- Fix security issues when the map is loaded from the rest service. Two URL has been defined for each type of access.

2024-10-05 17:58:36 +02:00 · 2013-02-07 21:44:20 -03:00 · 2013-02-07 21:44:20 -03:00 · 5d05f21803
commit 5d05f21803
parent 6e2880c8cc
8 changed files with 13 additions and 14 deletions
--- a/mindplot/src/main/javascript/widget/LinkEditor.js
+++ b/mindplot/src/main/javascript/widget/LinkEditor.js
@ -99,7 +99,7 @@ mindplot.widget.LinkEditor = new Class({
        });
        openButton.inject(form);
        openButton.addEvent('click',function(){
-            window.open(input.value,"_blank", "status=1,width=700,height=450,resize=1");
+            window.open(input.value,"_blank", "status=1,width=700,height=450,resizable=1");
        });


--- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
@ -173,7 +173,7 @@ public class MindmapController extends BaseController {
        return lockInfo.getTimestamp();
    }

-    @RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/document/xml",consumes = {"text/plain"}, produces = {"application/xml"})
+    @RequestMapping(method = RequestMethod.GET, value = { "/maps/{id}/document/xml","/maps/{id}/document/xml-pub"},consumes = {"text/plain"}, produces = {"application/xml"})
    @ResponseBody
    public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
        // I should not return byte, but there is some encoding issue here. Further research needed.
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
@ -24,10 +24,9 @@

    <sec:http pattern="/c/maps/*/embed" security="none"/>
    <sec:http pattern="/c/maps/*/try" security="none"/>
-    <!--<sec:http pattern="/c/maps/*/print" security="none"/>-->
    <sec:http pattern="/c/maps/*/public" security="none"/>
    <sec:http pattern="/c/GCFInstall" security="none"/>
-    <!--<sec:http pattern="/c/restful/maps/*/document/xml " security="none"/>-->
+    <sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>

    <sec:http pattern="/c/publicview.htm" security="none"/>
    <sec:http pattern="/c/embeddedview.htm" security="none"/>
--- a/wise-webapp/src/main/webapp/jsp/init.jsp
+++ b/wise-webapp/src/main/webapp/jsp/init.jsp
@ -2,3 +2,6 @@
 <%@taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%
+    request.setAttribute("principal", com.wisemapping.security.Utils.getUser());
+%>
--- a/wise-webapp/src/main/webapp/jsp/mindmapEditor.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapEditor.jsp
@ -45,7 +45,7 @@
                );
            </c:if>
            <c:if test="${memoryPersistence || readOnlyMode}">
-                    options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml");
+                    options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
            </c:if>

                var userOptions = ${mindmap.properties};
--- a/wise-webapp/src/main/webapp/jsp/mindmapEditorToolbar.jsf
+++ b/wise-webapp/src/main/webapp/jsp/mindmapEditorToolbar.jsf
@ -2,17 +2,14 @@

 <div id="toolbar">
    <div id="persist" class="buttonContainer">
-        <c:if test="${!readOnlyMode}">
+        <c:if test="${!readOnlyMode && !memoryPersistence}">
            <div id="save" class="buttonOn">
                <img src="images/save.png"/>
            </div>
-            <%--<div id="discard" class="buttonOn">--%>
-            <%--<img src="images/discard.png"/>--%>
-            <%--</div>--%>
+            <div id="print" class="buttonOn">
+                <img src="images/print.png"/>
+            </div>
        </c:if>
-        <div id="print" class="buttonOn">
-            <img src="images/print.png"/>
-        </div>
    </div>
    <c:if test="${!readOnlyMode}">
        <div id="edit" class="buttonContainer">
--- a/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp
@ -45,7 +45,7 @@
            options.readOnly = true;

            // Configure persistence ...
-            options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml");
+            options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");

            // Build designer ...
            var designer = buildDesigner(options);
--- a/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp
@ -77,7 +77,7 @@
            options.readOnly = true;

            // Configure loader ...
-            options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml.xml");
+            options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");

            // Build designer ...
            var designer = buildDesigner(options);