From cef632494accdefd55342d4a084fe2251758142d Mon Sep 17 00:00:00 2001 From: Par Winzell Date: Thu, 2 Dec 2010 21:13:23 +0000 Subject: [PATCH] We have to check the body for permissions here, not the client, as per MDB's recent fixes. git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6334 542714f4-19e9-0310-aa3c-eee0fc999fb1 --- .../threerings/crowd/chat/server/ChatProvider.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/threerings/crowd/chat/server/ChatProvider.java b/src/main/java/com/threerings/crowd/chat/server/ChatProvider.java index 5e8a6b485..c70e03107 100644 --- a/src/main/java/com/threerings/crowd/chat/server/ChatProvider.java +++ b/src/main/java/com/threerings/crowd/chat/server/ChatProvider.java @@ -52,6 +52,8 @@ import com.threerings.crowd.server.BodyLocal; import com.threerings.crowd.server.BodyLocator; import com.threerings.crowd.server.PlaceRegistry; +import static com.threerings.crowd.Log.log; + /** * The chat provider handles the server side of the chat-related invocation services. */ @@ -132,11 +134,12 @@ public class ChatProvider public void tell (ClientObject caller, Name target, String message, TellListener listener) throws InvocationException { + BodyObject source = _locator.forClient(caller); + // ensure that the caller has normal chat privileges - InvocationException.requireAccess(caller, ChatCodes.CHAT_ACCESS); + InvocationException.requireAccess(source, ChatCodes.CHAT_ACCESS); // deliver the tell message to the target - BodyObject source = _locator.forClient(caller); deliverTell(createTellMessage(source, message), target, listener); // inform the auto-responder if needed @@ -152,9 +155,10 @@ public class ChatProvider public void broadcast (ClientObject caller, String message, InvocationListener listener) throws InvocationException { - // make sure the requesting user has broadcast privileges - InvocationException.requireAccess(caller, ChatCodes.BROADCAST_ACCESS); BodyObject body = _locator.forClient(caller); + + // make sure the requesting user has broadcast privileges + InvocationException.requireAccess(body, ChatCodes.BROADCAST_ACCESS); broadcast(body.getVisibleName(), null, message, false, true); }