use of org.craftercms.commons.security.permissions.PermissionEvaluator in project commons by craftercms.
the class HasPermissionAnnotationHandler method checkPermissions.
// cortiz, OK permissionEvaluator.isAllowed
@SuppressWarnings("unchecked")
@Around("@within(org.craftercms.commons.security.permissions.annotations.HasPermission) || " + "@annotation(org.craftercms.commons.security.permissions.annotations.HasPermission)")
public Object checkPermissions(ProceedingJoinPoint pjp) throws Throwable {
boolean allowed;
Method method = AopUtils.getActualMethod(pjp);
HasPermission hasPermission = getHasPermissionAnnotation(method, pjp);
Class<?> type = hasPermission.type();
String action = hasPermission.action();
Object securedObject = getAnnotatedSecuredObject(method, pjp);
PermissionEvaluator permissionEvaluator = permissionEvaluators.get(type);
if (securedObject != null) {
logger.debug(LOG_KEY_METHOD_INT, method, hasPermission, securedObject);
} else {
logger.debug(LOG_KEY_METHOD_INT_NO_SEC_OBJ, method, hasPermission);
}
if (permissionEvaluator == null) {
throw new PermissionException(ERROR_KEY_EVALUATOR_NOT_FOUND, type);
}
try {
allowed = permissionEvaluator.isAllowed(securedObject, action);
} catch (PermissionException e) {
throw new PermissionException(ERROR_KEY_EVALUATION_FAILED, e);
}
if (allowed) {
return pjp.proceed();
} else if (securedObject != null) {
throw new ActionDeniedException(hasPermission.action(), securedObject);
} else {
throw new ActionDeniedException(hasPermission.action());
}
}
Aggregations