public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) { GenericValue userLogin = (GenericValue) context.get("userLogin"); Authorization authz = dctx.getAuthorization(); Security security = dctx.getSecurity(); if (userLogin == null) { Debug.logInfo("Secure service requested with no userLogin object", module); return false; } switch (permissionType) { case PERMISSION: return evalAuthzPermission(authz, userLogin, context); case ENTITY_PERMISSION: return evalEntityPermission(security, userLogin); case ROLE_MEMBER: return evalRoleMember(userLogin); case PERMISSION_SERVICE: return evalPermissionService(serviceModel, dctx, context); default: Debug.logWarning( "Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module); return false; } }
private Map<String, Object> serviceInvoker( String localName, ModelService modelService, Map<String, Object> context) throws GenericServiceException { if (UtilValidate.isEmpty(modelService.location)) { throw new GenericServiceException("Cannot run Groovy service with empty location"); } Map<String, Object> params = FastMap.newInstance(); params.putAll(context); context.put(ScriptUtil.PARAMETERS_KEY, params); DispatchContext dctx = dispatcher.getLocalContext(localName); context.put("dctx", dctx); context.put("dispatcher", dctx.getDispatcher()); context.put("delegator", dispatcher.getDelegator()); try { ScriptContext scriptContext = ScriptUtil.createScriptContext(context, protectedKeys); ScriptHelper scriptHelper = (ScriptHelper) scriptContext.getAttribute(ScriptUtil.SCRIPT_HELPER_KEY); if (scriptHelper != null) { context.put(ScriptUtil.SCRIPT_HELPER_KEY, scriptHelper); } Script script = InvokerHelper.createScript( GroovyUtil.getScriptClassFromLocation( this.getLocation(modelService), groovyClassLoader), GroovyUtil.getBinding(context)); Object resultObj = null; if (UtilValidate.isEmpty(modelService.invoke)) { resultObj = script.run(); } else { resultObj = script.invokeMethod(modelService.invoke, EMPTY_ARGS); } if (resultObj == null) { resultObj = scriptContext.getAttribute(ScriptUtil.RESULT_KEY); } if (resultObj != null && resultObj instanceof Map<?, ?>) { return cast(resultObj); } Map<String, Object> result = ServiceUtil.returnSuccess(); result.putAll( modelService.makeValid(scriptContext.getBindings(ScriptContext.ENGINE_SCOPE), "OUT")); return result; } catch (GeneralException ge) { throw new GenericServiceException(ge); } catch (Exception e) { return ServiceUtil.returnError(e.getMessage()); } }
private boolean evalPermissionService( ModelService origService, DispatchContext dctx, Map<String, ? extends Object> context) { ModelService permission; if (permissionServiceName == null) { Debug.logWarning("No ModelService found; no service name specified!", module); return false; } try { permission = dctx.getModelService(permissionServiceName); } catch (GenericServiceException e) { Debug.logError(e, "Failed to get ModelService: " + e.toString(), module); return false; } if (permission == null) { Debug.logError("No ModelService found with the name [" + permissionServiceName + "]", module); return false; } permission.auth = true; Map<String, Object> ctx = permission.makeValid(context, ModelService.IN_PARAM); if (UtilValidate.isNotEmpty(action)) { ctx.put("mainAction", action); } if (UtilValidate.isNotEmpty(permissionResourceDesc)) { ctx.put("resourceDescription", permissionResourceDesc); } else if (origService != null) { ctx.put("resourceDescription", origService.name); } LocalDispatcher dispatcher = dctx.getDispatcher(); Map<String, Object> resp; String failMessage = null; try { resp = dispatcher.runSync(permission.name, ctx, 300, true); failMessage = (String) resp.get("failMessage"); } catch (GenericServiceException e) { Debug.logError(failMessage + e.getMessage(), module); return false; } if (ServiceUtil.isError(resp) || ServiceUtil.isFailure(resp)) { Debug.logError(failMessage, module); return false; } return ((Boolean) resp.get("hasPermission")).booleanValue(); }