litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-3523 Protect against null arguments.

Browse source
This commit is contained in:
j2blake 2011-12-23 19:29:45 +00:00
parent a75b15d940
commit 9d74b4e41a
1 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java
View file

@ -19,14 +19,25 @@ public class PermissionsPolicy implements PolicyIface {
@Override @Override
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) { RequestedAction whatToAuth) {
if (whoToAuth == null) {
return defaultDecision("whomToAuth was null");
}
if (whatToAuth == null) {
return defaultDecision("whatToAuth was null");
}
for (Permission p : HasPermission.getPermissions(whoToAuth)) { for (Permission p : HasPermission.getPermissions(whoToAuth)) {
if (p.isAuthorized(whatToAuth)) { if (p.isAuthorized(whatToAuth)) {
return new BasicPolicyDecision(Authorization.AUTHORIZED, return new BasicPolicyDecision(Authorization.AUTHORIZED,
"PermissionsPolicy: approved by " + p); "PermissionsPolicy: approved by " + p);
} }
} }
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, return defaultDecision("no permission will approve " + whatToAuth);
"no permission will approve " + whatToAuth); }
/** If the user isn't explicitly authorized, return this. */
private PolicyDecision defaultDecision(String message) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
} }
@Override @Override