Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
rhbz736898 - Change security permission check on translation push.
Allow translators to push translations for their allowed language teams. Had to move the check to inside the method instead of the @restrict annotation.
  • Loading branch information
Carlos Munoz committed Apr 30, 2012
1 parent 796bf16 commit bad3aad
Showing 1 changed file with 8 additions and 1 deletion.
Expand Up @@ -47,6 +47,7 @@
import org.zanata.rest.ReadOnlyEntityException;
import org.zanata.rest.dto.resource.TextFlowTarget;
import org.zanata.rest.dto.resource.TranslationsResource;
import org.zanata.security.ZanataIdentity;
import org.zanata.service.CopyTransService;
import org.zanata.service.LocaleService;
import org.zanata.service.TranslationService;
Expand Down Expand Up @@ -122,6 +123,9 @@ public class TranslatedDocResourceService implements TranslatedDocResource
@Context
private UriInfo uri;

@In
private ZanataIdentity identity;

@In
private ApplicationConfiguration applicationConfiguration;

Expand Down Expand Up @@ -358,10 +362,13 @@ public Response deleteTranslations(@PathParam("id") String idNoSlash, @PathParam
@Override
@PUT
@Path(RESOURCE_SLUG_TEMPLATE + "/translations/{locale}")
@Restrict("#{s:hasPermission(translatedDocResourceService.securedIteration.project, 'modify-translation')}")
// /r/{id}/translations/{locale}
public Response putTranslations(@PathParam("id") String idNoSlash, @PathParam("locale") LocaleId locale, TranslationsResource messageBody, @QueryParam("ext") Set<String> extensions, @QueryParam("merge") @DefaultValue("auto") String merge)
{
// check security (cannot be on @Restrict as it refers to method parameters)
identity.checkPermission("modify-translation", this.localeServiceImpl.getByLocaleId(locale),
this.getSecuredIteration().getProject());

log.debug("start put translations");
MergeType mergeType;
try
Expand Down

0 comments on commit bad3aad

Please sign in to comment.