Example 1 with AuthorizationProvider
use of cern.modesti.plugin.spi.AuthorizationProvider in project modesti by jlsalmon.
the class AuthService method canDelete.
/**
* Default is only creator is allowed to delete. Administrators are always allowed to delete.
* Plugins can implement the {@link AuthorizationProvider} to overwrite the {@link AuthorizationProvider#canDelete(Request)} behaviour.
*
* @param request the request object
* @param user the user to authorise
*
* @return true if the user is authorised, false otherwise
*/
public boolean canDelete(Request request, User user) {
RequestProvider plugin = requestProviderRegistry.getPluginFor(request, new UnsupportedRequestException(request));
String requestPluginId = plugin.getMetadata().getId();
if (isAdministrator(user)) {
return true;
}
String pluginAuthrorizationGroup = plugin.getMetadata().getAuthorisationGroup(request);
if (hasRole(user, pluginAuthrorizationGroup)) {
return true;
}
AuthorizationProvider authProvider = getPluginAuthorizationProvider(requestPluginId);
if (authProvider != null) {
return authProvider.canDelete(request);
}
return request.getCreator().equals(user.getUsername());
}
Also used :
RequestProvider(cern.modesti.plugin.RequestProvider)
AuthorizationProvider(cern.modesti.plugin.spi.AuthorizationProvider)
UnsupportedRequestException(cern.modesti.plugin.UnsupportedRequestException)
Aggregations
RequestProvider (cern.modesti.plugin.RequestProvider)1
UnsupportedRequestException (cern.modesti.plugin.UnsupportedRequestException)1
AuthorizationProvider (cern.modesti.plugin.spi.AuthorizationProvider)1
