From 4c26110ad0776e011ac8ddadf3516b5e7a061ebd Mon Sep 17 00:00:00 2001 From: Sean Flanigan Date: Fri, 26 Jun 2015 14:10:43 +1000 Subject: [PATCH] Use EntityRestrict alone instead of Restrict --- .../main/java/org/zanata/model/HProject.java | 2 -- .../org/zanata/model/HProjectIteration.java | 2 -- .../security/SmartEntitySecurityListener.java | 18 ++++++++---------- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/zanata-model/src/main/java/org/zanata/model/HProject.java b/zanata-model/src/main/java/org/zanata/model/HProject.java index 7dcfb673de..d4b5c74a4e 100644 --- a/zanata-model/src/main/java/org/zanata/model/HProject.java +++ b/zanata-model/src/main/java/org/zanata/model/HProject.java @@ -63,7 +63,6 @@ import org.hibernate.search.annotations.Field; import org.hibernate.search.annotations.Indexed; import org.hibernate.validator.constraints.NotEmpty; -import org.jboss.seam.annotations.security.Restrict; import org.zanata.annotation.EntityRestrict; import org.zanata.common.EntityStatus; import org.zanata.common.LocaleId; @@ -93,7 +92,6 @@ typeClass = LocaleIdType.class) }) -@Restrict @EntityRestrict({ INSERT, UPDATE, DELETE }) @Setter @Getter diff --git a/zanata-model/src/main/java/org/zanata/model/HProjectIteration.java b/zanata-model/src/main/java/org/zanata/model/HProjectIteration.java index 96f8a67bc6..f64e475ac0 100644 --- a/zanata-model/src/main/java/org/zanata/model/HProjectIteration.java +++ b/zanata-model/src/main/java/org/zanata/model/HProjectIteration.java @@ -62,7 +62,6 @@ import org.hibernate.search.annotations.Field; import org.hibernate.search.annotations.FieldBridge; import org.hibernate.search.annotations.Indexed; -import org.jboss.seam.annotations.security.Restrict; import org.zanata.annotation.EntityRestrict; import org.zanata.common.EntityStatus; import org.zanata.common.LocaleId; @@ -78,7 +77,6 @@ @Entity @Cache(usage = CacheConcurrencyStrategy.READ_WRITE) @TypeDef(name = "entityStatus", typeClass = EntityStatusType.class) -@Restrict @EntityRestrict({ INSERT, UPDATE, DELETE }) @Indexed @Access(AccessType.FIELD) diff --git a/zanata-war/src/main/java/org/zanata/security/SmartEntitySecurityListener.java b/zanata-war/src/main/java/org/zanata/security/SmartEntitySecurityListener.java index 0a3a42c885..4e7e514db2 100644 --- a/zanata-war/src/main/java/org/zanata/security/SmartEntitySecurityListener.java +++ b/zanata-war/src/main/java/org/zanata/security/SmartEntitySecurityListener.java @@ -1,6 +1,7 @@ package org.zanata.security; import java.util.Arrays; +import java.util.List; import javax.persistence.PostLoad; import javax.persistence.PrePersist; import javax.persistence.PreRemove; @@ -62,19 +63,16 @@ public void preRemove(Object entity) { isEntityRestricted(Object entity, EntityAction action) { EntityRestrict entityRestrict = entity.getClass().getAnnotation(EntityRestrict.class); - Restrict restrict = entity.getClass().getAnnotation(Restrict.class); - if (restrict != null) { - if (entityRestrict != null) { - if (Arrays.asList(entityRestrict.value()).contains(action)) { - return true; // restricted - } else { - return false; // not restricted - } + if (entityRestrict != null) { + List restrictedActions = Arrays.asList( + entityRestrict.value()); + if (restrictedActions.isEmpty() || restrictedActions.contains(action)) { + return true; // restricted } else { - return true; // restricted, just not specifically + return false; // not restricted } } else { - return false; // not restricted + return false; // restricted, just not specifically } }