From 77a839d3d3149b8d8b6ed769224427fb8b6cd95d Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@hostsharing.net>
Date: Fri, 28 Oct 2011 12:49:31 +0200
Subject: [PATCH] fixes #54

---
 hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java |   15 ++++++++++++++-
 hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java |   13 +++++++++++++
 2 files changed, 27 insertions(+), 1 deletions(-)

diff --git a/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
index 6e78959..eb6c16f 100644
--- a/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
@@ -30,17 +30,30 @@
 		UnixUser loginUser = transaction.getLoginUser();
 		MySqlDatabase database = (MySqlDatabase) newEntity;
 		String name = database.getName();
+		String pacPrefix = name.substring(0, 5);
 		if (name.length() < 7 || name.charAt(5) != '_') {
 			throw new AuthorisationException(loginUser, "add", newEntity);
 		}
+		String owner = database.getOwner();
+		if (owner == null || name.length() < 7 || name.charAt(5) != '_') {
+			if (name.length() != 5) {
+				throw new HSAdminException("database owner required");
+			}
+		}
+		if (!owner.startsWith(pacPrefix)) {
+			throw new HSAdminException("wrong database owner");
+		}
 		EntityManager em = getTransaction().getEntityManager();
 		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
-		qPac.setParameter("pacName", name.substring(0, 5));
+		qPac.setParameter("pacName", pacPrefix);
 		Object singleResult = qPac.getSingleResult();
 		Pac pac = (Pac) singleResult;
 		if (pac == null || !pac.isReadAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "add", newEntity);
 		}
+		if (!pac.getName().equals(pacPrefix)) {
+			throw new HSAdminException("wrong database owner");
+		}
 		return super.add(newEntity);
 	}
 	
diff --git a/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
index e179f81..9045678 100644
--- a/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
@@ -28,8 +28,18 @@
 		UnixUser loginUser = getTransaction().getLoginUser();
 		PgSqlDatabase database = (PgSqlDatabase) newEntity;
 		String name = database.getName();
+		String pacPrefix = name.substring(0, 5);
 		if (name.length() < 7 || name.charAt(5) != '_') {
 			throw new AuthorisationException(loginUser, "add", newEntity);
+		}
+		String owner = database.getOwner();
+		if (owner == null || name.length() < 7 || name.charAt(5) != '_') {
+			if (name.length() != 5) {
+				throw new HSAdminException("database owner required");
+			}
+		}
+		if (!owner.startsWith(pacPrefix)) {
+			throw new HSAdminException("wrong database owner");
 		}
 		EntityManager em = getTransaction().getEntityManager();
 		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
@@ -39,6 +49,9 @@
 		if (pac == null || !pac.isReadAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "add", newEntity);
 		}
+		if (!pac.getName().equals(pacPrefix)) {
+			throw new HSAdminException("wrong database owner");
+		}
 		return super.add(newEntity);
 	}
 	

--
Gitblit v1.9.3