litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2476 DisplayRestrictedDataByRoleLevelPolicy should treat self-editors like the public. Let policies that are specifically for self-editors handle the interesting logic.

Browse source
This commit is contained in:
j2blake 2011-07-14 17:51:22 +00:00
parent 094e6010dd
commit cf42178977
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java
View file

@ -51,6 +51,14 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface {
} }
RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth); RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
/*
* This policy treats a self-editor as no better than public. If you
* want self-editors to see their own properties, some other policy must
* grant that.
*/
if (userRole == RoleLevel.SELF) {
userRole = RoleLevel.PUBLIC;
}
PolicyDecision result; PolicyDecision result;
if (whatToAuth instanceof DisplayDataProperty) { if (whatToAuth instanceof DisplayDataProperty) {