From 226f921819a9bc395595f2089d70f13d4bdeee2d Mon Sep 17 00:00:00 2001 From: ElgarL Date: Thu, 27 Mar 2014 12:55:01 +0000 Subject: Do not override higher level permissions with negations. --- .../groupmanager/permissions/AnjoPermissionsHandler.java | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'EssentialsGroupManager/src') diff --git a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java index 6eda3f1cc..07a846791 100644 --- a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java +++ b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java @@ -919,9 +919,15 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { return resultGroup; } - result = resultGroup; + // Do not override higher level permissions with negations. + if (result.resultType == PermissionCheckResult.Type.NOTFOUND) { + result = resultGroup; + } } + + // Do we have a high level negation? + boolean negated = (result.resultType == PermissionCheckResult.Type.NEGATION); // SUBGROUPS CHECK for (Group subGroup : user.subGroupListCopy()) { @@ -931,15 +937,17 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { resultSubGroup.accessLevel = targetPermission; + // Allow exceptions to override higher level negations + // but low level negations can not remove higher level permissions. if (resultSubGroup.resultType == PermissionCheckResult.Type.EXCEPTION) { return resultSubGroup; - } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION)) { + } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.FOUND) && (result.resultType != PermissionCheckResult.Type.NEGATION) && !negated) { result = resultSubGroup; - } else if (resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) { + } else if ((resultSubGroup.resultType == PermissionCheckResult.Type.NEGATION) && !negated) { result = resultSubGroup; } -- cgit v1.2.3