Search in sources :

Example 1 with AclDataAccessException

use of org.springframework.security.acls.model.AclDataAccessException in project cloud-pipeline by epam.

the class GrantPermissionManager method isActionAllowedForUser.

/**
 * Checks whether actions is allowed for a user
 * Each {@link Permission} is processed individually since default permission resolving will
 * allow actions if any of {@link Permission} is allowed, and we need all {@link Permission}
 * to be granted
 * @param entity
 * @param user
 * @param permissions
 * @return
 */
public boolean isActionAllowedForUser(AbstractSecuredEntity entity, String user, List<Permission> permissions) {
    List<Sid> sids = convertUserToSids(user);
    if (isAdmin(sids) || entity.getOwner().equalsIgnoreCase(user)) {
        return true;
    }
    MutableAcl acl = aclService.getOrCreateObjectIdentity(entity);
    try {
        for (Permission permission : permissions) {
            boolean isGranted = acl.isGranted(Collections.singletonList(permission), sids, true);
            if (!isGranted) {
                return false;
            }
        }
    } catch (AclDataAccessException e) {
        LOGGER.warn(e.getMessage());
        return false;
    }
    return true;
}
Also used : AclDataAccessException(org.springframework.security.acls.model.AclDataAccessException) AclPermission(com.epam.pipeline.security.acl.AclPermission) EntityPermission(com.epam.pipeline.entity.security.acl.EntityPermission) Permission(org.springframework.security.acls.model.Permission) MutableAcl(org.springframework.security.acls.model.MutableAcl) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) AclSid(com.epam.pipeline.entity.security.acl.AclSid)

Aggregations

AclSid (com.epam.pipeline.entity.security.acl.AclSid)1 EntityPermission (com.epam.pipeline.entity.security.acl.EntityPermission)1 AclPermission (com.epam.pipeline.security.acl.AclPermission)1 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)1 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)1 AclDataAccessException (org.springframework.security.acls.model.AclDataAccessException)1 MutableAcl (org.springframework.security.acls.model.MutableAcl)1 Permission (org.springframework.security.acls.model.Permission)1 Sid (org.springframework.security.acls.model.Sid)1