/** * Answers whether a given "agent" is authorized to perform a given "action" on the target entity, * that could be a register or a code. Unspecified constraints (null values) are considered as * all. e.g.: agent-null-target would return whether the agent is allowed all operations on the * target. If no authorization directives are provided by the AuthManager, the request is * * @param agent the URI of the agent performing the action. Through the code the agent is also * referred to as "actor" or "actorURI". A null values stands for all agents. * @param action the URI of the action. A null value stands for all actions. * @param entity the URI of the target entity. A null value stands for all targets. * @throws ModelException * @throws RegistryAccessException */ public boolean can(String agent, String action, String entity) throws RegistryAccessException, ModelException { Loggers.authLogger.debug("Asking auth for: " + agent + " " + action + " " + entity); if (agent == null) agent = AuthConfig.allActors; if (action == null) action = AuthConfig.allActions; if (entity == null) entity = AuthConfig.allEntities; if (myAuthServer.contains(agent, action, entity) || myAuthServer.contains(agent, action, AuthConfig.allEntities) || myAuthServer.contains(agent, AuthConfig.allActions, entity) || myAuthServer.contains(agent, AuthConfig.allActions, AuthConfig.allEntities) || myAuthServer.contains(AuthConfig.allActors, action, entity) || myAuthServer.contains(AuthConfig.allActors, action, AuthConfig.allEntities) || myAuthServer.contains(AuthConfig.allActors, AuthConfig.allActions, entity) || myAuthServer.contains( AuthConfig.allActors, AuthConfig.allActions, AuthConfig.allEntities)) { Loggers.authLogger.debug("Granted"); return true; } else { if (entity.equals(AuthConfig.allEntities)) return false; boolean answer = false; Set<TerminologySet> containers; if (myFactory.terminologyIndividualExist(entity)) { TerminologyIndividual myInd = myFactory.getUncheckedTerminologyIndividual(entity); containers = myInd.getContainers(myInd.getLastVersion()); } else if (myFactory.terminologySetExist(entity)) { TerminologySet mySet = myFactory.getUncheckedTerminologySet(entity); containers = mySet.getContainers(mySet.getLastVersion()); } else throw new RegistryAccessException("Unknown: " + entity); Iterator<TerminologySet> contIter = containers.iterator(); while (contIter.hasNext()) { TerminologySet parent = contIter.next(); Loggers.authLogger.trace("Asking up: " + parent.getURI()); answer = answer || can(agent, action, parent.getURI()); } return answer; } }