Neither PUBLIC nor self-editors get to edit any properties by virtue of their role.
This commit is contained in:
j2blake
parent
6ed41b7745
commit
71ed58cc2e
2 changed files with 13 additions and 5 deletions
|
|
@ -145,6 +145,11 @@ public class PermissionRegistry {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* There is no DisplayByRolePermission for self-editors. They get the
|
||||||
|
* same rights as PUBLIC. Other permissions give them their self-editing
|
||||||
|
* privileges.
|
||||||
|
*/
|
||||||
private Collection<Permission> createDisplayByRolePermissions(
|
private Collection<Permission> createDisplayByRolePermissions(
|
||||||
ServletContext ctx) {
|
ServletContext ctx) {
|
||||||
List<Permission> list = new ArrayList<Permission>();
|
List<Permission> list = new ArrayList<Permission>();
|
||||||
|
|
@ -159,13 +164,20 @@ public class PermissionRegistry {
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* There is no EditByRolePermission for PUBLIC or for self-editors. A
|
||||||
|
* property may be given an edit-level of "PUBLIC", but that may also
|
||||||
|
* simply be the default assigned to it when editing, and we don't want
|
||||||
|
* to recognize that.
|
||||||
|
*
|
||||||
|
* Other permissions give self-editors their editing privileges.
|
||||||
|
*/
|
||||||
private Collection<Permission> createEditByRolePermissions(
|
private Collection<Permission> createEditByRolePermissions(
|
||||||
ServletContext ctx) {
|
ServletContext ctx) {
|
||||||
List<Permission> list = new ArrayList<Permission>();
|
List<Permission> list = new ArrayList<Permission>();
|
||||||
list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN, ctx));
|
list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN, ctx));
|
||||||
list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR, ctx));
|
list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR, ctx));
|
||||||
list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR, ctx));
|
list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR, ctx));
|
||||||
list.add(new EditByRolePermission("Public", RoleLevel.PUBLIC, ctx));
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -137,7 +137,6 @@ auth:SELF_EDITOR
|
||||||
# For role-based display and editing, SelfEditor is like Public.
|
# For role-based display and editing, SelfEditor is like Public.
|
||||||
# SelfEditor uses its special permissions to edit/display its own values.
|
# SelfEditor uses its special permissions to edit/display its own values.
|
||||||
auth:hasPermission displayByRole:Public ;
|
auth:hasPermission displayByRole:Public ;
|
||||||
auth:hasPermission editByRole:Public ;
|
|
||||||
.
|
.
|
||||||
|
|
||||||
auth:PUBLIC
|
auth:PUBLIC
|
||||||
|
|
@ -150,7 +149,4 @@ auth:PUBLIC
|
||||||
|
|
||||||
# role-based permissions for PUBLIC
|
# role-based permissions for PUBLIC
|
||||||
auth:hasPermission displayByRole:Public ;
|
auth:hasPermission displayByRole:Public ;
|
||||||
|
|
||||||
# why are some properties declared editable by PUBLIC, but we don't want them to be.
|
|
||||||
# auth:hasPermission editByRole:Public ;
|
|
||||||
.
|
.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue