fixes #54
This commit is contained in:
parent
eb2b7e49cf
commit
77a839d3d3
@ -30,17 +30,30 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
||||
UnixUser loginUser = transaction.getLoginUser();
|
||||
MySqlDatabase database = (MySqlDatabase) newEntity;
|
||||
String name = database.getName();
|
||||
String pacPrefix = name.substring(0, 5);
|
||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||
}
|
||||
String owner = database.getOwner();
|
||||
if (owner == null || name.length() < 7 || name.charAt(5) != '_') {
|
||||
if (name.length() != 5) {
|
||||
throw new HSAdminException("database owner required");
|
||||
}
|
||||
}
|
||||
if (!owner.startsWith(pacPrefix)) {
|
||||
throw new HSAdminException("wrong database owner");
|
||||
}
|
||||
EntityManager em = getTransaction().getEntityManager();
|
||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||
qPac.setParameter("pacName", name.substring(0, 5));
|
||||
qPac.setParameter("pacName", pacPrefix);
|
||||
Object singleResult = qPac.getSingleResult();
|
||||
Pac pac = (Pac) singleResult;
|
||||
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||
}
|
||||
if (!pac.getName().equals(pacPrefix)) {
|
||||
throw new HSAdminException("wrong database owner");
|
||||
}
|
||||
return super.add(newEntity);
|
||||
}
|
||||
|
||||
|
@ -28,9 +28,19 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
||||
UnixUser loginUser = getTransaction().getLoginUser();
|
||||
PgSqlDatabase database = (PgSqlDatabase) newEntity;
|
||||
String name = database.getName();
|
||||
String pacPrefix = name.substring(0, 5);
|
||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||
}
|
||||
String owner = database.getOwner();
|
||||
if (owner == null || name.length() < 7 || name.charAt(5) != '_') {
|
||||
if (name.length() != 5) {
|
||||
throw new HSAdminException("database owner required");
|
||||
}
|
||||
}
|
||||
if (!owner.startsWith(pacPrefix)) {
|
||||
throw new HSAdminException("wrong database owner");
|
||||
}
|
||||
EntityManager em = getTransaction().getEntityManager();
|
||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||
qPac.setParameter("pacName", name.substring(0, 5));
|
||||
@ -39,6 +49,9 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
||||
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||
}
|
||||
if (!pac.getName().equals(pacPrefix)) {
|
||||
throw new HSAdminException("wrong database owner");
|
||||
}
|
||||
return super.add(newEntity);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user