Update of
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders
In directory james.mmbase.org:/tmp/cvs-serv29267/builders
Modified Files:
Tag: MMBase-1_8
Contexts.java
Log Message:
MMB-1749
See also:
http://cvs.mmbase.org/viewcvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders
See also: http://www.mmbase.org/jira/browse/MMB-1749
Index: Contexts.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/builders/Contexts.java,v
retrieving revision 1.48.2.1
retrieving revision 1.48.2.2
diff -u -b -r1.48.2.1 -r1.48.2.2
--- Contexts.java 7 Sep 2006 12:46:49 -0000 1.48.2.1
+++ Contexts.java 8 Dec 2008 16:31:47 -0000 1.48.2.2
@@ -35,7 +35,7 @@
* @author Eduard Witteveen
* @author Pierre van Rooden
* @author Michiel Meeuwissen
- * @version $Id: Contexts.java,v 1.48.2.1 2006/09/07 12:46:49 pierre Exp $
+ * @version $Id: Contexts.java,v 1.48.2.2 2008/12/08 16:31:47 michiel Exp $
* @see org.mmbase.security.implementation.cloudcontext.Verify
* @see org.mmbase.security.Authorization
*/
@@ -194,7 +194,7 @@
if (user.getNode() != null && user.getNode().getNumber() == nodeId
&& operation == Operation.DELETE) return false; // nobody may delete own node
if (builder instanceof Contexts) {
try {
- Users users = Users.getBuilder();
+ MMObjectBuilder users =
Authenticate.getInstance().getUserProvider().getUserBuilder();
BasicSearchQuery query = new BasicSearchQuery(true);
Step step = query.addStep(users);
BasicFieldValueConstraint constraint = new
BasicFieldValueConstraint(new BasicStepField(step,
users.getField("defaultcontext")), new Integer(nodeId));
@@ -522,8 +522,9 @@
Constraint newConstraint =
query.createConstraint(field, ac.contexts);
if (ac.inverse) query.setInverse(newConstraint, true);
- if (step.getTableName().equals("mmbaseusers")) { //
anybody may see own node
- Users users = Users.getBuilder();
+ Provider users =
Authenticate.getInstance().getUserProvider();
+
+ if
(step.getTableName().equals(users.getUserBuilder().getTableName())) { //
anybody may see own node
Constraint own =
query.createConstraint(query.createStepField(step, "number"),
new
Integer(users.getUser(userContext.getIdentifier()).getNumber()));
newConstraint =
query.createConstraint(newConstraint, CompositeConstraint.LOGICAL_OR, own);
@@ -605,7 +606,8 @@
if (found == null) {
found = new HashSet();
- found.addAll(getGroupsOrUsers(contextNode, operation,
Users.getBuilder()));
+ MMObjectBuilder users =
Authenticate.getInstance().getUserProvider().getUserBuilder();
+ found.addAll(getGroupsOrUsers(contextNode, operation, users));
found.addAll(getGroupsOrUsers(contextNode, operation,
Groups.getBuilder()));
operationsCache.put(contextNode, operation, found);
}
@@ -790,7 +792,7 @@
/**
*/
protected boolean mayGrant(MMObjectNode contextNode, MMObjectNode
groupOrUserNode, Operation operation, MMObjectNode user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
if (users.getRank(user).getInt() >= Rank.ADMIN.getInt()) return true;
// admin may do everything
Groups groups = Groups.getBuilder();
@@ -854,7 +856,7 @@
*/
protected boolean mayRevoke(MMObjectNode contextNode, MMObjectNode
groupOrUserNode, Operation operation, MMObjectNode user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
if (users.getRank(user).getInt() >= Rank.ADMIN.getInt()) return true;
// admin may do everything
if (groupOrUserNode.getBuilder() instanceof Groups) {
if (! Groups.getBuilder().contains(groupOrUserNode,
user.getNumber()) || users.getRank(user).getInt() <= Rank.BASICUSER.getInt())
return false; // must be 'high rank' member of group
@@ -913,7 +915,7 @@
* util
*/
protected MMObjectNode getUserNode(UserContext user) {
- Users users = Users.getBuilder();
+ Provider users = Authenticate.getInstance().getUserProvider();
return users.getUser(user.getIdentifier());
}
@@ -996,7 +998,8 @@
throw new SecurityException("Self was not supplied");
}
// find the user first, the check if the current user actually has
rights on the object
- MMObjectNode userToCheck =
Users.getBuilder().getNode(a.getString("usertocheck"));
+ Provider users = Authenticate.getInstance().getUserProvider();
+ MMObjectNode userToCheck =
users.getUserBuilder().getNode(a.getString("usertocheck"));
if (userToCheck == null) { // the user is null?
// I don't know then,
// yes perhaps?
@@ -1004,9 +1007,9 @@
}
// admin bypasses security system (maydo(mmobjectnode ... does not
check for this)
- if (Users.getBuilder().getRank(checkingUser).getInt() <
Rank.ADMIN_INT) {
+ if (users.getRank(checkingUser).getInt() < Rank.ADMIN_INT) {
if ((! mayDo(checkingUser, getContextNode(userToCheck),
Operation.READ, true))) {
- throw new SecurityException("You " + checkingUser + " / "
+ Users.getBuilder().getRank(checkingUser) + " are not allowed to check user '"
+ userToCheck + "' of context '" + getContextNode(userToCheck) + "' (you have
no read rights on that context)");
+ throw new SecurityException("You " + checkingUser + " / "
+ users.getRank(checkingUser) + " are not allowed to check user '" +
userToCheck + "' of context '" + getContextNode(userToCheck) + "' (you have no
read rights on that context)");
}
}
_______________________________________________
Cvs mailing list
Cvs@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/cvs
