[cvs] expresso commit by lhamel: admin has all privileges

JCorporate Ltd jcorp at jcorp2.servlets.net
Fri Nov 12 23:09:46 PST 2004 

Log Message:
-----------
admin has all privileges

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint:
        List.java

Revision Data
-------------
Index: List.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/List.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/List.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/List.java -u -r1.10 -r1.11
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/List.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/List.java
@@ -64,6 +64,7 @@
 
 package com.jcorporate.expresso.services.controller.dbmaint;
 
+import com.jcorporate.expresso.core.ExpressoSchema;
 import com.jcorporate.expresso.core.controller.ControllerException;
 import com.jcorporate.expresso.core.controller.ControllerRequest;
 import com.jcorporate.expresso.core.controller.ControllerResponse;
@@ -71,12 +72,13 @@
 import com.jcorporate.expresso.core.dataobjects.DataObject;
 import com.jcorporate.expresso.core.dataobjects.Securable;
 import com.jcorporate.expresso.core.db.DBException;
+import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
+import com.jcorporate.expresso.core.security.User;
 import com.jcorporate.expresso.services.dbobj.Setup;
 
 /**
  * list all records in a DBObject.
  *
- * @version        $Revision$  $Date$
  * @author        Michael Nash, contributions by Kevin King
  */
 public class List
@@ -112,11 +114,16 @@
             if (myDBObj instanceof Securable) {
                 ((Securable) myDBObj).isAllowed("S");
             } else {
-                String allowInsecure = Setup.getValue(req.getDataContext(),
-                        com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
-                        "insecureDBMaint");
-                if (!("y".equalsIgnoreCase(allowInsecure))) {
-                    throw new SecurityException("Access to unsecured Objects not allowed");
+                if (getUid() == SecuredDBObject.SYSTEM_ACCOUNT
+                        || User.getUserFromId(getUid(), this.getControllerRequest().getDataContext()).isAdmin()) {
+                    // all access ok
+                } else {
+                    String allowInsecure = Setup.getValue(req.getDataContext(),
+                                        ExpressoSchema.class.getName(),
+                                        "insecureDBMaint");
+                    if (!("y".equalsIgnoreCase(allowInsecure))) {
+                        throw new SecurityException("Access to unsecured Objects not allowed");
+                    }
                 }
             }
             showList();
@@ -127,5 +134,4 @@
 
 
 }
-
 /* List */

More information about the cvs mailing list