Commits

Micha Kops  committed 0245190

Issue #13 fixed (Fix security restrictions for configuration interface)

  • Participants
  • Parent commits 300de46

Comments (0)

Files changed (4)

File src/main/java/com/hascode/confluence/plugin/socialcomments/util/Util.java

 
 import com.atlassian.confluence.renderer.radeox.macros.MacroUtils;
 import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
+import com.atlassian.confluence.user.UserAccessor;
 import com.atlassian.confluence.util.velocity.VelocityUtils;
+import com.atlassian.spring.container.ContainerManager;
 import com.atlassian.user.User;
 import com.opensymphony.webwork.ServletActionContext;
 
  * utility class
  */
 public class Util {
+	private UserAccessor	userAccessor;
+
 	/**
 	 * returns whether the current user is logged in or not
 	 * 
-	 * @return
+	 * @return login state
 	 */
 	public boolean userLoggedin() {
 		return (AuthenticatedUserThreadLocal.getUser() != null);
 	/**
 	 * returns whether the current user has the administrator role
 	 * 
-	 * @return
+	 * @return role check result
 	 */
 	public boolean userIsAdmin() {
-		// User user = AuthenticatedUserThreadLocal.getUser();
-		// Group group =
-		// userAccessor.getGroup(PluginConfig.getAdminGroupName());
-		// if (user != null && group != null) {
-		// if (userAccessor.hasMembership(group, user)) {
-		// return true;
-		// }
-		// }
-
-		return true;
+		final User user = AuthenticatedUserThreadLocal.getUser();
+		return getUserAccessor().isSuperUser(user);
 	}
 
 	/**
 	public String getVelocityRenderedTemplate(final String macroTemplate, final Map<String, Object> context) {
 		return VelocityUtils.getRenderedTemplate(macroTemplate, context);
 	}
+
+	private UserAccessor getUserAccessor() {
+		if (userAccessor == null) {
+			userAccessor = (UserAccessor) ContainerManager.getComponent("userAccessor");
+		}
+		return userAccessor;
+	}
 }

File src/main/resources/plugins/socialcomments/no_permission.vm

 <html>
         <head>
                 <meta name="decorator" content="atl.admin"/>
-                <title>$action.getText("toppages.msg.no-permission")</title>
+                <title>$action.getText("socialcomments.msg.no-permission")</title>
         </head>
         <body>
-                <h1>$action.getText("toppages.msg.no-permission")</h1>
-                <div class="toppages-content">
-                	$action.getText("toppages.msg.no-permission.description")
-                	<br/>
-                	<div class="toppages-info">
-                		<small><a href="http://www.hascode.com">by hasCode.com</a></small>
-                	</div>
-                </div>
+        	<style type="text/css">
+			.socialcomments-content {
+			    border: 1px solid rgb(221, 221, 221);
+			    -moz-border-radius: 15px 15px 15px 15px;
+			    padding: 20px;
+			}
+			#socialcomments-notification {
+				height:150px;
+				width:400px;
+			}
+			</style>
+            <h1>$action.getText("socialcomments.msg.no-permission")</h1>
+            <div class="socialcomments-content">
+            	$action.getText("socialcomments.msg.no-permission.description")
+            	<br/>
+    			<hr/>
+            	<div class="socialcomments-info">
+            		<small>
+            			<a href="http://www.hascode.com">by hasCode.com</a><br/>
+            			<a href="http://app.hascode.com/social-comments-plugin">Visit the plugin homepage</a>
+            		</small>
+            	</div>
+            </div>
         </body>
 </html>

File src/site/apt/index.apt

 
   The Social Comments Plugin allows you to notify users by posting @username: somewhere in a comment in your Confluence wiki.
   
-  In the administration area you're able to configure the e-mail notification settings and the template for the notifications sent using placeholders.
+  In the administration area you're able to configure the e-mail notification settings and the template for the notifications sent using placeholders (you need to be super admin).
 
 * Template Configuration
 
   
   #url# This placeholder displays the absolute url to the specific Confluence comment
   
+  #content# This placeholder displays the comment's content
+  
+  #creator# This placeholder displays the comment creator's name
+  
 * Roadmap
 
-  Take a look at the current issues at {{{https://bitbucket.org/hascode/social-comments-plugin/issues}Bitbucket.org}}. Past releases are listed {{{/releases.html}here}}.  
+  Take a look at the current issues at {{{https://bitbucket.org/hascode/social-comments-plugin/issues}Bitbucket.org}}. Past releases are listed {{{./releases.html}here}}.  
   
     

File src/site/apt/releases.apt

 Releases
 
-* 0.9.6 Feature Enhancements (22 May 2011)
+* 0.9.6 Feature Enhancements (07 Jun 2011)
 
 	* {{{https://bitbucket.org/hascode/social-comments-plugin/issue/10/include-the-content-of-the-comment-in-the}#10 Include the content of the comment in the email notification}}
 	
 	
 	* {{{https://bitbucket.org/hascode/social-comments-plugin/issue/12/add-placeholder-for-the-comments-creator}#12 Add placeholder for the comment's creator}}
 	
+	* {{{https://bitbucket.org/hascode/social-comments-plugin/issue/13/fix-security-restrictions-for}#13 Fix security restrictions for configuration interface}}
+	
     
     
 * 0.9.5 Initial Release (07 Apr 2011)