From 9617dce00b2cabbaf5b5ada6da53fc4193dfe17f Mon Sep 17 00:00:00 2001
From: Robert Gemmell <robbie@apache.org>
Date: Fri, 16 Oct 2009 08:20:20 +0000
Subject: QPID-1304: add vhost access check for missed corner cases, allowing
 for users granted vhost access and otherwise abstaining.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@825805 13f79535-47bb-0310-9956-ffa450edef68
---
 .../qpid/server/security/access/PrincipalPermissions.java     | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'qpid/java')

diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
index 3e065f9a9b..6fe4696d20 100755
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
@@ -378,7 +378,16 @@ public class PrincipalPermissions
             case PURGE:
             case UNBIND:
             default:
-                return AuthzResult.DENIED;
+                if(_fullVHostAccess)
+                {
+                    //user has been granted full access to the vhost
+                    return AuthzResult.ALLOWED;
+                }
+                else
+                {
+                    //SimpleXML ACL does not implement these permissions and should abstain
+                    return AuthzResult.ABSTAIN;
+                }
         }
 
     }
-- 
cgit v1.2.1