You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ie...@apache.org on 2009/07/30 22:43:44 UTC
svn commit: r799437 -
/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
Author: ieb
Date: Thu Jul 30 20:43:43 2009
New Revision: 799437
URL: http://svn.apache.org/viewvc?rev=799437&view=rev
Log:
SLING-1067
Fixed by checking the session cound to the request to see if its an administrator. If the user is an administrator they can register other users.
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=799437&r1=799436&r2=799437&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java (original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java Thu Jul 30 20:43:43 2009
@@ -166,8 +166,22 @@
protected void handleOperation(SlingHttpServletRequest request,
HtmlResponse response, List<Modification> changes)
throws RepositoryException {
+
+ // check for an administrator
+ boolean administrator = false;
+ try {
+ Session currentSession = request.getResourceResolver().adaptTo(Session.class);
+ UserManager um = AccessControlUtil.getUserManager(currentSession);
+ User currentUser = (User) um.getAuthorizable(currentSession.getUserID());
+ administrator = currentUser.isAdmin();
+ } catch ( Exception ex ) {
+ log.warn("Failed to determin if the user is an admin, assuming not. Cause: "+ex.getMessage());
+ administrator = false;
+ }
+
+
// make sure user self-registration is enabled
- if (!selfRegistrationEnabled) {
+ if (!administrator && !selfRegistrationEnabled) {
throw new RepositoryException(
"Sorry, registration of new users is not currently enabled. Please try again later.");
}