Commit 669962d9 authored by Matija Obreza's avatar Matija Obreza

PermissionWriter updated

- return no permissions if authentication is missing
- return all permissions if has authority ADMINISTRATOR
parent bce713c2
......@@ -24,6 +24,8 @@ import com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition;
import com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter;
import com.fasterxml.jackson.databind.util.Annotations;
import java.util.concurrent.atomic.AtomicBoolean;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.slf4j.Logger;
......@@ -37,8 +39,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
/**
* The CurrentPermissionsWriter is applied to {@link AclAwareModel} and it
* instructs Jackson to to include {@link Permissions} for current SID
* for every ACL aware entity.
* instructs Jackson to to include {@link Permissions} for current SID for every
* ACL aware entity.
*
* Serialization is enabled <code>@JsonAppend</code> annotation on
* <code>AclAwareModel</code>:
......@@ -65,6 +67,9 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
/** The permission evaluator. */
private static PermissionEvaluator permissionEvaluator;
private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();
// Context initialization
static {
ApplicationContext context = CurrentApplicationContext.getContext();
......@@ -107,8 +112,21 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
*/
@Override
protected Object value(Object bean, JsonGenerator gen, SerializerProvider prov) throws Exception {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return NO_PERMISSIONS;
}
AtomicBoolean isAdmin = new AtomicBoolean(false);
authentication.getAuthorities().forEach(authority -> {
// We don't have a Role.ADMINSITRATOR defined so we use a String comparison.
if ("ROLE_ADMINISTRATOR".equals(authority.getAuthority())) {
isAdmin.set(true);
}
});
if (isAdmin.get()) {
return ALL_PERMISSIONS;
}
if (permissionEvaluator != null) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
Permissions perms = new Permissions();
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment