@Path("/permissions/{username}/{typename}/{id}") @GET @RunAsAdmin public NameValueList hasPermission( @PathParam("username") String username, @PathParam("typename") String typename, @PathParam("id") long id) { List<FxRole> roles = new ArrayList<>(1); FxRole user = FxRole.loadByName(username, em); roles.add(user); NameValueList mList = new NameValueList(); FleximsDynamicEntityImpl entity = null; if (id != 0) { entity = dao.loadEntity(typename, id); } for (Action action : ACLHelper.getAvailableActions()) { if (permissionChecker.hasPermission(action, roles, typename, entity)) { mList.addPair(action.getName(), "true"); } else { mList.addPair(action.getName(), "false"); } } return mList; }
@SuppressWarnings("unchecked") @Path("/instacl/{typename}/{id}") @POST public void saveInstACL( @PathParam("typename") String typename, @PathParam("id") long id, InstanceACES aces) { FleximsDynamicEntityImpl entity = dao.loadEntity(typename, id); if (entity == null) { return; } if (permissionChecker.hasPermission( ACLHelper.getActionByName(GrantAction.NAME), roleContext.getRoles(), entity.getClass().getSimpleName(), entity)) { throw new AuthorizedException(InstanceActionType.GRANT, entity); } securityEM.getTransaction().begin(); Query query = securityEM.createNamedQuery(InstanceACE.ACLQNAME); query.setParameter("typeid", typename); query.setParameter("instanceid", id); List<InstanceACE> acesOld = (List<InstanceACE>) query.getResultList(); for (InstanceACE ace : aces.getAces()) { if (ace.getId() == 0) { securityEM.persist(ace); } else { for (InstanceACE oldAce : acesOld) { if (oldAce.getId() == ace.getId()) { securityEM.merge(ace); acesOld.remove(oldAce); break; } } } } for (InstanceACE oldAce : acesOld) { securityEM.remove(oldAce); } securityEM.getTransaction().commit(); }
@Path("/typepermissions/{username}/{action}") @GET @RunAsAdmin public NameValueList hasTypePermission( @PathParam("username") String username, @PathParam("action") String actionName) { List<FxRole> roles = new ArrayList<>(1); FxRole user = FxRole.loadByName(username, em); roles.add(user); NameValueList mList = new NameValueList(); Action action = ACLHelper.getActionByName(actionName); for (ManagedType<?> t : JpaMetamodelHelper.getMetamodel().getManagedTypes()) { if (permissionChecker.hasPermission(action, roles, t.getJavaType().getSimpleName(), null)) { mList.addPair(t.getJavaType().getSimpleName(), "true"); } else { mList.addPair(t.getJavaType().getSimpleName(), "false"); } } return mList; }
@Path("/typeacl") @POST public void saveTypeACL(TypeACL typeACL) { if (permissionChecker.hasPermission( ACLHelper.getActionByName(GrantAction.NAME), roleContext.getRoles(), typeACL.getTypeid(), null)) { throw new AuthorizedException(InstanceActionType.GRANT, null); } for (RolePermission p : typeACL.getRolePermissions()) { p.setTypeACL(typeACL); } for (PropertyPermission p : typeACL.getPropPermissions()) { p.setTypeACL(typeACL); } securityEM.getTransaction().begin(); securityEM.merge(typeACL); securityEM.getTransaction().commit(); ACLHelper.typeacls.put(typeACL.getTypeid(), typeACL); }