I'm going to operate on the assumption that if you're separating ClientObject
from BodyObject, then it's your responsibility to make sure that your BodyObject carries your Crowd permissions. Checking the ClientObject for your Crowd permissions and then using those on your (separate) BodyObject is too weird. git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6318 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -90,7 +90,7 @@ public class SpeakHandler
|
||||
BodyObject source = (_locator != null) ? _locator.forClient(caller) :
|
||||
(BodyObject) caller;
|
||||
|
||||
String errmsg = caller.checkAccess(ChatCodes.CHAT_ACCESS, null);
|
||||
String errmsg = source.checkAccess(ChatCodes.CHAT_ACCESS, null);
|
||||
if (errmsg != null) {
|
||||
// we normally don't listen for responses to speak messages so we can't just throw an
|
||||
// InvocationException, we have to specifically communicate the error to the user
|
||||
@@ -104,7 +104,7 @@ public class SpeakHandler
|
||||
// ensure that the speaker is valid
|
||||
if ((mode == ChatCodes.BROADCAST_MODE) ||
|
||||
(_validator != null && !_validator.isValidSpeaker(_speakObj, source, mode))) {
|
||||
log.warning("Refusing invalid speak request", "caller", caller.who(),
|
||||
log.warning("Refusing invalid speak request", "source", source.who(),
|
||||
"speakObj", _speakObj.which(), "message", message, "mode", mode);
|
||||
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user