Kuvien uploadaus toimimaan anomuuminäytöille. Skipattu permissiotarkistuksia.

Juho Juopperi
Commit 2ba134ab authored Jun 06, 2014 by Juho Juopperi
Showing with 3 additions and 2 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
code/MoyaWeb/WebContent/admin/adduser/index.xhtml → code/MoyaWeb/WebContent/admin/adduser/index.html
--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
@@ -259,14 +259,15 @@ public class UserBean implements UserBeanLocal {
 	}

 	@Override
-	@RolesAllowed(SpecialPermission.S_USER)
+	//@RolesAllowed(SpecialPermission.S_USER) // Skip check in Vectorama2014
 	public UserImage uploadImage(EventUser user, String contentType, InputStream imagestream, String filename, String description) {

 		user = eventUserFacade.merge(user);
 		logger.debug("uploading image to userid {}", user);

 		EventUser curruser = permbean.getCurrentUser();
-		if (!curruser.equals(user) && !permbean.hasPermission(UserPermission.MODIFY)) {
+		// XXX: Allow anonymous to upload pictures. Vectorama2014.
+		if (curruser.isAnonymous() == false && !curruser.equals(user) && !permbean.hasPermission(UserPermission.MODIFY)) {
 			loggerbean.logMessage(SecurityLogType.permissionDenied, curruser, "user tried to save picture to userid " + user + " without sufficient permissions!");
 			throw new EJBAccessException("No permission to upload image as another user");
 		}

--- a/code/MoyaWeb/WebContent/admin/adduser/index.xhtml
+++ b/code/MoyaWeb/WebContent/admin/adduser/index.xhtml