You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/09/10 20:52:11 UTC

usergrid git commit: Add extra check in path permissions filter in REST in case the annotation gets added to a system resource.

Repository: usergrid
Updated Branches:
  refs/heads/hotfix-20160819 92b4ebaaf -> b9792cc24


Add extra check in path permissions filter in REST in case the annotation gets added to a system resource.


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/b9792cc2
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/b9792cc2
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/b9792cc2

Branch: refs/heads/hotfix-20160819
Commit: b9792cc243705ead5480e31f9cece669f28cf446
Parents: 92b4eba
Author: Michael Russo <mr...@apigee.com>
Authored: Sat Sep 10 13:51:38 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Sat Sep 10 13:51:38 2016 -0700

----------------------------------------------------------------------
 .../usergrid/rest/security/SecuredResourceFilterFactory.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/b9792cc2/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 7b62514..d68c9c9 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -468,7 +468,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 logger.debug( "PathPermissionsFilter.authorize" );
             }
 
-            if ( isServiceAdmin() ){
+            if ( isServiceAdmin() || isBasicAuthServiceAdmin(request) ){
                 if(logger.isTraceEnabled()){
                     logger.trace("User is sysadmin. Allowing access.");
                 }