From 68f5d00edfed53b09f4c388e266bdb964d1f20db Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@hostsharing.net>
Date: Fri, 20 May 2011 17:25:11 +0200
Subject: [PATCH] alias pruefen

---
 hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java b/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
index cda6019..f549199 100644
--- a/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
@@ -2,10 +2,14 @@
 
 import java.util.List;
 
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.HSAdminException;
+import de.hsadmin.mods.pac.Pac;
 
 public class EMailAliasModuleImpl extends AbstractModuleImpl {
 
@@ -22,11 +26,15 @@
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		EMailAlias alias = (EMailAlias) newEntity;
 		String name = alias.getName();
-		String pacname = alias.getPac().getName();
-		if (!name.startsWith(pacname)) {
+		if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
-		if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
+		EntityManager em = getTransaction().getEntityManager();
+		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
+		qPac.setParameter("pacName", name.substring(0, 5));
+		Object singleResult = qPac.getSingleResult();
+		Pac pac = (Pac) singleResult;
+		if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
 		return super.add(newEntity);

--
Gitblit v1.9.3