Session->Privilege is not design well to work in embedded applications
like the RTE because by default it uses the default user style from settings. This renders a full page, when we really need a message. I've added an argument to session->privilege->insufficient to use the empty style and to use a different message with no embedded macros to process for logging in. I tested this on the RTE folder adder and it works fine. I duplicated this work in the Image add/edit save routine as well. Since privilege->insuffient didn't take arguments before, this preserves the existing API, which is broken.
This commit is contained in:
Colin Kuskie
parent
ae2c99beb5
commit
0eba64bc52
4 changed files with 17 additions and 4 deletions
|
|
@ -373,7 +373,7 @@ sub www_richEditAddFolderSave {
|
|||
# get base url
|
||||
my $base = WebGUI::Asset->newByUrl($session) || WebGUI::Asset->getRoot($session);
|
||||
# check if user can edit the current asset
|
||||
return $session->privilege->insufficient() unless $base->canEdit;
|
||||
return $session->privilege->insufficient('bare') unless $base->canEdit;
|
||||
|
||||
my $filename = $session->form->process('filename') || 'untitled';
|
||||
$base->addChild({
|
||||
|
|
@ -458,7 +458,7 @@ sub www_richEditAddImageSave {
|
|||
#my $base = $session->asset;
|
||||
my $url = $base->getUrl;
|
||||
# check if user can edit the current asset
|
||||
return $session->privilege->insufficient() unless $base->canEdit;
|
||||
return $session->privilege->insufficient('bare') unless $base->canEdit;
|
||||
|
||||
my $storage = WebGUI::Storage::Image->create($session);
|
||||
my $filename = $storage->addFileFromFormPost('filename');
|
||||
|
|
|
|||
|
|
@ -88,10 +88,17 @@ Returns a message stating that the user does not have the required privileges to
|
|||
|
||||
sub insufficient {
|
||||
my $self = shift;
|
||||
my $noStyle = shift;
|
||||
my $i18n = WebGUI::International->new($self->session);
|
||||
$self->session->http->setStatus("401", "Insufficient Privileges");
|
||||
my $output = '<h1>'.$i18n->get(37).'</h1>';
|
||||
$output .= $i18n->get(38);
|
||||
if ($noStyle) {
|
||||
$self->session->style->useEmptyStyle(1);
|
||||
$output .= $i18n->get('bare insufficient');
|
||||
}
|
||||
else {
|
||||
$output .= $i18n->get(38);
|
||||
}
|
||||
return $self->session->style->userStyle($output);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3288,6 +3288,11 @@ that Asset and all Assets below it.</p>
|
|||
lastUpdated => 1031514049
|
||||
},
|
||||
|
||||
'bare insufficient' => {
|
||||
message => q|You do not have sufficient privileges to perform this operation. Please log in with an account that has sufficient privileges before attempting this operation.|,
|
||||
lastUpdated => 1169790230
|
||||
},
|
||||
|
||||
'164' => {
|
||||
message => q|Authentication Method|,
|
||||
lastUpdated => 1031514049
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue