[JS1-189] [FIX] Redundant permission checking - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Resolution: Fixed
Affects Version/s: 1.4b2
Fix Version/s: None
Component/s: Security
Labels:
None
Environment:
Operating System: Other
Platform: Other

Bugzilla Id:
15818

Description

Is there any purpose for checking portlet view permission in
StatefulPortletWrapper.isClosed and in StatefulPortletWrapper.isMinimized:

/**

Returns true if this portlet is currently closed
*/
public final boolean isClosed(RunData rundata)
Unknown macro: { if( checkPermission(rundata, JetspeedSecurity.PERMISSION_VIEW ) ) { return wrappedState.isClosed( rundata ); } else { //FIXME: for the moment we will allow this call to succeed... //throw new TurbineRuntimeException( "Security check failed" ); return wrappedState.isClosed( rundata ); } }

/**

Returns true if this portlet is currently minimized
*/
public boolean isMinimized(RunData rundata)
Unknown macro: { if( checkPermission(rundata, JetspeedSecurity.PERMISSION_VIEW ) ) { return wrappedState.isMinimized( rundata ); } else { //FIXME: for the moment we will allow this call to succeed... //throw new TurbineRuntimeException( "Security check failed" ); return wrappedState.isMinimized( rundata ); } }

I can't see a reason why to do this and it screws up the portlet access
logging (each portlet view is logged 3 times per page).

Attachments

Activity

People

Assignee:: Mark Orciuch

Reporter:: Mark Orciuch

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Jan/03 00:59

Updated:: 24/Mar/04 14:32

Resolved:: 24/Mar/04 14:32