public OSecurityRole allow(final ORule.ResourceGeneric resourceGeneric, final String resourceSpecific, final int iOperation) { if (roles.isEmpty()) throw new OSecurityAccessException(getName(), "User '" + getName() + "' has no role defined"); final OSecurityRole role = checkIfAllowed(resourceGeneric, resourceSpecific, iOperation); if (role == null) throw new OSecurityAccessException(getName(), "User '" + getName() + "' does not have permission to execute the operation '" + ORole.permissionToString(iOperation) + "' against the resource: " + resourceGeneric + "." + resourceSpecific); return role; }
/** * Checks if the user has the permission to access to the requested resource for the requested operation. * * @param iOperation Requested operation * * @return The role that has granted the permission if any, otherwise a OSecurityAccessException exception is raised * * @throws OSecurityAccessException */ public ORole allow(final ORule.ResourceGeneric resourceGeneric, String resourceSpecific, final int iOperation) { if (roles == null || roles.isEmpty()) { if (document.field("roles") != null && !((Collection<OIdentifiable>) document.field("roles")).isEmpty()) { final ODocument doc = document; document = null; fromStream(doc); } else throw new OSecurityAccessException(document.getDatabase().getName(), "User '" + document.field("name") + "' has no role defined"); } final ORole role = checkIfAllowed(resourceGeneric, resourceSpecific, iOperation); if (role == null) throw new OSecurityAccessException(document.getDatabase().getName(), "User '" + document.field("name") + "' does not have permission to execute the operation '" + ORole .permissionToString(iOperation) + "' against the resource: " + resourceGeneric + "." + resourceSpecific); return role; }