/** * Returns Roles which have a Restriction matching the provided Permission * * @param permission Permission to match * @return */ private List<RoleEntity> getRolesHavingRestrictionsWithPermission(Permission permission) { List<RoleEntity> result = entityManager .createQuery("from RoleEntity r left join fetch r.restrictions res where res.permission.value =:permission", RoleEntity.class) .setParameter("permission", permission.name()).getResultList(); return result == null ? new ArrayList<RoleEntity>() : result; }
private static List<Permission> getRequiredPermission(InvocationContext context) { HasPermission permissionMethodAnnotation = getMethodPermissionAnnotation(context); List<Permission> permissions = new ArrayList<>(); if (permissionMethodAnnotation != null) { if (!permissionMethodAnnotation.permission().equals(Permission.DEFAULT)) { permissions.add(permissionMethodAnnotation.permission()); } if (permissionMethodAnnotation.oneOfPermission().length > 0) { Collections.addAll(permissions, permissionMethodAnnotation.oneOfPermission()); } } return permissions; }
public boolean hasPermission(String permissionName) { Permission permission = Permission.valueOf(permissionName); return permissionService.hasPermission(permission); }
public boolean hasPermissionOnAllContext(String permissionName, String actionName) { Permission permission = Permission.valueOf(permissionName); Action action = Action.valueOf(actionName); return permissionService.hasPermissionOnAllContext(permission, action, null, null); }
/** * Returns Roles which have a Restriction matching the provided Permission and Action * * @param permission * @param action * @return */ private List<RoleEntity> getRolesHavingRestrictionsWithPermissionAndAction(Permission permission, Action action) { List<RoleEntity> result = entityManager .createQuery("from RoleEntity r left join fetch r.restrictions res where res.permission.value =:permission and (res.action =:action or res.action = 'ALL')", RoleEntity.class) .setParameter("permission", permission.name()).setParameter("action", action).getResultList(); return result == null ? new ArrayList<RoleEntity>() : result; }
public boolean hasPermission(String permissionName, String actionName) { Permission permission = Permission.valueOf(permissionName); Action action = Action.valueOf(actionName); return permissionService.hasPermission(permission, action); }
/** * Checks if a user has a role or a restriction with a certain Permission no matter for which Actions * Useful for displaying/hiding navigation elements in views * The specific Action required has to be checked when the action is involved (button) * * @param permission */ public boolean hasPermission(Permission permission) { return hasRole(permission.name(), null, null, null, null) || hasUserRestriction(permission.name(), null, null, null, null); }
public boolean hasPermissionForResourceType(String permissionName, String actionName, String resourceTypeName) { Permission permission = Permission.valueOf(permissionName); Action action = Action.valueOf(actionName); final ResourceTypeEntity resourceType = resourceTypeRepository.getByName(resourceTypeName); return resourceType != null && permissionService.hasPermission(permission, action, resourceType); }
/** * Checks if a user has a role or a restriction with a certain Permission and Action * Useful for displaying/hiding navigation elements in views * * @param permission */ public boolean hasPermission(Permission permission, Action action) { return hasRole(permission.name(), null, action, null, null) || hasUserRestriction(permission.name(), null, action, null, null); }
private boolean canDelegateThisPermission(String permissionName, Integer resourceGroupId, String resourceTypeName, String contextName, Action action) { Permission permission = Permission.valueOf(permissionName); ResourceGroupEntity resourceGroup = resourceGroupId != null ? resourceGroupRepository.find(resourceGroupId) : null; ResourceTypeEntity resourceType = resourceTypeName != null ? resourceTypeRepository.getByName(resourceTypeName) : null; ContextEntity context = contextName != null ? contextLocator.getContextByName(contextName) : null; if (action == null) { action = Action.ALL; } return permissionService.hasPermissionToDelegatePermission(permission, resourceGroup, resourceType, context, action); }
public boolean hasPermissionForResourceType(String permissionName, String actionName, String resourceTypeName, Integer contextId) { Permission permission = Permission.valueOf(permissionName); Action action = Action.valueOf(actionName); final ResourceTypeEntity resourceType = resourceTypeRepository.getByName(resourceTypeName); final ContextEntity context = contextLocator.getContextById(contextId); return resourceType != null && permissionService.hasPermission(permission, context, action, null, resourceType); }
/** * Checks if a user has a role or a restriction with a certain Permission * * @param permission the required Permission * @param context the requested Context (null = irrelevant) * @param action the required Action * @param resourceGroup the requested resourceGroup (null = irrelevant) * @param resourceType the requested resourceType (null = irrelevant) */ public boolean hasPermission(Permission permission, ContextEntity context, Action action, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType) { return hasRole(permission.name(), context, action, resourceGroup, resourceType) || hasUserRestriction(permission.name(), context, action, resourceGroup, resourceType); }
/** * Checks if a user has a role or a restriction with a certain Permission on ALL Contexts * => context MUST NOT be restricted to a specific environment * * @param permission the required Permission * @param action the required Action * @param resourceGroup the requested resourceGroup (null = irrelevant) * @param resourceType the requested resourceType (null = irrelevant) */ public boolean hasPermissionOnAllContext(Permission permission, Action action, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType) { return hasRoleOnAllContext(permission.name(), action, resourceGroup, resourceType) || hasUserRestrictionOnAllContext(permission.name(), action, resourceGroup, resourceType); }
/** * Checks if the caller is allowed to see Deployments */ public boolean hasPermissionToSeeDeployment() { for (Map.Entry<String, List<RestrictionDTO>> entry : getDeployableRoles().entrySet()) { if (sessionContext.isCallerInRole(entry.getKey())) { return true; } } return hasUserRestriction(Permission.DEPLOYMENT.name(), null, null, null, null); }
public RestrictionDTO mockRestrictionDTO(Permission permission, RestrictionEntity restrictionEntity) { RestrictionDTO mock = mock(RestrictionDTO.class); when(mock.getPermissionName()).thenReturn(permission.name()); when(mock.getRestriction()).thenReturn(restrictionEntity); return mock; }
/** * Checks if the caller is allowed to perform the requested action for specific ResourceGroup on the specific Environment * Note: Both, Permission/Restriction by Group and by User are checked * * @param context * @param resourceGroup * @param action */ public boolean hasPermissionAndActionForDeploymentOnContext(ContextEntity context, ResourceGroupEntity resourceGroup, Action action) { if (context != null && sessionContext != null) { List<String> allowedRoles = new ArrayList<>(); String permissionName = Permission.DEPLOYMENT.name(); if (deployableRolesWithRestrictions == null) { getDeployableRoles(); } for (Map.Entry<String, List<RestrictionDTO>> entry : deployableRolesWithRestrictions.entrySet()) { matchPermissionsAndContext(permissionName, action, context, resourceGroup, resourceGroup.getResourceType(), allowedRoles, entry); } for (String roleName : allowedRoles) { if (sessionContext.isCallerInRole(roleName)) { return true; } } return hasUserRestriction(permissionName, context, action, resourceGroup, null); } return false; }
/** * Checks if the caller is allowed to create (re-)Deployments */ public boolean hasPermissionToCreateDeployment() { for (Map.Entry<String, List<RestrictionDTO>> entry : getDeployableRoles().entrySet()) { if (sessionContext.isCallerInRole(entry.getKey())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getRestriction().getAction().equals(Action.CREATE) || restrictionDTO.getRestriction().getAction().equals(Action.ALL)) { return true; } } } } return hasUserRestriction(Permission.DEPLOYMENT.name(), null, Action.CREATE, null, null); }