Fixed bug #1136: Access rights not enforced.

diff --git a/NEWS b/NEWS
index b415d07..39409e0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
 --- 1.0.9 ..
 
+Fixed bug #1136: Access rights not enforced.
+
 Extension for log module. The log category 'access' logs more details.
 New category 'user-access' added which is simlar to 'access' but adds
 the Z39.50 user as for all entries in a session.

diff --git a/src/filter_auth_simple.cpp b/src/filter_auth_simple.cpp
index d974217..f48dd15 100644 (file)
--- a/src/filter_auth_simple.cpp
+++ b/src/filter_auth_simple.cpp
@@ -1,4 +1,4 @@
-/* $Id: filter_auth_simple.cpp,v 1.23 2007-05-09 21:23:09 adam Exp $
+/* $Id: filter_auth_simple.cpp,v 1.24 2007-05-23 14:24:10 adam Exp $
    Copyright (c) 2005-2007, Index Data.
 
 This file is part of Metaproxy.
@@ -357,8 +357,8 @@ void yf::AuthSimple::check_targets(mp::Package & package) const
     std::list<std::string> authorisedTargets = m_p->targetsByUser[user];
 
     std::list<std::string> targets;
-    Z_OtherInformation *otherInfo = initReq->otherInfo;
-    mp::util::get_vhost_otherinfo(otherInfo, targets);
+    Z_OtherInformation **otherInfo = &initReq->otherInfo;
+    mp::util::remove_vhost_otherinfo(otherInfo, targets);
 
     // Check each of the targets specified in the otherInfo package
     std::list<std::string>::iterator i;
@@ -381,9 +381,8 @@ void yf::AuthSimple::check_targets(mp::Package & package) const
                            YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                            // ### It would be better to use the Z-db name
                            "all databases");
-
     mp::odr odr;
-    mp::util::set_vhost_otherinfo(&otherInfo, odr, targets);
+    mp::util::set_vhost_otherinfo(otherInfo, odr, targets);
     package.move();
 }