Fix default behavior when none of the specified objects pass the user's permission...

author Gunnar Beutner <gunnar.beutner@netways.de>

Mon, 13 Jun 2016 06:52:03 +0000 (08:52 +0200)

committer Gunnar Beutner <gunnar.beutner@netways.de>

Mon, 13 Jun 2016 08:14:10 +0000 (10:14 +0200)
author Gunnar Beutner <gunnar.beutner@netways.de>
Mon, 13 Jun 2016 06:52:03 +0000 (08:52 +0200)
committer Gunnar Beutner <gunnar.beutner@netways.de>
Mon, 13 Jun 2016 08:14:10 +0000 (10:14 +0200)
diff --git a/lib/remote/filterutility.cpp b/lib/remote/filterutility.cpp

index d9f50e7bcab1920a08b0dcd75fc8371f7ce3eac0..c3f2049f093ce6392a0d538beb7339a1b7c4295e 100644 (file)
--- a/lib/remote/filterutility.cpp
+++ b/lib/remote/filterutility.cpp
@@ -211,10 +211,13 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
                         attr = "name";
  
                 if (query->Contains(attr)) {
-                       Object::Ptr target = provider->GetTargetByName(type, HttpUtility::GetLastParameter(query, attr));
+                       String name = HttpUtility::GetLastParameter(query, attr);
+                       Object::Ptr target = provider->GetTargetByName(type, name);
  
-                       if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-                               result.push_back(target);
+                       if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+                               BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+                       result.push_back(target);
                 }
  
                 attr = provider->GetPluralName(type);
@@ -227,8 +230,10 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
                                 BOOST_FOREACH(const String& name, names) {
                                         Object::Ptr target = provider->GetTargetByName(type, name);
  
-                                       if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-                                               result.push_back(target);
+                                       if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+                                               BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+                                       result.push_back(target);
                                 }
                         }
                 }
author	Gunnar Beutner <gunnar.beutner@netways.de>
	Mon, 13 Jun 2016 06:52:03 +0000 (08:52 +0200)
committer	Gunnar Beutner <gunnar.beutner@netways.de>
	Mon, 13 Jun 2016 08:14:10 +0000 (10:14 +0200)