This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.0.4 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit 85ff3134edec52786c7f010605578e709c9487a3 Author: Ian Boston <[email protected]> AuthorDate: Thu Jul 30 20:43:43 2009 +0000 SLING-1067 Fixed by checking the session cound to the request to see if its an administrator. If the user is an administrator they can register other users. git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@799437 13f79535-47bb-0310-9956-ffa450edef68 --- .../usermanager/impl/post/CreateUserServlet.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java index ca62a85..f591e5b 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java @@ -166,8 +166,22 @@ public class CreateUserServlet extends AbstractUserPostServlet { protected void handleOperation(SlingHttpServletRequest request, HtmlResponse response, List<Modification> changes) throws RepositoryException { + + // check for an administrator + boolean administrator = false; + try { + Session currentSession = request.getResourceResolver().adaptTo(Session.class); + UserManager um = AccessControlUtil.getUserManager(currentSession); + User currentUser = (User) um.getAuthorizable(currentSession.getUserID()); + administrator = currentUser.isAdmin(); + } catch ( Exception ex ) { + log.warn("Failed to determin if the user is an admin, assuming not. Cause: "+ex.getMessage()); + administrator = false; + } + + // make sure user self-registration is enabled - if (!selfRegistrationEnabled) { + if (!administrator && !selfRegistrationEnabled) { throw new RepositoryException( "Sorry, registration of new users is not currently enabled. Please try again later."); } -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
