Authorization
This commit is contained in:
parent
4ec71554a0
commit
a377ffff3e
@ -151,7 +151,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
throw new HSAdminException("domain admin required");
|
throw new HSAdminException("domain admin required");
|
||||||
}
|
}
|
||||||
if (!admin.getName().equals(oldDom.getUser().getName())) {
|
if (!admin.getName().equals(oldDom.getUser().getName())) {
|
||||||
throw new AuthorisationException(loginUser, "update", existingEntity);
|
throw new AuthorisationException(loginUser, "update", existingEntity, "user");
|
||||||
}
|
}
|
||||||
Query q = em.createQuery("SELECT opt FROM " +
|
Query q = em.createQuery("SELECT opt FROM " +
|
||||||
DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
|
DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
|
||||||
@ -208,11 +208,14 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
String aLoginUserName = loginUser.getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
UnixUser domUser = dom.getUser();
|
UnixUser domUser = dom.getUser();
|
||||||
Pac domPac = domUser.getPac();
|
Pac domPac = domUser.getPac();
|
||||||
|
boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
|
||||||
boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
|
boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
|
||||||
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
|
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
|
||||||
boolean isHostmaster = loginUser.hasHostmasterRole();
|
boolean isHostmaster = loginUser.hasHostmasterRole();
|
||||||
if (!isPacAdmin && !isCustomer && !isHostmaster) {
|
if (!isPacAdmin && !isCustomer && !isHostmaster) {
|
||||||
throw new AuthorisationException(loginUser, method, dom);
|
if (!isDomAdmin && !"update".equals(method)) {
|
||||||
|
throw new AuthorisationException(loginUser, method, dom);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
|
if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
|
||||||
throw new AuthorisationException(loginUser, method, dom);
|
throw new AuthorisationException(loginUser, method, dom);
|
||||||
|
Loading…
Reference in New Issue
Block a user