public static void checkPermission(String key, boolean allowSystem) throws NoAccessException {
long l = 0;
if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
Plugin.debug(">>>>>>> [%s]", key);
l = System.currentTimeMillis();
}
if (Boolean.parseBoolean(Play.configuration.getProperty(ConfigConstants.DISABLE, "false"))) {
return;
}
IAuthorizeable a = reg_.get(key);
if (null == a) {
throw new RuntimeException("oops, something wrong with enhancer... ?");
}
IAccount acc = null;
try {
IAccount accFact = AAAFactory.account();
acc = accFact.getCurrent();
if (null == acc) {
if (allowSystem) {
if (!Boolean.parseBoolean(
Play.configuration.getProperty(ConfigConstants.SYSTEM_PERMISSION_CHECK, "false"))) {
// suppress permission check for system account
return;
}
acc = accFact.getSystemAccount();
}
if (null == acc) {
throw new NoAccessException("cannot determine principal account");
}
}
// superuser check
boolean isSuperUser = false;
if (Plugin.superuser > 0) {
IPrivilege p = acc.getPrivilege();
if (null != p) isSuperUser = p.getLevel() >= Plugin.superuser;
}
if (!isSuperUser && !acc.hasAccessTo(a)) {
throw new NoAccessException("Access denied");
}
} catch (NoAccessException nae) {
throw nae;
} catch (Exception e) {
throw new NoAccessException(e);
} finally {
if (Plugin.logCheckTime && Logger.isDebugEnabled()) {
Plugin.debug("<<<<<<< [%s]: %sms", key, System.currentTimeMillis() - l);
}
}
}
public void buildAuthorityRegistry() throws Exception {
if (Authority.reg_.size() < 1) {
Plugin.debug("building authority registry");
// force build authority registry
for (ApplicationClass ac : Play.classes.all()) {
enhance_(ac, true);
}
}
Authority.ensureRightPrivilege();
}