Example 1 with AbstractPermission
use of org.springframework.security.acls.domain.AbstractPermission in project molgenis by molgenis.
the class EntityTypeRepositorySecurityDecorator method isOperationPermitted.
@Override
public boolean isOperationPermitted(Object id, Action action) {
AbstractPermission permission = getPermissionForOperation(action);
boolean hasPermission = userPermissionEvaluator.hasPermission(new EntityTypeIdentity(id.toString()), permission);
if (hasPermission && !permission.equals(EntityTypePermission.COUNT)) {
boolean isSystem = systemEntityTypeRegistry.hasSystemEntityType(id.toString());
if (isSystem && !currentUserIsSystem()) {
throw new MolgenisDataException(format("No [%s] permission on EntityType [%s]", toMessagePermission(action), id));
}
}
return hasPermission;
}
Also used :
EntityTypeIdentity(org.molgenis.data.security.EntityTypeIdentity)
MolgenisDataException(org.molgenis.data.MolgenisDataException)
AbstractPermission(org.springframework.security.acls.domain.AbstractPermission)
Aggregations
MolgenisDataException (org.molgenis.data.MolgenisDataException)1
EntityTypeIdentity (org.molgenis.data.security.EntityTypeIdentity)1
AbstractPermission (org.springframework.security.acls.domain.AbstractPermission)1
