Authorization

This commit is contained in:
Peter Hormanns 2012-07-18 13:25:32 +00:00
parent 4ec71554a0
commit a377ffff3e

View File

@ -151,7 +151,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
throw new HSAdminException("domain admin required");
}
if (!admin.getName().equals(oldDom.getUser().getName())) {
throw new AuthorisationException(loginUser, "update", existingEntity);
throw new AuthorisationException(loginUser, "update", existingEntity, "user");
}
Query q = em.createQuery("SELECT opt FROM " +
DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
@ -208,11 +208,14 @@ public class DomainModuleImpl extends AbstractModuleImpl {
String aLoginUserName = loginUser.getName();
UnixUser domUser = dom.getUser();
Pac domPac = domUser.getPac();
boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
boolean isHostmaster = loginUser.hasHostmasterRole();
if (!isPacAdmin && !isCustomer && !isHostmaster) {
throw new AuthorisationException(loginUser, method, dom);
if (!isDomAdmin && !"update".equals(method)) {
throw new AuthorisationException(loginUser, method, dom);
}
}
if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
throw new AuthorisationException(loginUser, method, dom);