portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: Redundant permission checking
Date Mon, 06 Jan 2003 07:28:20 GMT

On Thursday, December 26, 2002, at 01:13  PM, Mark Orciuch wrote:

> Is there any purpose for checking portlet view permission in
> StatefulPortletWrapper.isClosed and in 
> StatefulPortletWrapper.isMinimized:
>
>     /**
>      * Returns true if this portlet is currently closed
>      */
>     public final boolean isClosed(RunData rundata)
>     {
>         if( checkPermission(rundata,
>                             JetspeedSecurity.PERMISSION_VIEW ) )
>         {
>             return wrappedState.isClosed( rundata );
>         }
>         else
>         {
>             //FIXME: for the moment we will allow this call to 
> succeed...
>             //throw new TurbineRuntimeException( "Security check 
> failed" );
>             return wrappedState.isClosed( rundata );
>         }
>     }
>
>     /**
>      * Returns true if this portlet is currently minimized
>      */
>     public boolean isMinimized(RunData rundata)
>     {
>         if( checkPermission(rundata,
>                             JetspeedSecurity.PERMISSION_VIEW ) )
>         {
>             return wrappedState.isMinimized( rundata );
>         }
>         else
>         {
>             //FIXME: for the moment we will allow this call to 
> succeed...
>             //throw new TurbineRuntimeException( "Security check 
> failed" );
>             return wrappedState.isMinimized( rundata );
>         }
>     }
>
> I can't see a reason why to do this and it screws up the portlet access
> logging (each portlet view is logged 3 times per page). Does anyone 
> have any
> objections to remove this check?
>

+1 for removing it

--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646




--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message