You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2023/01/24 09:10:11 UTC
[isis] branch master updated: ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 49cf3dc02b ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()
49cf3dc02b is described below
commit 49cf3dc02b51fd2806c63f2f8ec77ba62079d8aa
Author: Andi Huber <ah...@apache.org>
AuthorDate: Tue Jan 24 10:10:05 2023 +0100
ISIS-3336: fixes ApplicationUser.isRunAsAdministrator()
---
.../extensions/secman/applib/user/dom/ApplicationUser.java | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
index a5082835a8..e41390bfd9 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUser.java
@@ -49,6 +49,7 @@ import org.apache.causeway.applib.services.user.RoleMemento;
import org.apache.causeway.applib.services.user.UserMemento;
import org.apache.causeway.applib.services.user.UserService;
import org.apache.causeway.applib.util.ObjectContracts;
+import org.apache.causeway.commons.internal.assertions._Assert;
import org.apache.causeway.commons.internal.base._Casts;
import org.apache.causeway.commons.internal.base._Strings;
import org.apache.causeway.commons.internal.collections._Lists;
@@ -656,10 +657,14 @@ public abstract class ApplicationUser
@Programmatic public boolean isRunAsAdministrator() {
val currentUser = currentUser();
- val adminRoleSuffix = ":" + getAdminRoleName();
+ val adminRoleName = getAdminRoleName(); // is guarded to not be empty
+ val adminRoleSuffix = ":" + adminRoleName;
for (final RoleMemento role : currentUser.getRoles()) {
final String roleName = role.getName();
- // format is realmName:roleName.
+ if(adminRoleName.equals(roleName)) {
+ return true;
+ }
+ // format could also be realmName:roleName, eg. with Shiro
// since we don't know what the realm's name is (depends on its configuration in shiro.ini),
// simply check that the last part matches the role name.
if(roleName.endsWith(adminRoleSuffix)) {
@@ -681,7 +686,10 @@ public abstract class ApplicationUser
}
@Programmatic private String getAdminRoleName() {
- return getSecmanConfig().getSeed().getAdmin().getRoleName();
+ val adminRoleName = _Strings.emptyToNull(getSecmanConfig().getSeed().getAdmin().getRoleName());
+ // guard against empty admin role name
+ _Assert.assertNotNull(adminRoleName, ()->"secman-config.seed.admin.role-name must not be empty");
+ return adminRoleName;
}
@Programmatic private UserMemento currentUser() {