From 0750e3f2cd4948de6fd1c888c7d5df6e6d998c36 Mon Sep 17 00:00:00 2001 From: "Eric J. Bowersox" Date: Thu, 15 Nov 2001 05:13:57 +0000 Subject: [PATCH] there was a problem with security on conf.getHideList()/conf.setHideList() - added conf.canSetHideList() and some extra code to EditConferenceDialog to help get around this. --- .../venice/core/ConferenceContext.java | 2 ++ .../core/impl/ConferenceUserContextImpl.java | 6 ++++ .../servlets/format/EditConferenceDialog.java | 29 +++++++++++++++---- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/src/com/silverwrist/venice/core/ConferenceContext.java b/src/com/silverwrist/venice/core/ConferenceContext.java index 30a7feb..d9a3390 100644 --- a/src/com/silverwrist/venice/core/ConferenceContext.java +++ b/src/com/silverwrist/venice/core/ConferenceContext.java @@ -102,6 +102,8 @@ public interface ConferenceContext public abstract void setHideList(boolean flag) throws DataException, AccessError; + public abstract boolean canSetHideList(); + public abstract String getDefaultPseud(); public abstract void setDefaultPseud(String val) throws DataException; diff --git a/src/com/silverwrist/venice/core/impl/ConferenceUserContextImpl.java b/src/com/silverwrist/venice/core/impl/ConferenceUserContextImpl.java index 6b240df..ce93d02 100644 --- a/src/com/silverwrist/venice/core/impl/ConferenceUserContextImpl.java +++ b/src/com/silverwrist/venice/core/impl/ConferenceUserContextImpl.java @@ -747,6 +747,12 @@ class ConferenceUserContextImpl implements ConferenceContext, ConferenceBackend } // end setHideList + public boolean canSetHideList() + { + return comm.userCanCreateSubobjects(); + + } // end canSetHideList + public String getDefaultPseud() { return pseud; diff --git a/src/com/silverwrist/venice/servlets/format/EditConferenceDialog.java b/src/com/silverwrist/venice/servlets/format/EditConferenceDialog.java index bc5a76e..d7add83 100644 --- a/src/com/silverwrist/venice/servlets/format/EditConferenceDialog.java +++ b/src/com/silverwrist/venice/servlets/format/EditConferenceDialog.java @@ -85,6 +85,17 @@ public class EditConferenceDialog extends ContentDialog } // end constructor + /*-------------------------------------------------------------------------------- + * Internal operations + *-------------------------------------------------------------------------------- + */ + + private final void doDisable(CommunityContext comm, ConferenceContext conf) + { + setFieldEnabled("hide",conf.canSetHideList()); + + } // end doDisable + /*-------------------------------------------------------------------------------- * External operations *-------------------------------------------------------------------------------- @@ -92,15 +103,21 @@ public class EditConferenceDialog extends ContentDialog public void setupDialog(CommunityContext comm, ConferenceContext conf) throws DataException, AccessError { + doDisable(comm,conf); setHiddenField("sig",String.valueOf(comm.getCommunityID())); setHiddenField("conf",String.valueOf(conf.getConfID())); setTitle("Edit Conference: " + conf.getName()); setFieldValue("name",conf.getName()); setFieldValue("descr",conf.getDescription()); - if (conf.getHideList()) - setFieldValue("hide",YES); - else - setFieldValue("hide",""); + if (conf.canSetHideList()) + { // this is only valid at community level + if (conf.getHideList()) + setFieldValue("hide",YES); + else + setFieldValue("hide",""); + + } // end if + setFieldValue("read_lvl",String.valueOf(conf.getReadLevel())); setFieldValue("post_lvl",String.valueOf(conf.getPostLevel())); setFieldValue("create_lvl",String.valueOf(conf.getCreateLevel())); @@ -142,7 +159,8 @@ public class EditConferenceDialog extends ContentDialog // sweep through the conference and set the appropriate changes conf.setName(getFieldValue("name")); conf.setDescription(getFieldValue("descr")); - conf.setHideList(YES.equals(getFieldValue("hide"))); + if (conf.canSetHideList()) + conf.setHideList(YES.equals(getFieldValue("hide"))); conf.setSecurityLevels(read_lvl,post_lvl,create_lvl,hide_lvl,nuke_lvl,change_lvl,delete_lvl); // reset the properties @@ -153,6 +171,7 @@ public class EditConferenceDialog extends ContentDialog public void resetOnError(CommunityContext comm, ConferenceContext conf, String message) { + doDisable(comm,conf); setHiddenField("sig",String.valueOf(comm.getCommunityID())); setHiddenField("conf",String.valueOf(conf.getConfID())); setTitle("Edit Conference: " + conf.getName());