Skip to content
Snippets Groups Projects
Verified Commit b8c6525b authored by Timm Fitschen's avatar Timm Fitschen
Browse files

Add checks for retrieve user permissions

parent 5ff1f40e
Branches
Tags
2 merge requests!58REL: prepare release 0.7.2,!45F grpc f acm
Pipeline #18861 failed
Stage: info
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
src/main/java/org/caosdb/server/resource/Webinterface.java
+ 3
1
View file @ b8c6525b
...@@ -81,7 +81,9 @@ public class Webinterface extends ServerResource { ...@@ -81,7 +81,9 @@ public class Webinterface extends ServerResource {
? MediaType.IMAGE_PNG ? MediaType.IMAGE_PNG
: path.endsWith(".html") : path.endsWith(".html")
? MediaType.TEXT_HTML ? MediaType.TEXT_HTML
: path.endsWith(".yaml") ? MediaType.TEXT_YAML : MediaType.TEXT_XML; : path.endsWith(".yaml")
? MediaType.TEXT_YAML
: path.endsWith(".xml") ? MediaType.TEXT_XML : MediaType.ALL;
final FileRepresentation ret = new FileRepresentation(file, mt); final FileRepresentation ret = new FileRepresentation(file, mt);
......
src/main/java/org/caosdb/server/transaction/ListUsersTransaction.java
+ 2
1
View file @ b8c6525b
...@@ -48,11 +48,12 @@ public class ListUsersTransaction extends AccessControlTransaction { ...@@ -48,11 +48,12 @@ public class ListUsersTransaction extends AccessControlTransaction {
// remove roles // remove roles
for (ProtoUser user : users) { for (ProtoUser user : users) {
if (user.roles != null) if (user.roles != null) {
if (!currentUser.isPermitted( if (!currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) { ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
user.roles = null; user.roles = null;
} }
}
} }
} }
......
src/main/java/org/caosdb/server/transaction/RetrieveUserTransaction.java
+ 15
1
View file @ b8c6525b
...@@ -24,6 +24,9 @@ ...@@ -24,6 +24,9 @@
package org.caosdb.server.transaction; package org.caosdb.server.transaction;
import java.util.Set; import java.util.Set;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.caosdb.server.accessControl.ACMPermissions;
import org.caosdb.server.accessControl.Principal; import org.caosdb.server.accessControl.Principal;
import org.caosdb.server.accessControl.UserSources; import org.caosdb.server.accessControl.UserSources;
import org.caosdb.server.database.backend.transaction.RetrieveUser; import org.caosdb.server.database.backend.transaction.RetrieveUser;
...@@ -42,10 +45,21 @@ public class RetrieveUserTransaction extends AccessControlTransaction { ...@@ -42,10 +45,21 @@ public class RetrieveUserTransaction extends AccessControlTransaction {
@Override @Override
protected void transaction() throws Exception { protected void transaction() throws Exception {
if (!UserSources.isUserExisting(this.principal)) { Subject currentUser = SecurityUtils.getSubject();
if (!UserSources.isUserExisting(this.principal)
|| !currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_USER_INFO(
this.principal.getRealm(), this.principal.getUsername()))) {
throw ServerMessages.ACCOUNT_DOES_NOT_EXIST; throw ServerMessages.ACCOUNT_DOES_NOT_EXIST;
} }
this.user = execute(new RetrieveUser(this.principal), getAccess()).getUser(); this.user = execute(new RetrieveUser(this.principal), getAccess()).getUser();
if (user.roles != null) {
if (!currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
user.roles = null;
}
}
} }
public static Element getUserElement(final ProtoUser user) { public static Element getUserElement(final ProtoUser user) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment