// returns a trusted Widget object, either from the WidgetRepository, or the
// cached container list
private Widget getTrustedWidget(String widgetId, List<Widget> trustedWidgetContainer) {
Widget widget;
if (trustedWidgetContainer.isEmpty()) {
widget = widgetRepository.get(widgetId);
trustedWidgetContainer.add(widget);
} else {
widget = trustedWidgetContainer.get(0);
}
return widget;
}
/**
* Checks to see if the Authentication object has the supplied Permission for the Entity
* represented by the targetId(entityId) and targetType(model class name). This method invokes the
* private hasPermission function with the trustedDomainObject parameter set to true since we must
* pull the entity from the database and are guaranteed a trusted domain object, before performing
* our permission checks.
*
* @param authentication the current Authentication object
* @param targetId the entityId of the model to check, or a RaveSecurityContext object
* @param targetType the class of the model to check
* @param permission the Permission to check
* @return true if the Authentication has the proper permission, false otherwise
*/
@Override
public boolean hasPermission(
Authentication authentication,
Serializable targetId,
String targetType,
Permission permission) {
boolean hasPermission = false;
if (targetId instanceof RaveSecurityContext) {
hasPermission = verifyRaveSecurityContext(authentication, (RaveSecurityContext) targetId);
} else {
hasPermission =
hasPermission(
authentication, widgetRepository.get(targetId.toString()), permission, true);
}
return hasPermission;
}
