-
Notifications
You must be signed in to change notification settings - Fork 34
Restrict user's permissions for adding images. #382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Reviewed 9 of 9 files at r1. src/main/java/ru/mystamps/web/controller/SeriesController.java, line 256 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 382 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 402 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 414 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 418 [r1] (raw file): src/main/webapp/WEB-INF/views/series/info.html, line 298 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/controller/SeriesController.java, line 256 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/controller/SeriesController.java, line 382 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/controller/SeriesController.java, line 418 [r1] (raw file): Comments from Reviewable |
src/main/webapp/WEB-INF/views/series/info.html, line 298 [r1] (raw file): Comments from Reviewable |
Review status: all files reviewed at latest revision, 7 unresolved discussions, some commit checks failed. src/main/java/ru/mystamps/web/controller/SeriesController.java, line 256 [r1] (raw file): Right now, please, return 403 status. And I don't mind about writing WARNING to the logs. In this case it also useful to provide user id (and don't forget that it might be src/main/java/ru/mystamps/web/controller/SeriesController.java, line 382 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 418 [r1] (raw file): src/main/java/ru/mystamps/web/support/spring/security/SecurityContextUtils.java, line 47 [r1] (raw file): P.S. Aha... I see. Why do we need another one method of checking that user has authority? I suggest to use existing, if you need to access src/main/webapp/WEB-INF/views/series/info.html, line 298 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/support/spring/security/SecurityContextUtils.java, line 47 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/support/spring/security/SecurityContextUtils.java, line 47 [r1] (raw file): Comments from Reviewable |
src/main/java/ru/mystamps/web/support/spring/security/SecurityContextUtils.java, line 47 [r1] (raw file): Comments from Reviewable |
Review status: all files reviewed at latest revision, 7 unresolved discussions, some commit checks failed. src/main/java/ru/mystamps/web/support/spring/security/SecurityContextUtils.java, line 47 [r1] (raw file): Comments from Reviewable |
d914261
to
31b87c3
Compare
Review status: 6 of 9 files reviewed at latest revision, 5 unresolved discussions. src/main/java/ru/mystamps/web/controller/SeriesController.java, line 256 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 382 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 402 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 414 [r1] (raw file): src/main/java/ru/mystamps/web/controller/SeriesController.java, line 418 [r1] (raw file): Comments from Reviewable |
Reviewed 3 of 3 files at r2. Comments from Reviewable |
31b87c3
to
a4afd8c
Compare
In current implementation admin can't add more images. For example, create series with 1 stamp, add 2 images and try to add another one. |
Ah...I see. Soon it all will be ok ) |
a4afd8c
to
41a120c
Compare
Merged in ae08224 commit. Thank you! |
This change is