From 9a842e2202f683ab02f58f89b774bddc5453f28b Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Fri, 17 Oct 2014 10:52:36 -0700
Subject: [PATCH] flip domain-server local connect conditional

---
 domain-server/resources/describe-settings.json |  2 +-
 domain-server/src/DomainServer.cpp             | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/domain-server/resources/describe-settings.json b/domain-server/resources/describe-settings.json
index b8bc783aa1..2c33897d07 100644
--- a/domain-server/resources/describe-settings.json
+++ b/domain-server/resources/describe-settings.json
@@ -64,7 +64,7 @@
         "name": "allowed_users",
         "type": "table",
         "label": "Allowed Users",
-        "help": "List the High Fidelity names for people you want to be able to connect to this domain.<br/>An empty list means everyone.<br/>You can always connect from this machine.",
+        "help": "List the High Fidelity names for people you want to be able to connect to this domain.<br/>An empty list means everyone.<br/>You can always connect from the domain-server machine.",
         "numbered": false,
         "columns": [
           {
diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index ec8b0e0ebe..b655aba25b 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -616,13 +616,13 @@ const QString ALLOWED_USERS_SETTINGS_KEYPATH = "security.allowed_users";
 bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                  const QByteArray& usernameSignature,
                                                  const HifiSockAddr& senderSockAddr) {
-    static const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
+    const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
                                                                  ALLOWED_USERS_SETTINGS_KEYPATH);
-    static QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
+    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
     
     // we always let in a user who is sending a packet from our local socket or from the localhost address
-    if (senderSockAddr.getAddress() != LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
-        && senderSockAddr.getAddress() != QHostAddress::LocalHost) {
+    if (senderSockAddr.getAddress() == LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
+        && senderSockAddr.getAddress() == QHostAddress::LocalHost) {
         return true;
     }
     
@@ -670,6 +670,8 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
             }
         
             requestUserPublicKey(username);
+        } else {
+            qDebug() << "Connect request denied for user" << username << "not in allowed users list.";
         }
     } else {
         // since we have no allowed user list, let them all in