Examples with PermissionException org.craftercms.commons.security.exception.PermissionException used on opensource projects

Example 1 with PermissionException

use of org.craftercms.commons.security.exception.PermissionException in project commons by craftercms.

the class HasPermissionAnnotationHandler method checkPermissions.

// cortiz, OK permissionEvaluator.isAllowed
@SuppressWarnings("unchecked")
@Around("@within(org.craftercms.commons.security.permissions.annotations.HasPermission) || " + "@annotation(org.craftercms.commons.security.permissions.annotations.HasPermission)")
public Object checkPermissions(ProceedingJoinPoint pjp) throws Throwable {
    boolean allowed;
    Method method = AopUtils.getActualMethod(pjp);
    HasPermission hasPermission = getHasPermissionAnnotation(method, pjp);
    Class<?> type = hasPermission.type();
    String action = hasPermission.action();
    Object securedObject = getAnnotatedSecuredObject(method, pjp);
    PermissionEvaluator permissionEvaluator = permissionEvaluators.get(type);
    if (securedObject != null) {
        logger.debug(LOG_KEY_METHOD_INT, method, hasPermission, securedObject);
    } else {
        logger.debug(LOG_KEY_METHOD_INT_NO_SEC_OBJ, method, hasPermission);
    }
    if (permissionEvaluator == null) {
        throw new PermissionException(ERROR_KEY_EVALUATOR_NOT_FOUND, type);
    }
    try {
        allowed = permissionEvaluator.isAllowed(securedObject, action);
    } catch (PermissionException e) {
        throw new PermissionException(ERROR_KEY_EVALUATION_FAILED, e);
    }
    if (allowed) {
        return pjp.proceed();
    } else if (securedObject != null) {
        throw new ActionDeniedException(hasPermission.action(), securedObject);
    } else {
        throw new ActionDeniedException(hasPermission.action());
    }
}