1 files changed, 71 insertions, 7 deletions

diff --git a/src/input/pvsCheckPrivileges.cpp b/src/input/pvsCheckPrivileges.cpp
index f9a8851..2026c0a 100644
--- a/src/input/pvsCheckPrivileges.cpp
+++ b/src/input/pvsCheckPrivileges.cpp
@@ -311,7 +311,12 @@ bool PVSCheckPrivileges::require(SessionKind sessionKind, CachedInputContext con
 {
 	SessionKind cachedSessionKind;
 
-	if(sessionKind < SESSION_NONLOCAL)
+	if(sessionKind == SESSION_NONLOCAL)
+	{
+		// All sessions are at least non-local
+		return true;
+	}
+	else if(sessionKind == SESSION_LOCAL)
 	{
 		if((cachedSessionKind = _savedSessionKind.value(sender, SESSION_UNKNOWN)) == SESSION_UNKNOWN)
 		{
@@ -320,18 +325,49 @@ bool PVSCheckPrivileges::require(SessionKind sessionKind, CachedInputContext con
 				_savedSessionKind[sender] = cachedSessionKind;
 			qDebug("Got session kind: %s", toString(cachedSessionKind).toLocal8Bit().constData());
 		}
-		if(cachedSessionKind > sessionKind)
+
+		switch(cachedSessionKind)
+		{
+		case SESSION_LOOKUP_FAILURE:
+		case SESSION_UNKNOWN:
+		{
+			// If we cannot find out the correct session kind, look up what we should do in
+			// the configuration:
+			QSettings* config = pvsPrivInputGetSettings();
+			QVariant assumeLocal = config->value("assume-session-local", false);
+			if(!assumeLocal.canConvert(QVariant::Bool))
+			{
+				qWarning("There is an assume-session-local setting, but cannot convert it to boolean");
+				return false;
+			}
+			return assumeLocal.toBool();
+		}
+		case SESSION_LOCAL:
+			return true;
+		case SESSION_NONLOCAL:
 			return false;
+		default:
+			qWarning("Internal error: Undefined session kind %d", (int)cachedSessionKind);
+			return false;
+		}
+	}
+	else
+	{
+		qWarning("Internal error: It does not make sense to require an unknown session or undefined session kind %d", (int)sessionKind);
+		return false;
 	}
-
-	return true;
 }
 
 bool PVSCheckPrivileges::require(UserPrivilege userPrivilege, CachedInputContext const& sender)
 {
 	UserPrivilege cachedUserPrivilege;
 
-	if(userPrivilege < USER_UNPRIVILEGED)
+	if(userPrivilege == USER_UNPRIVILEGED)
+	{
+		// All users are unprivileged
+		return true;
+	}
+	else if(userPrivilege == USER_PRIVILEGED)
 	{
 		if((cachedUserPrivilege = _savedUserPrivilege.value(sender, USER_UNKNOWN)) == USER_UNKNOWN)
 		{
@@ -340,10 +376,38 @@ bool PVSCheckPrivileges::require(UserPrivilege userPrivilege, CachedInputContext
 				_savedUserPrivilege[sender] = cachedUserPrivilege;
 			qDebug("Got user privilege: %s", toString(cachedUserPrivilege).toLocal8Bit().constData());
 		}
-		if(cachedUserPrivilege > userPrivilege)
+
+		switch(cachedUserPrivilege)
+		{
+		case USER_LOOKUP_FAILURE:
+		case USER_UNKNOWN:
+		{
+			// If we cannot find out the correct user privilege level, look up what we should do in
+			// the configuration:
+			QSettings* config = pvsPrivInputGetSettings();
+			QVariant assumePrivileged = config->value("assume-user-privileged", false);
+			if(!assumePrivileged.canConvert(QVariant::Bool))
+			{
+				qWarning("There is an assume-session-local setting, but cannot convert it to boolean");
+				return false;
+			}
+			return assumePrivileged.toBool();
+		}
+		case USER_PRIVILEGED:
+			return true;
+		case USER_UNPRIVILEGED:
+			return false;
+		default:
+			qWarning("Internal error: Found undefined user privilege level %d", (int)cachedUserPrivilege);
+			_savedUserPrivilege.remove(sender);
 			return false;
+		}
+	}
+	else
+	{
+		qWarning("Internal error: It does not make sense to require an unknown or undefined user privilege level %d", (int)userPrivilege);
+		return false;
 	}
-	return true;
 }
 
 bool PVSCheckPrivileges::require(SessionKind sessionKind,