Commit cd95da72 authored by Matija Obreza's avatar Matija Obreza

Added Permissions#isPublic = EVERYONE can read the object

parent c0919826
......@@ -16,6 +16,8 @@
package org.genesys.blocks.security;
import java.util.Arrays;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.util.CurrentApplicationContext;
......@@ -26,8 +28,10 @@ import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
/**
* The Class SecurityContextUtil.
......@@ -40,6 +44,8 @@ public class SecurityContextUtil {
/** The permission evaluator. */
private static PermissionEvaluator permissionEvaluator;
private final static Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE")));
// Context initialization
static {
ApplicationContext context = CurrentApplicationContext.getContext();
......@@ -151,4 +157,24 @@ public class SecurityContextUtil {
return false;
}
}
/**
* Check if ROLE_EVERYONE has permission on target object
*
* @param targetDomainObject
* @param permission
* @return
*/
public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
if (permissionEvaluator == null) {
LOG.warn("permissionEvaluator not available. No permissions.");
return false;
}
if (ANONYMOUS_AUTH != null) {
return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, targetDomainObject, permission);
} else {
return false;
}
}
}
......@@ -61,7 +61,6 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();
/**
* Instantiates a new current permissions writer.
......@@ -96,11 +95,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
return NO_PERMISSIONS;
}
Permissions perms = new Permissions();
perms.isPublic = SecurityContextUtil.anyoneHasPermission(bean, "READ");
if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
return ALL_PERMISSIONS;
perms.grantAll();
}
Permissions perms = new Permissions();
try {
perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);
......
......@@ -41,6 +41,9 @@ public class Permissions {
/** Allowed to admin/manage. */
public boolean manage;
/** Anyone is allowed to read the object */
public boolean isPublic = false;
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
......@@ -48,7 +51,7 @@ public class Permissions {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append(create ? "c" : "-");
sb.append(read ? "r" : "-");
sb.append(isPublic ? "R" : read ? "r" : "-");
sb.append(write ? "w" : "-");
sb.append(delete ? "d" : "-");
sb.append(manage ? "A" : "-"); // Admin
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment