434 template paths #592
434 template paths #592
Conversation
|
@mburri would it be better to move this validation to the business module? Else it has to be reimplemented for rest/angular again. |
|
@yvespp moving the logic to business-module makes sense. And one in the bussiness-module but only for templates for relations: There is no permission check in the TemplateEditor for the other possible types (ResourceType/ Resource), see: I tried to move these to the template editor (different branch) but abandoned it for now because it became a really big change... I think the simplest change would be to keep the permission check in EditTemplateView and move the template path validation to the TemplateEditor - or what do you think? |
|
I moved the permission checks for resources and resource types to the template editor (see branch 434-template-paths-permission-check-explorations) - but i got quite confused by the method TemplateEditor#saveTemplateForRelation that already does check permissions - but in a different way than EditTemplateView#canModifyTemplates() Further investigations revealed, that the permission checks to create/ update templates for resource, resourcetypes and/ or resource relation (that seem to fall back to resources or resource types) are also covered by annotations. The specific implementations are necessary to distinguish between create/ update a template. What is the preferred way for permission checks in Liima:
Personally, I'd like to use annotations where possible. |
|
Via annotations is fine. For complicated checks it's probably easier in code. |
|
I'm closing this issue without merging in favor of #595 |
Validate the specified path for the template. Absolute paths starting with "/" and path traversals "../" are not allowed.
I allowed myself to add some wrapper methods in order to be able to write some unit tests and slightly refactor the save() method (mostly for readability)
fixes #434