@Override public void revoke(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception { getActions(authorizable, principal).removeAll(actions); }
@Override public void grant(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception { getActions(authorizable, principal).addAll(actions); }
private Set<Privilege> getPrivileges(Principal principal) { Set<Privilege> result = new HashSet<>(); for (Map.Entry<Authorizable, ConcurrentMap<Principal, Set<Action>>> entry : privileges.entrySet()) { Authorizable authorizable = entry.getKey(); Set<Action> actions = getActions(authorizable, principal); for (Action action : actions) { result.add(new Privilege(authorizable, action)); } } return Collections.unmodifiableSet(result); }
private Set<Action> getActions(EntityId entityId, Principal principal) { return getActions(Authorizable.fromEntityId(entityId), principal); }
@Override public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException { // super users do not have any enforcement if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) { return; } // actions allowed for this principal Set<Action> allowed = getActions(entity, principal); if (allowed.containsAll(actions)) { return; } Set<Action> allowedForRoles = new HashSet<>(); // actions allowed for any of the roles to which this principal belongs if its not a role if (principal.getType() != Principal.PrincipalType.ROLE) { for (Role role : getRoles(principal)) { allowedForRoles.addAll(getActions(entity, role)); } } if (!allowedForRoles.containsAll(actions)) { throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity); } }