예제 #1
0
  /**
   * Role-based Authorization check: This method can be accessed if user has following permissions:
   * 1. The user has a Analyst role and this role has permission to access the category which the
   * asset belongs to. Or. 2. The user has a package.developer role or higher (i.e., package.admin)
   * and this role has permission to access the package which the asset belongs to.
   */
  @WebRemote
  @LoggedIn
  public void changeState(String uuid, String newState) {
    AssetItem asset = rulesRepository.loadAssetByUUID(uuid);
    serviceSecurity.checkIsPackageDeveloperOrAnalyst(asset);

    log.info(
        "USER:"******" CHANGING ASSET STATUS. Asset name, uuid: "
            + "["
            + asset.getName()
            + ", "
            + asset.getUUID()
            + "]"
            + " to ["
            + newState
            + "]");
    String oldState = asset.getStateDescription();
    asset.updateState(newState);

    push("statusChange", oldState);
    push("statusChange", newState);

    addToDiscussionForAsset(asset.getUUID(), oldState + " -> " + newState);

    rulesRepository.save();
  }
예제 #2
0
  /**
   * Role-based Authorization check: This method can be accessed if user has following permissions:
   * 1. The user has a Analyst role and this role has permission to access the category which the
   * asset belongs to. Or. 2. The user has a package.developer role or higher (i.e., package.admin)
   * and this role has permission to access the package which the asset belongs to.
   */
  @WebRemote
  @Restrict("#{identity.loggedIn}")
  public void changeState(String uuid, String newState) {
    AssetItem asset = getRulesRepository().loadAssetByUUID(uuid);

    // Verify if the user has permission to access the asset through
    // package based permission.
    // If failed, then verify if the user has permission to access the
    // asset through category
    // based permission
    if (Contexts.isSessionContextActive()) {
      boolean passed = false;

      try {
        Identity.instance()
            .checkPermission(
                new PackageUUIDType(asset.getPackage().getUUID()), RoleTypes.PACKAGE_DEVELOPER);
      } catch (RuntimeException e) {
        if (asset.getCategories().size() == 0) {
          Identity.instance().checkPermission(new CategoryPathType(null), RoleTypes.ANALYST);
        } else {
          RuntimeException exception = null;

          for (CategoryItem cat : asset.getCategories()) {
            try {
              Identity.instance()
                  .checkPermission(new CategoryPathType(cat.getName()), RoleTypes.ANALYST);
              passed = true;
            } catch (RuntimeException re) {
              exception = re;
            }
          }
          if (!passed) {
            throw exception;
          }
        }
      }
    }

    log.info(
        "USER:"******" CHANGING ASSET STATUS. Asset name, uuid: "
            + "["
            + asset.getName()
            + ", "
            + asset.getUUID()
            + "]"
            + " to ["
            + newState
            + "]");
    String oldState = asset.getStateDescription();
    asset.updateState(newState);

    push("statusChange", oldState);
    push("statusChange", newState);

    addToDiscussionForAsset(asset.getUUID(), oldState + " -> " + newState);

    getRulesRepository().save();
  }