Well, that took a while to track down. Both the permissions check and the validation need to be done on the body, not the client.

git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6311 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Par Winzell
2010-11-30 01:23:59 +00:00
parent 9572a8464d
commit 3146ca071e
6 changed files with 189 additions and 62 deletions
@@ -21,6 +21,10 @@
package com.threerings.crowd.server;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Singleton;
import com.threerings.presents.data.ClientObject;
import com.threerings.presents.data.PermissionPolicy;
import com.threerings.presents.server.ClientLocal;
@@ -32,6 +36,7 @@ import com.threerings.crowd.data.CrowdPermissionPolicy;
/**
* Used to configure crowd-specific client object data.
*/
@Singleton
public class CrowdClientResolver extends ClientResolver
{
@Override // from ClientResolver
@@ -49,6 +54,8 @@ public class CrowdClientResolver extends ClientResolver
@Override // from ClientResolver
public PermissionPolicy createPermissionPolicy ()
{
return new CrowdPermissionPolicy();
return _injector.getInstance(CrowdPermissionPolicy.class);
}
@Inject protected Injector _injector;
}