1
0
mirror of https://github.com/essentials/Essentials.git synced 2025-08-11 17:15:07 +02:00

Prevent inherited group permission negations overriding higher level group perms.

This commit is contained in:
ElgarL
2014-07-17 10:37:58 +01:00
parent d32c692b66
commit bd72eee559
2 changed files with 9 additions and 2 deletions

View File

@@ -235,4 +235,5 @@ v2.1:
- Prevent GM's own permission tests from allowing inherited permissions to override inherited negations (caused when we added the exception override for sub groups).
- Add internal name to UUID resolution to speed data lookups.
- Convert all User lookups and commands to use UUIDs where possible.
- Fix Overloaded and non-overloaded users to report correctly for group tests.
- Fix Overloaded and non-overloaded users to report correctly for group tests.
- Prevent inherited group permission negations overriding higher level group perms.

View File

@@ -1069,12 +1069,18 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
if (resultNow.resultType.equals(PermissionCheckResult.Type.EXCEPTION)) {
resultNow.accessLevel = targetPermission;
GroupManager.logger.fine("Found an " + resultNow.resultType + " for " + targetPermission + " in group " + resultNow.owner.getLastName());
return resultNow;
}
if (!result.resultType.equals(PermissionCheckResult.Type.NEGATION)) {
/*
* Store the first found permission only.
* This will prevent inherited permission negations overriding higher level perms.
*/
if (result.resultType.equals(PermissionCheckResult.Type.NOTFOUND)) {
// No Negation found so store for later
// as we need to continue looking for an Exception.
GroupManager.logger.fine("Found an " + resultNow.resultType + " for " + targetPermission + " in group " + resultNow.owner.getLastName());
result = resultNow;
}
}