public PermissionType getType() { return type == null ? null : PermissionType.fromId(type); }
/** * INTERNAL */ public Integer getPermissionValue(PermissionType type, String target) { return permissions[type.ordinal()].get(target); }
public Collection<PermissionInfo> getPermissionInfos() { Collection<PermissionInfo> result = new ArrayList<>(); for (PermissionType permissionType : PermissionType.values()) { Map<String, Integer> permissionsMap = userSessionSource.getUserSession().getPermissionsByType(permissionType); for (Map.Entry<String, Integer> entry : permissionsMap.entrySet()) { String target = entry.getKey(); Integer value = entry.getValue(); PermissionInfo permissionInfo = new PermissionInfo(permissionType.name(), target, getPermissionValueStr(permissionType, value), value); result.add(permissionInfo); } } return result; }
/** * INTERNAL */ public UserSession(UUID id, User user, Collection<Role> roles, Locale locale, boolean system) { this.id = id; this.user = user; this.system = system; for (Role role : roles) { this.roles.add(role.getName()); if (role.getType() != null) roleTypes.add(role.getType()); } this.locale = locale; if (user.getTimeZone() != null) this.timeZone = TimeZone.getTimeZone(user.getTimeZone()); //noinspection unchecked permissions = new Map[PermissionType.values().length]; for (int i = 0; i < permissions.length; i++) { permissions[i] = new HashMap<>(); } constraints = new HashMap<>(); attributes = new ConcurrentHashMap<>(); localAttributes = new ConcurrentHashMap<>(); }
/** * Constructor. * * @param type permission type * @param target permission target object, e.g. a screen id or entity operation name. When throwing the exception * in application code, can be any string suitable to describe the situation in the log. */ public AccessDeniedException(PermissionType type, String target) { super(type.toString() + " " + target); this.type = type; this.target = target; }
public void setType(PermissionType type) { this.type = type == null ? null : type.getId(); }
public boolean isPermitted(UserSession session) { if (StringUtils.isEmpty(id) || isSeparator()) { return true; } else { boolean screenPermitted = session.isScreenPermitted(id); if (screenPermitted) { Element permissionsElem = descriptor.element("permissions"); if (permissionsElem != null) { for (Element element : Dom4j.elements(permissionsElem, "permission")) { PermissionType type = PermissionType.valueOf(element.attributeValue("type")); String target = element.attributeValue("target"); screenPermitted = session.isPermitted(type, target); if (!screenPermitted) break; } } } return screenPermitted; } }
/** * Constructor. * * @param type permission type * @param entityOp type of operation on entity * @param target permission target object, e.g. a screen id or entity operation name. When throwing the exception * in application code, can be any string suitable to describe the situation in the log. */ public AccessDeniedException(PermissionType type, EntityOp entityOp, String target) { super(type.toString() + ":" + entityOp.toString() + " " + target); this.type = type; this.target = target; this.entityOp = entityOp; }
protected void parseConfigFile(String fileName) { String fileContent = resources.getResourceAsString(fileName); if (!Strings.isNullOrEmpty(fileContent)) { Document document = Dom4j.readDocument(fileContent); List<Element> permissionElements = document.getRootElement().elements("permission"); for (Element element : permissionElements) { String target = element.attributeValue("target"); Integer value = Integer.valueOf(element.attributeValue("value")); Integer type = Integer.valueOf(element.attributeValue("type")); Permission permission = metadata.create(Permission.class); permission.setTarget(target); permission.setType(PermissionType.fromId(type)); permission.setValue(value); permissionValues.put(target, permission); } } else { log.error("File {} not found", fileName); } }
/** * Get permissions by type */ public Map<String, Integer> getPermissionsByType(PermissionType type) { return Collections.unmodifiableMap(permissions[type.ordinal()]); }
/** * INTERNAL */ public void addPermission(PermissionType type, String target, @Nullable String extTarget, int value) { Integer currentValue = permissions[type.ordinal()].get(target); if (currentValue == null || currentValue < value) { permissions[type.ordinal()].put(target, value); if (extTarget != null) permissions[type.ordinal()].put(extTarget, value); } }
/** * INTERNAL */ public void removePermission(PermissionType type, String target) { permissions[type.ordinal()].remove(target); }
/** * Check user permission for the specified value. * * @param type permission type * @param target permission target:<ul> * <li>screen * <li>entity operation (view, create, update, delete) * <li>entity attribute name * <li>specific permission name * </ul> * @param value method returns true if the corresponding {@link com.haulmont.cuba.security.entity.Permission} * record contains value equal or greater than specified * @return true if permitted, false otherwise */ public boolean isPermitted(PermissionType type, String target, int value) { // If we have super-role no need to check anything if (roleTypes.contains(RoleType.SUPER)) return true; // Get permission value assigned by the set of permissions Integer v = permissions[type.ordinal()].get(target); // Get permission value assigned by non-standard roles for (RoleType roleType : roleTypes) { Integer v1 = roleType.permissionValue(type, target); if (v1 != null && (v == null || v < v1)) { v = v1; } } // Return true if no value set for this target, or if the value is more than requested return v == null || v >= value; }