Examples with PermissionType - org.broadleafcommerce.openadmin.server.security.service.type.PermissionType

Example 1 with PermissionType

use of org.broadleafcommerce.openadmin.server.security.service.type.PermissionType in project BroadleafCommerce by BroadleafCommerce.

the class AdminSecurityServiceRemote method securityCheck.

protected void securityCheck(String[] ceilingNames, EntityOperationType operationType) throws ServiceException {
    if (ArrayUtils.isEmpty(ceilingNames)) {
        throw new SecurityServiceException("Security Check Failed: ceilingNames not specified");
    }
    AdminUser persistentAdminUser = getPersistentAdminUser();
    PermissionType permissionType;
    switch(operationType) {
        case ADD:
            permissionType = PermissionType.CREATE;
            break;
        case FETCH:
            permissionType = PermissionType.READ;
            break;
        case REMOVE:
            permissionType = PermissionType.DELETE;
            break;
        case UPDATE:
            permissionType = PermissionType.UPDATE;
            break;
        case INSPECT:
            permissionType = PermissionType.READ;
            break;
        default:
            permissionType = PermissionType.OTHER;
            break;
    }
    SecurityServiceException primaryException = null;
    boolean isQualified = false;
    for (String ceilingEntityFullyQualifiedName : ceilingNames) {
        isQualified = securityService.isUserQualifiedForOperationOnCeilingEntity(persistentAdminUser, permissionType, ceilingEntityFullyQualifiedName);
        if (!isQualified) {
            if (primaryException == null) {
                primaryException = new SecurityServiceException("Security Check Failed for entity operation: " + operationType.toString() + " (" + ceilingEntityFullyQualifiedName + ")");
            }
        } else {
            break;
        }
    }
    if (!isQualified) {
        // check if the requested entity is not configured and warn
        if (!securityService.doesOperationExistForCeilingEntity(permissionType, ceilingNames[0])) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Detected security request for an unregistered ceiling entity (" + StringUtil.sanitize(ceilingNames[0]) + "). " + "As a result, the request failed. Please make sure to configure security for any ceiling entities " + "referenced via the admin. This is usually accomplished by adding records in the " + "BLC_ADMIN_PERMISSION_ENTITY table. Note, depending on how the entity in question is used, you " + "may need to add to BLC_ADMIN_PERMISSION, BLC_ADMIN_ROLE_PERMISSION_XREF and BLC_ADMIN_SEC_PERM_XREF.", primaryException);
            }
        }
        throw primaryException;
    }
}

Also used : SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException) PermissionType(org.broadleafcommerce.openadmin.server.security.service.type.PermissionType) AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)

Aggregations

SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)1 AdminUser (org.broadleafcommerce.openadmin.server.security.domain.AdminUser)1 PermissionType (org.broadleafcommerce.openadmin.server.security.service.type.PermissionType)1