[cvs] expresso commit by lhamel: allow admin to have full privileges

JCorporate Ltd jcorp at jcorp2.servlets.net
Fri Nov 12 22:35:04 PST 2004 

Log Message:
-----------
allow admin to have full privileges

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint:
        DynamicCmd.java

Revision Data
-------------
Index: DynamicCmd.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java,v
retrieving revision 1.38
retrieving revision 1.39
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java -u -r1.38 -r1.39
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java
@@ -65,6 +65,7 @@
 package com.jcorporate.expresso.services.controller.dbmaint;
 
 import com.jcorporate.expresso.core.controller.Block;
+import com.jcorporate.expresso.core.controller.Controller;
 import com.jcorporate.expresso.core.controller.ControllerException;
 import com.jcorporate.expresso.core.controller.ControllerRequest;
 import com.jcorporate.expresso.core.controller.ControllerResponse;
@@ -73,7 +74,6 @@
 import com.jcorporate.expresso.core.controller.Output;
 import com.jcorporate.expresso.core.controller.State;
 import com.jcorporate.expresso.core.controller.Transition;
-import com.jcorporate.expresso.core.controller.Controller;
 import com.jcorporate.expresso.core.controller.session.PersistentSession;
 import com.jcorporate.expresso.core.dataobjects.DataObject;
 import com.jcorporate.expresso.core.dataobjects.Defineable;
@@ -759,11 +759,16 @@
             if (myDataObject instanceof Securable) {
                 ((Securable) myDataObject).setRequestingUid(getUid());
             } else {
-                String allowInsecure = Setup.getValue(this.getControllerRequest().getDataContext(),
-                        com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
-                        "insecureDBMaint");
-                if (!("y".equalsIgnoreCase(allowInsecure))) {
-                    throw new SecurityException("Access to unsecured Objects not allowed");
+                if ( getUid() == SecuredDBObject.SYSTEM_ACCOUNT
+                        || User.getUserFromId(getUid(), this.getControllerRequest().getDataContext()).isAdmin() ) {
+                    // all access ok
+                } else {
+                    String allowInsecure = Setup.getValue(this.getControllerRequest().getDataContext(),
+                            com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
+                            "insecureDBMaint");
+                    if (!("y".equalsIgnoreCase(allowInsecure))) {
+                        throw new SecurityException("Access to unsecured Objects not allowed");
+                    }
                 }
             }

More information about the cvs mailing list