This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag 
org.apache.sling.jcr.jackrabbit.usermanager-2.2.0
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git

commit 418e4bff6c2fcbc6493d6a64443a2668254f8783
Author: Eric Norman <[email protected]>
AuthorDate: Tue May 3 05:29:58 2011 +0000

    SLING-2070 Members of the UserAdmin group can not create a new user
    
    git-svn-id: 
https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@1098913
 13f79535-47bb-0310-9956-ffa450edef68
---
 .../usermanager/impl/post/CreateUserServlet.java   | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git 
a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
 
b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
index 34cf4c2..551a933 100644
--- 
a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
+++ 
b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
@@ -24,10 +24,12 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.servlets.HtmlResponse;
+import org.apache.sling.commons.osgi.OsgiUtil;
 import org.apache.sling.servlets.post.impl.helper.RequestProperty;
 import 
org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider;
 import org.apache.sling.jcr.api.SlingRepository;
@@ -105,6 +107,23 @@ public class CreateUserServlet extends 
AbstractUserPostServlet {
     private Boolean selfRegistrationEnabled = 
DEFAULT_SELF_REGISTRATION_ENABLED;
 
     /**
+     * The name of the configuration parameter providing the 
+     * 'User administrator' group name.
+     *
+     * @scr.property valueRef="DEFAULT_USER_ADMIN_GROUP_NAME"
+     */
+    private static final String PAR_USER_ADMIN_GROUP_NAME = 
"user.admin.group.name";
+
+    /**
+     * The default 'User administrator' group name
+     *
+     * @see #PAR_USER_ADMIN_GROUP_NAME
+     */
+    private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";
+ 
+    private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME;
+    
+    /**
      * The JCR Repository we access to resolve resources
      *
      * @scr.reference
@@ -155,6 +174,10 @@ public class CreateUserServlet extends 
AbstractUserPostServlet {
         } else {
             selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED;
         }
+        
+        this.userAdminGroupName = 
OsgiUtil.toString(props.get(PAR_USER_ADMIN_GROUP_NAME),
+                       DEFAULT_USER_ADMIN_GROUP_NAME);
+        log.info("User Admin Group Name {}", this.userAdminGroupName);
     }
 
     /*
@@ -176,6 +199,18 @@ public class CreateUserServlet extends 
AbstractUserPostServlet {
             UserManager um = AccessControlUtil.getUserManager(currentSession);
             User currentUser = (User) 
um.getAuthorizable(currentSession.getUserID());
             administrator = currentUser.isAdmin();
+            
+            if (!administrator) {
+                               //check if the user is a member of the 'User 
administrator' group
+                               Authorizable userAdmin = 
um.getAuthorizable(this.userAdminGroupName);
+                               if (userAdmin instanceof Group) {
+                                       boolean isMember = 
((Group)userAdmin).isMember(currentUser);
+                                       if (isMember) {
+                                               administrator = true;
+                                       }
+                               }
+               
+            }
         } catch ( Exception ex ) {
             log.warn("Failed to determin if the user is an admin, assuming 
not. Cause: "+ex.getMessage());
             administrator = false;

-- 
To stop receiving notification emails like this one, please contact
"[email protected]" <[email protected]>.

Reply via email to