Exemplo n.º 1
0
  @Path("/permissions/{username}/{typename}/{id}")
  @GET
  @RunAsAdmin
  public NameValueList hasPermission(
      @PathParam("username") String username,
      @PathParam("typename") String typename,
      @PathParam("id") long id) {

    List<FxRole> roles = new ArrayList<>(1);
    FxRole user = FxRole.loadByName(username, em);
    roles.add(user);

    NameValueList mList = new NameValueList();

    FleximsDynamicEntityImpl entity = null;
    if (id != 0) {
      entity = dao.loadEntity(typename, id);
    }

    for (Action action : ACLHelper.getAvailableActions()) {
      if (permissionChecker.hasPermission(action, roles, typename, entity)) {
        mList.addPair(action.getName(), "true");
      } else {
        mList.addPair(action.getName(), "false");
      }
    }
    return mList;
  }
Exemplo n.º 2
0
  @SuppressWarnings("unchecked")
  @Path("/instacl/{typename}/{id}")
  @GET
  public InstanceACES getInstACL(@PathParam("typename") String typename, @PathParam("id") long id) {
    // if we can load, then we have read permission.
    dao.loadEntity(typename, id);

    Query query = securityEM.createNamedQuery(InstanceACE.ACLQNAME);
    query.setParameter("typeid", typename);
    query.setParameter("instanceid", id);

    List<InstanceACE> aces = (List<InstanceACE>) query.getResultList();
    InstanceACES aces1 = new InstanceACES();
    aces1.setAces(aces);

    return aces1;
  }
Exemplo n.º 3
0
  @SuppressWarnings("unchecked")
  @Path("/instacl/{typename}/{id}")
  @POST
  public void saveInstACL(
      @PathParam("typename") String typename, @PathParam("id") long id, InstanceACES aces) {

    FleximsDynamicEntityImpl entity = dao.loadEntity(typename, id);
    if (entity == null) {
      return;
    }

    if (permissionChecker.hasPermission(
        ACLHelper.getActionByName(GrantAction.NAME),
        roleContext.getRoles(),
        entity.getClass().getSimpleName(),
        entity)) {
      throw new AuthorizedException(InstanceActionType.GRANT, entity);
    }

    securityEM.getTransaction().begin();
    Query query = securityEM.createNamedQuery(InstanceACE.ACLQNAME);
    query.setParameter("typeid", typename);
    query.setParameter("instanceid", id);

    List<InstanceACE> acesOld = (List<InstanceACE>) query.getResultList();
    for (InstanceACE ace : aces.getAces()) {
      if (ace.getId() == 0) {
        securityEM.persist(ace);
      } else {
        for (InstanceACE oldAce : acesOld) {
          if (oldAce.getId() == ace.getId()) {
            securityEM.merge(ace);
            acesOld.remove(oldAce);
            break;
          }
        }
      }
    }
    for (InstanceACE oldAce : acesOld) {
      securityEM.remove(oldAce);
    }
    securityEM.getTransaction().commit();
  }