/** * Checks if a subject is allowed to call method X on resource Y. * * @param subjectid subject id * @param resourceName resource name (type) * @param httpMethod HTTP method name * @return true if allowed */ public boolean isAllowedTo(String subjectid, String resourceName, String httpMethod) { boolean allow = false; if (subjectid != null && !StringUtils.isBlank(resourceName) && !StringUtils.isBlank(httpMethod)) { if (getResourcePermissions().isEmpty()) { // Default policy is "deny all". Returning true here would make it "allow all". return false; } if (getResourcePermissions().containsKey(subjectid) && getResourcePermissions().get(subjectid).containsKey(resourceName)) { // subject-specific permissions have precedence over wildcard permissions // i.e. only the permissions for that subjectid are checked, other permissions are ignored allow = isAllowed(subjectid, resourceName, httpMethod); } else { allow = isAllowed(subjectid, resourceName, httpMethod) || isAllowed(subjectid, ALLOW_ALL, httpMethod) || isAllowed(ALLOW_ALL, resourceName, httpMethod) || isAllowed(ALLOW_ALL, ALLOW_ALL, httpMethod); } } boolean isRootApp = StringUtils.equals(App.id(Config.APP_NAME_NS), getId()); boolean isRootAppAccessAllowed = Config.getConfigBoolean("clients_can_access_root_app", !Config.IN_PRODUCTION); return isRootApp ? (isRootAppAccessAllowed && allow) : allow; }
/** @return true if asynchronous caching is enabled. */ private boolean isAsyncEnabled() { return Config.getConfigBoolean("hc.async_enabled", false); }