private static <T extends IsIndexed> void checkDIPObjectPermissions(User user, T obj, Function<T, String> toDIP,
PermissionType permissionType) throws AuthorizationDeniedException {
if (isAdministrator(user)) {
return;
}
String dipId = toDIP.apply(obj);
IndexedDIP dip;
try {
dip = RodaCoreFactory.getIndexService().retrieve(IndexedDIP.class, dipId,
RodaConstants.DIP_PERMISSIONS_FIELDS_TO_RETURN);
} catch (NotFoundException | GenericException e) {
throw new AuthorizationDeniedException("Could not check permissions of object " + obj, e);
}
Set<String> users = dip.getPermissions().getUsers().get(permissionType);
Set<String> groups = dip.getPermissions().getGroups().get(permissionType);
LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})",
user.getId(), permissionType, dip.getId(), users, groups);
if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) {
throw new AuthorizationDeniedException(
"The user '" + user.getId() + "' does not have permissions to " + permissionType);
}
}