private AccessControlException checkWritePrincipalPermission(
PlatypusPrincipal aPrincipal, String aEntityId, Set<String> writeRoles) {
if (writeRoles != null && !writeRoles.isEmpty()) {
if (aPrincipal == null || !aPrincipal.hasAnyRole(writeRoles)) {
return new AccessControlException(
String.format(
"Access denied for write (entity: %s) for '%s'.",
aEntityId != null ? aEntityId : "",
aPrincipal != null ? aPrincipal.getName() : null),
aPrincipal instanceof AnonymousPlatypusPrincipal ? new AuthPermission("*") : null);
}
}
return null;
}
/**
* Checks module roles.
*
* @param anAllowedRoles
* @param aSubjectName
* @throws AccessControlException
*/
public static void checkPrincipalPermission(Set<String> anAllowedRoles, String aSubjectName)
throws AccessControlException {
if (anAllowedRoles != null && !anAllowedRoles.isEmpty()) {
try {
PlatypusPrincipal principal = (PlatypusPrincipal) Scripts.getContext().getPrincipal();
if (principal == null || !principal.hasAnyRole(anAllowedRoles)) {
throw new AccessControlException(
String.format(
"Access denied to %s for '%s'.", // NOI18N
aSubjectName, principal != null ? principal.getName() : null),
principal instanceof AnonymousPlatypusPrincipal ? new AuthPermission("*") : null);
}
} catch (Exception ex) {
if (ex instanceof AccessControlException) {
throw ex;
} else {
throw new AccessControlException(ex.getMessage());
}
}
}
}