zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-06-07 21:15:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

Explain why permission check occurs before existence check

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=240355450
This commit is contained in:
mcilwain 2019-03-26 08:45:42 -07:00 committed by jianglai
parent 648656e002
commit e1abef7b3e
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
java/google/registry/request/auth/AuthenticatedRegistrarAccessor.java
View file

@ -220,6 +220,8 @@ public class AuthenticatedRegistrarAccessor {
* @param clientId ID of the registrar we request * @param clientId ID of the registrar we request
*/ */
public Registrar getRegistrar(String clientId) throws RegistrarAccessDeniedException { public Registrar getRegistrar(String clientId) throws RegistrarAccessDeniedException {
// Verify access before checking if the registrar exists, in order to not leak information
// about objects in the system the user doesn't have permissions on.
verifyAccess(clientId); verifyAccess(clientId);
Registrar registrar = Registrar registrar =