usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mru...@apache.org
Subject [1/2] usergrid git commit: Only allow GET access to users/me
Date Fri, 03 Jun 2016 14:46:46 GMT
Repository: usergrid
Updated Branches:
  refs/heads/release-2.1.1 a1cb1f5f4 -> e6cf6ed4f


Only allow GET access to users/me


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/1d0e73b3
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/1d0e73b3
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/1d0e73b3

Branch: refs/heads/release-2.1.1
Commit: 1d0e73b3f15d634a484ec3e425f944317aefa1b3
Parents: cd363f4
Author: Dave Johnson <snoopdave@apache.org>
Authored: Tue May 10 17:41:40 2016 -0700
Committer: Dave Johnson <snoopdave@apache.org>
Committed: Tue May 10 17:41:40 2016 -0700

----------------------------------------------------------------------
 .../usergrid/rest/security/SecuredResourceFilterFactory.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/1d0e73b3/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 67cf248..bd1ab46 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -450,7 +450,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 String path = request.getUriInfo().getPath().toLowerCase().replace(applicationName,
"");
                 String perm =  getPermissionFromPath( em.getApplicationRef().getUuid(), operation,
path );
 
-                if ( "/users/me".equals( path ) ) {
+                if ( "/users/me".equals( path ) && request.getMethod().equalsIgnoreCase(
"get" )) {
                     // shortcut the permissions checking, the "me" end-point is always allowed
                     logger.debug("Allowing {} access to /users/me", getSubject().toString()
);
                     return;


Mime
View raw message