Commit 6b359fda authored by Matija Obreza's avatar Matija Obreza

Avoid logging a message if model is not persisted

- "getId()" must return a value otherwise ACL permissionEvaluator complains
parent f2a800c5
......@@ -90,6 +90,18 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
*/
@Override
protected Object value(Object bean, JsonGenerator gen, SerializerProvider prov) throws Exception {
if (bean == null || !(bean instanceof AclAwareModel)) {
// Skip nulls
return null;
}
AclAwareModel aclAwareModel = (AclAwareModel) bean;
if (aclAwareModel.getId() == null) {
// Don't write permissions for non-persisted objects
return null;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return NO_PERMISSIONS;
......@@ -97,9 +109,9 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
Permissions perms = new Permissions();
try {
perms.isPublic = SecurityContextUtil.anyoneHasPermission(bean, "READ");
perms.isPublic = SecurityContextUtil.anyoneHasPermission(aclAwareModel, "READ");
} catch (Throwable e) {
LOG.warn("Could not read public permissions {}", e.getMessage());
LOG.warn("Could not read public permissions {}", e.getMessage(), e);
perms.isPublic = false;
}
......@@ -107,13 +119,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
perms.grantAll();
} else {
try {
perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);
perms.write = SecurityContextUtil.hasPermission(bean, BasePermission.WRITE);
perms.delete = SecurityContextUtil.hasPermission(bean, BasePermission.DELETE);
perms.manage = SecurityContextUtil.hasPermission(bean, BasePermission.ADMINISTRATION);
perms.create = SecurityContextUtil.hasPermission(aclAwareModel, BasePermission.CREATE);
perms.read = SecurityContextUtil.hasPermission(aclAwareModel, BasePermission.READ);
perms.write = SecurityContextUtil.hasPermission(aclAwareModel, BasePermission.WRITE);
perms.delete = SecurityContextUtil.hasPermission(aclAwareModel, BasePermission.DELETE);
perms.manage = SecurityContextUtil.hasPermission(aclAwareModel, BasePermission.ADMINISTRATION);
} catch (Throwable e) {
LOG.warn("Could not read current permissions {}", e.getMessage());
LOG.warn("Could not read current permissions {}", e.getMessage(), e);
}
}
return perms;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment