/** * Role-based Authorization check: This method can be accessed if user has following permissions: * 1. The user has a Analyst role and this role has permission to access the category which the * asset belongs to. Or. 2. The user has a package.developer role or higher (i.e., package.admin) * and this role has permission to access the package which the asset belongs to. */ @WebRemote @LoggedIn public void changeState(String uuid, String newState) { AssetItem asset = rulesRepository.loadAssetByUUID(uuid); serviceSecurity.checkIsPackageDeveloperOrAnalyst(asset); log.info( "USER:"******" CHANGING ASSET STATUS. Asset name, uuid: " + "[" + asset.getName() + ", " + asset.getUUID() + "]" + " to [" + newState + "]"); String oldState = asset.getStateDescription(); asset.updateState(newState); push("statusChange", oldState); push("statusChange", newState); addToDiscussionForAsset(asset.getUUID(), oldState + " -> " + newState); rulesRepository.save(); }
/** * Role-based Authorization check: This method can be accessed if user has following permissions: * 1. The user has a Analyst role and this role has permission to access the category which the * asset belongs to. Or. 2. The user has a package.developer role or higher (i.e., package.admin) * and this role has permission to access the package which the asset belongs to. */ @WebRemote @Restrict("#{identity.loggedIn}") public void changeState(String uuid, String newState) { AssetItem asset = getRulesRepository().loadAssetByUUID(uuid); // Verify if the user has permission to access the asset through // package based permission. // If failed, then verify if the user has permission to access the // asset through category // based permission if (Contexts.isSessionContextActive()) { boolean passed = false; try { Identity.instance() .checkPermission( new PackageUUIDType(asset.getPackage().getUUID()), RoleTypes.PACKAGE_DEVELOPER); } catch (RuntimeException e) { if (asset.getCategories().size() == 0) { Identity.instance().checkPermission(new CategoryPathType(null), RoleTypes.ANALYST); } else { RuntimeException exception = null; for (CategoryItem cat : asset.getCategories()) { try { Identity.instance() .checkPermission(new CategoryPathType(cat.getName()), RoleTypes.ANALYST); passed = true; } catch (RuntimeException re) { exception = re; } } if (!passed) { throw exception; } } } } log.info( "USER:"******" CHANGING ASSET STATUS. Asset name, uuid: " + "[" + asset.getName() + ", " + asset.getUUID() + "]" + " to [" + newState + "]"); String oldState = asset.getStateDescription(); asset.updateState(newState); push("statusChange", oldState); push("statusChange", newState); addToDiscussionForAsset(asset.getUUID(), oldState + " -> " + newState); getRulesRepository().save(); }