fix bug in create method of XmlUserManager

2026-03-06 12:20:56 +01:00 · 2010-11-29 21:27:06 +01:00
parent 91f630a03c
commit 539268cd11
2 changed files with 35 additions and 1 deletions
--- a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
+++ b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
@@ -43,6 +43,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import sonia.scm.SCMContextProvider;
+import sonia.scm.security.ScmSecurityException;
 import sonia.scm.security.SecurityContext;
 import sonia.scm.user.AbstractUserManager;
 import sonia.scm.user.User;
@@ -126,7 +127,12 @@ public class XmlUserManager extends AbstractUserManager
  @Override
  public void create(User user) throws UserException, IOException
  {
-    SecurityUtil.assertIsAdmin(scurityContextProvider);
+    User currentUser = SecurityUtil.getCurrentUser(scurityContextProvider);
+
+    if (!user.equals(currentUser) &&!currentUser.isAdmin())
+    {
+      throw new ScmSecurityException("admin account is required");
+    }

    if (userDB.contains(user.getName()))
    {
--- a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
@@ -81,4 +81,32 @@ public class SecurityUtil
      throw new ScmSecurityException("admin account is required");
    }
  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param contextProvider
+   *
+   * @return
+   */
+  public static User getCurrentUser(Provider<SecurityContext> contextProvider)
+  {
+    AssertUtil.assertIsNotNull(contextProvider);
+
+    SecurityContext context = contextProvider.get();
+
+    AssertUtil.assertIsNotNull(context);
+
+    User user = context.getUser();
+
+    if (user == null)
+    {
+      throw new ScmSecurityException("user is not authenticated");
+    }
+
+    return user;
+  }
 }