/**
* delegates to SecurityFilter because that is where the logic is defined for the {@link
* #enableReadFilter(Object) read filter}
*
* <p>Ignores the id for the moment.
*
* <p>Though we pass in whether or not a share is active for completeness, a different {@link
* ACLVoter} implementation will almost certainly be active for share use.
*/
public boolean allowLoad(Class<? extends IObject> klass, Details d, long id) {
Assert.notNull(klass);
if (d == null
|| sysTypes.isSystemType(klass)
|| sysTypes.isInSystemGroup(d)
|| sysTypes.isInUserGroup(d)) {
return true;
}
final BasicEventContext c = currentUser.current();
final boolean nonPrivate =
c.getCurrentGroupPermissions().isGranted(Role.GROUP, Right.READ)
|| c.getCurrentGroupPermissions().isGranted(Role.WORLD, Right.READ);
final boolean isShare = c.getCurrentShareId() != null;
final boolean adminOrPi =
c.isCurrentUserAdmin() || c.getLeaderOfGroupsList().contains(c.getCurrentGroupId());
return securityFilter.passesFilter(
d, c.getGroup().getId(), c.getOwner().getId(), nonPrivate, adminOrPi, isShare);
}
