/** * Checks if a Restriction gives permission for a specific (Default)ResourceType * No DefaultResourceType on Restriction means all ResourceTypes (including DefaultResourceTypes) are allowed * * @param restriction * @param resourceType */ private boolean hasPermissionForDefaultResourceType(RestrictionEntity restriction, ResourceTypeEntity resourceType) { // Default and non DefaultTypes are allowed if (resourceType == null || restriction.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return true; } // Only DefaultTypes are allowed if (restriction.getResourceTypePermission().equals(ResourceTypePermission.DEFAULT_ONLY) && DefaultResourceTypeDefinition.contains(resourceType.getName())) { return true; } // Only non DefaultTypes are allowed return restriction.getResourceTypePermission().equals(ResourceTypePermission.NON_DEFAULT_ONLY) && !DefaultResourceTypeDefinition.contains(resourceType.getName()); }
/** * Checks if restrictionEntityOne is more specific (grants less rights) than restrictionEntityTwo * * @param restrictionEntityOne * @param restrictionEntityTwo */ private boolean isMoreSpecificRestriction(RestrictionEntity restrictionEntityOne, RestrictionEntity restrictionEntityTwo) { // allow update of existing - do not compare with itself if (restrictionEntityOne.getId() != null && restrictionEntityOne.getId().equals(restrictionEntityTwo.getId())) { return false; } if (restrictionEntityOne.getAction().equals(Action.ALL) && !restrictionEntityTwo.getAction().equals(Action.ALL)) { return false; } if (restrictionEntityOne.getResourceGroup() == null && restrictionEntityTwo.getResourceGroup() != null) { return false; } if (restrictionEntityOne.getResourceType() == null && restrictionEntityTwo.getResourceType() != null) { return false; } if (restrictionEntityOne.getResourceTypePermission().equals(ResourceTypePermission.ANY) && !restrictionEntityTwo.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return false; } return true; }
if (resourceTypePermission == null || resourceTypePermission.equals(ResourceTypePermission.ANY)) { if (resourceGroupId != null && resourceTypeName != null) { throw new AMWException("Only ResourceGroup OR ResourceType must be set");