use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.
the class DefaultAclService method addAclLevel.
private void addAclLevel(Map<AclMatrixKey, AclMatrixValue> matrix, AclImpl acl, Class type, ITransferObject dto, Permission perm) {
Principal principal = SpringUtils.getPrincipal();
Sid sid = new PrincipalSid(principal.getUsername());
AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
AclMatrixValue level = matrix.get(key);
if (log.isDebugEnabled()) {
log.debug("addAclLevel -" + " permission=[" + perm.getPattern() + "]" + " type=" + type.getSimpleName() + " id=" + dto.getId() + " ownerId=" + dto.getOwnerId() + " departmentId=" + dto.getDepartmentId() + " userId=" + principal.getId() + " roleId=" + principal.getRoleId() + " level=" + level);
}
if (level == null) {
throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
}
switch(level) {
case ALL:
acl.insertAce(null, perm, sid, true);
break;
case OWN:
if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any user and ignoreUnknownedObjects=true in DefaultAclService");
} else {
if (dto.getOwnerId() == principal.getId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case AREA:
if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any department and ignoreUnknownedObjects=true in DefaultAclService");
} else {
if (dto.getDepartmentId() == principal.getDepartmentId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case DENY:
// Do nothing
break;
case OWNERS:
if (dto.getOwnersId() != null && dto.getOwnersId().contains(principal.getId())) {
acl.insertAce(null, perm, sid, true);
}
break;
default:
throw new UnsupportedOperationException("AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
}
}
use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.
the class ContractExpirationNotificationBean method authenticateAs.
// TODO Extract to a Security Utils Class or similar
private void authenticateAs(final String userLogin) {
final Principal principal = (Principal) AuthenticationManager.getDefault().loadUserByUsername(userLogin);
Authentication auth = new UsernamePasswordAuthenticationToken(principal, principal.getUser().getPassword(), principal.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
}
use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.
the class MenuBean method getMenu.
/**
* Get menu tree
* @return menu tree
*/
public TreeNode getMenu() {
// Create menu only the first time
if (menu == null) {
Principal creds = SpringUtils.getPrincipal();
Stack<TreeNode> path = new Stack<TreeNode>();
menu = new TreeNodeBase("menu", "Menu", false);
path.push(menu);
if (openNode(path, creds, null, "admin")) {
addLeaf(path, creds, Permission.Entity_Menu(User.class), "users");
addLeaf(path, creds, Permission.Entity_Menu(UserCategory.class), "userCategorys");
addLeaf(path, creds, null, "changePassword");
addLeaf(path, creds, Permission.Entity_Menu(Department.class), "departments");
// addLeaf( path, creds, Permission.Entity_Menu(Setting.class), "settings" );
closeNode(path);
}
if (openNode(path, creds, null, "masterTables")) {
addLeaf(path, creds, Permission.Entity_Menu(AccountEntryType.class), "accountEntryTypes");
addLeaf(path, creds, Permission.Entity_Menu(OrganizationType.class), "organizationTypes");
addLeaf(path, creds, Permission.Entity_Menu(InteractionType.class), "interactionTypes");
addLeaf(path, creds, Permission.Entity_Menu(OrganizationISOCategory.class), "organizationISOCategorys");
addLeaf(path, creds, Permission.Entity_Menu(ContractType.class), "contractTypes");
addLeaf(path, creds, Permission.Entity_Menu(Magazine.class), "magazines");
addLeaf(path, creds, Permission.Entity_Menu(OfferRejectReason.class), "offerRejectReasons");
closeNode(path);
}
if (openNode(path, creds, null, "billing")) {
addLeaf(path, creds, Permission.Entity_Menu(Bill.class), "bills");
addLeaf(path, creds, Permission.Entity_Menu(Account.class), "accounts");
addLeaf(path, creds, Permission.Entity_Menu(AccountEntry.class), "accountEntrys");
addLeaf(path, creds, Permission.Entity_Menu(PeriodicalAccountEntry.class), "periodicalAccountEntrys");
addLeaf(path, creds, Permission.Action_NOF, "nof");
addLeaf(path, creds, Permission.Entity_Menu(FinancialRatio.class), "financialRatios");
closeNode(path);
}
if (openNode(path, creds, null, "contacts")) {
addLeaf(path, creds, Permission.Entity_Menu(Organization.class), "organizations");
addLeaf(path, creds, Permission.Entity_Menu(Interaction.class), "interactions");
addLeaf(path, creds, Permission.Entity_Menu(Contact.class), "contacts");
addLeaf(path, creds, Permission.Entity_Menu(Offer.class), "offers");
addLeaf(path, creds, Permission.Entity_Menu(Project.class), "projects");
closeNode(path);
}
if (openNode(path, creds, null, "quality")) {
addLeaf(path, creds, Permission.Action_ListQualityDocuments, "qualityDocuments");
closeNode(path);
}
if (openNode(path, creds, null, "bulletin")) {
addLeaf(path, creds, Permission.Entity_Menu(BulletinBoard.class), "bulletinBoards");
addLeaf(path, creds, Permission.Entity_Menu(CompanyState.class), "companyStates");
addLeaf(path, creds, Permission.Entity_Menu(BulletinBoardCategory.class), "bulletinBoardCategorys");
addLeaf(path, creds, Permission.Entity_Menu(Idea.class), "ideas");
closeNode(path);
}
if (openNode(path, creds, null, "activity")) {
addLeaf(path, creds, Permission.Entity_Menu(Activity.class), "activitys");
addLeaf(path, creds, Permission.Entity_Menu(Objective.class), "objectives");
closeNode(path);
}
if (openNode(path, creds, null, "reports")) {
addLeaf(path, creds, Permission.Action_GeneralReports, "generalReports");
addLeaf(path, creds, Permission.Action_BitacoreReports, "bitacoreReports");
addLeaf(path, creds, Permission.Action_BillReports, "billReports");
addLeaf(path, creds, Permission.Action_ProjectReports, "projectReports");
addLeaf(path, creds, Permission.Action_InteractionReports, "interactionReports");
addLeaf(path, creds, Permission.Action_OrganizationReports, "organizationReports");
addLeaf(path, creds, Permission.Action_OfferReports, "offerReports");
addLeaf(path, creds, Permission.Action_OwnReports, "ownReports");
addLeaf(path, creds, Permission.Action_PersonalReports, "personalReports");
closeNode(path);
}
if (openNode(path, creds, null, "publish")) {
addLeaf(path, creds, Permission.Entity_Menu(Tutorial.class), "tutorials");
addLeaf(path, creds, Permission.Entity_Menu(Publication.class), "publications");
closeNode(path);
}
if (openNode(path, creds, null, "holiday")) {
addLeaf(path, creds, Permission.Entity_Menu(Holiday.class), "holidays");
addLeaf(path, creds, Permission.Entity_Menu(RequestHoliday.class), "requestHolidays");
addLeaf(path, creds, Permission.Entity_Menu(AdminHoliday.class), "adminHolidays");
closeNode(path);
}
if (openNode(path, creds, null, "utils")) {
addLeaf(path, creds, Permission.Entity_Menu(Book.class), "books");
addLeaf(path, creds, Permission.Entity_Menu(Inventary.class), "inventarys");
closeNode(path);
}
}
return menu;
}
Aggregations