[cvs] expresso commit by lhamel: add All Users group to evaluation of

[JCorporate Ltd]

Log Message:
-----------
add All Users group to evaluation of canRead, canWrite, etc.

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj:
        RowSecuredDBObject.java

Revision Data
-------------
Index: RowSecuredDBObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java,v
retrieving revision 1.36
retrieving revision 1.37
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java -u -r1.36 -r1.37
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/RowSecuredDBObject.java
@@ -575,7 +575,8 @@
             List groups = this.getAdministrateGroups();
 
             // intersection of two groups is retained
-            groups.retainAll(user.getGroups());
+            List memberships = getAugmentedGroupList(user);
+            groups.retainAll(memberships);
             result = groups.size() > 0;
         }
 
@@ -627,7 +628,8 @@
             /**
              * @todo rewrite as a multidbobject join
              */
-            groups.retainAll(user.getGroups());
+            List memberships = getAugmentedGroupList(user);
+            groups.retainAll(memberships);
             result = groups.size() > 0;
         }
 
@@ -635,6 +637,18 @@
     }
 
     /**
+     * augment a user's group list with the All Users group, if necessary.
+     */
+    private List getAugmentedGroupList(User user) throws DBException {
+        List memberships = user.getGroups();
+        if ( !memberships.contains(UserGroup.ALL_USERS_GROUP)
+                && !user.getLoginName().equals(User.UNKNOWN_USER)) {
+            memberships.add(UserGroup.ALL_USERS_GROUP);
+        }
+        return memberships;
+    }
+
+    /**
      * @return true if requesting id has permission to write
      * @throws DBException upon database communication error
      */
@@ -673,7 +687,8 @@
             List groups = this.getWriteGroups();
 
             // intersection of two groups is retained
-            groups.retainAll(user.getGroups());
+            List memberships = getAugmentedGroupList(user);
+            groups.retainAll(memberships);
             result = groups.size() > 0;
         }