/**
* Checks if a subject is allowed to call method X on resource Y.
*
* @param subjectid subject id
* @param resourceName resource name (type)
* @param httpMethod HTTP method name
* @return true if allowed
*/
public boolean isAllowedTo(String subjectid, String resourceName, String httpMethod) {
boolean allow = false;
if (subjectid != null
&& !StringUtils.isBlank(resourceName)
&& !StringUtils.isBlank(httpMethod)) {
if (getResourcePermissions().isEmpty()) {
// Default policy is "deny all". Returning true here would make it "allow all".
return false;
}
if (getResourcePermissions().containsKey(subjectid)
&& getResourcePermissions().get(subjectid).containsKey(resourceName)) {
// subject-specific permissions have precedence over wildcard permissions
// i.e. only the permissions for that subjectid are checked, other permissions are ignored
allow = isAllowed(subjectid, resourceName, httpMethod);
} else {
allow =
isAllowed(subjectid, resourceName, httpMethod)
|| isAllowed(subjectid, ALLOW_ALL, httpMethod)
|| isAllowed(ALLOW_ALL, resourceName, httpMethod)
|| isAllowed(ALLOW_ALL, ALLOW_ALL, httpMethod);
}
}
boolean isRootApp = StringUtils.equals(App.id(Config.APP_NAME_NS), getId());
boolean isRootAppAccessAllowed =
Config.getConfigBoolean("clients_can_access_root_app", !Config.IN_PRODUCTION);
return isRootApp ? (isRootAppAccessAllowed && allow) : allow;
}
/** @return true if asynchronous caching is enabled. */
private boolean isAsyncEnabled() {
return Config.getConfigBoolean("hc.async_enabled", false);
}
