Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-17 10:41:06 +01:00
Code Issues Packages Projects Releases Activity

anonymous user should not have permission to change password or autocomplete

Browse Source
This commit is contained in:
Eduard Heimbuch
2019-10-17 11:08:55 +02:00
parent a33acf5326
commit 1fd6337f64
6 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeDtoFactory.java
View File

@@ -6,6 +6,7 @@ import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import sonia.scm.group.GroupCollector;
import sonia.scm.security.Authentications;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.user.UserPermissions;
@@ -63,7 +64,7 @@ public class MeDtoFactory extends HalAppenderMapper {
if (UserPermissions.modify(user).isPermitted()) {
linksBuilder.single(link("update", resourceLinks.me().update(user.getName())));
}
if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted()) {
if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted() && !Authentications.isSubjectAnonymous(user.getName())) {
linksBuilder.single(link("password", resourceLinks.me().passwordChange()));
}