From bd72eee559b224a06bef4a55a52215e0e79c6528 Mon Sep 17 00:00:00 2001 From: ElgarL Date: Thu, 17 Jul 2014 10:37:58 +0100 Subject: [PATCH] Prevent inherited group permission negations overriding higher level group perms. --- EssentialsGroupManager/src/Changelog.txt | 3 ++- .../groupmanager/permissions/AnjoPermissionsHandler.java | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/EssentialsGroupManager/src/Changelog.txt b/EssentialsGroupManager/src/Changelog.txt index 0679b7f14..8c038c3ee 100644 --- a/EssentialsGroupManager/src/Changelog.txt +++ b/EssentialsGroupManager/src/Changelog.txt @@ -235,4 +235,5 @@ v2.1: - Prevent GM's own permission tests from allowing inherited permissions to override inherited negations (caused when we added the exception override for sub groups). - Add internal name to UUID resolution to speed data lookups. - Convert all User lookups and commands to use UUIDs where possible. - - Fix Overloaded and non-overloaded users to report correctly for group tests. \ No newline at end of file + - Fix Overloaded and non-overloaded users to report correctly for group tests. + - Prevent inherited group permission negations overriding higher level group perms. \ No newline at end of file diff --git a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java index 12b6d4e7e..717346f20 100644 --- a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java +++ b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java @@ -1069,12 +1069,18 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { if (resultNow.resultType.equals(PermissionCheckResult.Type.EXCEPTION)) { resultNow.accessLevel = targetPermission; + GroupManager.logger.fine("Found an " + resultNow.resultType + " for " + targetPermission + " in group " + resultNow.owner.getLastName()); return resultNow; } - if (!result.resultType.equals(PermissionCheckResult.Type.NEGATION)) { + /* + * Store the first found permission only. + * This will prevent inherited permission negations overriding higher level perms. + */ + if (result.resultType.equals(PermissionCheckResult.Type.NOTFOUND)) { // No Negation found so store for later // as we need to continue looking for an Exception. + GroupManager.logger.fine("Found an " + resultNow.resultType + " for " + targetPermission + " in group " + resultNow.owner.getLastName()); result = resultNow; } }