checkTenantId(tenantId); allowed = scope.getLevel() <= CTLSchemaScopeDto.TENANT.getLevel(); break; case TENANT_DEVELOPER: checkTenantId(tenantId); if (scope.getLevel() >= CTLSchemaScopeDto.APPLICATION.getLevel()) { checkApplicationId(applicationId); allowed = scope.getLevel() >= CTLSchemaScopeDto.SYSTEM.getLevel(); break; default:
scope = CTLSchemaScopeDto.valueOf(PlaceParams.getParam(SCOPE));
@Override public String getToken(CtlSchemaPlace place) { PlaceParams.clear(); if (Utils.isNotBlank(place.getMetaInfoId())) { PlaceParams.putParam(META_INFO_ID, place.getMetaInfoId()); } if (place.getVersion() != null) { PlaceParams.putIntParam(VERSION, place.getVersion()); } if (place.getScope() != null) { PlaceParams.putParam(SCOPE, place.getScope().name()); } if (place.getSchemaType() != null) { PlaceParams.putParam(SCHEMA_TYPE, place.getSchemaType().name()); } if (Utils.isNotBlank(place.getApplicationId())) { PlaceParams.putParam(APPLICATION_ID, place.getApplicationId()); } if (Utils.isNotBlank(place.getEcfId())) { PlaceParams.putParam(ECF_ID, place.getEcfId()); PlaceParams.putParam(ECF_VERSION_ID, String.valueOf(place.getEcfVersion())); } PlaceParams.putBooleanParam(EDITABLE, place.isEditable()); PlaceParams.putBooleanParam(CREATE, place.isCreate()); return PlaceParams.generateToken(); } }
private void checkCtlSchemaEditScope(String tenantId, String applicationId) throws KaaAdminServiceException { AuthUserDto currentUser = getCurrentUser(); CTLSchemaScopeDto scope = detectScope(tenantId, applicationId); boolean allowed = false; switch (currentUser.getAuthority()) { case KAA_ADMIN: allowed = scope == CTLSchemaScopeDto.SYSTEM; break; case TENANT_ADMIN: checkTenantId(tenantId); allowed = scope == CTLSchemaScopeDto.TENANT; break; case TENANT_DEVELOPER: case TENANT_USER: checkTenantId(tenantId); if (scope.getLevel() >= CTLSchemaScopeDto.APPLICATION.getLevel()) { checkApplicationId(applicationId); } allowed = scope.getLevel() >= CTLSchemaScopeDto.TENANT.getLevel(); break; default: break; } if (!allowed) { throw new KaaAdminServiceException(ServiceErrorCode.PERMISSION_DENIED); } }