Revision 8e12467b
Added by Andreas Kohlbecker about 6 years ago
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/CdmPermissionVoter.java | ||
---|---|---|
78 | 78 |
public int vote(Authentication authentication, CdmBase cdmBase, Collection<ConfigAttribute> attributes) { |
79 | 79 |
|
80 | 80 |
if(!isResponsibleFor(cdmBase)){ |
81 |
logger.debug("class missmatch => ACCESS_ABSTAIN");
|
|
81 |
logger.debug(voterLoggingLabel() + " class missmatch => ACCESS_ABSTAIN");
|
|
82 | 82 |
return ACCESS_ABSTAIN; |
83 | 83 |
} |
84 | 84 |
|
85 | 85 |
if (logger.isDebugEnabled()){ |
86 |
logger.debug("authentication: " + authentication.getName() + ", object : " + cdmBase.toString() + ", attribute[0]:" + ((CdmAuthority)attributes.iterator().next()).getAttribute());
|
|
86 |
logger.debug(voterLoggingLabel() + " voting for authentication: " + authentication.getName() + ", object : " + cdmBase.toString() + ", attribute[0]:" + ((CdmAuthority)attributes.iterator().next()).getAttribute());
|
|
87 | 87 |
} |
88 | 88 |
|
89 | 89 |
int fallThroughVote = ACCESS_DENIED; |
... | ... | |
103 | 103 |
try { |
104 | 104 |
auth = CdmAuthority.fromGrantedAuthority(authority); |
105 | 105 |
} catch (CdmAuthorityParsingException e) { |
106 |
logger.debug("skipping " + authority.getAuthority() + " due to CdmAuthorityParsingException");
|
|
106 |
logger.debug(voterLoggingLabel() + " skipping " + authority.getAuthority() + " due to CdmAuthorityParsingException");
|
|
107 | 107 |
continue; |
108 | 108 |
} |
109 | 109 |
|
110 | 110 |
// check if the voter is responsible for the permission to be evaluated |
111 | 111 |
if( ! isResponsibleFor(evalPermission.getPermissionClass())){ |
112 |
logger.debug(getResponsibility() + " not responsible for " + evalPermission.getPermissionClass() + " -> skipping");
|
|
112 |
logger.debug(voterLoggingLabel() + " not responsible for " + evalPermission.getPermissionClass() + " -> skipping");
|
|
113 | 113 |
continue; |
114 | 114 |
} |
115 | 115 |
|
... | ... | |
122 | 122 |
vr.isUuidMatch = auth.hasTargetUuid() && auth.getTargetUUID().equals(cdmBase.getUuid()); |
123 | 123 |
vr.isIgnoreUuidMatch = !auth.hasTargetUuid(); |
124 | 124 |
|
125 |
if(logger.isDebugEnabled()){ |
|
126 |
logger.debug(voterLoggingLabel() + " " + vr); |
|
127 |
} |
|
128 |
|
|
125 | 129 |
// first of all, always allow deleting orphan entities |
126 | 130 |
if(vr.isClassMatch && evalPermission.getOperation().equals(DELETE) && isOrpahn(cdmBase)) { |
131 |
if(logger.isDebugEnabled()){ |
|
132 |
logger.debug(voterLoggingLabel() +" entity is considered orphan => ACCESS_GRANTED"); |
|
133 |
} |
|
127 | 134 |
return ACCESS_GRANTED; |
128 | 135 |
} |
129 | 136 |
|
130 | 137 |
if(!auth.hasProperty()){ |
131 | 138 |
if ( vr.isIgnoreUuidMatch && vr.isClassMatch && vr.isPermissionMatch){ |
132 |
logger.debug("no targetUuid, class & permission match => ACCESS_GRANTED"); |
|
139 |
if(logger.isDebugEnabled()){ |
|
140 |
logger.debug(voterLoggingLabel() +" no targetUuid, class & permission match => ACCESS_GRANTED"); |
|
141 |
} |
|
133 | 142 |
return ACCESS_GRANTED; |
134 | 143 |
} |
135 | 144 |
if ( vr.isUuidMatch && vr.isClassMatch && vr.isPermissionMatch ){ |
136 |
logger.debug("permission, class and uuid are matching => ACCESS_GRANTED"); |
|
145 |
if(logger.isDebugEnabled()){ |
|
146 |
logger.debug(voterLoggingLabel() +" permission, class and uuid are matching => ACCESS_GRANTED"); |
|
147 |
} |
|
137 | 148 |
return ACCESS_GRANTED; |
138 | 149 |
} |
139 | 150 |
} else { |
... | ... | |
154 | 165 |
// |
155 | 166 |
Integer furtherVotingResult = furtherVotingDescisions(auth, cdmBase, attributes, vr); |
156 | 167 |
if(furtherVotingResult != null){ |
157 |
logger.debug("furtherVotingResult => " + furtherVotingResult); |
|
168 |
if(logger.isDebugEnabled()){ |
|
169 |
logger.debug(voterLoggingLabel() + " furtherVotingResult => " + voteToString(furtherVotingResult)); |
|
170 |
} |
|
158 | 171 |
switch(furtherVotingResult){ |
159 | 172 |
case ACCESS_GRANTED: |
160 | 173 |
// no further check needed |
... | ... | |
173 | 186 |
} // END Authorities loop |
174 | 187 |
} // END attributes loop |
175 | 188 |
|
189 |
int votingResult = deniedByPreviousFurtherVoting ? ACCESS_DENIED : fallThroughVote; |
|
176 | 190 |
// the value of fallThroughVote depends on whether the authority had an property or not, see above |
177 |
logger.debug("fallThroughVote => " + fallThroughVote); |
|
178 |
return deniedByPreviousFurtherVoting ? ACCESS_DENIED : fallThroughVote; |
|
191 |
if(logger.isDebugEnabled()){ |
|
192 |
logger.debug(voterLoggingLabel() + " fallThroughVote => " + voteToString(fallThroughVote)); |
|
193 |
logger.debug(voterLoggingLabel() + " ##votingResult## => " + voteToString(votingResult)); |
|
194 |
} |
|
195 |
return votingResult; |
|
179 | 196 |
} |
180 | 197 |
|
181 | 198 |
/** |
... | ... | |
209 | 226 |
return null; |
210 | 227 |
} |
211 | 228 |
|
229 |
/** |
|
230 |
* returns a label for the logging output |
|
231 |
* @return |
|
232 |
*/ |
|
233 |
protected String voterLoggingLabel(){ |
|
234 |
return "(" + getResponsibilityClass().getSimpleName() + "-Voter)"; |
|
235 |
} |
|
236 |
|
|
237 |
/** |
|
238 |
* |
|
239 |
* @param vote |
|
240 |
* @return string representations for the votes defined in {@link AccessDecisionVoter} |
|
241 |
*/ |
|
242 |
protected String voteToString(int vote) { |
|
243 |
switch (vote){ |
|
244 |
case 1: return "ACCESS_GRANTED"; |
|
245 |
case 0: return "ACCESS_ABSTAIN"; |
|
246 |
case -1: return "ACCESS_DENIED"; |
|
247 |
default: return Integer.toString(vote); |
|
248 |
} |
|
249 |
} |
|
250 |
|
|
251 |
|
|
212 | 252 |
/** |
213 | 253 |
* Holds various flags with validation results. |
214 | 254 |
* Is used to pass this information from |
... | ... | |
231 | 271 |
boolean isPropertyMatch = false; |
232 | 272 |
boolean isUuidMatch = false; |
233 | 273 |
boolean isClassMatch = false; |
274 |
|
|
275 |
@Override |
|
276 |
public String toString(){ |
|
277 |
return "isClassMatch: " + Boolean.toString(isClassMatch) + ", " |
|
278 |
+ "isUuidMatch: " + Boolean.toString(isUuidMatch) + ", " |
|
279 |
+ "isPermissionMatch: " + Boolean.toString(isPermissionMatch) + ", " |
|
280 |
+ "isPropertyMatch: " + Boolean.toString(isPropertyMatch); |
|
281 |
|
|
282 |
} |
|
234 | 283 |
} |
235 | 284 |
|
236 | 285 |
} |
Also available in: Unified diff
better logging of voting in CdmPermissionVoter