From 99d679667573fe07f0705a98536f4569a1105a75 Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Tue, 3 Feb 2009 04:43:11 +0000 Subject: [PATCH] Prevent Event, WikiPage and Thread from being pasted places where they don't belong. This allows chained method calls to "getMyParent", getParent, getWiki, getCalendar, etc. to work. Adds the new canPaste and validParent method to Asset and AssetClipboard. --- docs/changelog/7.x.x.txt | 2 ++ lib/WebGUI/Asset.pm | 22 +++++++++++++++++-- lib/WebGUI/Asset/Event.pm | 16 ++++++++++++++ lib/WebGUI/Asset/Post/Thread.pm | 16 ++++++++++++++ lib/WebGUI/Asset/WikiPage.pm | 38 ++++++++++++++++----------------- lib/WebGUI/AssetClipboard.pm | 3 ++- 6 files changed, 75 insertions(+), 22 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index f1704c970..a94d8e535 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -9,6 +9,8 @@ - fixed #9603: moving wiki page - fixed #9302: Spectre Problem... - fixed #9635: Matrix - Add attributes not working + - fixed: Many child assets, including WikiPage, Post and Event, will no longer let you add or paste them in places + where they do not belong. 7.6.10 - fixed #9577: WebGUI::Form::Url::getValue returns blank rather than undef for blank fields diff --git a/lib/WebGUI/Asset.pm b/lib/WebGUI/Asset.pm index 8d38feb4b..97887aced 100644 --- a/lib/WebGUI/Asset.pm +++ b/lib/WebGUI/Asset.pm @@ -182,7 +182,8 @@ sub assetExists { =head2 canAdd ( session, [userId, groupId] ) -Verifies that the user has the privileges necessary to add this type of asset. Return a boolean. +Verifies that the user has the privileges necessary to add this type of asset and that the requested asset +can be added as a child of this asset. Return a boolean. A class method. @@ -224,7 +225,8 @@ sub canAdd { my $subclassGroupId = shift; my $addPrivsGroup = $session->config->get("assets/".$className."/addGroup"); my $groupId = $addPrivsGroup || $subclassGroupId || '12'; - return $user->isInGroup($groupId); + my $validParent = $className->validParent($session); + return $user->isInGroup($groupId) && $validParent; } @@ -2431,6 +2433,22 @@ sub urlExists { } +#------------------------------------------------------------------- + +=head2 validParent ( ) + +Make sure that the current session asset is a valid parent for the child and return true or false. +For example, a WikiPage would check for a WikiMaster. It should be overridden by those children +that need to perform that kind of check. + +This is a class method. + +=cut + +sub validParent { + return 1; +} + #------------------------------------------------------------------- =head2 view ( ) diff --git a/lib/WebGUI/Asset/Event.pm b/lib/WebGUI/Asset/Event.pm index d0aaee0af..f183c1bc8 100644 --- a/lib/WebGUI/Asset/Event.pm +++ b/lib/WebGUI/Asset/Event.pm @@ -1855,6 +1855,22 @@ sub update { } +#------------------------------------------------------------------- + +=head2 validParent + +Make sure that the current session asset is a Calendar for pasting and adding checks. + +This is a class method. + +=cut + +sub validParent { + my $class = shift; + my $session = shift; + return $session->asset->isa('WebGUI::Asset::Wobject::Calendar'); +} + #################################################################### =head2 view diff --git a/lib/WebGUI/Asset/Post/Thread.pm b/lib/WebGUI/Asset/Post/Thread.pm index c7ab6c4c0..ff6dc6110 100644 --- a/lib/WebGUI/Asset/Post/Thread.pm +++ b/lib/WebGUI/Asset/Post/Thread.pm @@ -868,6 +868,22 @@ sub updateThreadRating { } +#------------------------------------------------------------------- + +=head2 validParent + +Make sure that the current session asset is a CS for pasting and adding checks. + +This is a class method. + +=cut + +sub validParent { + my $class = shift; + my $session = shift; + return $session->asset->isa('WebGUI::Asset::Wobject::Collaboration'); +} + #------------------------------------------------------------------- sub view { my $self = shift; diff --git a/lib/WebGUI/Asset/WikiPage.pm b/lib/WebGUI/Asset/WikiPage.pm index 4e5874f2c..6f3e5f4f1 100644 --- a/lib/WebGUI/Asset/WikiPage.pm +++ b/lib/WebGUI/Asset/WikiPage.pm @@ -51,11 +51,9 @@ sub addRevision { #------------------------------------------------------------------- sub canAdd { - my $class = shift; - my $session = shift; - my $assetCanAdd = $class->next::method($session, undef, '7'); - my $parentCheck = $session->asset->isa('WebGUI::Asset::Wobject::WikiPage'); - return $assetCanAdd && $parentCheck; + my $class = shift; + my $session = shift; + return $class->next::method($session, undef, '7'); } #------------------------------------------------------------------- @@ -73,20 +71,6 @@ sub canEdit { || ( $wiki->canEditPages && ( $addNew || $editSave || !$self->isProtected) ); } -#------------------------------------------------------------------- - -=head2 canPaste - -Since so much of the Wiki Page depends on the Wiki Master, do not allow it -to be pasted to anywhere but a WikiMaster. - -=cut - -sub canPaste { - my $self = shift; - return $self->session->asset->isa('WebGUI::Asset::Wobject::WikiMaster'); -} - #------------------------------------------------------------------- sub definition { my $class = shift; @@ -335,6 +319,22 @@ sub update { return $self->next::method($properties); } +#------------------------------------------------------------------- + +=head2 validParent + +Make sure that the current session asset is a WikiMaster for pasting and adding checks. + +This is a class method. + +=cut + +sub validParent { + my $class = shift; + my $session = shift; + return $session->asset->isa('WebGUI::Asset::Wobject::WikiMaster'); +} + #------------------------------------------------------------------- sub view { my $self = shift; diff --git a/lib/WebGUI/AssetClipboard.pm b/lib/WebGUI/AssetClipboard.pm index 3ee134879..7763222b5 100644 --- a/lib/WebGUI/AssetClipboard.pm +++ b/lib/WebGUI/AssetClipboard.pm @@ -48,7 +48,8 @@ paste a wiki page anywhere else but a wiki master. =cut sub canPaste { - return 1; + my $self = shift; + return $self->validParent($self->session); ##Lazy call to a class method } #-------------------------------------------------------------------