From a377ffff3e011e42a4c22dcef0fce9d43f573417 Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@hostsharing.net>
Date: Wed, 18 Jul 2012 15:25:32 +0200
Subject: [PATCH] Authorization

---
 hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
index ab0b43b..c39d721 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
@@ -151,7 +151,7 @@
 			throw new HSAdminException("domain admin required");
 		}
 		if (!admin.getName().equals(oldDom.getUser().getName())) {
-			throw new AuthorisationException(loginUser, "update", existingEntity);
+			throw new AuthorisationException(loginUser, "update", existingEntity, "user");
 		}
 		Query q = em.createQuery("SELECT opt FROM " + 
 				DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
@@ -208,11 +208,14 @@
 			String aLoginUserName = loginUser.getName();
 			UnixUser domUser = dom.getUser();
 			Pac domPac = domUser.getPac();
+			boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
 			boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
 			boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
 			boolean isHostmaster = loginUser.hasHostmasterRole();
 			if (!isPacAdmin && !isCustomer && !isHostmaster) {
-				throw new AuthorisationException(loginUser, method, dom);
+				if (!isDomAdmin && !"update".equals(method)) {
+					throw new AuthorisationException(loginUser, method, dom);
+				}
 			}
 			if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
 				throw new AuthorisationException(loginUser, method, dom);

--
Gitblit v1.9.3