seco_authorized not exported #276

K2InformaticsGmbH · Aug 5, 2019 · c0fdad8 · c0fdad8
1 parent fa46149
commit c0fdad8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/src/imem_sec.erl b/src/imem_sec.erl
@@ -920,7 +920,20 @@ have_module_permission(SKey, Module, Operation) ->
 %% ------- local private security extension for sql and tables (do not export!!) ------------
 
 seco_authorized(SKey) ->
-    imem_seco:seco_authorized(SKey).
+    case imem_meta:read(ddSeCo@, SKey) of
+        [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() ->
+            SeCo;
+        [#ddSeCo{pid=Pid, authState=authorized} = SeCo] ->
+            {links, Links} = erlang:process_info(self(), links),
+            case lists:member(Pid, Links) of
+                true ->
+                    SeCo;
+                false ->
+                    ?SecurityViolation({"Not logged in", SKey})
+            end;
+        [] ->
+            ?SecurityException({"Not logged in", SKey})
+    end.
 
 % have_table_ownership(SKey, {Schema,Table,_Alias}) ->
 %     have_table_ownership(SKey, {Schema,Table});

diff --git a/src/imem_seco.erl b/src/imem_seco.erl
@@ -60,7 +60,6 @@
         , has_permission/3
         , has_permission/2
         , get_skey_pid/1
-        , seco_authorized/1
         ]).
 
 -export([ have_role/2
@@ -299,12 +298,8 @@ if_has_child_permission([RootRoleId|OtherRoles], Permission) ->
     end.
 
 get_skey_pid(SKey) ->
-    case if_read(ddSeCo@, SKey) of
-        [#ddSeCo{pid=Pid}] ->
-            {ok, Pid};
-        _ ->
-            not_found
-    end.
+    #ddSeCo{pid=Pid} = seco_authorized(SKey),
+    {ok, Pid}.
 
 %% --Implementation (exported helper functions) ----------------------------------------