コード例 #1
0
  /**
   * Go to detail page
   *
   * @return forward to DETAIL page
   */
  public String detail() {
    Integer id = Integer.parseInt(FacesUtils.getRequestParameter("id"));
    idea = manager.getEntityById(id);

    return SpringUtils.isAclPermissionGranted(idea, BasePermission.WRITE)
        ? NavigationResults.EDIT
        : NavigationResults.DETAIL;
  }
コード例 #2
0
  private void addAclLevel(
      Map<AclMatrixKey, AclMatrixValue> matrix,
      AclImpl acl,
      Class type,
      ITransferObject dto,
      Permission perm) {
    Principal principal = SpringUtils.getPrincipal();
    Sid sid = new PrincipalSid(principal.getUsername());
    AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
    AclMatrixValue level = matrix.get(key);

    log.debug(
        "addAclLevel -"
            + " permission=["
            + perm.getPattern()
            + "]"
            + " type="
            + type.getSimpleName()
            + " id="
            + dto.getId()
            + " ownerId="
            + dto.getOwnerId()
            + " departmentId="
            + dto.getDepartmentId()
            + " userId="
            + principal.getId()
            + " roleId="
            + principal.getRoleId()
            + " level="
            + level);
    if (level == null) {
      throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
    }

    switch (level) {
      case ALL:
        acl.insertAce(null, perm, sid, true);
        break;

      case OWN:
        if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
          acl.insertAce(null, perm, sid, true);
          log.warn(
              "addAclLevel - allowing permission ["
                  + perm.getPattern()
                  + "] on object "
                  + type.getSimpleName()
                  + "["
                  + dto.getId()
                  + "] "
                  + "because it is not owned by any user and ignoreUnownedObjects=true in DefaultAclService");
        } else {
          if (dto.getOwnerId() == principal.getId()) {
            acl.insertAce(null, perm, sid, true);
          }
        }
        break;

      case AREA:
        if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
          acl.insertAce(null, perm, sid, true);
          log.warn(
              "addAclLevel - allowing permission ["
                  + perm.getPattern()
                  + "] on object "
                  + type.getSimpleName()
                  + "["
                  + dto.getId()
                  + "] "
                  + "because it is not owned by any department and ignoreUnownedObjects=true in DefaultAclService");
        } else {
          if (dto.getDepartmentId() == principal.getDepartmentId()) {
            acl.insertAce(null, perm, sid, true);
          }
        }
        break;

      case DENY:
        // Do nothing
        break;

      default:
        throw new UnsupportedOperationException(
            "AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
    }
  }
コード例 #3
0
 /**
  * Whether or not edit button is available for user
  *
  * @return true if user can edit current object
  */
 public boolean isEditAvailable() {
   return SpringUtils.isAclPermissionGranted(idea, BasePermission.WRITE);
 }
コード例 #4
0
 /**
  * Whether or not delete button is available for user
  *
  * @return true if user can delete current object
  */
 public boolean isDeleteAvailable() {
   return (idea.getId() != null)
       && SpringUtils.isAclPermissionGranted(idea, BasePermission.DELETE);
 }
コード例 #5
0
 /**
  * Whether or not create button is available for user
  *
  * @return true if user can create objects of type Idea
  */
 public boolean isCreateAvailable() {
   return SpringUtils.isRolePermissionGranted(Permission.Entity_Create(Idea.class));
 }