Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java =================================================================== diff -u -ra83af819892556fe8f7b87f6d5983d71377d4f8e -r5b9fbd9e325d84d886a2e880982c40734c984ad3 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java (.../CleanupController.java) (revision a83af819892556fe8f7b87f6d5983d71377d4f8e) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java (.../CleanupController.java) (revision 5b9fbd9e325d84d886a2e880982c40734c984ad3) @@ -101,13 +101,27 @@ } @RequestMapping(path = "/cache", method = RequestMethod.POST) - public String cleanUpCache() throws MalformedObjectNameException { + public String cleanUpCache(HttpServletRequest request) throws MalformedObjectNameException { + // check user is sysadmin + if (!(request.isUserInRole(Role.SYSADMIN))) { + request.setAttribute("errorName", "CleanupCacheAction"); + request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); + return "error"; + } + boolean cacheCleared = HibernateSessionManager.clearCache(); return "redirect:start.do?cacheCleared=" + cacheCleared; } @RequestMapping(path = "/garbage", method = RequestMethod.POST) - public String cleanUpGarbage() throws MalformedObjectNameException { + public String cleanUpGarbage(HttpServletRequest request) throws MalformedObjectNameException { + // check user is sysadmin + if (!(request.isUserInRole(Role.SYSADMIN))) { + request.setAttribute("errorName", "CleanupGarbageAction"); + request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); + return "error"; + } + System.gc(); return "redirect:start.do?garbageCollectorRun=true"; } Index: lams_admin/web/cleanup.jsp =================================================================== diff -u -rd472640431c85d9d96b72efeb46d64ec308356b1 -r5b9fbd9e325d84d886a2e880982c40734c984ad3 --- lams_admin/web/cleanup.jsp (.../cleanup.jsp) (revision d472640431c85d9d96b72efeb46d64ec308356b1) +++ lams_admin/web/cleanup.jsp (.../cleanup.jsp) (revision 5b9fbd9e325d84d886a2e880982c40734c984ad3) @@ -54,7 +54,8 @@

- + +

:

@@ -75,6 +76,8 @@
+ + " /> @@ -92,6 +95,8 @@
+ + " /> Index: lams_central/conf/security/Owasp.CsrfGuard.properties =================================================================== diff -u -rd0f91f196f94f7003b38aca363362a485065f70a -r5b9fbd9e325d84d886a2e880982c40734c984ad3 --- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision d0f91f196f94f7003b38aca363362a485065f70a) +++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 5b9fbd9e325d84d886a2e880982c40734c984ad3) @@ -35,7 +35,10 @@ org.owasp.csrfguard.protected.adminUserEdit=/lams/admin/user/edit.do org.owasp.csrfguard.protected.adminUserDelete=/lams/admin/user/delete.do org.owasp.csrfguard.protected.adminUserSaveDetails=/lams/admin/usersave/saveUserDetails.do -org.owasp.csrfguard.protected.adminClearnupPreviewLessons=/lams/admin/cleanupPreviewLessons/delete.do +org.owasp.csrfguard.protected.adminCleanupPreviewLessons=/lams/admin/cleanupPreviewLessons/delete.do +org.owasp.csrfguard.protected.adminCleanupTemporaryFiles=/lams/admin/cleanup/files.do +org.owasp.csrfguard.protected.adminCleanupCache=/lams/admin/cleanup/cache.do +org.owasp.csrfguard.protected.adminCleanupGarbage=/lams/admin/cleanup/garbage.do org.owasp.csrfguard.protected.adminOrgSave=/lams/admin/orgsave.do org.owasp.csrfguard.protected.adminOrgChangePassword=/lams/admin/orgPasswordChange/start.do