@Path("/permissions/{username}/{typename}/{id}")
@GET
@RunAsAdmin
public NameValueList hasPermission(
@PathParam("username") String username,
@PathParam("typename") String typename,
@PathParam("id") long id) {
List<FxRole> roles = new ArrayList<>(1);
FxRole user = FxRole.loadByName(username, em);
roles.add(user);
NameValueList mList = new NameValueList();
FleximsDynamicEntityImpl entity = null;
if (id != 0) {
entity = dao.loadEntity(typename, id);
}
for (Action action : ACLHelper.getAvailableActions()) {
if (permissionChecker.hasPermission(action, roles, typename, entity)) {
mList.addPair(action.getName(), "true");
} else {
mList.addPair(action.getName(), "false");
}
}
return mList;
}
@SuppressWarnings("unchecked")
@Path("/instacl/{typename}/{id}")
@POST
public void saveInstACL(
@PathParam("typename") String typename, @PathParam("id") long id, InstanceACES aces) {
FleximsDynamicEntityImpl entity = dao.loadEntity(typename, id);
if (entity == null) {
return;
}
if (permissionChecker.hasPermission(
ACLHelper.getActionByName(GrantAction.NAME),
roleContext.getRoles(),
entity.getClass().getSimpleName(),
entity)) {
throw new AuthorizedException(InstanceActionType.GRANT, entity);
}
securityEM.getTransaction().begin();
Query query = securityEM.createNamedQuery(InstanceACE.ACLQNAME);
query.setParameter("typeid", typename);
query.setParameter("instanceid", id);
List<InstanceACE> acesOld = (List<InstanceACE>) query.getResultList();
for (InstanceACE ace : aces.getAces()) {
if (ace.getId() == 0) {
securityEM.persist(ace);
} else {
for (InstanceACE oldAce : acesOld) {
if (oldAce.getId() == ace.getId()) {
securityEM.merge(ace);
acesOld.remove(oldAce);
break;
}
}
}
}
for (InstanceACE oldAce : acesOld) {
securityEM.remove(oldAce);
}
securityEM.getTransaction().commit();
}
@Path("/typepermissions/{username}/{action}")
@GET
@RunAsAdmin
public NameValueList hasTypePermission(
@PathParam("username") String username, @PathParam("action") String actionName) {
List<FxRole> roles = new ArrayList<>(1);
FxRole user = FxRole.loadByName(username, em);
roles.add(user);
NameValueList mList = new NameValueList();
Action action = ACLHelper.getActionByName(actionName);
for (ManagedType<?> t : JpaMetamodelHelper.getMetamodel().getManagedTypes()) {
if (permissionChecker.hasPermission(action, roles, t.getJavaType().getSimpleName(), null)) {
mList.addPair(t.getJavaType().getSimpleName(), "true");
} else {
mList.addPair(t.getJavaType().getSimpleName(), "false");
}
}
return mList;
}
@Path("/typeacl")
@POST
public void saveTypeACL(TypeACL typeACL) {
if (permissionChecker.hasPermission(
ACLHelper.getActionByName(GrantAction.NAME),
roleContext.getRoles(),
typeACL.getTypeid(),
null)) {
throw new AuthorizedException(InstanceActionType.GRANT, null);
}
for (RolePermission p : typeACL.getRolePermissions()) {
p.setTypeACL(typeACL);
}
for (PropertyPermission p : typeACL.getPropPermissions()) {
p.setTypeACL(typeACL);
}
securityEM.getTransaction().begin();
securityEM.merge(typeACL);
securityEM.getTransaction().commit();
ACLHelper.typeacls.put(typeACL.getTypeid(), typeACL);
}
