mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-11-22 22:27:55 +01:00
- Fix security issues when the map is loaded from the rest service. Two URL has been defined for each type of access.
This commit is contained in:
parent
6e2880c8cc
commit
5d05f21803
@ -99,7 +99,7 @@ mindplot.widget.LinkEditor = new Class({
|
|||||||
});
|
});
|
||||||
openButton.inject(form);
|
openButton.inject(form);
|
||||||
openButton.addEvent('click',function(){
|
openButton.addEvent('click',function(){
|
||||||
window.open(input.value,"_blank", "status=1,width=700,height=450,resize=1");
|
window.open(input.value,"_blank", "status=1,width=700,height=450,resizable=1");
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ public class MindmapController extends BaseController {
|
|||||||
return lockInfo.getTimestamp();
|
return lockInfo.getTimestamp();
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/document/xml",consumes = {"text/plain"}, produces = {"application/xml"})
|
@RequestMapping(method = RequestMethod.GET, value = { "/maps/{id}/document/xml","/maps/{id}/document/xml-pub"},consumes = {"text/plain"}, produces = {"application/xml"})
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
|
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
|
||||||
// I should not return byte, but there is some encoding issue here. Further research needed.
|
// I should not return byte, but there is some encoding issue here. Further research needed.
|
||||||
|
@ -24,10 +24,9 @@
|
|||||||
|
|
||||||
<sec:http pattern="/c/maps/*/embed" security="none"/>
|
<sec:http pattern="/c/maps/*/embed" security="none"/>
|
||||||
<sec:http pattern="/c/maps/*/try" security="none"/>
|
<sec:http pattern="/c/maps/*/try" security="none"/>
|
||||||
<!--<sec:http pattern="/c/maps/*/print" security="none"/>-->
|
|
||||||
<sec:http pattern="/c/maps/*/public" security="none"/>
|
<sec:http pattern="/c/maps/*/public" security="none"/>
|
||||||
<sec:http pattern="/c/GCFInstall" security="none"/>
|
<sec:http pattern="/c/GCFInstall" security="none"/>
|
||||||
<!--<sec:http pattern="/c/restful/maps/*/document/xml " security="none"/>-->
|
<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
|
||||||
|
|
||||||
<sec:http pattern="/c/publicview.htm" security="none"/>
|
<sec:http pattern="/c/publicview.htm" security="none"/>
|
||||||
<sec:http pattern="/c/embeddedview.htm" security="none"/>
|
<sec:http pattern="/c/embeddedview.htm" security="none"/>
|
||||||
|
@ -2,3 +2,6 @@
|
|||||||
<%@taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
<%@taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
||||||
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
|
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
|
||||||
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
|
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
|
||||||
|
<%
|
||||||
|
request.setAttribute("principal", com.wisemapping.security.Utils.getUser());
|
||||||
|
%>
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
);
|
);
|
||||||
</c:if>
|
</c:if>
|
||||||
<c:if test="${memoryPersistence || readOnlyMode}">
|
<c:if test="${memoryPersistence || readOnlyMode}">
|
||||||
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml");
|
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
|
||||||
</c:if>
|
</c:if>
|
||||||
|
|
||||||
var userOptions = ${mindmap.properties};
|
var userOptions = ${mindmap.properties};
|
||||||
|
@ -2,17 +2,14 @@
|
|||||||
|
|
||||||
<div id="toolbar">
|
<div id="toolbar">
|
||||||
<div id="persist" class="buttonContainer">
|
<div id="persist" class="buttonContainer">
|
||||||
<c:if test="${!readOnlyMode}">
|
<c:if test="${!readOnlyMode && !memoryPersistence}">
|
||||||
<div id="save" class="buttonOn">
|
<div id="save" class="buttonOn">
|
||||||
<img src="images/save.png"/>
|
<img src="images/save.png"/>
|
||||||
</div>
|
</div>
|
||||||
<%--<div id="discard" class="buttonOn">--%>
|
|
||||||
<%--<img src="images/discard.png"/>--%>
|
|
||||||
<%--</div>--%>
|
|
||||||
</c:if>
|
|
||||||
<div id="print" class="buttonOn">
|
<div id="print" class="buttonOn">
|
||||||
<img src="images/print.png"/>
|
<img src="images/print.png"/>
|
||||||
</div>
|
</div>
|
||||||
|
</c:if>
|
||||||
</div>
|
</div>
|
||||||
<c:if test="${!readOnlyMode}">
|
<c:if test="${!readOnlyMode}">
|
||||||
<div id="edit" class="buttonContainer">
|
<div id="edit" class="buttonContainer">
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
options.readOnly = true;
|
options.readOnly = true;
|
||||||
|
|
||||||
// Configure persistence ...
|
// Configure persistence ...
|
||||||
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml");
|
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
|
||||||
|
|
||||||
// Build designer ...
|
// Build designer ...
|
||||||
var designer = buildDesigner(options);
|
var designer = buildDesigner(options);
|
||||||
|
@ -77,7 +77,7 @@
|
|||||||
options.readOnly = true;
|
options.readOnly = true;
|
||||||
|
|
||||||
// Configure loader ...
|
// Configure loader ...
|
||||||
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml.xml");
|
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
|
||||||
|
|
||||||
// Build designer ...
|
// Build designer ...
|
||||||
var designer = buildDesigner(options);
|
var designer = buildDesigner(options);
|
||||||
|
Loading…
Reference in New Issue
Block a user