[Lada-commits] [PATCH] Do not allow access to unknow classes
Wald Commits
scm-commit at wald.intevation.org
Tue Feb 28 14:03:59 CET 2017
# HG changeset patch
# User Raimund Renkert <raimund.renkert at intevation.de>
# Date 1488287031 -3600
# Node ID a0da035cc8317f882767dc34ac582a73ec4f175c
# Parent 1bf808b6740369f7067fcd32bf0065b14489868a
Do not allow access to unknow classes.
diff -r 1bf808b67403 -r a0da035cc831 src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Tue Feb 28 09:47:54 2017 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Tue Feb 28 14:03:51 2017 +0100
@@ -137,9 +137,8 @@
return data;
}
Authorizer authorizer = authorizers.get(clazz);
- //This is a hack... Allows wildcard for unknown classes.
if (authorizer == null) {
- return data;
+ return new Response(false, 699, null);
}
return authorizer.filter(data, userInfo, clazz);
}
@@ -244,7 +243,7 @@
Authorizer authorizer = authorizers.get(clazz);
//This is a hack... Allows wildcard for unknown classes.
if (authorizer == null) {
- return true;
+ return false;
}
return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz);
}
@@ -263,9 +262,8 @@
Class<T> clazz
) {
Authorizer authorizer = authorizers.get(clazz);
- //This is a hack... Allows wildcard for unknown classes.
if (authorizer == null) {
- return true;
+ return false;
}
return authorizer.isAuthorized(data, RequestMethod.POST, userInfo, clazz);
}
More information about the Lada-commits
mailing list