Menu
▾
▴
[Sandev-cvs] sand/apps/basics/src/org/sandev/basics/util AuthFilterBase.java, 1.8, 1.9
|
From: Eric P. <th...@us...> - 2009-11-19 01:59:09
|
Update of /cvsroot/sandev/sand/apps/basics/src/org/sandev/basics/util In directory fdv4jf1.ch3.sourceforge.com:/tmp/cvs-serv7526 Modified Files: AuthFilterBase.java Log Message: Added missing integration call to allowPersistenceFunction. Index: AuthFilterBase.java =================================================================== RCS file: /cvsroot/sandev/sand/apps/basics/src/org/sandev/basics/util/AuthFilterBase.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** AuthFilterBase.java 23 Aug 2009 19:03:00 -0000 1.8 --- AuthFilterBase.java 19 Nov 2009 01:58:59 -0000 1.9 *************** *** 22,25 **** --- 22,26 ---- import org.sandev.basics.structs.SandException; import org.sandev.basics.structs.SandMessage; + import org.sandev.basics.structs.SandQueryMessage; import org.sandev.basics.structs.SandPersistMessage; import org.sandev.basics.structs.SandUpdateMessage; *************** *** 280,283 **** --- 281,286 ---- return AuthFilter.AUTH_READONLY; } } return AuthFilter.AUTH_UNRESTRICTED; } + else if(isDisallowedQuery(user,msg)) { //illegal custom function etc + return AuthFilter.AUTH_NOACCESS; } String className=msg.getShortName(); debug("messageInstanceAccess " + className + ", " + getUserDump(user)); *************** *** 487,490 **** --- 490,516 ---- + /** + * Return true if this query should be disallowed due to illegal + * custom functions or similar problematic constructions. + */ + protected boolean isDisallowedQuery(AuthUser user,SandMessage msg) + throws SandException + { + if(!(msg instanceof SandQueryMessage)) { + return false; } + SandQueryMessage sqm=(SandQueryMessage)msg; + SandAttrVal[] matchInfo=sqm.getMatchInfo(); + for(int i=0;i<matchInfo.length;i++) { + String attr=matchInfo[i].getAttr(); + if(attr.startsWith(sqm.PERSISTFUNCTION)) { + String className=msg.getShortName(); + attr=attr.substring(sqm.PERSISTFUNCTION.length()); + String val=matchInfo[i].getVal(); + if(!allowPersistenceFunction(className,attr,val)) { + return true; } } } + return false; //nothing bad found in there + } + + //////////////////////////////////////// // utility methods |
