@Override
public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException {
if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) {
return;
}
Set<Action> allowed = getActions(entity, principal);
if (allowed.containsAll(actions)) {
return;
}
Set<Action> allowedForRoles = new HashSet<>();
if (principal.getType() != Principal.PrincipalType.ROLE) {
for (Role role : getRoles(principal)) {
allowedForRoles.addAll(getActions(entity, role));
}
}
if (!allowedForRoles.containsAll(actions)) {
throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity);
}
}