stable version becomes master

This commit is contained in:
Peter Hormanns 2023-06-21 20:54:50 +02:00
parent a51b3ea04c
commit 2dd11948ad
29 changed files with 148 additions and 239 deletions

View File

@ -921,5 +921,3 @@ ALTER TABLE ONLY domain__domain_option
ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id) ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id)
REFERENCES domain(domain_id) DEFERRABLE; REFERENCES domain(domain_id) DEFERRABLE;
ALTER TABLE queue_task ADD COLUMN login_user character varying(48);
ALTER TABLE queue_task ADD COLUMN runas_user character varying(48);

View File

@ -9,7 +9,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthenticationException; import de.hsadmin.core.model.AuthenticationException;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.model.GenericModuleImpl;
@ -44,7 +43,7 @@ public abstract class AbstractRemote implements IRemote {
try { try {
if (transaction.login(user, ticket)) { if (transaction.login(user, ticket)) {
final ModuleInterface module = new GenericModuleImpl(transaction); final ModuleInterface module = new GenericModuleImpl(transaction);
final AuthenticatedUser unixUser = transaction.getLoginUser(); final UnixUser unixUser = transaction.getLoginUser();
final List<AbstractEntity> list = module.search(getEntityClass(), final List<AbstractEntity> list = module.search(getEntityClass(),
buildQueryCondition(whereParams), null); buildQueryCondition(whereParams), null);
if (list == null) { if (list == null) {
@ -106,7 +105,7 @@ public abstract class AbstractRemote implements IRemote {
try { try {
if (transaction.login(user, ticket)) { if (transaction.login(user, ticket)) {
final ModuleInterface module = new GenericModuleImpl(transaction); final ModuleInterface module = new GenericModuleImpl(transaction);
final AuthenticatedUser authUser = transaction.getLoginUser(); final UnixUser unixUser = transaction.getLoginUser();
final String queryCondition = buildQueryCondition(whereParams); final String queryCondition = buildQueryCondition(whereParams);
if (queryCondition == null || queryCondition.length() == 0) { if (queryCondition == null || queryCondition.length() == 0) {
throw new HSAdminException( throw new HSAdminException(
@ -116,10 +115,10 @@ public abstract class AbstractRemote implements IRemote {
queryCondition, null); queryCondition, null);
transaction.beginTransaction(); transaction.beginTransaction();
for (AbstractEntity e : list) { for (AbstractEntity e : list) {
if (e.isWriteAllowedFor(authUser)) { if (e.isWriteAllowedFor(unixUser)) {
module.delete(e); module.delete(e);
} else { } else {
throw new AuthorisationException(authUser, "delete", e); throw new AuthorisationException(unixUser, "delete", e);
} }
} }
transaction.commitTransaction(); transaction.commitTransaction();
@ -143,7 +142,7 @@ public abstract class AbstractRemote implements IRemote {
try { try {
if (transaction.login(user, ticket)) { if (transaction.login(user, ticket)) {
final ModuleInterface module = new GenericModuleImpl(transaction); final ModuleInterface module = new GenericModuleImpl(transaction);
final AuthenticatedUser unixUser = transaction.getLoginUser(); final UnixUser unixUser = transaction.getLoginUser();
final ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>(); final ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
final String queryCondition = buildQueryCondition(whereParams); final String queryCondition = buildQueryCondition(whereParams);
if (queryCondition == null || queryCondition.length() == 0) { if (queryCondition == null || queryCondition.length() == 0) {

View File

@ -6,7 +6,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthenticationException; import de.hsadmin.core.model.AuthenticationException;
import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
@ -14,7 +13,6 @@ import de.hsadmin.core.util.Config;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.mods.dom.Domain; import de.hsadmin.mods.dom.Domain;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class RoleRemote implements IRemote { public class RoleRemote implements IRemote {
@ -27,25 +25,22 @@ public class RoleRemote implements IRemote {
String role = "USER"; String role = "USER";
String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer"); String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster"); String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");
final AuthenticatedUser loginUser = transaction.getLoginUser(); Pac pac = transaction.getLoginUser().getPac();
if (loginUser instanceof UnixUser) { String pacName = pac.getName();
Pac pac = ((UnixUser) loginUser).getPac(); if (accoutPrefixCustomer.equals(pacName)) {
String pacName = pac.getName(); role = "CUSTOMER";
if (accoutPrefixCustomer.equals(pacName)) { }
role = "CUSTOMER"; if (accoutPrefixHostmaster.equals(pacName)) {
} role = "HOSTMASTER";
if (accoutPrefixHostmaster.equals(pacName)) { }
role = "HOSTMASTER"; if (user.equals(pacName)) {
} role = "PAC_ADMIN_DW";
if (user.equals(pacName)) { }
role = "PAC_ADMIN_DW"; if (role.equals("USER")) {
} GenericModuleImpl module = new GenericModuleImpl(transaction);
if (role.equals("USER")) { List<AbstractEntity> list = module.search(Domain.class, "obj.user.name = '" + user + "'", null);
GenericModuleImpl module = new GenericModuleImpl(transaction); if (list != null && list.size() > 0) {
List<AbstractEntity> list = module.search(Domain.class, "obj.user.name = '" + user + "'", null); role = "DOM_ADMIN";
if (list != null && list.size() > 0) {
role = "DOM_ADMIN";
}
} }
} }
List<Map<String, Object>> result = new ArrayList<Map<String,Object>>(); List<Map<String, Object>> result = new ArrayList<Map<String,Object>>();

View File

@ -1,4 +1,4 @@
package de.hsadmin.pillar; package de.hsadmin.servlets;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;

View File

@ -132,8 +132,7 @@ public class PacTasksServlet extends HttpServlet
if ("pac.delete".equals(parts[0])) { if ("pac.delete".equals(parts[0])) {
proc = factory.createDeleteProcessor(em, pac); proc = factory.createDeleteProcessor(em, pac);
} }
final String pacUser = pac.owningUser(em).getName(); transaction.enqueue(pac.getHiveName(), new QueueTask(pac.owningUser(em), parts[0] + ":" + parts[1], message, proc));
transaction.enqueue(pac.getHiveName(), new QueueTask(pacUser, pacUser, parts[0] + ":" + parts[1], message, proc));
em.clear(); em.clear();
em.flush(); em.flush();
transaction.commitTransaction(); transaction.commitTransaction();

View File

@ -39,7 +39,7 @@
<servlet> <servlet>
<servlet-name>PillarServlet</servlet-name> <servlet-name>PillarServlet</servlet-name>
<servlet-class>de.hsadmin.pillar.JsonPillarServlet</servlet-class> <servlet-class>de.hsadmin.servlets.JsonPillarServlet</servlet-class>
</servlet> </servlet>
<servlet-mapping> <servlet-mapping>

View File

@ -82,7 +82,7 @@ public abstract class AbstractEntity {
* *
* @return a restricting JPA-QL expression to limit access to entities * @return a restricting JPA-QL expression to limit access to entities
*/ */
public static String restriction(Class<?> entityClass, AuthenticatedUser loginUser) { public static String restriction(Class<?> entityClass, UnixUser loginUser) {
// hostmasters don't get any restriction // hostmasters don't get any restriction
if (loginUser.hasHostmasterRole()) if (loginUser.hasHostmasterRole())
return null; return null;
@ -159,7 +159,7 @@ public abstract class AbstractEntity {
* @param em * @param em
* @param loginUser * @param loginUser
*/ */
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
} }
/** /**
@ -167,7 +167,7 @@ public abstract class AbstractEntity {
* @param em * @param em
* @param loginUser * @param loginUser
*/ */
public void complete(EntityManager em, AuthenticatedUser loginUser) { public void complete(EntityManager em, UnixUser loginUser) {
} }
/** /**
@ -180,7 +180,7 @@ public abstract class AbstractEntity {
* @param em * @param em
* @param loginUser * @param loginUser
*/ */
public AbstractEntity merge(EntityManager em, AuthenticatedUser loginUser) { public AbstractEntity merge(EntityManager em, UnixUser loginUser) {
return em.merge(this); return em.merge(this);
} }
@ -190,7 +190,7 @@ public abstract class AbstractEntity {
* @param loginUser * @param loginUser
* @return * @return
*/ */
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasHostmasterRole(); return loginUser.hasHostmasterRole();
} }
@ -200,7 +200,7 @@ public abstract class AbstractEntity {
* @param loginUser * @param loginUser
* @return * @return
*/ */
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
return loginUser.hasHostmasterRole(); return loginUser.hasHostmasterRole();
} }
@ -218,6 +218,6 @@ public abstract class AbstractEntity {
* @param em * @param em
* @return * @return
*/ */
public abstract AuthenticatedUser owningUser(EntityManager em); public abstract UnixUser owningUser(EntityManager em);
} }

View File

@ -41,7 +41,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
} }
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
EntityManager entityManager = transaction.getEntityManager(); EntityManager entityManager = transaction.getEntityManager();
newEntity.complete(entityManager, loginUser); newEntity.complete(entityManager, loginUser);
entityManager.persist(newEntity); entityManager.persist(newEntity);
@ -58,7 +58,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException { public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
AbstractEntity entity = transaction.getEntityManager().find(entityClass, key); AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
if (!entity.isReadAllowedFor(loginUser)) { if (!entity.isReadAllowedFor(loginUser)) {
throw new AuthorisationException(loginUser, "add", entity); throw new AuthorisationException(loginUser, "add", entity);
} }
@ -98,7 +98,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
} }
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy, int limit) throws HSAdminException { public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy, int limit) throws HSAdminException {
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
condition = restrict(entityClass, loginUser, condition); condition = restrict(entityClass, loginUser, condition);
Entity entityAnnot = entityClass.getAnnotation(Entity.class); Entity entityAnnot = entityClass.getAnnotation(Entity.class);
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj"; String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
@ -120,9 +120,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
} }
setQueryParameter(query, queryString, "loginUser", loginUser); setQueryParameter(query, queryString, "loginUser", loginUser);
setQueryParameter(query, queryString, "loginUserName", loginUser.getName()); setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
if (loginUser instanceof UnixUser) { setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
}
try { try {
List<?> res = query.getResultList(); List<?> res = query.getResultList();
List<AbstractEntity> ret = new LinkedList<AbstractEntity>(); List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
@ -142,7 +140,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
} }
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser); existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
if (!existingEntity.isWriteAllowedFor(loginUser)) { if (!existingEntity.isWriteAllowedFor(loginUser)) {
throw new AuthorisationException(loginUser, "update", existingEntity); throw new AuthorisationException(loginUser, "update", existingEntity);
@ -156,7 +154,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
} }
public void delete(AbstractEntity existingEntity) throws HSAdminException { public void delete(AbstractEntity existingEntity) throws HSAdminException {
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
EntityManager entityManager = transaction.getEntityManager(); EntityManager entityManager = transaction.getEntityManager();
existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id()); existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id());
if (!existingEntity.isWriteAllowedFor(loginUser)) { if (!existingEntity.isWriteAllowedFor(loginUser)) {
@ -192,7 +190,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
return procFact; return procFact;
} }
protected void queueProcessor(Processor proc, AuthenticatedUser authUser, AbstractEntity entity, String action) { protected void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) {
if (proc == null || proc instanceof NullProcessor) { if (proc == null || proc instanceof NullProcessor) {
return; return;
} }
@ -200,7 +198,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName(); String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
StringBuilder details = new StringBuilder(); StringBuilder details = new StringBuilder();
String title = entityTypeName + " (" + entity.createStringKey() + ") " + action; String title = entityTypeName + " (" + entity.createStringKey() + ") " + action;
QueueTask task = new QueueTask(transaction.getLogin(), transaction.getRunas(), title, details.toString(), proc); QueueTask task = new QueueTask(user, title, details.toString(), proc);
transaction.getEntityManager().persist(task); transaction.getEntityManager().persist(task);
transaction.enqueue(entity.getHiveName(), task); transaction.enqueue(entity.getHiveName(), task);
} }
@ -216,7 +214,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
/** /**
* apply access restriction to JPA-QL condition. * apply access restriction to JPA-QL condition.
*/ */
private String restrict(Class<?> entityClass, AuthenticatedUser loginUser, String condition) { private String restrict(Class<?> entityClass, UnixUser loginUser, String condition) {
String restriction = AbstractEntity.restriction(entityClass, loginUser); String restriction = AbstractEntity.restriction(entityClass, loginUser);
if (restriction == null) if (restriction == null)
return condition; return condition;

View File

@ -7,12 +7,12 @@ public class AuthorisationException extends HSAdminException {
private static final long serialVersionUID = -8125905071037488732L; private static final long serialVersionUID = -8125905071037488732L;
private AuthenticatedUser user; private UnixUser user;
private String method; private String method;
private AbstractEntity entity; private AbstractEntity entity;
private String field; private String field;
public AuthenticatedUser getUser() { public UnixUser getUser() {
return user; return user;
} }
@ -28,14 +28,14 @@ public class AuthorisationException extends HSAdminException {
return field; return field;
} }
public AuthorisationException(AuthenticatedUser user, String method) { public AuthorisationException(UnixUser user, String method) {
super("nicht authorisiert fuer " + method + "()"); super("nicht authorisiert fuer " + method + "()");
this.user = user; this.user = user;
this.method = method; this.method = method;
} }
public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity) { public AuthorisationException(UnixUser user, String method, AbstractEntity entity) {
super("nicht authorisiert fuer " + method + "(" super("nicht authorisiert fuer " + method + "("
+ entity.createStringKey() + ")"); + entity.createStringKey() + ")");
@ -44,7 +44,7 @@ public class AuthorisationException extends HSAdminException {
this.entity = entity; this.entity = entity;
} }
public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity, public AuthorisationException(UnixUser user, String method, AbstractEntity entity,
String field) { String field) {
super("nicht authorisiert fuer " + method + "(" super("nicht authorisiert fuer " + method + "("
+ entity.createStringKey() + "." + field + ")"); + entity.createStringKey() + "." + field + ")");

View File

@ -99,7 +99,7 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
public void delete(AbstractEntity detachedEntity) throws HSAdminException { public void delete(AbstractEntity detachedEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
EntityManager entityManager = transaction.getEntityManager(); EntityManager entityManager = transaction.getEntityManager();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id()); AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id());
if (!attachedEntity.isWriteAllowedFor(loginUser)) { if (!attachedEntity.isWriteAllowedFor(loginUser)) {
throw new AuthorisationException(loginUser, "delete", detachedEntity); throw new AuthorisationException(loginUser, "delete", detachedEntity);

View File

@ -28,16 +28,15 @@ public class Transaction {
private EntityManager entityManager; private EntityManager entityManager;
private QueueConnectionFactory queueConnectionFactory; private QueueConnectionFactory queueConnectionFactory;
private String loginUser; private String loginName;
private String runasUser;
private Map<String, QueueTaskStore> taskStores; private Map<String, QueueTaskStore> taskStores;
private boolean transactionActive; private boolean transactionActive;
private InitialContext ctx; private InitialContext ctx;
public Transaction(String runasName) { public Transaction(String loginName) {
transactionActive = false; transactionActive = false;
this.entityManager = PersistenceManager.getEntityManager("hsadmin"); this.entityManager = PersistenceManager.getEntityManager("hsadmin");
this.runasUser = runasName; this.loginName = loginName;
taskStores = new HashMap<String, QueueTaskStore>(); taskStores = new HashMap<String, QueueTaskStore>();
try { try {
ctx = new InitialContext(); ctx = new InitialContext();
@ -68,12 +67,11 @@ public class Transaction {
return null; return null;
} }
public String getLogin() { public String getLoginName() {
return loginUser; if (loginName != null) {
} return loginName;
}
public String getRunas() { throw new TechnicalException("no login");
return runasUser;
} }
public void enqueue(String hiveName, QueueTask task) { public void enqueue(String hiveName, QueueTask task) {
@ -90,6 +88,7 @@ public class Transaction {
for (String hive : taskStores.keySet()) { for (String hive : taskStores.keySet()) {
QueueTaskStore store = taskStores.get(hive); QueueTaskStore store = taskStores.get(hive);
String queueName = "hsadminSystem-" + hive; String queueName = "hsadminSystem-" + hive;
// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!!
Queue jmsSystemQueue = lookupJMSQueue(queueName); Queue jmsSystemQueue = lookupJMSQueue(queueName);
QueueClient qClient = null; QueueClient qClient = null;
try { try {
@ -172,15 +171,10 @@ public class Transaction {
} }
} }
public AuthenticatedUser getLoginUser() { public UnixUser getLoginUser() {
String loginName = getRunas(); String loginName = getLoginName();
if (loginName != null && loginName.length() == 2) { if (loginName != null && loginName.length() == 2) {
final LdapDAO ldapDAO = new LdapDAO(); loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
return ldapDAO.read(loginName);
}
if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
final LdapDAO ldapDAO = new LdapDAO();
return ldapDAO.read(loginName);
} }
if (loginName != null && loginName.length() == 3) { if (loginName != null && loginName.length() == 3) {
loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName; loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;
@ -191,44 +185,44 @@ public class Transaction {
return unixUser; return unixUser;
} }
public boolean login(String runasUser, String ticket) throws AuthenticationException { public boolean login(String user, String ticket) throws AuthenticationException {
loginUser = TicketValidator.getInstance().validateTicket(ticket); String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
if (runasUser != null && runasUser.equals(loginUser)) { if (user != null && user.equals(ticketUser)) {
return true; // user himself return true; // user himself
} }
if (loginUser != null && loginUser.length() == 2) { if (ticketUser != null && ticketUser.length() == 2) {
return true; // 2-letter hostmaster return true; // 2-letter hostmaster
} }
String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-"; String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
if (loginUser != null && loginUser.startsWith(hostmasterAccountPrefix) && loginUser.length() == 8) { if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
return true; // hsh01 hostmaster return true; // hsh01 hostmaster
} }
if (loginUser != null && loginUser.length() == 5) { if (ticketUser != null && ticketUser.length() == 5) {
Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username"); Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
userQuery.setParameter("username", runasUser); userQuery.setParameter("username", user);
UnixUser unixUser = (UnixUser) userQuery.getSingleResult(); UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
String pacName = unixUser.getPac().getName(); String pacName = unixUser.getPac().getName();
return loginUser.equals(pacName); // pac-admin return ticketUser.equals(pacName); // pac-admin
} }
String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-"; String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
if (loginUser != null && (loginUser.length() == 3 || (loginUser.length() >= 9 && loginUser.startsWith(memberAccountPrefix)))) { if (ticketUser != null && (ticketUser.length() == 3 || (ticketUser.length() >= 9 && ticketUser.startsWith(memberAccountPrefix)))) {
Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername"); Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
memberQuery.setParameter("membername", loginUser.length() == 3 ? (memberAccountPrefix + loginUser) : loginUser); memberQuery.setParameter("membername", ticketUser.length() == 3 ? (memberAccountPrefix + ticketUser) : ticketUser);
Customer member = (Customer) memberQuery.getSingleResult(); Customer member = (Customer) memberQuery.getSingleResult();
Set<Pac> pacs = member.getPacs(); Set<Pac> pacs = member.getPacs();
for (Pac p : pacs) { for (Pac p : pacs) {
if (p.getName().equals(runasUser)) { if (p.getName().equals(user)) {
return true; // member as pac-admin return true; // member as pac-admin
} }
Set<UnixUser> users = p.getUnixUser(); Set<UnixUser> users = p.getUnixUser();
for (UnixUser u : users) { for (UnixUser u : users) {
if (u.getName().equals(runasUser)) { if (u.getName().equals(user)) {
return true; // member as pac-user return true; // member as pac-user
} }
} }
} }
} }
throw new AuthenticationException("User " + loginUser + " is not allowed to run as " + runasUser); throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
} }
} }

View File

@ -20,7 +20,6 @@ import javax.persistence.Transient;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AnnModuleImpl; import de.hsadmin.core.model.AnnModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.mods.qstat.QTaskModuleImpl; import de.hsadmin.mods.qstat.QTaskModuleImpl;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
@ -43,14 +42,6 @@ public class QueueTask extends AbstractEntity implements Serializable {
@ManyToOne(fetch=FetchType.EAGER) @ManyToOne(fetch=FetchType.EAGER)
private UnixUser user; private UnixUser user;
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
@Column(name = "runas_user", columnDefinition = "character varying(48)", nullable = true)
private String runasUser;
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
@Column(name = "login_user", columnDefinition = "character varying(48)", nullable = true)
private String loginUser;
@AnnFieldIO(rw=ReadWriteAccess.READONLY) @AnnFieldIO(rw=ReadWriteAccess.READONLY)
@Column(name = "started", columnDefinition = "date") @Column(name = "started", columnDefinition = "date")
@Temporal(javax.persistence.TemporalType.TIMESTAMP) @Temporal(javax.persistence.TemporalType.TIMESTAMP)
@ -78,9 +69,8 @@ public class QueueTask extends AbstractEntity implements Serializable {
public QueueTask() { public QueueTask() {
} }
public QueueTask(String loginUser, String runasUser, String title, String details, Processor proc) { public QueueTask(UnixUser user, String title, String details, Processor proc) {
this.loginUser = loginUser; this.user = user;
this.runasUser = runasUser;
this.title = title; this.title = title;
this.details = details; this.details = details;
this.started = new Date(); this.started = new Date();
@ -99,7 +89,7 @@ public class QueueTask extends AbstractEntity implements Serializable {
* on all merged fields of this entity * on all merged fields of this entity
*/ */
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasHostmasterRole() return loginUser.hasHostmasterRole()
|| loginUser.hasPacAdminRoleFor(getUser().getPac()) || loginUser.hasPacAdminRoleFor(getUser().getPac())
|| loginUser.id() == getUser().id(); || loginUser.id() == getUser().id();
@ -146,22 +136,6 @@ public class QueueTask extends AbstractEntity implements Serializable {
this.user = user; this.user = user;
} }
public String getRunasUser() {
return runasUser;
}
public void setRunasUser(String runasUser) {
this.runasUser = runasUser;
}
public String getLoginUser() {
return loginUser;
}
public void setLoginUser(String loginUser) {
this.loginUser = loginUser;
}
public Date getStarted() { public Date getStarted() {
return started; return started;
} }

View File

@ -28,7 +28,7 @@ public class WaitingTasksProcessor extends AbstractProcessor {
if (task.getException() == null) { if (task.getException() == null) {
for (WaitingProcessor p : waitingTasks) { for (WaitingProcessor p : waitingTasks) {
QueueTask wTask = QueueTask wTask =
new QueueTask(transaction.getLogin(), transaction.getRunas(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc()); new QueueTask(task.getUser(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc());
transaction.getEntityManager().persist(wTask); transaction.getEntityManager().persist(wTask);
transaction.enqueue(p.getHost(), wTask); transaction.enqueue(p.getHost(), wTask);
} }

View File

@ -25,7 +25,6 @@ import javax.persistence.Temporal;
import javax.persistence.Transient; import javax.persistence.Transient;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
@ -235,12 +234,12 @@ public class Customer extends AbstractEntity implements Serializable {
} }
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasCustomerRoleFor(this); return loginUser.hasCustomerRoleFor(this);
} }
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
return loginUser.hasCustomerRoleFor(this); return loginUser.hasCustomerRoleFor(this);
} }

View File

@ -24,7 +24,6 @@ import javax.persistence.Table;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
@ -78,10 +77,8 @@ public abstract class Database extends AbstractEntity implements Serializable {
} }
@Override @Override
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
if (loginUser instanceof UnixUser) { pac = loginUser.getPac(); // a default useful for the pac admin
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
}
} }
public void complete(EntityManager em, UnixUser loginUser) { public void complete(EntityManager em, UnixUser loginUser) {
@ -141,7 +138,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
* determines whether the given user has full read access on all merged fields of this entity * determines whether the given user has full read access on all merged fields of this entity
*/ */
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasPacAdminRoleFor(getPac()); return loginUser.hasPacAdminRoleFor(getPac());
} }
@ -149,7 +146,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
* determines whether the given user has full write access on all merged fields of this entity * determines whether the given user has full write access on all merged fields of this entity
*/ */
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
String pacName = pac.getName(); String pacName = pac.getName();
if (!name.equals(pacName) && !name.startsWith(pacName + "_")) if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
return false; return false;

View File

@ -25,7 +25,6 @@ import javax.persistence.Transient;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
@ -73,10 +72,8 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
} }
@Override @Override
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
if (loginUser instanceof UnixUser) { pac = loginUser.getPac(); // a default useful for the pac admin
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
}
} }
public void complete(EntityManager em, UnixUser loginUser) { public void complete(EntityManager em, UnixUser loginUser) {
@ -159,7 +156,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
} }
@Override @Override
public DatabaseUser merge(EntityManager em, AuthenticatedUser loginUser) { public DatabaseUser merge(EntityManager em, UnixUser loginUser) {
DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser); DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser);
dbEntity.setPassword(this.getPassword()); dbEntity.setPassword(this.getPassword());
return dbEntity; return dbEntity;
@ -183,7 +180,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
* fields of this entity * fields of this entity
*/ */
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasPacAdminRoleFor(getPac()); return loginUser.hasPacAdminRoleFor(getPac());
} }
@ -192,7 +189,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
* fields of this entity * fields of this entity
*/ */
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
String pacName = pac.getName(); String pacName = pac.getName();
if (!name.equals(pacName) && !name.startsWith(pacName + "_")) if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
return false; return false;

View File

@ -7,13 +7,13 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class MySqlDatabaseModuleImpl extends AbstractModuleImpl { public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
@ -29,7 +29,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
MySqlDatabase database = (MySqlDatabase) newEntity; MySqlDatabase database = (MySqlDatabase) newEntity;
String name = database.getName(); String name = database.getName();
String pacPrefix = name.substring(0, 5); String pacPrefix = name.substring(0, 5);
@ -75,7 +75,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
EntityManager em = transaction.getEntityManager(); EntityManager em = transaction.getEntityManager();
AuthenticatedUser unixUser = transaction.getLoginUser(); UnixUser unixUser = transaction.getLoginUser();
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity; MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId()); MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
if (!attachedDB.getName().equals(detachtedDB.getName())) { if (!attachedDB.getName().equals(detachtedDB.getName())) {

View File

@ -7,20 +7,20 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class MySqlUserModuleImpl extends AbstractModuleImpl { public class MySqlUserModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
MySqlUser user = (MySqlUser) newEntity; MySqlUser user = (MySqlUser) newEntity;
String name = user.getName(); String name = user.getName();
if (name.length() < 7 || name.charAt(5) != '_') { if (name.length() < 7 || name.charAt(5) != '_') {

View File

@ -7,13 +7,13 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl { public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
@ -27,7 +27,7 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
PgSqlDatabase database = (PgSqlDatabase) newEntity; PgSqlDatabase database = (PgSqlDatabase) newEntity;
String name = database.getName(); String name = database.getName();
String pacPrefix = name.substring(0, 5); String pacPrefix = name.substring(0, 5);
@ -74,17 +74,17 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
EntityManager em = transaction.getEntityManager(); EntityManager em = transaction.getEntityManager();
AuthenticatedUser user = transaction.getLoginUser(); UnixUser unixUser = transaction.getLoginUser();
PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity; PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity;
PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId()); PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId());
if (!attachedDB.getName().equals(detachtedDB.getName())) { if (!attachedDB.getName().equals(detachtedDB.getName())) {
throw new AuthorisationException(user, "update", existingEntity, "name"); throw new AuthorisationException(unixUser, "update", existingEntity, "name");
} }
if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) { if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) {
throw new AuthorisationException(user, "update", existingEntity, "encoding"); throw new AuthorisationException(unixUser, "update", existingEntity, "encoding");
} }
if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) { if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) {
throw new AuthorisationException(user, "update", existingEntity, "instance"); throw new AuthorisationException(unixUser, "update", existingEntity, "instance");
} }
return super.update(existingEntity); return super.update(existingEntity);
} }

View File

@ -7,18 +7,18 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class PgSqlUserModuleImpl extends AbstractModuleImpl { public class PgSqlUserModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
PgSqlUser user = (PgSqlUser) newEntity; PgSqlUser user = (PgSqlUser) newEntity;
String name = user.getName(); String name = user.getName();
if (name.length() < 7 || name.charAt(5) != '_') { if (name.length() < 7 || name.charAt(5) != '_') {

View File

@ -11,7 +11,6 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
@ -59,9 +58,8 @@ public class DomainModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException { public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
AbstractEntity newDom = super.initialize(newEntity); AbstractEntity newDom = super.initialize(newEntity);
final AuthenticatedUser loginUser = getTransaction().getLoginUser(); if (newDom instanceof Domain) {
if (newDom instanceof Domain && loginUser instanceof UnixUser) { ((Domain) newDom).setUser(getTransaction().getLoginUser());
((Domain) newDom).setUser((UnixUser) loginUser);
return newDom; return newDom;
} }
return null; return null;
@ -141,7 +139,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
final String hiveName = pac.getHive().getHiveName(); final String hiveName = pac.getHive().getHiveName();
dom.setDnsMaster(hiveName + ".hostsharing.net"); dom.setDnsMaster(hiveName + ".hostsharing.net");
// Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen. // Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen.
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
if (!loginUser.hasHostmasterRole()) { if (!loginUser.hasHostmasterRole()) {
boolean usersDomain = false; boolean usersDomain = false;
boolean otherUserDomain = false; boolean otherUserDomain = false;
@ -213,7 +211,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
if (updatedDom.getName() == null || updatedDom.getName().length() == 0) { if (updatedDom.getName() == null || updatedDom.getName().length() == 0) {
throw new HSAdminException("domain name required"); throw new HSAdminException("domain name required");
} }
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
EntityManager em = getTransaction().getEntityManager(); EntityManager em = getTransaction().getEntityManager();
Domain oldDom = em.find(Domain.class, updatedDom.getId()); Domain oldDom = em.find(Domain.class, updatedDom.getId());
UnixUser admin = updatedDom.getUser(); UnixUser admin = updatedDom.getUser();
@ -277,7 +275,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
} }
private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException { private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
if (ent instanceof Domain) { if (ent instanceof Domain) {
Domain dom = (Domain) ent; Domain dom = (Domain) ent;
String aLoginUserName = loginUser.getName(); String aLoginUserName = loginUser.getName();
@ -296,7 +294,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
} }
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException { private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
if (entity instanceof Domain) { if (entity instanceof Domain) {
Domain dom = (Domain) entity; Domain dom = (Domain) entity;
String aLoginUserName = loginUser.getName(); String aLoginUserName = loginUser.getName();

View File

@ -192,12 +192,12 @@ public class EMailAddress extends AbstractEntity implements Serializable {
} }
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return getDomain().isReadAllowedFor(loginUser); return getDomain().isReadAllowedFor(loginUser);
} }
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
return getDomain().isWriteAllowedFor(loginUser); return getDomain().isWriteAllowedFor(loginUser);
} }

View File

@ -7,13 +7,13 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.mods.dom.Domain; import de.hsadmin.mods.dom.Domain;
import de.hsadmin.mods.dom.DomainOption; import de.hsadmin.mods.dom.DomainOption;
import de.hsadmin.mods.user.UnixUser;
public class EMailAddressModuleImpl extends AbstractModuleImpl { public class EMailAddressModuleImpl extends AbstractModuleImpl {
@ -51,7 +51,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
qDomain.setParameter("domName", adr.getDomain().getName()); qDomain.setParameter("domName", adr.getDomain().getName());
Domain dom = (Domain) qDomain.getSingleResult(); Domain dom = (Domain) qDomain.getSingleResult();
adr.setDomain(dom); adr.setDomain(dom);
AuthenticatedUser loginUser = tx.getLoginUser(); UnixUser loginUser = tx.getLoginUser();
if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) { if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) {
throw new AuthorisationException(loginUser, "add", adr); throw new AuthorisationException(loginUser, "add", adr);
} }
@ -79,7 +79,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
EMailAddress detachedAddr = (EMailAddress) existingEntity; EMailAddress detachedAddr = (EMailAddress) existingEntity;
EntityManager em = transaction.getEntityManager(); EntityManager em = transaction.getEntityManager();
EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId()); EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());

View File

@ -20,7 +20,6 @@ import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AnnModuleImpl; import de.hsadmin.core.model.AnnModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.core.model.SearchFilter; import de.hsadmin.core.model.SearchFilter;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
@ -67,18 +66,14 @@ public class EMailAlias extends AbstractEntity implements Serializable {
} }
@Override @Override
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
pac = null; pac = loginUser.getPac();
name = ""; name = pac.getName() + "-";
if (loginUser instanceof UnixUser) {
pac = ((UnixUser)loginUser).getPac();
name = pac.getName() + "-";
}
target = ""; target = "";
} }
@Override @Override
public void complete(EntityManager em, AuthenticatedUser loginUser) { public void complete(EntityManager em, UnixUser loginUser) {
if (pac == null && name != null && name.length() > 0) { if (pac == null && name != null && name.length() > 0) {
String pacName = name.substring(0, 5); String pacName = name.substring(0, 5);
try { try {
@ -87,9 +82,7 @@ public class EMailAlias extends AbstractEntity implements Serializable {
Query query = em.createQuery(queryString); Query query = em.createQuery(queryString);
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser); AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser);
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName()); AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
if (loginUser instanceof UnixUser) { AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
}
pac = (Pac) query.getSingleResult(); pac = (Pac) query.getSingleResult();
} catch (NoResultException exc) { } catch (NoResultException exc) {
throw new SecurityException("packet '" + pacName + "' not found or access denied"); throw new SecurityException("packet '" + pacName + "' not found or access denied");
@ -178,12 +171,12 @@ public class EMailAlias extends AbstractEntity implements Serializable {
} }
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
return loginUser.hasPacAdminRoleFor(getPac()); return loginUser.hasPacAdminRoleFor(getPac());
} }
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
String pacName = pac.getName(); String pacName = pac.getName();
if (!name.equals(pacName) && !name.startsWith(pacName + "-")) if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
return false; return false;

View File

@ -7,13 +7,13 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class EMailAliasModuleImpl extends AbstractModuleImpl { public class EMailAliasModuleImpl extends AbstractModuleImpl {
@ -29,7 +29,7 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
EMailAlias alias = (EMailAlias) newEntity; EMailAlias alias = (EMailAlias) newEntity;
String name = alias.getName(); String name = alias.getName();
if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) { if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {

View File

@ -27,7 +27,6 @@ import javax.persistence.TemporalType;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AnnModuleImpl; import de.hsadmin.core.model.AnnModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.mods.cust.Customer; import de.hsadmin.mods.cust.Customer;
@ -114,7 +113,7 @@ public class Pac extends AbstractEntity implements Serializable {
} }
@Override @Override
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
super.initialize(em, loginUser); super.initialize(em, loginUser);
} }

View File

@ -12,7 +12,6 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
@ -132,7 +131,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity update(AbstractEntity entity) throws HSAdminException { public AbstractEntity update(AbstractEntity entity) throws HSAdminException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
if (!(entity instanceof Pac)) { if (!(entity instanceof Pac)) {
throw new AuthorisationException(loginUser, "update", entity); throw new AuthorisationException(loginUser, "update", entity);
} }
@ -240,7 +239,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
} }
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException { private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
if (entity instanceof Pac) { if (entity instanceof Pac) {
Pac pac = (Pac) entity; Pac pac = (Pac) entity;
String aLoginUserName = loginUser.getName(); String aLoginUserName = loginUser.getName();

View File

@ -19,17 +19,15 @@ import javax.persistence.Transient;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnFieldIO;
import de.hsadmin.core.model.AnnModuleImpl; import de.hsadmin.core.model.AnnModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.ReadWriteAccess;
import de.hsadmin.core.util.Config; import de.hsadmin.core.util.Config;
import de.hsadmin.mods.cust.Customer;
import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.pac.Pac;
@Entity(name = "UnixUsers") @Entity(name = "UnixUsers")
@Table(name = "unixuser") @Table(name = "unixuser")
@SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq") @SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
@AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class) @AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class)
public class UnixUser extends AbstractEntity implements Serializable, AuthenticatedUser { public class UnixUser extends AbstractEntity implements Serializable {
private static final long serialVersionUID = 7823071611805642906L; private static final long serialVersionUID = 7823071611805642906L;
@ -266,16 +264,14 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica
} }
@Override @Override
public void initialize(EntityManager em, AuthenticatedUser loginUser) { public void initialize(EntityManager em, UnixUser loginUser) {
if (loginUser instanceof UnixUser) { pac = loginUser.getPac(); // a default useful for the pac admin
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin // TODO should not be hardcoded, but how?
// TODO should not be hardcoded, but how? homedir = "/home/pacs/" + pac.getName() + "/users/...";
homedir = "/home/pacs/" + pac.getName() + "/users/...";
}
} }
@Override @Override
public UnixUser merge(EntityManager em, AuthenticatedUser loginUser) { public UnixUser merge(EntityManager em, UnixUser loginUser) {
if (homedir == null) if (homedir == null)
homedir = "/home/pacs/" + pac.getName() + "/users/" homedir = "/home/pacs/" + pac.getName() + "/users/"
+ getName().substring(6); // TODO: Hack + getName().substring(6); // TODO: Hack
@ -304,40 +300,31 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica
return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8)); return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
} }
public boolean hasCustomerRoleFor(AbstractEntity custEntity) { public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) {
if (custEntity instanceof Customer) { return getName().equals(cust.getName()) || hasHostmasterRole();
Customer cust = (Customer) custEntity;
return getName().equals(cust.getName()) || hasHostmasterRole();
}
return false;
} }
public boolean hasPacAdminRoleFor(AbstractEntity pacEntity) { public boolean hasPacAdminRoleFor(Pac pac) {
if (pacEntity instanceof Pac) { return pac != null &&
Pac pac = (Pac) pacEntity; (pac.getName().equals(getName())
return pac != null && || hasCustomerRoleFor(pac.getCustomer()) );
(pac.getName().equals(getName())
|| hasCustomerRoleFor(pac.getCustomer()) );
}
return false;
} }
@Override @Override
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { public boolean isWriteAllowedFor(UnixUser loginUser) {
String pacName = pac.getName(); String pacName = pac.getName();
if (!name.equals(pacName) && !name.startsWith(pacName + "-")) if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
return false; return false;
if (super.isWriteAllowedFor(loginUser)) if (super.isWriteAllowedFor(loginUser))
return true; return true;
return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac()); return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
} }
@Override @Override
public boolean isReadAllowedFor(AuthenticatedUser loginUser) { public boolean isReadAllowedFor(UnixUser loginUser) {
if (super.isReadAllowedFor(loginUser)) if (super.isReadAllowedFor(loginUser))
return true; return true;
return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac()); return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
} }
/** /**

View File

@ -8,7 +8,6 @@ import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthenticatedUser;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction; import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException; import de.hsadmin.core.util.HSAdminException;
@ -25,10 +24,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException { public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
UnixUser newUnixUser = (UnixUser) super.initialize(newEntity); UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
final AuthenticatedUser loginUser = getTransaction().getLoginUser(); newUnixUser.setName(getTransaction().getLoginUser().getPac().getName() + '-');
if (loginUser instanceof UnixUser) {
newUnixUser.setName(((UnixUser)loginUser).getPac().getName() + '-');
}
return newUnixUser; return newUnixUser;
} }
@ -78,7 +74,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
EntityManager em = transaction.getEntityManager(); EntityManager em = transaction.getEntityManager();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
// only allow pac which matches the username (TODO: hard coded // only allow pac which matches the username (TODO: hard coded
// Hostsharing convention) // Hostsharing convention)
UnixUser newUnixUser = (UnixUser) newEntity; UnixUser newUnixUser = (UnixUser) newEntity;
@ -162,7 +158,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
@Override @Override
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
Transaction transaction = getTransaction(); Transaction transaction = getTransaction();
AuthenticatedUser loginUser = transaction.getLoginUser(); UnixUser loginUser = transaction.getLoginUser();
EntityManager em = transaction.getEntityManager(); EntityManager em = transaction.getEntityManager();
UnixUser detachedUnixUser = (UnixUser) existingEntity; UnixUser detachedUnixUser = (UnixUser) existingEntity;
UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId()); UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId());
@ -255,7 +251,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
// throws an AuthorisationException if the login user has no write acess // throws an AuthorisationException if the login user has no write acess
// on the pac of the given UnixUser // on the pac of the given UnixUser
private boolean hasFullAccessOnPacOf(UnixUser user) { private boolean hasFullAccessOnPacOf(UnixUser user) {
AuthenticatedUser loginUser = getTransaction().getLoginUser(); UnixUser loginUser = getTransaction().getLoginUser();
String loginUserName = loginUser.getName(); String loginUserName = loginUser.getName();
return loginUser.hasHostmasterRole() return loginUser.hasHostmasterRole()
|| loginUserName.equals(user.getPac().getName()) || loginUserName.equals(user.getPac().getName())
@ -264,33 +260,22 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
// throws an AuthorisationException if the login user has no write acess // throws an AuthorisationException if the login user has no write acess
// on the pac of the given UnixUser // on the pac of the given UnixUser
private void needsFullAccessOnPacOf(UnixUser user, String method) throws AuthorisationException { private void needsFullAccessOnPacOf(UnixUser user, String method)
throws AuthorisationException {
if (!hasFullAccessOnPacOf(user)) if (!hasFullAccessOnPacOf(user))
throw new AuthorisationException(getTransaction().getLoginUser(), method, user); throw new AuthorisationException(getTransaction().getLoginUser(), method, user);
} }
private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException { private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
if (!hasFullAccessOnPacOf(user)) { UnixUser loginUser = getTransaction().getLoginUser();
AuthenticatedUser loginUser = getTransaction().getLoginUser(); if (!hasFullAccessOnPacOf(user) && loginUser.getPac().id() != user.getPac().id()) {
if (loginUser instanceof UnixUser) {
UnixUser uxUser = (UnixUser) loginUser;
if (uxUser.getPac().id() == user.getPac().id()) {
return;
}
}
throw new AuthorisationException(loginUser, method, user); throw new AuthorisationException(loginUser, method, user);
} }
} }
private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException { private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException {
if (!hasFullAccessOnPacOf(user)) { UnixUser loginUser = getTransaction().getLoginUser();
AuthenticatedUser loginUser = getTransaction().getLoginUser(); if (!hasFullAccessOnPacOf(user) && !loginUser.sameIdAs(user)) {
if (loginUser instanceof UnixUser) {
UnixUser uxUser = (UnixUser) loginUser;
if (uxUser.sameIdAs(user)) {
return;
}
}
throw new AuthorisationException(loginUser, method, user); throw new AuthorisationException(loginUser, method, user);
} }
} }
@ -300,8 +285,6 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
return true; return true;
if (shell.equals("/bin/bash")) if (shell.equals("/bin/bash"))
return true; return true;
if (shell.equals("/bin/dash"))
return true;
if (shell.equals("/bin/csh")) if (shell.equals("/bin/csh"))
return true; return true;
if (shell.equals("/bin/tcsh")) if (shell.equals("/bin/tcsh"))