hasRole and hasPermission added to SecurityContextUtil

9b43f462 · Matija Obreza · e0d3ddb0 · 9b43f462 · 9b43f462
Commit 9b43f462 authored Sep 29, 2018 by Matija Obreza
2 changed files
--- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
+++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
@@ -18,9 +18,14 @@ package org.genesys.blocks.security;

 import org.genesys.blocks.security.model.AclSid;
 import org.genesys.blocks.security.model.BasicUser;
+import org.genesys.blocks.util.CurrentApplicationContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;

@@ -32,6 +37,23 @@ public class SecurityContextUtil {
 	/** The Constant LOG. */
 	public static final Logger LOG = LoggerFactory.getLogger(SecurityContextUtil.class);

+	/** The permission evaluator. */
+	private static PermissionEvaluator permissionEvaluator;
+
+	// Context initialization
+	static {
+		ApplicationContext context = CurrentApplicationContext.getContext();
+		if (context != null) {
+			try {
+				permissionEvaluator = context.getBean(PermissionEvaluator.class);
+			} catch (BeansException e) {
+				LOG.warn("Could not find PermissionEvaluator instance in your context");
+			}
+		} else {
+			LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
+		}
+	}
+
 	/**
 	 * Gets the username.
 	 *
@@ -90,4 +112,43 @@ public class SecurityContextUtil {

 		return null;
 	}
+	
+	/**
+	 * Checks for role.
+	 *
+	 * @param role the role
+	 * @return true, if successful
+	 */
+	public static boolean hasRole(String role) {
+		final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+		if (auth != null) {
+			for (GrantedAuthority authority : auth.getAuthorities()) {
+				if (authority.getAuthority().equals("ROLE_" + role)) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+	
+	/**
+	 * Checks for permission.
+	 *
+	 * @param targetDomainObject the target domain object
+	 * @param permission the permission
+	 * @return true, if successful
+	 */
+	public static boolean hasPermission(Object targetDomainObject, Object permission) {
+		if (permissionEvaluator == null) {
+			LOG.warn("permissionEvaluator not available. No permissions.");
+			return false;
+		}
+
+		final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+		if (auth != null) {
+			return permissionEvaluator.hasPermission(auth, targetDomainObject, permission);
+		} else {
+			return false;
+		}
+	}
 }
--- a/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
+++ b/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
@@ -15,6 +15,14 @@
 */
 package org.genesys.blocks.security.serialization;

+import org.genesys.blocks.security.SecurityContextUtil;
+import org.genesys.blocks.security.model.AclAwareModel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.JavaType;
 import com.fasterxml.jackson.databind.SerializerProvider;
@@ -24,19 +32,6 @@ import com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition;
 import com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter;
 import com.fasterxml.jackson.databind.util.Annotations;

-import java.util.concurrent.atomic.AtomicBoolean;
-
-import org.genesys.blocks.security.model.AclAwareModel;
-import org.genesys.blocks.util.CurrentApplicationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.security.access.PermissionEvaluator;
-import org.springframework.security.acls.domain.BasePermission;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-
 /**
 * The CurrentPermissionsWriter is applied to {@link AclAwareModel} and it
 * instructs Jackson to to include {@link Permissions} for current SID for every
@@ -64,26 +59,10 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 1L;

-	/** The permission evaluator. */
-	private static PermissionEvaluator permissionEvaluator;

 	private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
 	private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();

-	// Context initialization
-	static {
-		ApplicationContext context = CurrentApplicationContext.getContext();
-		if (context != null) {
-			try {
-				permissionEvaluator = context.getBean(PermissionEvaluator.class);
-			} catch (BeansException e) {
-				LOG.warn("Could not find PermissionEvaluator instance in your context");
-			}
-		} else {
-			LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
-		}
-	}
-
 	/**
 	 * Instantiates a new current permissions writer.
 	 */
@@ -116,33 +95,23 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 		if (authentication == null) {
 			return NO_PERMISSIONS;
 		}
-		AtomicBoolean isAdmin = new AtomicBoolean(false);
-		authentication.getAuthorities().forEach(authority -> {
-			// We don't have a Role.ADMINSITRATOR defined so we use a String comparison.
-			if ("ROLE_ADMINISTRATOR".equals(authority.getAuthority())) {
-				isAdmin.set(true);
-			}
-		});
-		if (isAdmin.get()) {
+		
+		if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
 			return ALL_PERMISSIONS;
 		}
-		if (permissionEvaluator != null) {
-			if (authentication != null) {
+
 		Permissions perms = new Permissions();
 		try {
-					perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
-					perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
-					perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
-					perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
-					perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
+			perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
+			perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);
+			perms.write = SecurityContextUtil.hasPermission(bean, BasePermission.WRITE);
+			perms.delete = SecurityContextUtil.hasPermission(bean, BasePermission.DELETE);
+			perms.manage = SecurityContextUtil.hasPermission(bean, BasePermission.ADMINISTRATION);
 		} catch (Throwable e) {
 			LOG.warn("Could not read current permissions {}", e.getMessage());
 		}
 		return perms;
 	}
-		}
-		return null;
-	}

 	/*
 	 * (non-Javadoc)