[Exist-commits] SF.net SVN: exist:[16504] trunk/eXist/src/org/exist/security/internal/ RealmImpl.ja

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 16504
          http://exist.svn.sourceforge.net/exist/?rev=16504&view=rev
Author:   shabanovd
Date:     2012-05-30 16:15:56 +0000 (Wed, 30 May 2012)
Log Message:
-----------
[bugfix] not only DBA users should be able to delete group, but group's managers

Modified Paths:
--------------
    trunk/eXist/src/org/exist/security/internal/RealmImpl.java

Modified: trunk/eXist/src/org/exist/security/internal/RealmImpl.java
===================================================================

--- trunk/eXist/src/org/exist/security/internal/RealmImpl.java	2012-05-30 09:46:47 UTC (rev 16503)
+++ trunk/eXist/src/org/exist/security/internal/RealmImpl.java	2012-05-30 16:15:56 UTC (rev 16504)
@@ -217,18 +217,19 @@
             @Override
             public void execute(Map<String, Group> principalDb) throws PermissionDeniedException, EXistException {
         
-		AbstractPrincipal remove_group = (AbstractPrincipal)principalDb.get(group.getName());
-		if(remove_group == null) {
+            	AbstractPrincipal remove_group = (AbstractPrincipal)principalDb.get(group.getName());
+            	if(remove_group == null) {
                     throw new IllegalArgumentException("Group does not exist!");
                 }
 		
-		DBBroker broker = null;
-		try {
+            	DBBroker broker = null;
+            	try {
                     broker = getDatabase().get(null);
                     Subject subject = broker.getSubject();
 			
-                    if(!( subject.hasDbaRole())) {
-                        throw new PermissionDeniedException("You are not allowed to delete '" + remove_group.getName() + "' group");
+                    if (!(((Group)remove_group).isManager(subject) || subject.hasDbaRole())) {
+                        throw new PermissionDeniedException(
+                    		"Account '"+subject.getName()+"' can not delete a group '"+remove_group.getName()+"'.");
                     }
 
                     remove_group.setRemoved(true);
@@ -251,9 +252,9 @@
                     getSecurityManager().addGroup(remove_group.getId(), (Group)remove_group);
                     principalDb.remove(remove_group.getName());
 
-		} finally {
+            	} finally {
                     getDatabase().release(broker);
-		}
+            	}
             }
         });
         

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





[Exist-commits] SF.net SVN: exist:[16504] trunk/eXist/src/org/exist/security/internal/ RealmImpl.ja

eXist-db is a feature rich Open Source native XML database

[Exist-commits] SF.net SVN: exist:[16504] trunk/eXist/src/org/exist/security/internal/ RealmImpl.java