Well, that took a while to track down. Both the permissions check and the validation need to be done on the body, not the client.
git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6311 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -21,6 +21,10 @@
|
||||
|
||||
package com.threerings.crowd.server;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Injector;
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
import com.threerings.presents.data.ClientObject;
|
||||
import com.threerings.presents.data.PermissionPolicy;
|
||||
import com.threerings.presents.server.ClientLocal;
|
||||
@@ -32,6 +36,7 @@ import com.threerings.crowd.data.CrowdPermissionPolicy;
|
||||
/**
|
||||
* Used to configure crowd-specific client object data.
|
||||
*/
|
||||
@Singleton
|
||||
public class CrowdClientResolver extends ClientResolver
|
||||
{
|
||||
@Override // from ClientResolver
|
||||
@@ -49,6 +54,8 @@ public class CrowdClientResolver extends ClientResolver
|
||||
@Override // from ClientResolver
|
||||
public PermissionPolicy createPermissionPolicy ()
|
||||
{
|
||||
return new CrowdPermissionPolicy();
|
||||
return _injector.getInstance(CrowdPermissionPolicy.class);
|
||||
}
|
||||
|
||||
@Inject protected Injector _injector;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user