Author: orudyy
Date: Tue Mar 10 22:26:16 2015
New Revision: 1665731
URL: http://svn.apache.org/r1665731
Log:
QPID-6436: Allow user to update its own preferences without explicit permissions
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1665731&r1=1665730&r2=1665731&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
Tue Mar 10 22:26:16 2015
@@ -532,6 +532,13 @@ public class SecurityManager
public void authoriseUserUpdate(final String userName)
{
+ AuthenticatedPrincipal principal = getCurrentUser();
+ if (principal != null && principal.getName().equals(userName))
+ {
+ // allow user to update its own data
+ return;
+ }
+
final Operation operation = Operation.UPDATE;
if(! checkAllPlugins(new AccessCheck()
{
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
