You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2023/01/24 09:10:11 UTC

[isis] branch master updated: ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()

This is an automated email from the ASF dual-hosted git repository.

ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git


The following commit(s) were added to refs/heads/master by this push:
     new 49cf3dc02b ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()
49cf3dc02b is described below

commit 49cf3dc02b51fd2806c63f2f8ec77ba62079d8aa
Author: Andi Huber <ah...@apache.org>
AuthorDate: Tue Jan 24 10:10:05 2023 +0100

    ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()
---
 .../extensions/secman/applib/user/dom/ApplicationUser.java | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
index a5082835a8..e41390bfd9 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
@@ -49,6 +49,7 @@ import org.apache.causeway.applib.services.user.RoleMemento;
 import org.apache.causeway.applib.services.user.UserMemento;
 import org.apache.causeway.applib.services.user.UserService;
 import org.apache.causeway.applib.util.ObjectContracts;
+import org.apache.causeway.commons.internal.assertions._Assert;
 import org.apache.causeway.commons.internal.base._Casts;
 import org.apache.causeway.commons.internal.base._Strings;
 import org.apache.causeway.commons.internal.collections._Lists;
@@ -656,10 +657,14 @@ public abstract class ApplicationUser
 
     @Programmatic public boolean isRunAsAdministrator() {
         val currentUser = currentUser();
-        val adminRoleSuffix = ":" + getAdminRoleName();
+        val adminRoleName = getAdminRoleName(); // is guarded to not be empty
+        val adminRoleSuffix = ":" + adminRoleName;
         for (final RoleMemento role : currentUser.getRoles()) {
             final String roleName = role.getName();
-            // format is realmName:roleName.
+            if(adminRoleName.equals(roleName)) {
+                return true;
+            }
+            // format could also be realmName:roleName, eg. with Shiro
             // since we don't know what the realm's name is (depends on its configuration in shiro.ini),
             // simply check that the last part matches the role name.
             if(roleName.endsWith(adminRoleSuffix)) {
@@ -681,7 +686,10 @@ public abstract class ApplicationUser
     }
 
     @Programmatic private String getAdminRoleName() {
-        return getSecmanConfig().getSeed().getAdmin().getRoleName();
+        val adminRoleName = _Strings.emptyToNull(getSecmanConfig().getSeed().getAdmin().getRoleName());
+        // guard against empty admin role name
+        _Assert.assertNotNull(adminRoleName, ()->"secman-config.seed.admin.role-name must not be empty");
+        return adminRoleName;
     }
 
     @Programmatic private UserMemento currentUser() {