@Override public ShortAttributeList getAttributes(SecurityContext sc, long id) throws NotFoundWebEx { Resource resource = resourceService.get(id); if (resource == null) throw new NotFoundWebEx("Resource not found"); // // Authorization check. // boolean canRead = false; User authUser = extractAuthUser(sc); canRead = resourceAccessRead(authUser, id); if (canRead) { return new ShortAttributeList(resourceService.getAttributes(id)); } else { throw new ForbiddenErrorWebEx( "This user cannot read this resource so neither its attributes!"); } }