[cvs] expresso commit by lhamel: allow DBObject to avoid security check

JCorporate Ltd jcorp at jcorporate.com
Tue Jan 18 03:43:21 UTC 2005 

Log Message:
-----------
allow DBObject to avoid security check

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc:
        JoinedDataObject.java

Revision Data
-------------
Index: JoinedDataObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java,v
retrieving revision 1.43
retrieving revision 1.44
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java -u -r1.43 -r1.44
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dataobjects/jdbc/JoinedDataObject.java
@@ -64,7 +64,6 @@
 package com.jcorporate.expresso.core.dataobjects.jdbc;
 
 import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap;
-import com.jcorporate.expresso.core.ExpressoSchema;
 import com.jcorporate.expresso.core.dataobjects.BaseDataObject;
 import com.jcorporate.expresso.core.dataobjects.DataException;
 import com.jcorporate.expresso.core.dataobjects.DataExecutorInterface;
@@ -88,7 +87,6 @@
 import com.jcorporate.expresso.core.security.filters.Filter;
 import com.jcorporate.expresso.kernel.util.ClassLocator;
 import com.jcorporate.expresso.kernel.util.FastStringBuffer;
-import com.jcorporate.expresso.services.dbobj.Setup;
 import org.apache.log4j.Logger;
 import org.apache.oro.text.regex.Pattern;
 
@@ -1992,7 +1990,7 @@
             return;
         }
 
-        //First check for any values from the permissions map
+        // check for any values from the permissions map
         //If such operations are flat not allowed for this join, then
         //we return immediately
         Boolean override = (Boolean) getJoinMetaData().getPermissions().get(requestedFunction);
@@ -2007,13 +2005,6 @@
             DataObject value = (DataObject) myDataObjects.get(key);
             if (value instanceof Securable) {
                 ((Securable) value).isAllowed(requestedFunction);
-            } else {
-                String insecureAllowed = Setup.getValue(getDataContext(), ExpressoSchema.class.getName(),
-                        "insecureDBMaint");
-
-                if (!StringUtil.toBoolean(insecureAllowed)) {
-                    throw new SecurityException("Insecured Database Object Access Not Allowed");
-                }
             }
         }
     }

More information about the cvs mailing list