Revision 0659115f src/rm/RequestManagerImagePoolInfo.cc

View differences:

src/rm/RequestManagerImagePoolInfo.cc
46 46
    filter_flag = xmlrpc_c::value_int(paramList.getInt(1));
47 47

  
48 48
    // Check if it is a valid user
49
    rc = ImagePoolInfo::upool->authenticate(session);
49
    uid = ImagePoolInfo::upool->authenticate(session);
50 50

  
51
    if ( rc == -1 )
51
    if ( uid == -1 )
52 52
    {
53 53
        goto error_authenticate;
54 54
    }
55

  
56
    uid = rc;
57 55
    
58 56
    where_string.str("");
59 57
    
......
70 68
    switch(filter_flag)
71 69
    {
72 70
        case -2:
73
            if ( uid != 0 )
74
            {
75
                goto error_authorization;
76
            }
71
            // TODO define authentication bug #278
77 72
            // where remains empty.
78 73
            break;
79 74
        case -1:
80 75
            where_string << "UID=" << uid << " OR public = 'YES'";
81 76
            break;
82 77
        default:
83
            // Only oneadmin or the user can list a specific user's images.
84
            if ( uid != 0 && uid != filter_flag )
85
            {
86
                goto error_authorization;
87
            }
88 78
            where_string << "UID=" << filter_flag;
89 79
    }
90 80

  
......
114 104
    oss.str(authenticate_error(method_name));    
115 105
    goto error_common;
116 106

  
117
error_authorization:
118
    oss.str(authorization_error(method_name, "USE", "IMAGE", uid, NULL));
119
    goto error_common;
120
    
121 107
error_filter_flag:
122 108
    oss << "Incorrect filter_flag, must be >= -2.";
123 109
    goto error_common;

Also available in: Unified diff