Update of
/var/cvs/contributions/CMSContainer/cmsc/security/src/java/com/finalist/cmsc/security
In directory
james.mmbase.org:/tmp/cvs-serv4229/cmsc/security/src/java/com/finalist/cmsc/security
Modified Files:
Tag: b1_5
SecurityUtil.java
Log Message:
CMSC-1173 Security rights may be granted by mistake
See also:
http://cvs.mmbase.org/viewcvs/contributions/CMSContainer/cmsc/security/src/java/com/finalist/cmsc/security
See also: http://www.mmbase.org/jira/browse/CMSC-1173
Index: SecurityUtil.java
===================================================================
RCS file:
/var/cvs/contributions/CMSContainer/cmsc/security/src/java/com/finalist/cmsc/security/SecurityUtil.java,v
retrieving revision 1.14
retrieving revision 1.14.2.1
diff -u -b -r1.14 -r1.14.2.1
--- SecurityUtil.java 26 Jun 2008 16:38:16 -0000 1.14
+++ SecurityUtil.java 31 Dec 2008 10:26:36 -0000 1.14.2.1
@@ -88,7 +88,15 @@
// most specific keys are first in order so when the path of the
channel startswith
// the keypath we have the channel where the rights are from
inherited.
- if (path.startsWith(keyPath)) {
+ boolean onPath = false;
+ if (path.length() == keyPath.length()) {
+ onPath = path.equals(keyPath);
+ }
+ else {
+ onPath = path.startsWith(keyPath + "/");
+ }
+
+ if (onPath) {
UserRole userRole = channelsWithRole.get(keyPath);
// when path is equal to the keypath than is the role not
inherited
resultRole = new UserRole(userRole.getRole(),
!path.equals(keyPath));
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
