I'm going to operate on the assumption that if you're separating ClientObject

from BodyObject, then it's your responsibility to make sure that your
BodyObject carries your Crowd permissions. Checking the ClientObject for your
Crowd permissions and then using those on your (separate) BodyObject is too
weird.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6318 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2010-11-30 18:05:00 +00:00
parent 7af21e2aa0
commit e5b7cd1535
@@ -90,7 +90,7 @@ public class SpeakHandler
BodyObject source = (_locator != null) ? _locator.forClient(caller) :
(BodyObject) caller;
String errmsg = caller.checkAccess(ChatCodes.CHAT_ACCESS, null);
String errmsg = source.checkAccess(ChatCodes.CHAT_ACCESS, null);
if (errmsg != null) {
// we normally don't listen for responses to speak messages so we can't just throw an
// InvocationException, we have to specifically communicate the error to the user
@@ -104,7 +104,7 @@ public class SpeakHandler
// ensure that the speaker is valid
if ((mode == ChatCodes.BROADCAST_MODE) ||
(_validator != null && !_validator.isValidSpeaker(_speakObj, source, mode))) {
log.warning("Refusing invalid speak request", "caller", caller.who(),
log.warning("Refusing invalid speak request", "source", source.who(),
"speakObj", _speakObj.which(), "message", message, "mode", mode);
} else {