public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) {
GenericValue userLogin = (GenericValue) context.get("userLogin");
Authorization authz = dctx.getAuthorization();
Security security = dctx.getSecurity();
if (userLogin == null) {
Debug.logInfo("Secure service requested with no userLogin object", module);
return false;
}
switch (permissionType) {
case PERMISSION:
return evalAuthzPermission(authz, userLogin, context);
case ENTITY_PERMISSION:
return evalEntityPermission(security, userLogin);
case ROLE_MEMBER:
return evalRoleMember(userLogin);
case PERMISSION_SERVICE:
return evalPermissionService(serviceModel, dctx, context);
default:
Debug.logWarning(
"Invalid permission type ["
+ permissionType
+ "] for permission named : "
+ nameOrRole
+ " on service : "
+ serviceModel.name,
module);
return false;
}
}
private Map<String, Object> serviceInvoker(
String localName, ModelService modelService, Map<String, Object> context)
throws GenericServiceException {
if (UtilValidate.isEmpty(modelService.location)) {
throw new GenericServiceException("Cannot run Groovy service with empty location");
}
Map<String, Object> params = FastMap.newInstance();
params.putAll(context);
context.put(ScriptUtil.PARAMETERS_KEY, params);
DispatchContext dctx = dispatcher.getLocalContext(localName);
context.put("dctx", dctx);
context.put("dispatcher", dctx.getDispatcher());
context.put("delegator", dispatcher.getDelegator());
try {
ScriptContext scriptContext = ScriptUtil.createScriptContext(context, protectedKeys);
ScriptHelper scriptHelper =
(ScriptHelper) scriptContext.getAttribute(ScriptUtil.SCRIPT_HELPER_KEY);
if (scriptHelper != null) {
context.put(ScriptUtil.SCRIPT_HELPER_KEY, scriptHelper);
}
Script script =
InvokerHelper.createScript(
GroovyUtil.getScriptClassFromLocation(
this.getLocation(modelService), groovyClassLoader),
GroovyUtil.getBinding(context));
Object resultObj = null;
if (UtilValidate.isEmpty(modelService.invoke)) {
resultObj = script.run();
} else {
resultObj = script.invokeMethod(modelService.invoke, EMPTY_ARGS);
}
if (resultObj == null) {
resultObj = scriptContext.getAttribute(ScriptUtil.RESULT_KEY);
}
if (resultObj != null && resultObj instanceof Map<?, ?>) {
return cast(resultObj);
}
Map<String, Object> result = ServiceUtil.returnSuccess();
result.putAll(
modelService.makeValid(scriptContext.getBindings(ScriptContext.ENGINE_SCOPE), "OUT"));
return result;
} catch (GeneralException ge) {
throw new GenericServiceException(ge);
} catch (Exception e) {
return ServiceUtil.returnError(e.getMessage());
}
}
private boolean evalPermissionService(
ModelService origService, DispatchContext dctx, Map<String, ? extends Object> context) {
ModelService permission;
if (permissionServiceName == null) {
Debug.logWarning("No ModelService found; no service name specified!", module);
return false;
}
try {
permission = dctx.getModelService(permissionServiceName);
} catch (GenericServiceException e) {
Debug.logError(e, "Failed to get ModelService: " + e.toString(), module);
return false;
}
if (permission == null) {
Debug.logError("No ModelService found with the name [" + permissionServiceName + "]", module);
return false;
}
permission.auth = true;
Map<String, Object> ctx = permission.makeValid(context, ModelService.IN_PARAM);
if (UtilValidate.isNotEmpty(action)) {
ctx.put("mainAction", action);
}
if (UtilValidate.isNotEmpty(permissionResourceDesc)) {
ctx.put("resourceDescription", permissionResourceDesc);
} else if (origService != null) {
ctx.put("resourceDescription", origService.name);
}
LocalDispatcher dispatcher = dctx.getDispatcher();
Map<String, Object> resp;
String failMessage = null;
try {
resp = dispatcher.runSync(permission.name, ctx, 300, true);
failMessage = (String) resp.get("failMessage");
} catch (GenericServiceException e) {
Debug.logError(failMessage + e.getMessage(), module);
return false;
}
if (ServiceUtil.isError(resp) || ServiceUtil.isFailure(resp)) {
Debug.logError(failMessage, module);
return false;
}
return ((Boolean) resp.get("hasPermission")).booleanValue();
}
