diff --git a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java index 156b9bfaaf..c47787df44 100644 --- a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java +++ b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java @@ -43,6 +43,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import sonia.scm.SCMContextProvider; +import sonia.scm.security.ScmSecurityException; import sonia.scm.security.SecurityContext; import sonia.scm.user.AbstractUserManager; import sonia.scm.user.User; @@ -126,7 +127,12 @@ public class XmlUserManager extends AbstractUserManager @Override public void create(User user) throws UserException, IOException { - SecurityUtil.assertIsAdmin(scurityContextProvider); + User currentUser = SecurityUtil.getCurrentUser(scurityContextProvider); + + if (!user.equals(currentUser) &&!currentUser.isAdmin()) + { + throw new ScmSecurityException("admin account is required"); + } if (userDB.contains(user.getName())) { diff --git a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java index e8ed04a1e6..f033f934a8 100644 --- a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java +++ b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java @@ -81,4 +81,32 @@ public class SecurityUtil throw new ScmSecurityException("admin account is required"); } } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param contextProvider + * + * @return + */ + public static User getCurrentUser(Provider contextProvider) + { + AssertUtil.assertIsNotNull(contextProvider); + + SecurityContext context = contextProvider.get(); + + AssertUtil.assertIsNotNull(context); + + User user = context.getUser(); + + if (user == null) + { + throw new ScmSecurityException("user is not authenticated"); + } + + return user; + } }