().toString();
if (nodeRef != null)
{
// ALF-10182: the nodeRef needs to be included in the activity
// post to ensure read permissions are respected.
jsonWriter.key(PostLookup.JSON_NODEREF).value(nodeRef.toString());
}
String data = jsonWriter.endObject().toString();
activityService.postActivity( activityService.postActivity(
"org.alfresco.blog.post-" + event, "org.alfresco.blog.post-" + event,

2
source/java/org/alfresco/repo/web/scripts/blogs/posts/BlogPostsPost.java
View File

@@ -83,7 +83,7 @@ public class BlogPostsPost extends AbstractBlogWebScript
jsonPostParams.getPage() != null && jsonPostParams.getPage() != null &&
!isDraft) !isDraft)
{ {
addActivityEntry("created", post, site, req, json); addActivityEntry("created", post, site, req, json, nodeRef);
} }
return model; return model;