Revision f0aad502
Added by Andreas Kohlbecker over 6 years ago
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmAuthority.java | ||
|---|---|---|
| 75 | 75 |
// Making sure that operation is always initialized, for both |
| 76 | 76 |
// - the string representation to have a '[]' |
| 77 | 77 |
// - and the object representation to never be null (with check in constructors) |
| 78 |
EnumSet<CRUD> operation = EnumSet.noneOf(CRUD.class);;
|
|
| 78 |
EnumSet<CRUD> operation = EnumSet.noneOf(CRUD.class); |
|
| 79 | 79 |
UUID targetUuid; |
| 80 | 80 |
|
| 81 |
public CdmAuthority(CdmBase targetDomainObject, EnumSet<CRUD> operation, UUID uuid){
|
|
| 81 |
public CdmAuthority(CdmBase targetDomainObject, EnumSet<CRUD> operation){
|
|
| 82 | 82 |
this.permissionClass = CdmPermissionClass.getValueOf(targetDomainObject); |
| 83 | 83 |
this.property = null; |
| 84 | 84 |
if(operation != null) {
|
| 85 | 85 |
this.operation = operation; |
| 86 | 86 |
} |
| 87 |
this.targetUuid = uuid; |
|
| 87 |
if(targetDomainObject.getUuid() == null){
|
|
| 88 |
throw new NullPointerException("UUID of targetDomainObject is null. CDM entities need to be saved prior using this function");
|
|
| 89 |
} |
|
| 90 |
this.targetUuid = targetDomainObject.getUuid(); |
|
| 88 | 91 |
} |
| 89 | 92 |
|
| 90 | 93 |
public CdmAuthority(CdmBase targetDomainObject, String property, EnumSet<CRUD> operation, UUID uuid){
|
| ... | ... | |
| 96 | 99 |
this.targetUuid = uuid; |
| 97 | 100 |
} |
| 98 | 101 |
|
| 102 |
public CdmAuthority(Class<? extends CdmBase> targetDomainType, String property, EnumSet<CRUD> operation, UUID uuid){
|
|
| 103 |
this.permissionClass = CdmPermissionClass.getValueOf(targetDomainType); |
|
| 104 |
this.property = property; |
|
| 105 |
if(operation != null) {
|
|
| 106 |
this.operation = operation; |
|
| 107 |
} |
|
| 108 |
this.targetUuid = uuid; |
|
| 109 |
} |
|
| 110 |
|
|
| 99 | 111 |
|
| 100 | 112 |
public CdmAuthority(CdmPermissionClass permissionClass, String property, EnumSet<CRUD> operation, UUID uuid){
|
| 101 | 113 |
this.permissionClass = permissionClass; |
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmPermissionEvaluator.java | ||
|---|---|---|
| 62 | 62 |
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
|
| 63 | 63 |
|
| 64 | 64 |
|
| 65 |
CdmAuthority evalPermission; |
|
| 66 | 65 |
EnumSet<CRUD> requiredOperation = null; |
| 67 | 66 |
|
| 68 |
if(authentication == null) {
|
|
| 69 |
return false; |
|
| 70 |
} |
|
| 67 |
CdmBase cdmEntitiy = (CdmBase)targetDomainObject; |
|
| 71 | 68 |
|
| 72 | 69 |
if(logger.isDebugEnabled()){
|
| 73 |
String targteDomainObjText = " Object: " + (targetDomainObject == null? "null":((CdmBase)targetDomainObject).instanceToString());
|
|
| 70 |
String targteDomainObjText = " Object: " + (targetDomainObject == null? "null":cdmEntitiy.instanceToString());
|
|
| 74 | 71 |
logUserAndRequirement(authentication, permission.toString(), targteDomainObjText); |
| 75 | 72 |
} |
| 76 | 73 |
try {
|
| ... | ... | |
| 78 | 75 |
|
| 79 | 76 |
} catch (IllegalArgumentException e) {
|
| 80 | 77 |
logger.debug("permission string '"+ permission.toString() + "' not parsable => true");
|
| 81 |
return true; // FIXME it might be wrong to return true
|
|
| 78 |
return false;
|
|
| 82 | 79 |
} |
| 83 | 80 |
|
| 84 |
evalPermission = authorityRequiredFor((CdmBase)targetDomainObject, requiredOperation); |
|
| 81 |
return hasPermission(authentication, cdmEntitiy, requiredOperation); |
|
| 82 |
|
|
| 83 |
} |
|
| 84 |
|
|
| 85 |
/** |
|
| 86 |
* @param authentication |
|
| 87 |
* @param targetDomainObject |
|
| 88 |
* @param requiredOperation |
|
| 89 |
* @return |
|
| 90 |
*/ |
|
| 91 |
@Override |
|
| 92 |
public boolean hasPermission(Authentication authentication, CdmBase targetDomainObject, EnumSet<CRUD> requiredOperation) {
|
|
| 93 |
|
|
| 94 |
if(authentication == null) {
|
|
| 95 |
return false; |
|
| 96 |
} |
|
| 97 |
|
|
| 98 |
CdmAuthority evalPermission = authorityRequiredFor(targetDomainObject, requiredOperation); |
|
| 85 | 99 |
|
| 86 | 100 |
if (evalPermission.permissionClass != null) {
|
| 87 | 101 |
logger.debug("starting evaluation => ...");
|
| 88 |
return evalPermission(authentication, evalPermission, (CdmBase) targetDomainObject);
|
|
| 102 |
return evalPermission(authentication, evalPermission, targetDomainObject); |
|
| 89 | 103 |
}else{
|
| 90 | 104 |
logger.debug("skipping evaluation => true");
|
| 91 | 105 |
return true; |
| 92 | 106 |
} |
| 93 |
|
|
| 94 | 107 |
} |
| 95 | 108 |
|
| 96 | 109 |
|
| ... | ... | |
| 165 | 178 |
* @return |
| 166 | 179 |
*/ |
| 167 | 180 |
private CdmAuthority authorityRequiredFor(CdmBase targetEntity, EnumSet<CRUD> requiredOperation) {
|
| 168 |
CdmAuthority evalPermission; |
|
| 169 |
try{
|
|
| 170 |
//evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, (targetDomainObject).getUuid()); |
|
| 171 |
evalPermission = new CdmAuthority(targetEntity, requiredOperation, (targetEntity).getUuid()); |
|
| 172 |
}catch(NullPointerException e){
|
|
| 173 |
// TODO document where the NPE is coming from |
|
| 174 |
|
|
| 175 |
//evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null); |
|
| 176 |
evalPermission = new CdmAuthority(targetEntity, requiredOperation, null); |
|
| 177 |
} |
|
| 181 |
CdmAuthority evalPermission = new CdmAuthority(targetEntity, requiredOperation); |
|
| 178 | 182 |
return evalPermission; |
| 179 | 183 |
} |
| 180 | 184 |
|
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/ICdmPermissionEvaluator.java | ||
|---|---|---|
| 27 | 27 |
public <T extends CdmBase> boolean hasPermission(Authentication authentication, Class<T> targetDomainObjectClass, |
| 28 | 28 |
EnumSet<CRUD> requiredOperations); |
| 29 | 29 |
|
| 30 |
boolean hasPermission(Authentication authentication, CdmBase targetDomainObject, EnumSet<CRUD> requiredOperation); |
|
| 31 |
|
|
| 30 | 32 |
} |
Also available in: Unified diff
refactoring CdmPermissionEvaluator and CdmAuthoritiy for a more comprehensible API