protected boolean checkServiceAuthorization(
ApiService service, Properties properties, boolean throwApiException)
throws ApiException, Throwable {
if (!service.getRequiredAuth()) {
return true;
}
try {
UserDetails user = (UserDetails) properties.get(SystemConstants.API_USER_PARAMETER);
if (null == user) {
throw new ApiException(
IApiErrorCodes.API_AUTHENTICATION_REQUIRED,
"Authentication is mandatory for service '" + service.getKey() + "'",
Response.Status.UNAUTHORIZED);
}
if ((null != service.getRequiredGroup()
&& !this.getAuthorizationManager().isAuthOnGroup(user, service.getRequiredGroup()))
|| (null != service.getRequiredPermission()
&& !this.getAuthorizationManager()
.isAuthOnPermission(user, service.getRequiredPermission()))) {
throw new ApiException(
IApiErrorCodes.API_AUTHORIZATION_REQUIRED,
"Permission denied for service '" + service.getKey() + "'",
Response.Status.UNAUTHORIZED);
}
} catch (ApiException ae) {
if (throwApiException) {
throw ae;
}
return false;
} catch (Throwable t) {
ApsSystemUtils.logThrowable(
t,
this,
"checkServiceAuthorization",
"Error checking auth for service - key '" + service.getKey() + "'");
throw t;
}
return true;
}
