[cvs] expresso commit by lhamel: admin gets full permissions

[JCorporate Ltd]

Log Message:
-----------
admin gets full permissions

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint:
        Search.java

Revision Data
-------------
Index: Search.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/Search.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/Search.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/Search.java -u -r1.23 -r1.24
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/Search.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/dbmaint/Search.java
@@ -64,20 +64,22 @@
 
 package com.jcorporate.expresso.services.controller.dbmaint;
 
+import com.jcorporate.expresso.core.controller.Controller;
 import com.jcorporate.expresso.core.controller.ControllerException;
 import com.jcorporate.expresso.core.controller.ControllerRequest;
 import com.jcorporate.expresso.core.controller.ControllerResponse;
 import com.jcorporate.expresso.core.controller.Input;
 import com.jcorporate.expresso.core.controller.NonHandleableException;
 import com.jcorporate.expresso.core.controller.Transition;
-import com.jcorporate.expresso.core.controller.Controller;
 import com.jcorporate.expresso.core.dataobjects.DataFieldMetaData;
 import com.jcorporate.expresso.core.dataobjects.DataObject;
 import com.jcorporate.expresso.core.dataobjects.DataObjectMetaData;
 import com.jcorporate.expresso.core.dataobjects.Securable;
 import com.jcorporate.expresso.core.db.DBException;
+import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
 import com.jcorporate.expresso.core.dbobj.ValidValue;
 import com.jcorporate.expresso.core.misc.StringUtil;
+import com.jcorporate.expresso.core.security.User;
 import com.jcorporate.expresso.services.controller.ui.DefaultAutoElement;
 import com.jcorporate.expresso.services.dbobj.Setup;
 
@@ -89,7 +91,6 @@
  * a match on all supplied fields of a DBObject. Search can be extended
  * to allow a search on one or more fields e.g. a foreign key field
  *
- * @version        $Revision$  $Date$
  * @author        Michael Nash, contributions by Kevin King
  */
 public class Search
@@ -282,11 +283,16 @@
             if (myDBObj instanceof Securable) {
                 ((Securable) myDBObj).isAllowed("S");
             } else {
-                String allowInsecure = Setup.getValue(req.getDataContext(),
+                if (getUid() == SecuredDBObject.SYSTEM_ACCOUNT
+                        || User.getUserFromId(getUid(), this.getControllerRequest().getDataContext()).isAdmin()) {
+                    // all access ok
+                } else {
+                   String allowInsecure = Setup.getValue(req.getDataContext(),
                         com.jcorporate.expresso.core.ExpressoSchema.class.getName(),
                         "insecureDBMaint");
-                if (!("y".equalsIgnoreCase(allowInsecure))) {
-                    throw new SecurityException("Access to unsecured Objects not allowed");
+                    if (!(StringUtil.toBoolean(allowInsecure))) {
+                        throw new SecurityException("Access to unsecured Objects not allowed");
+                    }
                 }
             }
             myDBObj.clear();