[ofbiz-plugins] branch trunk updated: Fixed: Execution of queries without authentication (OFBIZ-12857)

[jleroux]

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/trunk by this push:
     new f0335a2e0 Fixed: Execution of queries without authentication 
(OFBIZ-12857)
f0335a2e0 is described below

commit f0335a2e0c2af9c8f2c15250b8fbfa4eb0822cfa
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Sep 23 09:10:58 2023 +0200

    Fixed: Execution of queries without authentication (OFBIZ-12857)
    
    My brain told me that I could have made an error in previous commit.
    I just checked, it was right.
    
    This fixes previous commit where I misused userIsUnauthorized.
---
 .../java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git 
a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java 
b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
index d0af39ab8..74c62971d 100644
--- 
a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
+++ 
b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
@@ -129,7 +129,7 @@ public class OFBizSolrContextFilter extends 
SolrDispatchFilter {
                 || servletPath.endsWith("/replication") || 
servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) {
             HttpSession session = httpRequest.getSession();
             GenericValue userLogin = (GenericValue) 
session.getAttribute("userLogin");
-            if (servletPath.startsWith("/admin/") && 
!userIsUnauthorized(httpRequest)) {
+            if (servletPath.startsWith("/admin/") && 
userIsUnauthorized(httpRequest)) {
                 response.setContentType("application/json");
                 MapToJSON mapToJson = new MapToJSON();
                 JSON json;
@@ -159,20 +159,20 @@ public class OFBizSolrContextFilter extends 
SolrDispatchFilter {
                     || servletPath.endsWith("/update/extract")) {
                 // NOTE: the update requests are defined in an index's 
solrconfig.xml
                 // get the Solr index name from the request
-                if (UtilValidate.isEmpty(userLogin) || 
!userIsUnauthorized(httpRequest)) {
+                if (userIsUnauthorized(httpRequest)) {
                     sendJsonHeaderMessage(httpRequest, httpResponse, 
userLogin, "SolrErrorUpdateLoginFirst", "SolrErrorNoUpdatePermission", locale);
                     return;
                 }
             } else if (servletPath.endsWith("/replication")) {
                 // get the Solr index name from the request
-                if (UtilValidate.isEmpty(userLogin) || 
!userIsUnauthorized(httpRequest)) {
+                if (userIsUnauthorized(httpRequest)) {
                     sendJsonHeaderMessage(httpRequest, httpResponse, 
userLogin, "SolrErrorReplicateLoginFirst", "SolrErrorNoReplicatePermission",
                             locale);
                     return;
                 }
             } else if (servletPath.endsWith("/file") || 
servletPath.endsWith("/file/")) {
                 // get the Solr index name from the request
-                if (UtilValidate.isEmpty(userLogin) || 
!userIsUnauthorized(httpRequest)) {
+                if (userIsUnauthorized(httpRequest)) {
                     sendJsonHeaderMessage(httpRequest, httpResponse, 
userLogin, "SolrErrorViewFileLoginFirst", "SolrErrorNoViewFilePermission",
                             locale);
                     return;