READ_ANONYMIZED is a permission in its own right. Must return 1.

diff --git a/org.glite.lb.server/src/lb_authz.c b/org.glite.lb.server/src/lb_authz.c
index dd85425..3822c39 100644 (file)
--- a/org.glite.lb.server/src/lb_authz.c
+++ b/org.glite.lb.server/src/lb_authz.c
@@ -1232,9 +1232,6 @@ check_jobstat_authz(edg_wll_Context ctx,
     if (stat->payload_owner && edg_wll_gss_equal_subj(peer->name, stat->payload_owner))
        return 1;
 
-    if ((!(*authz_flags & READ_ANONYMIZED)) && (check_authz_policy(&ctx->authz_policy, peer, READ_ANONYMIZED)))
-       *authz_flags |= READ_ANONYMIZED;
-
     if (edg_wll_amIroot(peer->name, peer->fqans, &ctx->authz_policy))
        return 1;
     if (acl && edg_wll_CheckACL_princ(ctx, acl, EDG_WLL_CHANGEACL_READ, peer) == 0)
@@ -1243,9 +1240,12 @@ check_jobstat_authz(edg_wll_Context ctx,
 
     if (check_authz_policy(&ctx->authz_policy, peer, READ_ALL))
        return 1;
+    if ((!(*authz_flags & READ_ANONYMIZED)) && (check_authz_policy(&ctx->authz_policy, peer, READ_ANONYMIZED))) {
+       *authz_flags |= READ_ANONYMIZED;
+       return 1;
+    }
     if (check_authz_policy(&ctx->authz_policy, peer, STATUS_FOR_MONITORING)) {
        *authz_flags |= STATUS_FOR_MONITORING;
-       return 1;
     }
 
     return 0;