Added Permissions#isPublic = EVERYONE can read the object

security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java

@@ -16,6 +16,8 @@
 
 package org.genesys.blocks.security;
 
+import java.util.Arrays;
+
 import org.genesys.blocks.security.model.AclSid;
 import org.genesys.blocks.security.model.BasicUser;
 import org.genesys.blocks.util.CurrentApplicationContext;
@@ -26,8 +28,10 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 /**
  * The Class SecurityContextUtil.
@@ -40,6 +44,8 @@ public class SecurityContextUtil {
 	/** The permission evaluator. */
 	private static PermissionEvaluator permissionEvaluator;
 
+	private final static Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE")));
+
 	// Context initialization
 	static {
 		ApplicationContext context = CurrentApplicationContext.getContext();
@@ -151,4 +157,24 @@ public class SecurityContextUtil {
 			return false;
 		}
 	}
+
+	/**
+	 * Check if ROLE_EVERYONE has permission on target object
+	 * 
+	 * @param targetDomainObject
+	 * @param permission
+	 * @return
+	 */
+	public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
+		if (permissionEvaluator == null) {
+			LOG.warn("permissionEvaluator not available. No permissions.");
+			return false;
+		}
+
+		if (ANONYMOUS_AUTH != null) {
+			return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, targetDomainObject, permission);
+		} else {
+			return false;
+		}
+	}
 }

security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java

@@ -61,7 +61,6 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 
 
 	private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
-	private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();
 
 	/**
 	 * Instantiates a new current permissions writer.
@@ -96,11 +95,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 			return NO_PERMISSIONS;
 		}
 		
+		Permissions perms = new Permissions();
+		perms.isPublic =  SecurityContextUtil.anyoneHasPermission(bean, "READ");
+		
 		if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
-			return ALL_PERMISSIONS;
+			perms.grantAll();
 		}
 
-		Permissions perms = new Permissions();
 		try {
 			perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
 			perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);

security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java

@@ -41,6 +41,9 @@ public class Permissions {
 	/** Allowed to admin/manage. */
 	public boolean manage;
 
+	/** Anyone is allowed to read the object */
+	public boolean isPublic = false;
+
 	/* (non-Javadoc)
 	 * @see java.lang.Object#toString()
 	 */
@@ -48,7 +51,7 @@ public class Permissions {
 	public String toString() {
 		StringBuffer sb = new StringBuffer();
 		sb.append(create ? "c" : "-");
-		sb.append(read ? "r" : "-");
+		sb.append(isPublic ? "R" : read ? "r" : "-");
 		sb.append(write ? "w" : "-");
 		sb.append(delete ? "d" : "-");
 		sb.append(manage ? "A" : "-"); // Admin