[cvs] expresso commit by lhamel: admin gets full permissions
JCorporate Ltd
jcorp at jcorp2.servlets.net
Fri Nov 12 23:33:03 PST 2004
Log Message:
-----------
admin gets full permissions
Modified Files:
--------------
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint:
DynamicCmd.java
Revision Data
-------------
Index: DynamicCmd.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java,v
retrieving revision 1.39
retrieving revision 1.40
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java -u -r1.39 -r1.40
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/DynamicCmd.java
@@ -105,7 +105,6 @@
* that all the DBMaint states need, such as load the given DBObject as
* specified.
*
- * @version $Revision$ $Date$
* @author Michael Nash, contributions by Kevin King et al
*/
public abstract class DynamicCmd
@@ -323,10 +322,7 @@
this.countTotalRecords = false;
}
- String thisCommand = StringUtil.notNull(getParameter(Controller.STATE_PARAM_KEY));
-
/* if any key values present then recover them */
- String allKeys = URLUTF8Encoder.decode(StringUtil.notNull(getParameter("key")));
setFields(myDataObject, URLUTF8Encoder.decode(StringUtil.notNull(getParameter("fields"))));
if (StringUtil.notNull(getParameter("details")).equals("y")) {
@@ -393,17 +389,23 @@
addBlock(myTable);
boolean canSearch = false;
- boolean allowInsecure = "y".equalsIgnoreCase(Setup.getValue(this.getDBName(),"insecureDBMaint"));
- if (myDBObj instanceof Securable) {
- try {
- ((Securable)myDBObj).isAllowed("S");
- canSearch = true;
- }
- catch (SecurityException ex) {
- canSearch = false;
- }
+ boolean allowInsecure = "y".equalsIgnoreCase(Setup.getValue(this.getDBName(), "insecureDBMaint"));
+ if (getUid() == SecuredDBObject.SYSTEM_ACCOUNT
+ || User.getUserFromId(getUid(), this.getControllerRequest().getDataContext()).isAdmin()) {
+ // all access ok
+ canSearch = true;
} else {
- canSearch = allowInsecure;
+ if (myDBObj instanceof Securable) {
+ try {
+ ((Securable)myDBObj).isAllowed("S");
+ canSearch = true;
+ }
+ catch (SecurityException ex) {
+ canSearch = false;
+ }
+ } else {
+ canSearch = allowInsecure;
+ }
}
Integer pageLimitObj = (Integer) myDBObj.getAttribute("pageLimit");
@@ -766,7 +768,7 @@
String allowInsecure = Setup.getValue(this.getControllerRequest().getDataContext(),
com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
"insecureDBMaint");
- if (!("y".equalsIgnoreCase(allowInsecure))) {
+ if (!(StringUtil.toBoolean(allowInsecure))) {
throw new SecurityException("Access to unsecured Objects not allowed");
}
}
@@ -1267,5 +1269,4 @@
return controllerName;
}
}
-
/* DynamicCmd */
More information about the cvs
mailing list