summaryrefslogtreecommitdiffstats
path: root/EssentialsGroupManager/src/org/anjocaido/groupmanager
diff options
context:
space:
mode:
Diffstat (limited to 'EssentialsGroupManager/src/org/anjocaido/groupmanager')
-rw-r--r--EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java14
1 files changed, 11 insertions, 3 deletions
diff --git a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
index 6eda3f1cc..07a846791 100644
--- a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
+++ b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
@@ -919,9 +919,15 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
return resultGroup;
}
- result = resultGroup;
+ // Do not override higher level permissions with negations.
+ if (result.resultType == PermissionCheckResult.Type.NOTFOUND) {
+ result = resultGroup;
+ }
}
+
+ // Do we have a high level negation?
+ boolean negated = (result.resultType == PermissionCheckResult.Type.NEGATION);
// SUBGROUPS CHECK
for (Group subGroup : user.subGroupListCopy()) {
@@ -931,15 +937,17 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
resultSubGroup.accessLevel = targetPermission;
+ // Allow exceptions to override higher level negations
+ // but low level negations can not remove higher level permissions.
if (resultSubGroup.resultType == PermissionCheckResult.Type.EXCEPTION) {
return resultSubGroup;
- } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION)) {
+ } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION) && !negated) {
result = resultSubGroup;
- } else if (resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) {
+ } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) && !negated) {
result = resultSubGroup;
}