Session->Privilege is not design well to work in embedded applications

like the RTE because by default it uses the default user style from settings.
This renders a full page, when we really need a message.

I've added an argument to session->privilege->insufficient to use the
empty style and to use a different message with no embedded macros
to process for logging in.  I tested this on the RTE folder adder and
it works fine.  I duplicated this work in the Image add/edit save routine
as well.

Since privilege->insuffient didn't take arguments before, this preserves
the existing API, which is broken.
This commit is contained in:
Colin Kuskie 2007-01-26 05:45:56 +00:00
parent ae2c99beb5
commit 0eba64bc52
4 changed files with 17 additions and 4 deletions

View file

@ -373,7 +373,7 @@ sub www_richEditAddFolderSave {
# get base url
my $base = WebGUI::Asset->newByUrl($session) || WebGUI::Asset->getRoot($session);
# check if user can edit the current asset
return $session->privilege->insufficient() unless $base->canEdit;
return $session->privilege->insufficient('bare') unless $base->canEdit;
my $filename = $session->form->process('filename') || 'untitled';
$base->addChild({
@ -458,7 +458,7 @@ sub www_richEditAddImageSave {
#my $base = $session->asset;
my $url = $base->getUrl;
# check if user can edit the current asset
return $session->privilege->insufficient() unless $base->canEdit;
return $session->privilege->insufficient('bare') unless $base->canEdit;
my $storage = WebGUI::Storage::Image->create($session);
my $filename = $storage->addFileFromFormPost('filename');

View file

@ -88,10 +88,17 @@ Returns a message stating that the user does not have the required privileges to
sub insufficient {
my $self = shift;
my $noStyle = shift;
my $i18n = WebGUI::International->new($self->session);
$self->session->http->setStatus("401", "Insufficient Privileges");
my $output = '<h1>'.$i18n->get(37).'</h1>';
$output .= $i18n->get(38);
if ($noStyle) {
$self->session->style->useEmptyStyle(1);
$output .= $i18n->get('bare insufficient');
}
else {
$output .= $i18n->get(38);
}
return $self->session->style->userStyle($output);
}

View file

@ -3288,6 +3288,11 @@ that Asset and all Assets below it.</p>
lastUpdated => 1031514049
},
'bare insufficient' => {
message => q|You do not have sufficient privileges to perform this operation. Please log in with an account that has sufficient privileges before attempting this operation.|,
lastUpdated => 1169790230
},
'164' => {
message => q|Authentication Method|,
lastUpdated => 1031514049