You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ie...@apache.org on 2009/07/30 22:43:44 UTC

svn commit: r799437 - /sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java

Author: ieb
Date: Thu Jul 30 20:43:43 2009
New Revision: 799437

URL: http://svn.apache.org/viewvc?rev=799437&view=rev
Log:
SLING-1067
Fixed by checking the session cound to the request to see if its an administrator. If the user is an administrator they can register other users.

Modified:
    sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java

Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=799437&r1=799436&r2=799437&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java (original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java Thu Jul 30 20:43:43 2009
@@ -166,8 +166,22 @@
     protected void handleOperation(SlingHttpServletRequest request,
             HtmlResponse response, List<Modification> changes)
             throws RepositoryException {
+      
+        // check for an administrator
+        boolean administrator = false;
+        try {
+            Session currentSession = request.getResourceResolver().adaptTo(Session.class);
+            UserManager um = AccessControlUtil.getUserManager(currentSession);
+            User currentUser = (User) um.getAuthorizable(currentSession.getUserID());
+            administrator = currentUser.isAdmin();
+        } catch ( Exception ex ) {
+            log.warn("Failed to determin if the user is an admin, assuming not. Cause: "+ex.getMessage());
+            administrator = false;
+        }
+            
+      
         // make sure user self-registration is enabled
-        if (!selfRegistrationEnabled) {
+        if (!administrator && !selfRegistrationEnabled) {
             throw new RepositoryException(
                 "Sorry, registration of new users is not currently enabled.  Please try again later.");
         }