/**
* Go to detail page
*
* @return forward to DETAIL page
*/
public String detail() {
Integer id = Integer.parseInt(FacesUtils.getRequestParameter("id"));
idea = manager.getEntityById(id);
return SpringUtils.isAclPermissionGranted(idea, BasePermission.WRITE)
? NavigationResults.EDIT
: NavigationResults.DETAIL;
}
private void addAclLevel(
Map<AclMatrixKey, AclMatrixValue> matrix,
AclImpl acl,
Class type,
ITransferObject dto,
Permission perm) {
Principal principal = SpringUtils.getPrincipal();
Sid sid = new PrincipalSid(principal.getUsername());
AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
AclMatrixValue level = matrix.get(key);
log.debug(
"addAclLevel -"
+ " permission=["
+ perm.getPattern()
+ "]"
+ " type="
+ type.getSimpleName()
+ " id="
+ dto.getId()
+ " ownerId="
+ dto.getOwnerId()
+ " departmentId="
+ dto.getDepartmentId()
+ " userId="
+ principal.getId()
+ " roleId="
+ principal.getRoleId()
+ " level="
+ level);
if (level == null) {
throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
}
switch (level) {
case ALL:
acl.insertAce(null, perm, sid, true);
break;
case OWN:
if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn(
"addAclLevel - allowing permission ["
+ perm.getPattern()
+ "] on object "
+ type.getSimpleName()
+ "["
+ dto.getId()
+ "] "
+ "because it is not owned by any user and ignoreUnownedObjects=true in DefaultAclService");
} else {
if (dto.getOwnerId() == principal.getId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case AREA:
if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn(
"addAclLevel - allowing permission ["
+ perm.getPattern()
+ "] on object "
+ type.getSimpleName()
+ "["
+ dto.getId()
+ "] "
+ "because it is not owned by any department and ignoreUnownedObjects=true in DefaultAclService");
} else {
if (dto.getDepartmentId() == principal.getDepartmentId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case DENY:
// Do nothing
break;
default:
throw new UnsupportedOperationException(
"AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
}
}
/**
* Whether or not edit button is available for user
*
* @return true if user can edit current object
*/
public boolean isEditAvailable() {
return SpringUtils.isAclPermissionGranted(idea, BasePermission.WRITE);
}
/**
* Whether or not delete button is available for user
*
* @return true if user can delete current object
*/
public boolean isDeleteAvailable() {
return (idea.getId() != null)
&& SpringUtils.isAclPermissionGranted(idea, BasePermission.DELETE);
}
/**
* Whether or not create button is available for user
*
* @return true if user can create objects of type Idea
*/
public boolean isCreateAvailable() {
return SpringUtils.isRolePermissionGranted(Permission.Entity_Create(Idea.class));
}
