Authorization

This commit is contained in:
Peter Hormanns 2012-07-18 13:25:32 +00:00
parent 4ec71554a0
commit a377ffff3e

View File

@ -151,7 +151,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
throw new HSAdminException("domain admin required"); throw new HSAdminException("domain admin required");
} }
if (!admin.getName().equals(oldDom.getUser().getName())) { if (!admin.getName().equals(oldDom.getUser().getName())) {
throw new AuthorisationException(loginUser, "update", existingEntity); throw new AuthorisationException(loginUser, "update", existingEntity, "user");
} }
Query q = em.createQuery("SELECT opt FROM " + Query q = em.createQuery("SELECT opt FROM " +
DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() + DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
@ -208,11 +208,14 @@ public class DomainModuleImpl extends AbstractModuleImpl {
String aLoginUserName = loginUser.getName(); String aLoginUserName = loginUser.getName();
UnixUser domUser = dom.getUser(); UnixUser domUser = dom.getUser();
Pac domPac = domUser.getPac(); Pac domPac = domUser.getPac();
boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac); boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName()); boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
boolean isHostmaster = loginUser.hasHostmasterRole(); boolean isHostmaster = loginUser.hasHostmasterRole();
if (!isPacAdmin && !isCustomer && !isHostmaster) { if (!isPacAdmin && !isCustomer && !isHostmaster) {
throw new AuthorisationException(loginUser, method, dom); if (!isDomAdmin && !"update".equals(method)) {
throw new AuthorisationException(loginUser, method, dom);
}
} }
if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) { if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
throw new AuthorisationException(loginUser, method, dom); throw new AuthorisationException(loginUser, method, dom);