@Override public boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference) { try { return hasSecurityAccess(right, userReference, entityReference, false); } catch (Exception e) { this.logger.error(String.format("Failed to load rights for user [%s] on [%s].", (userReference == null) ? AuthorizationException.NULL_USER : userReference, (entityReference == null) ? AuthorizationException.NULL_ENTITY : entityReference), e); return false; } }
/** * Log denied access conclusion. * All denied access conclusion made during a security checkpoint use this method. * * @param user The user name that was checked. * @param entity The page that was checked. * @param right The action that was requested. * @param info Additional information. */ protected void logDeny(DocumentReference user, EntityReference entity, Right right, String info) { logAccess(RuleState.DENY, user, entity, right, info, false); } }
private boolean evaluateSecurityAccess(Right right, DocumentReference userReference, EntityReference entityReference, boolean check) throws AuthorizationException { SecurityAccess securityAccess = getAccess( securityReferenceFactory.newUserReference(userReference), securityReferenceFactory.newEntityReference(entityReference) ); RuleState access = securityAccess.get(right); String info = check ? "security checkpoint" : "access inquiry"; if (check && access != RuleState.ALLOW) { logDeny(userReference, entityReference, right, info); } else { logAccess(access, userReference, entityReference, right, info, true); } return access == RuleState.ALLOW; }
throws AuthorizationException if (isSuperAdmin(userReference)) { return true; logDeny(userReference, entityReference, right, "no such right"); return evaluateSecurityAccess(right, userReference, entityReference, check);
@Override public void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) throws AccessDeniedException { try { if (!hasSecurityAccess(right, userReference, entityReference, true)) { throw new AccessDeniedException(right, userReference, entityReference); } } catch (Exception e) { if (e instanceof AccessDeniedException) { throw (AccessDeniedException) e; } else { throw new AccessDeniedException(right, userReference, entityReference, e); } } }