From 637bc373b52071893af62216218364fab01fb613 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Thu, 9 Jun 2011 22:11:59 +0200
Subject: [PATCH] protect getAll methods

---
 .../src/main/java/sonia/scm/group/xml/XmlGroupManager.java      | 2 ++
 scm-webapp/src/main/java/sonia/scm/user/xml/XmlUserManager.java | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java b/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java
index 8e6296f75b..805095c598 100644
--- a/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java
@@ -401,6 +401,8 @@ public class XmlGroupManager extends AbstractGroupManager
   public Collection<Group> getAll(Comparator<Group> comparator, int start,
                                   int limit)
   {
+    SecurityUtil.assertIsAdmin(securityContextProvider);
+
     return Util.createSubCollection(groupDB.values(), comparator,
                                     new CollectionAppender<Group>()
     {
diff --git a/scm-webapp/src/main/java/sonia/scm/user/xml/XmlUserManager.java b/scm-webapp/src/main/java/sonia/scm/user/xml/XmlUserManager.java
index 0615c8a8a5..ee71d3fa8f 100644
--- a/scm-webapp/src/main/java/sonia/scm/user/xml/XmlUserManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/user/xml/XmlUserManager.java
@@ -443,6 +443,8 @@ public class XmlUserManager extends AbstractUserManager
   public Collection<User> getAll(Comparator<User> comaparator, int start,
                                  int limit)
   {
+    SecurityUtil.assertIsAdmin(scurityContextProvider);
+
     return Util.createSubCollection(userDB.values(), comaparator,
                                     new CollectionAppender<User>()
     {