HttpServletResponse response) throws IOException { Authorization a = Authorization.valueOf(authorization.toUpperCase()); ResourceType r = ResourceType.parse(resourceType); Set<Authorization> authorizations = new HashSet<>(0);
@Override public boolean hasPermission(Authentication authentication, Serializable resourceName, String resourceType, Object authorization) { if (!fiatStatus.isEnabled()) { return true; } if (resourceName == null || resourceType == null || authorization == null) { log.debug("Permission denied due to null argument. resourceName={}, resourceType={}, " + "authorization={}", resourceName, resourceType, authorization); return false; } ResourceType r = ResourceType.parse(resourceType); Authorization a = null; // Service accounts don't have read/write authorizations. if (r != ResourceType.SERVICE_ACCOUNT) { a = Authorization.valueOf(authorization.toString()); } if (r == ResourceType.APPLICATION && StringUtils.isNotEmpty(resourceName.toString())) { resourceName = resourceName.toString(); } UserPermission.View permission = getPermission(getUsername(authentication)); boolean hasPermission = permissionContains(permission, resourceName.toString(), r, a); authorizationFailure.set( hasPermission ? null : new AuthorizationFailure(a, r, resourceName.toString()) ); return hasPermission; }
@Override public boolean hasPermission(Authentication authentication, Serializable resourceName, String resourceType, Object authorization) { if (!fiatStatus.isEnabled()) { return true; } if (resourceName == null || resourceType == null || authorization == null) { log.debug("Permission denied due to null argument. resourceName={}, resourceType={}, " + "authorization={}", resourceName, resourceType, authorization); return false; } ResourceType r = ResourceType.parse(resourceType); Authorization a = null; // Service accounts don't have read/write authorizations. if (r != ResourceType.SERVICE_ACCOUNT) { a = Authorization.valueOf(authorization.toString()); } if (r == ResourceType.APPLICATION && StringUtils.isNotEmpty(resourceName.toString())) { resourceName = resourceName.toString(); } UserPermission.View permission = getPermission(getUsername(authentication)); boolean hasPermission = permissionContains(permission, resourceName.toString(), r, a); authorizationFailure.set( hasPermission ? null : new AuthorizationFailure(a, r, resourceName.toString()) ); return hasPermission; }