Skip to content

Commit

Permalink
For #5397: support checking new list permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@ebruchez
ebruchez committed Aug 11, 2022
1 parent 40b2c97 commit e01c954
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
6 changes: 6 additions & 0 deletions form-runner/jvm/src/main/resources/apps/fr/summary/view.xhtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,12 @@
name="operations-from-role"
value="frf:authorizedOperationsBasedOnRolesXPath($source-form-metadata/permissions)"/>

<!-- Check if the user doesn't have the permission to 'list'
https://github.com/orbeon/orbeon-forms/issues/5397 -->
<xf:action
if="not('list' = $operations-from-role)"
type="xpath">frf:sendError(403)</xf:action>

<!-- Remember global operations -->
<xf:setvalue
ref="xxf:instance('fr-authorized-operations')"
Expand Down
4 changes: 3 additions & 1 deletion form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/operations.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ object Operation extends Enum[Operation] {
case object Read extends Operation
case object Update extends Operation
case object Delete extends Operation
case object List extends Operation
}

object Operations {
Expand All @@ -53,7 +54,8 @@ object Operations {
Operation.Create,
Operation.Read,
Operation.Update,
Operation.Delete
Operation.Delete,
Operation.List
)

def parseFromHeaders(headers: Map[String, List[String]]): Option[Operations] =
Expand Down

0 comments on commit e01c954

Please sign in to comment.