use of org.acegisecurity.acls.sid.PrincipalSid in project TNTConcept by autentia.
the class DefaultAclService method addAclLevel.
private void addAclLevel(Map<AclMatrixKey, AclMatrixValue> matrix, AclImpl acl, Class type, ITransferObject dto, Permission perm) {
Principal principal = SpringUtils.getPrincipal();
Sid sid = new PrincipalSid(principal.getUsername());
AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
AclMatrixValue level = matrix.get(key);
if (log.isDebugEnabled()) {
log.debug("addAclLevel -" + " permission=[" + perm.getPattern() + "]" + " type=" + type.getSimpleName() + " id=" + dto.getId() + " ownerId=" + dto.getOwnerId() + " departmentId=" + dto.getDepartmentId() + " userId=" + principal.getId() + " roleId=" + principal.getRoleId() + " level=" + level);
}
if (level == null) {
throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
}
switch(level) {
case ALL:
acl.insertAce(null, perm, sid, true);
break;
case OWN:
if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any user and ignoreUnknownedObjects=true in DefaultAclService");
} else {
if (dto.getOwnerId() == principal.getId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case AREA:
if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
acl.insertAce(null, perm, sid, true);
log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any department and ignoreUnknownedObjects=true in DefaultAclService");
} else {
if (dto.getDepartmentId() == principal.getDepartmentId()) {
acl.insertAce(null, perm, sid, true);
}
}
break;
case DENY:
// Do nothing
break;
case OWNERS:
if (dto.getOwnersId() != null && dto.getOwnersId().contains(principal.getId())) {
acl.insertAce(null, perm, sid, true);
}
break;
default:
throw new UnsupportedOperationException("AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
}
}
Aggregations