use of org.camunda.bpm.engine.rest.util.AuthorizationUtil in project camunda-bpm-platform by camunda.
the class AuthorizationRestServiceImpl method isUserAuthorized.
public AuthorizationCheckResultDto isUserAuthorized(String permissionName, String resourceName, Integer resourceType, String resourceId) {
// validate request:
if (permissionName == null) {
throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'permissionName' cannot be null");
} else if (resourceName == null) {
throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceName' cannot be null");
} else if (resourceType == null) {
throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceType' cannot be null");
}
final Authentication currentAuthentication = processEngine.getIdentityService().getCurrentAuthentication();
if (currentAuthentication == null) {
throw new InvalidRequestException(Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
}
final AuthorizationService authorizationService = processEngine.getAuthorizationService();
// create new authorization dto implementing both Permission and Resource
AuthorizationUtil authorizationUtil = new AuthorizationUtil(resourceName, resourceType, permissionName);
boolean isUserAuthorized = false;
if (resourceId == null || Authorization.ANY.equals(resourceId)) {
isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil);
} else {
isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil, resourceId);
}
return new AuthorizationCheckResultDto(isUserAuthorized, authorizationUtil, resourceId);
}
Aggregations