r3509 - in trunk: pollen-services/src/main/java/org/chorem/pollen/services/impl pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll - Pollen-commits

18 Jun 2012

Author: tchemit
Date: 2012-06-18 12:01:58 +0200 (Mon, 18 Jun 2012)
New Revision: 3509

Url: http://chorem.org/repositories/revision/pollen/3509

Log:
fix security stuffs

Modified:
   trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java
   trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll/DeleteVote.java

Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java
===================================================================

--- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java	2012-06-18 09:45:51 UTC (rev 3508)
+++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java	2012-06-18 10:01:58 UTC (rev 3509)
@@ -24,7 +24,6 @@
 
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Sets;
-import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.chorem.pollen.PollenTechnicalException;
 import org.chorem.pollen.bean.PollUri;
@@ -59,9 +58,11 @@
         boolean result = creator.getAccountId().equals(uriId.getAccountId());
         if (!result) {
 
-            // try to match userAccount
-            result = ObjectUtils.equals(pollenUserAccount,
-                                        creator.getUserAccount());
+            if (pollenUserAccount != null) {
+
+                // try to match userAccount
+                result = pollenUserAccount.equals(creator.getUserAccount());
+            }
         }
         return result;
     }

Modified: trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll/DeleteVote.java
===================================================================
--- trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll/DeleteVote.java	2012-06-18 09:45:51 UTC (rev 3508)
+++ trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll/DeleteVote.java	2012-06-18 10:01:58 UTC (rev 3509)
@@ -24,6 +24,7 @@
 
 import com.google.common.base.Preconditions;
 import org.chorem.pollen.business.persistence.Poll;
+import org.chorem.pollen.common.PollType;
 
 /**
  * To delete a poll vote.
@@ -68,6 +69,14 @@
         getVoteService().deleteVote(poll, voteId, reason);
 
         addFlashMessage(_("pollen.information.vote.deleted"));
+
+        if (poll.getPollType() == PollType.FREE &&
+            getUriId().isAccountIdNotBlank() &&
+            !poll.getCreator().getAccountId().equals(getAccountId())) {
+
+            // remove accountId from url, voter does no longer exists.
+            getUriId().setAccountId(null);
+        }
         return SUCCESS;
     }
 }

    

r3509 - in trunk: pollen-services/src/main/java/org/chorem/pollen/services/impl pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/actions/poll

tchemit＠users.chorem.org

tags

participants (1)