Index: topia-security/src/java/org/codelutin/topia/security/listener/EntityVetoable.java diff -u topia-security/src/java/org/codelutin/topia/security/listener/EntityVetoable.java:1.1 topia-security/src/java/org/codelutin/topia/security/listener/EntityVetoable.java:1.2 --- topia-security/src/java/org/codelutin/topia/security/listener/EntityVetoable.java:1.1 Tue Oct 24 12:01:00 2006 +++ topia-security/src/java/org/codelutin/topia/security/listener/EntityVetoable.java Wed Oct 25 12:47:15 2006 @@ -24,9 +24,9 @@ * Created: 10 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.1 $ +* @version $Revision: 1.2 $ * -* Mise a jour: $Date: 2006/10/24 12:01:00 $ +* Mise a jour: $Date: 2006/10/25 12:47:15 $ * par : $Author: ruchaud $ */ @@ -42,9 +42,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.codelutin.topia.TopiaException; +import org.codelutin.topia.TopiaNotFoundException; import org.codelutin.topia.event.TopiaEntityEvent; import org.codelutin.topia.event.TopiaEntityVetoable; import org.codelutin.topia.persistence.TopiaEntity; +import org.codelutin.topia.persistence.TopiaId; import org.codelutin.topia.security.TopiaSecurityServiceImpl; /** @@ -66,10 +68,20 @@ * @see org.codelutin.topia.event.TopiaVetoableEntityListener#createEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent) */ public void create(TopiaEntityEvent event) { - Class clazz = event.getEntity().getClass(); + TopiaEntity entity = event.getEntity(); + String topiaId = entity.getTopiaId(); + Class clazz; + try { + clazz = TopiaId.getClassName(topiaId); + } catch (TopiaNotFoundException e) { + // Ne devrait jamais ce produire + throw new SecurityException("Access denied to entity creation", e); + } + if (log.isDebugEnabled()) { log.debug("[Security] create entity : " + clazz.getName()); } + try { securityManager.checkPermission(clazz, CREATE); } catch (TopiaException te) {