From: <sha...@us...> - 2012-05-30 16:16:07
|
Revision: 16504 http://exist.svn.sourceforge.net/exist/?rev=16504&view=rev Author: shabanovd Date: 2012-05-30 16:15:56 +0000 (Wed, 30 May 2012) Log Message: ----------- [bugfix] not only DBA users should be able to delete group, but group's managers Modified Paths: -------------- trunk/eXist/src/org/exist/security/internal/RealmImpl.java Modified: trunk/eXist/src/org/exist/security/internal/RealmImpl.java =================================================================== --- trunk/eXist/src/org/exist/security/internal/RealmImpl.java 2012-05-30 09:46:47 UTC (rev 16503) +++ trunk/eXist/src/org/exist/security/internal/RealmImpl.java 2012-05-30 16:15:56 UTC (rev 16504) @@ -217,18 +217,19 @@ @Override public void execute(Map<String, Group> principalDb) throws PermissionDeniedException, EXistException { - AbstractPrincipal remove_group = (AbstractPrincipal)principalDb.get(group.getName()); - if(remove_group == null) { + AbstractPrincipal remove_group = (AbstractPrincipal)principalDb.get(group.getName()); + if(remove_group == null) { throw new IllegalArgumentException("Group does not exist!"); } - DBBroker broker = null; - try { + DBBroker broker = null; + try { broker = getDatabase().get(null); Subject subject = broker.getSubject(); - if(!( subject.hasDbaRole())) { - throw new PermissionDeniedException("You are not allowed to delete '" + remove_group.getName() + "' group"); + if (!(((Group)remove_group).isManager(subject) || subject.hasDbaRole())) { + throw new PermissionDeniedException( + "Account '"+subject.getName()+"' can not delete a group '"+remove_group.getName()+"'."); } remove_group.setRemoved(true); @@ -251,9 +252,9 @@ getSecurityManager().addGroup(remove_group.getId(), (Group)remove_group); principalDb.remove(remove_group.getName()); - } finally { + } finally { getDatabase().release(broker); - } + } } }); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |