2004-06-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

	* AuthorizationConfig.cs: we must match [verb +] (role|user). Fixes bug
	#60482.

svn path=/trunk/mcs/; revision=30095

diff --git a/mcs/class/System.Web/System.Web.Configuration/AuthorizationConfig.cs b/mcs/class/System.Web/System.Web.Configuration/AuthorizationConfig.cs
index 2f897b8b866da18d03ffd591969b8acaec8dd51c..b9c6bc9d678217383fe8ef1b7d46773f0b869da7 100644 (file)
--- a/mcs/class/System.Web/System.Web.Configuration/AuthorizationConfig.cs
+++ b/mcs/class/System.Web/System.Web.Configuration/AuthorizationConfig.cs
@@ -89,27 +89,16 @@ namespace System.Web.Configuration
                                return true;
                        }
 
-                       bool userMatch;
-                       bool roleMatch;
-                       bool verbMatch;
                        foreach (UserData data in list) {
-                               if (data.Users == null)
+                               if (data.Verbs != null && !data.CheckVerb (verb))
                                        continue;
 
-                               userMatch = (data.Users == null);
-                               if (!userMatch)
-                                       userMatch = data.CheckUser (user.Identity.Name);
-
-                               roleMatch = (data.Roles == null);
-                               if (!roleMatch)
-                                       roleMatch = data.CheckRole (user);
-
-                               verbMatch = (data.Verbs == null);
-                               if (data.Verbs != null)
-                                       verbMatch = data.CheckVerb (verb);
+                               if (data.Users != null && !data.CheckUser (user.Identity.Name))
+                                       continue;
+                               else if (data.Roles != null && !data.CheckRole (user))
+                                       continue;
 
-                               if (userMatch && roleMatch && verbMatch)
-                                       return data.Allow;
+                               return data.Allow;
                        }
                        
                        if (parent != null)

diff --git a/mcs/class/System.Web/System.Web.Configuration/ChangeLog b/mcs/class/System.Web/System.Web.Configuration/ChangeLog
index 98e8f16f8adfca6ec3f78a6cc874b9b2c114dbcd..77bc1afab62328eb994e99dbf80e508fee98ca25 100644 (file)
--- a/mcs/class/System.Web/System.Web.Configuration/ChangeLog
+++ b/mcs/class/System.Web/System.Web.Configuration/ChangeLog
@@ -1,3 +1,8 @@
+2004-06-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+       * AuthorizationConfig.cs: we must match [verb +] (role|user). Fixes bug
+       #60482.
+
 2004-06-15 Gonzalo Paniagua Javier <gonzalo@ximian.com>
 
        * WebConfigurationSettings.cs: allow empty <configSections>.