From 23f11ddbf603db505c17259a4136e6b093a23884 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Tue, 25 Sep 2007 21:20:03 +0000
Subject: [PATCH] Fix  password modify regression. Issue 2342.

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java |   42 ++++++++++++++++++++++--------------------
 1 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index d38461b..2b2d2df 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -465,6 +465,28 @@
           }
         }
 
+
+        // Check to see if the client has permission to perform the modify.
+        // The access control check is not made any earlier because the handler
+        // needs access to the modified entry.
+
+        // FIXME: for now assume that this will check all permissions
+        // pertinent to the operation. This includes proxy authorization
+        // and any other controls specified.
+
+        // FIXME: earlier checks to see if the entry already exists may have
+        // already exposed sensitive information to the client.
+        if (! AccessControlConfigManager.getInstance().
+                   getAccessControlHandler().isAllowed(this))
+        {
+          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+          appendErrorMessage(ERR_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(
+                                  String.valueOf(entryDN)));
+          skipPostOperation = true;
+          break modifyProcessing;
+        }
+
+
         try
         {
           handleInitialPasswordPolicyAndSchemaProcessing();
@@ -487,26 +509,6 @@
         }
 
 
-        // Check to see if the client has permission to perform the modify.
-        // The access control check is not made any earlier because the handler
-        // needs access to the modified entry.
-
-        // FIXME: for now assume that this will check all permissions
-        // pertinent to the operation. This includes proxy authorization
-        // and any other controls specified.
-
-        // FIXME: earlier checks to see if the entry already exists may have
-        // already exposed sensitive information to the client.
-        if (! AccessControlConfigManager.getInstance().
-                   getAccessControlHandler().isAllowed(this))
-        {
-          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
-          appendErrorMessage(ERR_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(
-                                  String.valueOf(entryDN)));
-          skipPostOperation = true;
-          break modifyProcessing;
-        }
-
         if ((! passwordChanged) && (! isInternalOperation()) &&
             pwPolicyState.mustChangePassword())
         {

--
Gitblit v1.10.0