Skip to content

Commit

Permalink
Possible fix for the use of type filter in security (MID-1873)
Browse files Browse the repository at this point in the history
  • Loading branch information
@semancik
semancik committed May 21, 2014
1 parent 4e97739 commit 0e211cd
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ...security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java
View file
Expand Up @@ -800,6 +800,7 @@ private <O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPo
applicable = false;
for (ObjectSpecificationType objectSpecType: objectSpecTypes) {
ObjectFilter objSpecSecurityFilter = null;
TypeFilter objSpecTypeFilter = null;
SearchFilterType specFilterType = objectSpecType.getFilter();
ObjectReferenceType specOrgRef = objectSpecType.getOrgRef();
QName specTypeQName = objectSpecType.getType();
Expand All @@ -818,7 +819,7 @@ private <O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPo
new Object[]{specObjectClass, objectType});
// The spec type is a subclass of requested type. So it might be returned from the search.
// We need to use type filter.
objSpecSecurityFilter = TypeFilter.createType(specTypeQName, null);
objSpecTypeFilter = TypeFilter.createType(specTypeQName, null);
// and now we have a more specific object definition to use later in filter processing
objectDefinition = (PrismObjectDefinition<O>) specObjectDef;
}
Expand Down Expand Up @@ -878,6 +879,11 @@ private <O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPo
LOGGER.trace(" org empty");
}

if (objSpecTypeFilter != null) {
objSpecTypeFilter.setFilter(objSpecSecurityFilter);
objSpecSecurityFilter = objSpecTypeFilter;
}

autzObjSecurityFilter = ObjectQueryUtil.filterOr(autzObjSecurityFilter, objSpecSecurityFilter);
}
} else {
Expand Down

0 comments on commit 0e211cd

Please sign in to comment.