use of io.gravitee.management.service.exceptions.ApiNotFoundException in project gravitee-management-rest-api by gravitee-io.
the class PermissionServiceImpl method hasPermission.
@Override
public boolean hasPermission(RolePermission permission, String referenceId, RolePermissionAction... acls) {
Optional<String> optionalReferenceId = Optional.ofNullable(referenceId);
MembershipReferenceType membershipReferenceType;
MembershipReferenceType groupMembershipReferenceType = null;
io.gravitee.repository.management.model.RoleScope repoRoleScope;
switch(permission.getScope()) {
case MANAGEMENT:
membershipReferenceType = MembershipReferenceType.MANAGEMENT;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.MANAGEMENT;
break;
case PORTAL:
membershipReferenceType = MembershipReferenceType.PORTAL;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.PORTAL;
break;
case API:
membershipReferenceType = MembershipReferenceType.API;
groupMembershipReferenceType = MembershipReferenceType.GROUP;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.API;
break;
case APPLICATION:
membershipReferenceType = MembershipReferenceType.APPLICATION;
groupMembershipReferenceType = MembershipReferenceType.GROUP;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.APPLICATION;
break;
default:
membershipReferenceType = null;
repoRoleScope = null;
}
Set<RoleEntity> roles = Collections.emptySet();
RoleEntity firstDegreeRole = membershipService.getRole(membershipReferenceType, optionalReferenceId.orElse(MembershipDefaultReferenceId.DEFAULT.name()), getAuthenticatedUsername(), repoRoleScope);
if (firstDegreeRole != null) {
roles = Collections.singleton(firstDegreeRole);
} else if (groupMembershipReferenceType != null) {
Set<String> groups = null;
if (MembershipReferenceType.GROUP.equals(groupMembershipReferenceType)) {
try {
groups = apiService.findById(referenceId).getGroups();
} catch (ApiNotFoundException ane) {
groups = applicationService.findById(referenceId).getGroups();
}
}
if (groups != null && !groups.isEmpty()) {
roles = membershipService.getRoles(groupMembershipReferenceType, groups, getAuthenticatedUsername(), repoRoleScope);
}
}
for (RoleEntity roleEntity : roles) {
if (roleService.hasPermission(roleEntity.getPermissions(), permission.getPermission(), acls)) {
return true;
}
}
return false;
}
Aggregations