@Override public boolean disable(Principal principal, AllowedActions actions) { return disable(principal, actions.getAvailableActions().stream() .flatMap(avail -> avail.stream()) .collect(Collectors.toSet())); }
@Override public boolean enableOnly(Principal principal, AllowedActions actions) { return enableOnly(principal, actions.getAvailableActions().stream() .flatMap(avail -> avail.stream()) .collect(Collectors.toSet())); }
/** * Creates a new role for a particular entity type; using an existing base role for initial definition of permissions. * This method must be call within a metadata transaction. * @param entityName the name of the entity type (generally from SecurityRole.<entity type>) * @param roleName the system name of the role * @param title the title of the role * @param desc a description of the role * @param baseRole a base role from which to derive this new role's allowed permissions * @param actions any additional permitted actions allowed by this role * @return the new role instance */ public SecurityRole createDefaultRole(@Nonnull final String entityName, @Nonnull final String roleName, @Nonnull final String title, final String desc, @Nonnull final SecurityRole baseRole, final Action... actions) { final Stream<Action> baseActions = baseRole.getAllowedActions().getAvailableActions().stream().flatMap(AllowableAction::stream); final Action[] allowedActions = Stream.concat(baseActions, Stream.of(actions)).toArray(Action[]::new); return createDefaultRole(entityName, roleName, title, desc, allowedActions); }
/** * A convenience method for enabling only the permissions granted by the role memberships among the passed in set * of which the given principal is a member. The supplied allowedActions must be compatible with the kinds of actions * that the RoleMemberships control. * * @param principal the principal involved * @param allMemberships a stream of all potential role memberships that may be involved in enabling permissions for this principal * @param allowed the allowed actions that should be updated to allow the new permissions */ public static void enableOnly(Principal principal, Stream<RoleMembership> allMemberships, AllowedActions allowed) { // Get a union of all actions allowed by all role memberships containing the principal as a member. Set<Action> actions = allMemberships .filter(membership -> membership.getMembers().contains(principal)) .map(membership -> membership.getRole()) .flatMap(role -> role.getAllowedActions().getAvailableActions().stream()) .flatMap(avail -> avail.stream()) .collect(Collectors.toSet()); // Update the given allowed actions to enable only the derived set of permitted actions based // on the current set of role memberships of the principal. allowed.enableOnly(principal, actions); }