-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
434 template paths #592
434 template paths #592
Conversation
@mburri would it be better to move this validation to the business module? Else it has to be reimplemented for rest/angular again. |
@yvespp moving the logic to business-module makes sense. liima/AMW_web/src/main/java/ch/puzzle/itc/mobiliar/presentation/templateEdit/EditTemplateView.java Line 266 in 5429171
And one in the bussiness-module but only for templates for relations: There is no permission check in the TemplateEditor for the other possible types (ResourceType/ Resource), see: liima/AMW_web/src/main/java/ch/puzzle/itc/mobiliar/presentation/templateEdit/EditTemplateView.java Line 276 in 5429171
I tried to move these to the template editor (different branch) but abandoned it for now because it became a really big change... I think the simplest change would be to keep the permission check in EditTemplateView and move the template path validation to the TemplateEditor - or what do you think? |
I moved the permission checks for resources and resource types to the template editor (see branch 434-template-paths-permission-check-explorations) - but i got quite confused by the method TemplateEditor#saveTemplateForRelation that already does check permissions - but in a different way than EditTemplateView#canModifyTemplates() Further investigations revealed, that the permission checks to create/ update templates for resource, resourcetypes and/ or resource relation (that seem to fall back to resources or resource types) are also covered by annotations. The specific implementations are necessary to distinguish between create/ update a template. What is the preferred way for permission checks in Liima:
Personally, I'd like to use annotations where possible. |
Via annotations is fine. For complicated checks it's probably easier in code. |
I'm closing this issue without merging in favor of #595 |
Validate the specified path for the template. Absolute paths starting with "/" and path traversals "../" are not allowed.
I allowed myself to add some wrapper methods in order to be able to write some unit tests and slightly refactor the save() method (mostly for readability)
fixes #434