use of org.pmiops.workbench.model.Authority in project workbench by all-of-us.
the class AuthInterceptor method hasRequiredAuthority.
boolean hasRequiredAuthority(Method controllerMethod, User user) {
String controllerMethodName = controllerMethod.getDeclaringClass().getName() + "." + controllerMethod.getName();
AuthorityRequired req = controllerMethod.getAnnotation(AuthorityRequired.class);
if (req != null) {
if (user == null) {
throw new BadRequestException("User is not initialized; please register");
}
// Fetch the user with authorities, since they aren't loaded during normal
user = userDao.findUserWithAuthorities(user.getUserId());
Collection<Authority> granted = user.getAuthorities();
if (granted.containsAll(Arrays.asList(req.value()))) {
return true;
} else {
log.log(Level.INFO, "{0} required authorities {1} but user had only {2}.", new Object[] { controllerMethodName, Arrays.toString(req.value()), Arrays.toString(granted.toArray()) });
return false;
}
}
// No @AuthorityRequired annotation found at runtime, default to allowed.
return true;
}
use of org.pmiops.workbench.model.Authority in project workbench by all-of-us.
the class AuthInterceptorTest method authorityCheckPermitsWhenUserHasAuthority.
@Test
public void authorityCheckPermitsWhenUserHasAuthority() throws Exception {
User userWithAuthorities = new User();
Set<Authority> required = new HashSet<Authority>();
required.add(Authority.REVIEW_RESEARCH_PURPOSE);
userWithAuthorities.setAuthorities(required);
when(userDao.findUserWithAuthorities(USER_ID)).thenReturn(userWithAuthorities);
Method apiControllerMethod = FakeApiController.class.getMethod("handle");
assertThat(interceptor.hasRequiredAuthority(apiControllerMethod, user)).isTrue();
}
Aggregations