Exemple #1
0
  private void checkAuthorization(
      Item item, User user, Authorizer.Authorization requiredAuthorization)
      throws ActionHandlerException {
    logger.debug("[Authorization check] " + user + " for " + item);
    if (item instanceof Authorizable) {
      Authorizable a = (Authorizable) item;
      Authorizer authorizer = a.getAuthorizer();

      logger.debug(
          authorizer.getAuthorization(user).ordinal() + " >= " + requiredAuthorization.ordinal());

      if (authorizer.getAuthorization(user).ordinal() < requiredAuthorization.ordinal()) {
        throw new ActionHandlerException(user + " was not authorized");
      }
    }
  }
Exemple #2
0
  private void handleItemType(ItemType type, Request request, Response response)
      throws ActionHandlerException {
    if (request.getRequestParts().length > 2) {
      String name = request.getRequestParts()[2];
      AbstractItem item = null;
      try {
        item = type.getItem(name, request.getDB());
      } catch (CouldNotLoadItemException e) {
        throw new ActionHandlerException(e);
      }

      /* Authorization */
      checkAuthorization(
          item, request.getUser(), Authorizer.Authorization.get(request.isRequestPost()));

      request.getContext().put("title", item.getDisplayName());

      if (item instanceof Actionable) {
        actions(item, 3, request, response);
      } else {
        if (request.getRequestParts().length > 2) {
          throw new ActionHandlerException("No such action, " + request.getRequestURI());
        } else {
          executeThing(request, response, item, "index");
        }
      }

    } else {
      /* TODO, what? */
    }
  }