예제 #1
0
    public static void checkPermission(String key, boolean allowSystem) throws NoAccessException {
      long l = 0;
      if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
        Plugin.debug(">>>>>>> [%s]", key);
        l = System.currentTimeMillis();
      }
      if (Boolean.parseBoolean(Play.configuration.getProperty(ConfigConstants.DISABLE, "false"))) {
        return;
      }

      IAuthorizeable a = reg_.get(key);
      if (null == a) {
        throw new RuntimeException("oops, something wrong with enhancer... ?");
      }
      IAccount acc = null;
      try {
        IAccount accFact = AAAFactory.account();
        acc = accFact.getCurrent();
        if (null == acc) {
          if (allowSystem) {
            if (!Boolean.parseBoolean(
                Play.configuration.getProperty(ConfigConstants.SYSTEM_PERMISSION_CHECK, "false"))) {
              // suppress permission check for system account
              return;
            }
            acc = accFact.getSystemAccount();
          }
          if (null == acc) {
            throw new NoAccessException("cannot determine principal account");
          }
        }

        // superuser check
        boolean isSuperUser = false;
        if (Plugin.superuser > 0) {
          IPrivilege p = acc.getPrivilege();
          if (null != p) isSuperUser = p.getLevel() >= Plugin.superuser;
        }
        if (!isSuperUser && !acc.hasAccessTo(a)) {
          throw new NoAccessException("Access denied");
        }
      } catch (NoAccessException nae) {
        throw nae;
      } catch (Exception e) {
        throw new NoAccessException(e);
      } finally {
        if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
          Plugin.debug("<<<<<<< [%s]: %sms", key, System.currentTimeMillis() - l);
        }
      }
    }
예제 #2
0
 public void buildAuthorityRegistry() throws Exception {
   if (Authority.reg_.size() < 1) {
     Plugin.debug("building authority registry");
     // force build authority registry
     for (ApplicationClass ac : Play.classes.all()) {
       enhance_(ac, true);
     }
   }
   Authority.ensureRightPrivilege();
 }