Commit cd95da72 authored by Matija Obreza's avatar Matija Obreza

Added Permissions#isPublic = EVERYONE can read the object

parent c0919826
......@@ -16,6 +16,8 @@
package org.genesys.blocks.security;
import java.util.Arrays;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.util.CurrentApplicationContext;
......@@ -26,20 +28,24 @@ import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
/**
* The Class SecurityContextUtil.
*/
public class SecurityContextUtil {
/** The Constant LOG. */
public static final Logger LOG = LoggerFactory.getLogger(SecurityContextUtil.class);
/** The permission evaluator. */
private static PermissionEvaluator permissionEvaluator;
private final static Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE")));
// Context initialization
static {
ApplicationContext context = CurrentApplicationContext.getContext();
......@@ -86,7 +92,7 @@ public class SecurityContextUtil {
} else {
LOG.warn("Principal {} is not BasicUser, but type {}", principal, principal.getClass());
}
}
}
return null;
}
......@@ -112,7 +118,7 @@ public class SecurityContextUtil {
return null;
}
/**
* Checks for role.
*
......@@ -130,7 +136,7 @@ public class SecurityContextUtil {
}
return false;
}
/**
* Checks for permission.
*
......@@ -151,4 +157,24 @@ public class SecurityContextUtil {
return false;
}
}
/**
* Check if ROLE_EVERYONE has permission on target object
*
* @param targetDomainObject
* @param permission
* @return
*/
public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
if (permissionEvaluator == null) {
LOG.warn("permissionEvaluator not available. No permissions.");
return false;
}
if (ANONYMOUS_AUTH != null) {
return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, targetDomainObject, permission);
} else {
return false;
}
}
}
......@@ -61,7 +61,6 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();
/**
* Instantiates a new current permissions writer.
......@@ -96,11 +95,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
return NO_PERMISSIONS;
}
Permissions perms = new Permissions();
perms.isPublic = SecurityContextUtil.anyoneHasPermission(bean, "READ");
if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
return ALL_PERMISSIONS;
perms.grantAll();
}
Permissions perms = new Permissions();
try {
perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);
......
......@@ -41,6 +41,9 @@ public class Permissions {
/** Allowed to admin/manage. */
public boolean manage;
/** Anyone is allowed to read the object */
public boolean isPublic = false;
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
......@@ -48,7 +51,7 @@ public class Permissions {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append(create ? "c" : "-");
sb.append(read ? "r" : "-");
sb.append(isPublic ? "R" : read ? "r" : "-");
sb.append(write ? "w" : "-");
sb.append(delete ? "d" : "-");
sb.append(manage ? "A" : "-"); // Admin
......
......@@ -24,13 +24,13 @@ import org.springframework.security.core.GrantedAuthority;
public enum UserRole implements GrantedAuthority {
/** The user. */
USER("User"),
/** The administrator. */
ADMINISTRATOR("Administrator"),
/** The extrarole. */
EXTRAROLE("Extra"),
/** The everyone. */
EVERYONE("Everyone");
USER("User"),
/** The administrator. */
ADMINISTRATOR("Administrator"),
/** The extrarole. */
EXTRAROLE("Extra"),
/** The everyone. */
EVERYONE("Everyone");
/** The label. */
String label;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment