/** * Determines whether the user has the given permission(s) on the domain object using * the ACL configuration. If the domain object is null, returns false (this can always * be overridden using a null check in the expression itself). */ public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) { if (domainObject == null) { return false; } ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); return checkPermission(authentication, objectIdentity, permission); }
public void cachePermissionsFor(Authentication authentication, Collection<?> objects) { if (objects.isEmpty()) { return; } List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size()); for (Object domainObject : objects) { if (domainObject == null) { continue; } ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject); oidsToCache.add(oid); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); if (logger.isDebugEnabled()) { logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects"); } aclService.readAclsById(oidsToCache, sids); }
protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
.getObjectIdentity(domainObject);
@Test public void hasPermissionReturnsTrueIfAclGrantsPermission() throws Exception { AclService service = mock(AclService.class); AclPermissionEvaluator pe = new AclPermissionEvaluator(service); ObjectIdentity oid = mock(ObjectIdentity.class); ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class); when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid); pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl); when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true); assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue(); }
@Test public void eagerlyLoadsRequiredAcls() throws Exception { AclService service = mock(AclService.class); AclPermissionCacheOptimizer pco = new AclPermissionCacheOptimizer(service); ObjectIdentityRetrievalStrategy oidStrat = mock(ObjectIdentityRetrievalStrategy.class); SidRetrievalStrategy sidStrat = mock(SidRetrievalStrategy.class); pco.setObjectIdentityRetrievalStrategy(oidStrat); pco.setSidRetrievalStrategy(sidStrat); Object[] dos = { new Object(), null, new Object() }; ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") }; when(oidStrat.getObjectIdentity(dos[0])).thenReturn(oids[0]); when(oidStrat.getObjectIdentity(dos[2])).thenReturn(oids[1]); pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos)); // AclService should be invoked with the list of required Oids verify(service).readAclsById(eq(Arrays.asList(oids)), any(List.class)); }
@Test public void resolvePermissionNonEnglishLocale() { Locale systemLocale = Locale.getDefault(); Locale.setDefault(new Locale("tr")); AclService service = mock(AclService.class); AclPermissionEvaluator pe = new AclPermissionEvaluator(service); ObjectIdentity oid = mock(ObjectIdentity.class); ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class); when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid); pe.setObjectIdentityRetrievalStrategy(oidStrategy); pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Acl acl = mock(Acl.class); when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl); when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true); assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue(); Locale.setDefault(systemLocale); } }
@Test public void testObjectIdentityCreation() throws Exception { MockIdDomainObject domain = new MockIdDomainObject(); domain.setId(Integer.valueOf(1)); ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl(); ObjectIdentity identity = retStrategy.getObjectIdentity(domain); assertThat(identity).isNotNull(); assertThat(new ObjectIdentityImpl(domain)).isEqualTo(identity); }
/** * Determines whether the user has the given permission(s) on the domain object using * the ACL configuration. If the domain object is null, returns false (this can always * be overridden using a null check in the expression itself). */ public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) { if (domainObject == null) { return false; } ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); return checkPermission(authentication, objectIdentity, permission); }
public void cachePermissionsFor(Authentication authentication, Collection<?> objects) { if (objects.isEmpty()) { return; } List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size()); for (Object domainObject : objects) { if (domainObject == null) { continue; } ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject); oidsToCache.add(oid); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); if (logger.isDebugEnabled()) { logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects"); } aclService.readAclsById(oidsToCache, sids); }
protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);