Permalink
Browse files

rhbz736898 - Change security permission check on translation push.

Allow translators to push translations for their allowed language teams. Had to move the check to inside the method instead of the @Restrict annotation.
  • Loading branch information...
1 parent 796bf16 commit bad3aadd1eecfcb7de3dc4fd75424942755ef6ff @carlosmunoz carlosmunoz committed Apr 30, 2012
@@ -47,6 +47,7 @@
import org.zanata.rest.ReadOnlyEntityException;
import org.zanata.rest.dto.resource.TextFlowTarget;
import org.zanata.rest.dto.resource.TranslationsResource;
+import org.zanata.security.ZanataIdentity;
import org.zanata.service.CopyTransService;
import org.zanata.service.LocaleService;
import org.zanata.service.TranslationService;
@@ -123,6 +124,9 @@
private UriInfo uri;
@In
+ private ZanataIdentity identity;
+
+ @In
private ApplicationConfiguration applicationConfiguration;
@In
@@ -358,10 +362,13 @@ public Response deleteTranslations(@PathParam("id") String idNoSlash, @PathParam
@Override
@PUT
@Path(RESOURCE_SLUG_TEMPLATE + "/translations/{locale}")
- @Restrict("#{s:hasPermission(translatedDocResourceService.securedIteration.project, 'modify-translation')}")
// /r/{id}/translations/{locale}
public Response putTranslations(@PathParam("id") String idNoSlash, @PathParam("locale") LocaleId locale, TranslationsResource messageBody, @QueryParam("ext") Set<String> extensions, @QueryParam("merge") @DefaultValue("auto") String merge)
{
+ // check security (cannot be on @Restrict as it refers to method parameters)
+ identity.checkPermission("modify-translation", this.localeServiceImpl.getByLocaleId(locale),
+ this.getSecuredIteration().getProject());
+
log.debug("start put translations");
MergeType mergeType;
try

0 comments on commit bad3aad

Please sign in to comment.