Changeset 724


Ignore:
Timestamp:
Nov 28, 2010, 12:10:31 PM (9 years ago)
Author:
gav
Message:

Add some logic to protect the system (no delete or edit) and admin (no delete) pseudo persons.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/PersonController.groovy

    r633 r724  
    9494            // Avoid self-delete.
    9595            if (!(authPrincipal instanceof String) && authPrincipal.username == person.loginName) {
    96                 flash.message = "You cannot delete yourself, please login as another manager and try again."
     96                flash.errorMessage = "You cannot delete yourself, please login as another manager and try again."
     97                redirect(action:show,id:params.id)
     98            }
     99            else if ( person.id == 1L) {
     100                flash.errorMessage = "You cannot delete the pseudo system person."
     101                redirect(action:show,id:params.id)
     102            }
     103            else if ( person.id == 2L) {
     104                flash.errorMessage = "You cannot delete the admin person."
    97105                redirect(action:show,id:params.id)
    98106            }
     
    115123        }
    116124        else {
    117             flash.message = "Person not found with id $params.id"
     125            flash.errorMessage = "Person not found with id $params.id"
    118126        }
    119127    }
     
    131139            return
    132140        }
     141
     142        if ( person.id == 1L) {
     143            flash.errorMessage = "You cannot edit the pseudo system person."
     144            redirect(action:show,id:params.id)
     145            return
     146        }
     147
    133148        params.message = "To allow login at least the 'ROLE_AppUser' authority must be given."
    134149        return buildPersonModel(person)
     
    152167                person.errors.rejectValue 'version', "default.optimistic.locking.failure"
    153168                render view: 'edit', model: buildPersonModel(person)
     169                return
     170            }
     171
     172            if ( person.id == 1L) {
     173                flash.errorMessage = "You cannot edit the pseudo system person."
     174                redirect(action:show,id:params.id)
    154175                return
    155176            }
Note: See TracChangeset for help on using the changeset viewer.