svn commit: r799437 - /sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java

Thu, 30 Jul 2009 13:44:10 -0700 

Author: ieb
Date: Thu Jul 30 20:43:43 2009
New Revision: 799437

URL: http://svn.apache.org/viewvc?rev=799437&view=rev
Log:
SLING-1067
Fixed by checking the session cound to the request to see if its an 
administrator. If the user is an administrator they can register other users.

Modified:
    
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java

Modified: 
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=799437&r1=799436&r2=799437&view=diff
==============================================================================
--- 
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
 (original)
+++ 
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
 Thu Jul 30 20:43:43 2009
@@ -166,8 +166,22 @@
     protected void handleOperation(SlingHttpServletRequest request,
             HtmlResponse response, List<Modification> changes)
             throws RepositoryException {
+      
+        // check for an administrator
+        boolean administrator = false;
+        try {
+            Session currentSession = 
request.getResourceResolver().adaptTo(Session.class);
+            UserManager um = AccessControlUtil.getUserManager(currentSession);
+            User currentUser = (User) 
um.getAuthorizable(currentSession.getUserID());
+            administrator = currentUser.isAdmin();
+        } catch ( Exception ex ) {
+            log.warn("Failed to determin if the user is an admin, assuming 
not. Cause: "+ex.getMessage());
+            administrator = false;
+        }
+            
+      
         // make sure user self-registration is enabled
-        if (!selfRegistrationEnabled) {
+        if (!administrator && !selfRegistrationEnabled) {
             throw new RepositoryException(
                 "Sorry, registration of new users is not currently enabled.  
Please try again later.");
         }

Reply via email to