QPID-1304: add vhost access check for missed corner cases, allowing for users granted vhost access and otherwise abstaining.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@825805 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Gemmell <robbie@apache.org> 2009-10-16 08:20:20 +0000
committer: Robert Gemmell <robbie@apache.org> 2009-10-16 08:20:20 +0000
commit: 9617dce00b2cabbaf5b5ada6da53fc4193dfe17f (patch)
tree: 5490d7eaaaa9ce3f24939095502cad7f1e481123
parent: 700636714d25b073bdfea2d982b5f67f11b240e9 (diff)
download: qpid-python-9617dce00b2cabbaf5b5ada6da53fc4193dfe17f.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
index 3e065f9a9b..6fe4696d20 100755
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
@@ -378,7 +378,16 @@ public class PrincipalPermissions
             case PURGE:
             case UNBIND:
             default:
-                return AuthzResult.DENIED;
+                if(_fullVHostAccess)
+                {
+                    //user has been granted full access to the vhost
+                    return AuthzResult.ALLOWED;
+                }
+                else
+                {
+                    //SimpleXML ACL does not implement these permissions and should abstain
+                    return AuthzResult.ABSTAIN;
+                }
         }
 
     }
author	Robert Gemmell <robbie@apache.org>	2009-10-16 08:20:20 +0000
committer	Robert Gemmell <robbie@apache.org>	2009-10-16 08:20:20 +0000
commit	9617dce00b2cabbaf5b5ada6da53fc4193dfe17f (patch)
tree	5490d7eaaaa9ce3f24939095502cad7f1e481123
parent	700636714d25b073bdfea2d982b5f67f11b240e9 (diff)
download	qpid-python-9617dce00b2cabbaf5b5ada6da53fc4193dfe17f.tar.gz