use of org.apereo.portal.permission.target.IPermissionTarget in project uPortal by Jasig.
the class AuthorizationImpl method doesPrincipalHavePermission.
/**
* Answers if the owner has given the principal permission to perform the activity on the
* target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
* activity</code> must be non-null.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param owner java.lang.String
* @param activity java.lang.String
* @param target java.lang.String
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
final String username = principal.getKey();
if (IPerson.class.equals(principal.getType())) {
cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
}
cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
final CacheKey key = cacheKeyBuilder.build();
final Element element = this.doesPrincipalHavePermissionCache.get(key);
if (element != null) {
return (Boolean) element.getValue();
}
/*
* Convert to (strongly-typed) Java objects based on interfaces in
* o.j.p.permission before we make the actual check with IPermissionPolicy;
* parameters that communicate something of the nature of the things they
* represent helps us make the check(s) more intelligently. This objects
* were retro-fitted to IPermissionPolicy in uP 4.3; perhaps we should do
* the same to IAuthorizationService itself?
*/
final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
if (ipActivity == null) {
// Means needed data is missing; much clearer than NPE
String msg = "The following activity is not defined for owner '" + owner + "': " + activity;
throw new RuntimeException(msg);
}
final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
final IPermissionTarget ipTarget = targetProvider.getTarget(target);
final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
return doesPrincipalHavePermission;
}
Aggregations