protected void isAuthorized() { // check permissions boolean userHasPermission = false; String permissionName = AwardPermissionConstants.VIEW_AWARD.getAwardPermission(); userHasPermission = getUnitAuthorizationService() .hasPermission( GlobalVariables.getUserSession().getPrincipalId(), "KC-AWARD", permissionName); if (!userHasPermission) { permissionName = AwardPermissionConstants.MODIFY_AWARD.getAwardPermission(); userHasPermission = getUnitAuthorizationService() .hasPermission( GlobalVariables.getUserSession().getPrincipalId(), "KC-AWARD", permissionName); } if (!userHasPermission) { permissionName = AwardPermissionConstants.MODIFY_AWARD_REPORT_TRACKING.getAwardPermission(); userHasPermission = getUnitAuthorizationService() .hasPermission( GlobalVariables.getUserSession().getPrincipalId(), "KC-AWARD", permissionName); } if (!userHasPermission) { throw new AuthorizationException( GlobalVariables.getUserSession().getPrincipalName(), "Search", "Report Tracking"); } }
@Override public boolean isAuthorized(String userId, AwardTask task) { return hasUnitPermission( userId, Constants.MODULE_NAMESPACE_AWARD, AwardPermissionConstants.MODIFY_AWARD_REPORT_TRACKING.getAwardPermission()); }