use of io.vertigo.account.authorization.metamodel.SecuredEntity in project vertigo by KleeGroup.
the class AuthorizationManagerImpl method isAuthorized.
/**
* {@inheritDoc}
*/
@Override
public <K extends KeyConcept> boolean isAuthorized(final K keyConcept, final OperationName<K> operationName) {
Assertion.checkNotNull(keyConcept);
Assertion.checkNotNull(operationName);
// ---
final Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
if (!userPermissionsOpt.isPresent()) {
// Si il n'y a pas de session alors pas d'autorisation.
return false;
}
final UserAuthorizations userPermissions = userPermissionsOpt.get();
final DtDefinition dtDefinition = DtObjectUtil.findDtDefinition(keyConcept);
final SecuredEntity securedEntity = findSecuredEntity(dtDefinition);
return userPermissions.getEntityAuthorizations(dtDefinition).stream().filter(permission -> permission.getOperation().get().equals(operationName.name()) || permission.getOverrides().contains(operationName.name())).flatMap(permission -> permission.getRules().stream()).anyMatch(rule -> new CriteriaSecurityRuleTranslator<K>().on(securedEntity).withRule(rule).withCriteria(userPermissions.getSecurityKeys()).toCriteria().toPredicate().test(keyConcept));
}
use of io.vertigo.account.authorization.metamodel.SecuredEntity in project vertigo by KleeGroup.
the class SecuredEntityDeserializer method deserialize.
/**
* {@inheritDoc}
*/
@Override
public SecuredEntity deserialize(final JsonElement json, final Type typeOfT, final JsonDeserializationContext context) {
final JsonObject jsonSecuredEntity = json.getAsJsonObject();
final DtDefinition entityDefinition = findDtDefinition(jsonSecuredEntity.get("entity").getAsString());
final List<DtField> securityFields = new ArrayList<>();
for (final JsonElement securityField : jsonSecuredEntity.get("securityFields").getAsJsonArray()) {
securityFields.add(deserializeDtField(entityDefinition, securityField.getAsString()));
}
final List<SecurityDimension> advancedDimensions = new ArrayList<>();
for (final JsonElement advancedDimension : jsonSecuredEntity.get("securityDimensions").getAsJsonArray()) {
// TODO if null ?
advancedDimensions.add(deserializeSecurityDimensions(entityDefinition, advancedDimension.getAsJsonObject(), context));
}
// on garde la map des operations pour resoudre les grants
final Map<String, Authorization> permissionPerOperations = new HashMap<>();
for (final JsonElement operation : jsonSecuredEntity.get("operations").getAsJsonArray()) {
// TODO if null ?
final Authorization permission = deserializeOperations(entityDefinition, operation.getAsJsonObject(), context, permissionPerOperations);
Assertion.checkArgument(!permissionPerOperations.containsKey(permission.getOperation().get()), "Operation {0} already declared on {1}", permission.getOperation().get(), entityDefinition.getName());
permissionPerOperations.put(permission.getOperation().get(), permission);
}
return new SecuredEntity(entityDefinition, securityFields, advancedDimensions, new ArrayList<>(permissionPerOperations.values()));
}
use of io.vertigo.account.authorization.metamodel.SecuredEntity in project vertigo by KleeGroup.
the class AuthorizationManagerImpl method getCriteriaSecurity.
/**
* {@inheritDoc}
*/
@Override
public <K extends KeyConcept> Criteria<K> getCriteriaSecurity(final Class<K> keyConceptClass, final OperationName<K> operation) {
Assertion.checkNotNull(keyConceptClass);
Assertion.checkNotNull(operation);
// ---
final Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
if (!userPermissionsOpt.isPresent()) {
// Si il n'y a pas de session alors pas d'autorisation.
return Criterions.alwaysFalse();
}
final UserAuthorizations userPermissions = userPermissionsOpt.get();
final DtDefinition dtDefinition = DtObjectUtil.findDtDefinition(keyConceptClass);
final SecuredEntity securedEntity = findSecuredEntity(dtDefinition);
final List<Criteria<K>> criterions = userPermissions.getEntityAuthorizations(dtDefinition).stream().filter(permission -> permission.getOperation().get().equals(operation.name()) || permission.getOverrides().contains(operation.name())).flatMap(permission -> permission.getRules().stream()).map(rule -> new CriteriaSecurityRuleTranslator<K>().on(securedEntity).withRule(rule).withCriteria(userPermissions.getSecurityKeys()).toCriteria()).collect(Collectors.toList());
if (criterions.isEmpty()) {
// Si il n'y a pas de droits alors pas d'autorisation.
return Criterions.alwaysFalse();
}
Criteria<K> securityCriteria = null;
for (final Criteria<K> ruleCriteria : criterions) {
if (securityCriteria == null) {
securityCriteria = ruleCriteria;
} else {
securityCriteria = securityCriteria.or(ruleCriteria);
}
}
return securityCriteria;
}
Aggregations