Author: bpoussin Date: 2011-08-13 20:17:26 +0200 (Sat, 13 Aug 2011) New Revision: 1144 Url: http://nuiton.org/repositories/revision/wikitty/1144 Log: fix Anomalie #1671: Security exception when try to add WikittyAuthorisation without WikittyAppAdmin Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/services/WikittyServiceSecurity.java Modified: trunk/wikitty-api/src/main/java/org/nuiton/wikitty/services/WikittyServiceSecurity.java =================================================================== --- trunk/wikitty-api/src/main/java/org/nuiton/wikitty/services/WikittyServiceSecurity.java 2011-08-13 16:25:11 UTC (rev 1143) +++ trunk/wikitty-api/src/main/java/org/nuiton/wikitty/services/WikittyServiceSecurity.java 2011-08-13 18:17:26 UTC (rev 1144) @@ -33,6 +33,7 @@ import java.util.Date; import java.util.List; import java.util.Set; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -338,7 +339,9 @@ // there is a policy on the extension canRead = isReader(securityToken, userId, wikitty, extensionName) || canWrite(securityToken, userId, extensionName, wikitty); - } else if ( ! canRead && + } + + if ( ! canRead && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty @@ -362,7 +365,9 @@ // there is a policy on the extension of fqFieldDirtyName canWrite = isWriter(securityToken, userId, wikitty, extensionName) || canAdmin(securityToken, userId, extensionName, wikitty); - } else if ( ! canWrite && + } + + if ( ! canWrite && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty @@ -387,15 +392,17 @@ // there is a policy on the extension of fqFieldDirtyName canAdmin = isAdmin(securityToken, userId, wikitty, extensionName) || isOwner(securityToken, userId, wikitty, extensionName); - } else if ( ! canAdmin && - wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { + } + if ( ! canAdmin && + wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty canAdmin = isAdmin(securityToken, userId, wikitty, null) || isOwner(securityToken, userId, wikitty, null); - } else if ( ! canAdmin ) { + } + if ( ! canAdmin ) { // still not admin, check appAdmin - canAdmin = userIsAnonymousOrAppAdmin(securityToken, userId); + canAdmin = isAppAdmin(securityToken, userId); } return canAdmin; @@ -479,7 +486,7 @@ protected void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts) { String userId = getUserId(securityToken); - if ( ! userIsAnonymousOrAppAdmin(securityToken, userId)) { + if ( ! isAppAdmin(securityToken, userId)) { for (WikittyExtension extension : exts) { Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName()); if (extensionAuthorisation != null) { @@ -745,9 +752,12 @@ String securityToken, String userId, Set<String> groupOrUser) { if (groupOrUser != null) { for (String id : groupOrUser) { - if (id.equals(userId)) { + if (StringUtils.equals(id, userId)) { + // on a l'id du user, on l'autorise return true; } else { + // sinon, on charge l'objet car ca pourrait etre un groupe + // dans lequel il faut cherche le user Wikitty groupWikitty = WikittyServiceEnhanced.restore( getDelegate(), securityToken, id); if (WikittyGroupHelper.hasExtension(groupWikitty)) {