QPID-6436: Allow user to update its own preferences without explicit permissions

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1665731 13f79535-47bb-0310-9956-ffa450edef68
author: Alex Rudyy <orudyy@apache.org> 2015-03-10 22:26:16 +0000
committer: Alex Rudyy <orudyy@apache.org> 2015-03-10 22:26:16 +0000
commit: 0fcc28c303a9f3abfa8c85eb9f0a29039aa98df3 (patch)
tree: 81e80cff831a682add04f2a5094b5af2a5477474
parent: 34ff17e386900442c79c2c266a417e3ba868470e (diff)
download: qpid-python-0fcc28c303a9f3abfa8c85eb9f0a29039aa98df3.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
index 922d64e6ee..754f6074e3 100755
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
@@ -532,6 +532,13 @@ public class SecurityManager
 
     public void authoriseUserUpdate(final String userName)
     {
+        AuthenticatedPrincipal principal = getCurrentUser();
+        if (principal != null && principal.getName().equals(userName))
+        {
+            // allow user to update its own data
+            return;
+        }
+
         final Operation operation = Operation.UPDATE;
         if(! checkAllPlugins(new AccessCheck()
         {
author	Alex Rudyy <orudyy@apache.org>	2015-03-10 22:26:16 +0000
committer	Alex Rudyy <orudyy@apache.org>	2015-03-10 22:26:16 +0000
commit	0fcc28c303a9f3abfa8c85eb9f0a29039aa98df3 (patch)
tree	81e80cff831a682add04f2a5094b5af2a5477474
parent	34ff17e386900442c79c2c266a417e3ba868470e (diff)
download	qpid-python-0fcc28c303a9f3abfa8c85eb9f0a29039aa98df3.tar.gz