From 226f921819a9bc395595f2089d70f13d4bdeee2d Mon Sep 17 00:00:00 2001
From: ElgarL <ElgarL@Palmergames.com>
Date: Thu, 27 Mar 2014 12:55:01 +0000
Subject: Do not override higher level permissions with negations.

---
 .../groupmanager/permissions/AnjoPermissionsHandler.java   | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions')

diff --git a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
index 6eda3f1cc..07a846791 100644
--- a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
+++ b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java
@@ -919,9 +919,15 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
 				return resultGroup;
 			}
 			
-			result = resultGroup;
+			// Do not override higher level permissions with negations.
+			if (result.resultType == PermissionCheckResult.Type.NOTFOUND) {
+				result = resultGroup;
+			}
 			
 		}
+		
+		// Do we have a high level negation?
+		boolean negated = (result.resultType == PermissionCheckResult.Type.NEGATION);
 
 		// SUBGROUPS CHECK
 		for (Group subGroup : user.subGroupListCopy()) {
@@ -931,15 +937,17 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
 				
 				resultSubGroup.accessLevel = targetPermission;
 				
+				// Allow exceptions to override higher level negations
+				// but low level negations can not remove higher level permissions.
 				if (resultSubGroup.resultType == PermissionCheckResult.Type.EXCEPTION) {
 					
 					return resultSubGroup;
 					
-				} else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION)) {
+				} else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION) && !negated) {
 					
 					result = resultSubGroup;
 					
-				} else if (resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) {
+				} else if ((resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) && !negated) {
 					
 					result = resultSubGroup;
 				}
-- 
cgit v1.2.3