From c49a76cbb2a8d56829043d7d794f84b58fbc0ae3 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Thu, 6 Sep 2012 08:47:45 +0000
Subject: [PATCH] resolved TG-1873

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@13508 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
 .../rbacSoap/TgExtraCrud.class.php            | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtraCrud.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtraCrud.class.php
index 319dcc4..7dd675f 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtraCrud.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtraCrud.class.php
@@ -410,11 +410,17 @@ class TgExtraCrud {
 
   // -----------------------------------------------------
   // Function: tgCrudCheckAccess
-  // Input: log / xsd:string
-  //        session / xsd:string
+  // Input: auth / xsd:string
+  //        log / xsd:string
   //        operation / xsd:string
   //        resource / xsd:string
-  // Output: sid / xsd:string
+  //        secret / xsd:string
+  // Output: 
+  //        result / xsd:boolean
+  //        public / xsd:boolean
+  //        project / tns:projectinfo
+  //        username / xsd:string
+  //        operation / xsd:string
   // Description
   //   Searches for the given resource. If it's existing the
   //   method starts the checkAccess query and returns the
@@ -499,7 +505,12 @@ class TgExtraCrud {
 
         // Finally add the username and allowed
         // operations for the current session.
-        $result->username = $this->rbac->sessionUser( $inRequest->auth );
+	// have to check for anonymous access (or invalid SID)
+	try {
+	    $result->username = $this->rbac->sessionUser( $inRequest->auth );
+	} catch ( Exception $e ) {
+	    $result->username = "--invalid--";
+	}
 	
 
         try {
-- 
GitLab