Пример #1
0
    public static void ensureRightPrivilege() {
      IRight rightFact = AAAFactory.right();
      IPrivilege privFact = AAAFactory.privilege();
      for (Authority a : reg_.values()) {
        RequireRight rr = a.rr_;
        IRight r = a.r_;
        if (rr != null && r == null) {
          String s = rr.value();
          if (null == s) throw new NullPointerException("Null RequireRight found for " + a.key_);
          if (s.startsWith("aaa")) s = Play.configuration.getProperty(s);
          r = rightFact.getByName(s);
          if (null == r) {
            r = rightFact.create(s);
            r._save();
          }
          a.r_ = r;
        }

        RequirePrivilege rp = a.rp_;
        IPrivilege p = a.p_;
        if (rp != null && p == null) {
          String s = rp.value();
          if (null == s)
            throw new NullPointerException("Null RequirePrivilege found for " + a.key_);
          if (s.startsWith("aaa")) s = Play.configuration.getProperty(s);
          p = privFact.getByName(s);
          if (null == p) {
            p = privFact.create(s, 0);
            p._save();
          }
          a.p_ = p;
        }
      }
    }
Пример #2
0
    public static void checkPermission(String key, boolean allowSystem) throws NoAccessException {
      long l = 0;
      if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
        Plugin.debug(">>>>>>> [%s]", key);
        l = System.currentTimeMillis();
      }
      if (Boolean.parseBoolean(Play.configuration.getProperty(ConfigConstants.DISABLE, "false"))) {
        return;
      }

      IAuthorizeable a = reg_.get(key);
      if (null == a) {
        throw new RuntimeException("oops, something wrong with enhancer... ?");
      }
      IAccount acc = null;
      try {
        IAccount accFact = AAAFactory.account();
        acc = accFact.getCurrent();
        if (null == acc) {
          if (allowSystem) {
            if (!Boolean.parseBoolean(
                Play.configuration.getProperty(ConfigConstants.SYSTEM_PERMISSION_CHECK, "false"))) {
              // suppress permission check for system account
              return;
            }
            acc = accFact.getSystemAccount();
          }
          if (null == acc) {
            throw new NoAccessException("cannot determine principal account");
          }
        }

        // superuser check
        boolean isSuperUser = false;
        if (Plugin.superuser > 0) {
          IPrivilege p = acc.getPrivilege();
          if (null != p) isSuperUser = p.getLevel() >= Plugin.superuser;
        }
        if (!isSuperUser && !acc.hasAccessTo(a)) {
          throw new NoAccessException("Access denied");
        }
      } catch (NoAccessException nae) {
        throw nae;
      } catch (Exception e) {
        throw new NoAccessException(e);
      } finally {
        if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
          Plugin.debug("<<<<<<< [%s]: %sms", key, System.currentTimeMillis() - l);
        }
      }
    }