Changeset 3097


Ignore:
Timestamp:
Feb 5, 2007, 11:49:55 AM (15 years ago)
Author:
Nicklas Nordborg
Message:

Fixed permission check problem that caused a query to return items the logged in user didn't have
access to. Reverted the previous change since it is no longer needed.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/core/net/sf/basedb/core/QueryRuntimeFilterFactory.java

    r2962 r3097  
    186186    public void enableFilters(QueryRuntimeFilterManager manager, EntityQuery query, DbControl dc)
    187187    {
    188       if (dc.getSessionControl().isDenied(query.getItemPermission(), query.getItemType()))
     188      if (!dc.getSessionControl().hasPermission(query.getItemPermission(), query.getItemType()))
    189189      {
    190190        // No items should be returned if a user doesn't have access
  • trunk/www/lims/platemappings/list_mappings.jsp

    r3095 r3097  
    2525  @version 2.0
    2626--%>
    27 <%@ page session="false"
     27<%@ page
    2828  import="net.sf.basedb.core.SessionControl"
    2929  import="net.sf.basedb.core.DbControl"
     
    221221      Enumeration<String, String> geometries = new Enumeration<String, String>();
    222222      ItemResultList<PlateGeometry> plateGeometries = geometryQuery.list(dc);
    223       if (sc.hasPermission(Permission.READ, Item.PLATEGEOMETRY))
    224       {
    225         for (PlateGeometry pg : plateGeometries)
    226         {
    227           geometries.add(Integer.toString(pg.getId()), HTML.encodeTags(pg.getName()));
    228         }
     223      for (PlateGeometry pg : plateGeometries)
     224      {
     225        geometries.add(Integer.toString(pg.getId()), HTML.encodeTags(pg.getName()));
    229226      }
    230227      %>
Note: See TracChangeset for help on using the changeset viewer.