[cvs] expresso commit by lhamel: admin gets full permissions
JCorporate Ltd
jcorp at jcorp2.servlets.net
Fri Nov 12 23:34:33 PST 2004
Log Message:
-----------
admin gets full permissions
Modified Files:
--------------
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc:
JoinedDataObject.java
Revision Data
-------------
Index: JoinedDataObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java,v
retrieving revision 1.38
retrieving revision 1.39
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java -u -r1.38 -r1.39
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java
@@ -63,21 +63,8 @@
*/
package com.jcorporate.expresso.core.dataobjects.jdbc;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.TreeSet;
-
-import org.apache.log4j.Logger;
-import org.apache.oro.text.regex.Pattern;
-
import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap;
-
+import com.jcorporate.expresso.core.ExpressoSchema;
import com.jcorporate.expresso.core.dataobjects.BaseDataObject;
import com.jcorporate.expresso.core.dataobjects.DataException;
import com.jcorporate.expresso.core.dataobjects.DataExecutorInterface;
@@ -96,10 +83,23 @@
import com.jcorporate.expresso.core.dbobj.RequestContext;
import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
import com.jcorporate.expresso.core.misc.StringUtil;
+import com.jcorporate.expresso.core.security.User;
import com.jcorporate.expresso.core.security.filters.Filter;
import com.jcorporate.expresso.kernel.util.ClassLocator;
import com.jcorporate.expresso.kernel.util.FastStringBuffer;
import com.jcorporate.expresso.services.dbobj.Setup;
+import org.apache.log4j.Logger;
+import org.apache.oro.text.regex.Pattern;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.TreeSet;
/**
@@ -1993,6 +1993,12 @@
com.jcorporate.expresso.core.db.DBException {
checkInitialized();
+ if (getRequestingUid() == SecuredDBObject.SYSTEM_ACCOUNT
+ || User.getUserFromId(getRequestingUid(), getDataContext()).isAdmin()) {
+ // all access ok
+ return;
+ }
+
//First check for any values from the permissions map
//If such operations are flat not allowed for this join, then
//we return immediately
@@ -2010,12 +2016,11 @@
if (value instanceof Securable) {
((Securable) value).isAllowed(requestedFunction);
} else {
- String insecureAllowed = Setup
- .getValue(this.getDataContext()
- , com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
- "insecureDBMaint");
+ String insecureAllowed = Setup.getValue(
+ getDataContext(), ExpressoSchema.class.getName(),
+ "insecureDBMaint");
- if (!"y".equalsIgnoreCase(insecureAllowed)) {
+ if (!StringUtil.toBoolean(insecureAllowed)) {
throw new SecurityException(
"Insecured Database Object Access Not Allowed");
}
More information about the cvs
mailing list