9 سال پیش · 3f3801ffc0
--- a/esp/services/ws_workunits/ws_workunitsHelpers.cpp
+++ b/esp/services/ws_workunits/ws_workunitsHelpers.cpp
@@ -3008,16 +3008,16 @@ void WsWuHelpers::submitWsWorkunit(IEspContext& context, IConstWorkUnit* cw, con
 
				 
			
 
				 #ifndef _NO_LDAP
			
 
				     CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
			
 
				-    if(secmgr == NULL)
			
 
				-        throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager is not found");
			
 
				 
			
 
				-    if (secmgr->getCheckViewPermissions())
			
 
				+    // View Scope is checked only when LDAP secmgr is available AND checkViewPermissions config is also enabled.
			
 
				+    // Otherwise, the view permission check is skipped, and WU is submitted as normal.
			
 
				+    if (secmgr && secmgr->getCheckViewPermissions())
			
 
				     {
			
 
				         StringArray filenames, columnnames;
			
 
				         if (cw->getFieldUsageArray(filenames, columnnames, cluster)) // check view permission only for a query with fieldUsage information
			
 
				         {
			
 
				             if (!secmgr->authorizeViewScope(*context.queryUser(), filenames, columnnames))
			
 
				-                throw MakeStringException(ECLWATCH_VIEW_ACCESS_DENIED, "View Access denied");
			
 
				+                throw MakeStringException(ECLWATCH_VIEW_ACCESS_DENIED, "View Access denied for a WU: %s", cw->queryWuid());
			
 
				         }
			
 
				     }
			
 
				 #endif
			
--- a/system/security/LdapSecurity/ldapsecurity.cpp
+++ b/system/security/LdapSecurity/ldapsecurity.cpp
@@ -869,7 +869,10 @@ bool CLdapSecManager::authorizeFileScope(ISecUser & user, ISecResourceList * res
 
				 bool CLdapSecManager::authorizeViewScope(ISecUser & user, StringArray & filenames, StringArray & columnnames)
			
 
				 {
			
 
				     if (filenames.length() != columnnames.length())
			
 
				+    {
			
 
				+        PROGLOG("Error authorizing view scope: number of filenames (%d) do not match number of columnnames (%d).", filenames.length(), columnnames.length());
			
 
				         return false; 
			
 
				+    }
			
 
				 
			
 
				     const char* username = user.getName();
			
 
				     StringArray viewnames, viewdescriptions, viewManagedBy;
			
@@ -900,6 +903,7 @@ bool CLdapSecManager::authorizeViewScope(ISecUser & user, StringArray & filename
 
				 
			
 
				             if (!authorizeEx(RT_VIEW_SCOPE, user, resList.get()))
			
 
				             {
			
 
				+                PROGLOG("View scope authorization denied by a view %s for a user %s", viewname, username);
			
 
				                 return false;
			
 
				             }
			
 
				         }