use of org.springframework.security.acls.model.AclDataAccessException in project cloud-pipeline by epam.
the class GrantPermissionManager method isActionAllowedForUser.
/**
* Checks whether actions is allowed for a user
* Each {@link Permission} is processed individually since default permission resolving will
* allow actions if any of {@link Permission} is allowed, and we need all {@link Permission}
* to be granted
* @param entity
* @param user
* @param permissions
* @return
*/
public boolean isActionAllowedForUser(AbstractSecuredEntity entity, String user, List<Permission> permissions) {
List<Sid> sids = convertUserToSids(user);
if (isAdmin(sids) || entity.getOwner().equalsIgnoreCase(user)) {
return true;
}
MutableAcl acl = aclService.getOrCreateObjectIdentity(entity);
try {
for (Permission permission : permissions) {
boolean isGranted = acl.isGranted(Collections.singletonList(permission), sids, true);
if (!isGranted) {
return false;
}
}
} catch (AclDataAccessException e) {
LOGGER.warn(e.getMessage());
return false;
}
return true;
}
Aggregations