svn commit: r786944 - in /incubator/esme/trunk/server/src/main/scala/org/apache/esme: api/RestAPI.scala lib/AccessPoolMgr.scala model/Privilege.scala

Sat, 20 Jun 2009 23:32:24 -0700 

Author: vdichev
Date: Sun Jun 21 06:31:52 2009
New Revision: 786944

URL: http://svn.apache.org/viewvc?rev=786944&view=rev
Log:
ESME-66 Prevent deleting the last Admin permissions for a pool

Modified:
    incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/RestAPI.scala
    
incubator/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
    
incubator/esme/trunk/server/src/main/scala/org/apache/esme/model/Privilege.scala

Modified: 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/RestAPI.scala
URL: 
http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/RestAPI.scala?rev=786944&r1=786943&r2=786944&view=diff
==============================================================================
--- 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/RestAPI.scala 
(original)
+++ 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/RestAPI.scala 
Sun Jun 21 06:31:52 2009
@@ -376,7 +376,11 @@
          permissionName <- (S.param("permission") or Full("Write"));
          permission <- Box(Permission.valueOf(permissionName)) ?~ "Unknown 
permission type"
     ) yield if(Privilege.hasPermission(adminUser.id.is, pool.id.is, 
Permission.Admin)) {
-      val result = 
Privilege.create.user(user).pool(pool).permission(permission).save
+      val result = try {
+        Privilege.create.user(user).pool(pool).permission(permission).save
+      } catch {
+        case _: Exception => false
+      }
       if (result) Distributor ! Distributor.AllowUserInPool(user.id.is, 
pool.id.is)
       result
     } else false // "User has no permission to administer pool"

Modified: 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
URL: 
http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala?rev=786944&r1=786943&r2=786944&view=diff
==============================================================================
--- 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
 (original)
+++ 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
 Sun Jun 21 06:31:52 2009
@@ -72,7 +72,7 @@
             case Failure(_,_,_) => S.error("Duplicate pool name!")
             case Full(p: AccessPool) => val privilegeSaved =
               
Privilege.create.pool(p.saveMe).user(user).permission(Permission.Admin).save
-              if(privilegeSaved) {
+              if(privilegeSaved && user.isDefined) {
                 Distributor ! Distributor.AllowUserInPool(user.get.id.is, 
p.id.is)
                 S.notice("New pool added")
               } else
@@ -115,7 +115,11 @@
            p <- AccessPool.find(pool) ?~ "Pool not found";
            user <- User.findFromWeb(username) ?~ "User not found"
       ) yield if(Privilege.hasPermission(admin.id.is, p.id.is, 
Permission.Admin)) {
-        val result = 
Privilege.create.user(user).pool(p).permission(Permission(permission.toInt)).save
+        val result = try {
+          
Privilege.create.user(user).pool(p).permission(Permission(permission.toInt)).save
+        } catch {
+          case _: Exception => false
+        }
         if (result) Distributor ! Distributor.AllowUserInPool(user.id.is, 
p.id.is)
         result
       } else false // "User has no permission to administer pool"

Modified: 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/model/Privilege.scala
URL: 
http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/main/scala/org/apache/esme/model/Privilege.scala?rev=786944&r1=786943&r2=786944&view=diff
==============================================================================
--- 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/model/Privilege.scala
 (original)
+++ 
incubator/esme/trunk/server/src/main/scala/org/apache/esme/model/Privilege.scala
 Sun Jun 21 06:31:52 2009
@@ -30,9 +30,17 @@
   override def beforeSave = deleteExisting _ :: super.beforeSave
 
   private def deleteExisting(in: Privilege) {
-    findAll(By(pool, in.pool),
-            By(user, in.user)).
-    foreach(_.delete_!)
+    // Delete current privileges of user in pool only
+    // if admin permissions by other users exist
+    if (in.permission.is == Permission.Admin ||
+        find(By(pool, in.pool),
+             By(permission, Permission.Admin),
+             NotBy(user, in.user)).
+        isDefined
+    ) bulkDelete_!!(By(pool, in.pool),
+                    By(user, in.user))
+    else throw new Exception("No other admin users in pool!")
+                    
   }
   
   def findViewablePools(userId: Long): Set[Long] =

Reply via email to