All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.icthh.xm.commons.permission.service.PermissionCheckService Maven / Gradle / Ivy

The newest version!
package com.icthh.xm.commons.permission.service;

import com.icthh.xm.commons.logging.aop.IgnoreLogginAspect;
import com.icthh.xm.commons.permission.access.subject.Subject;
import com.icthh.xm.commons.permission.service.rolestrategy.RoleStrategy;
import com.icthh.xm.commons.permission.service.translator.SpelTranslator;
import com.icthh.xm.commons.permission.utils.SecurityUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.expression.spel.SpelNode;
import org.springframework.expression.spel.standard.SpelExpression;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Service;

import java.io.Serializable;

@Slf4j
@Service
@IgnoreLogginAspect
public class PermissionCheckService {

    private static final String MULTIROLE_FLAG_FIELD_NAME = "multiRoleEnabled";

    private final RoleStrategy multiRoleStrategy;
    private final RoleStrategy singleRoleStrategy;

    public PermissionCheckService(@Qualifier("multiRoleStrategy") final RoleStrategy multiRoleStrategy,
                                  @Qualifier("singleRoleStrategy") final RoleStrategy singleRoleStrategy) {
        this.multiRoleStrategy = multiRoleStrategy;
        this.singleRoleStrategy = singleRoleStrategy;
    }

    /**
     * Check permission for role and privilege key only.
     *
     * @param authentication the authentication
     * @param privilege the privilege key
     * @return true if permitted
     */
    public boolean hasPermission(Authentication authentication, Object privilege) {
        return withStrategy(authentication).hasPermission(authentication, privilege);
    }

    /**
     * Check permission for role, privilege key and resource condition.
     *
     * @param authentication the authentication
     * @param resource the resource
     * @param privilege the privilege key
     * @return true if permitted
     */
    public boolean hasPermission(Authentication authentication, Object resource, Object privilege) {
        return withStrategy(authentication).hasPermission(authentication, resource, privilege);
    }

    /**
     * Check permission for role, privilege key, new resource and old resource.
     *
     * @param authentication the authentication
     * @param resource the old resource
     * @param resourceType the resource type
     * @param privilege the privilege key
     * @return true if permitted
     */
    public boolean hasPermission(Authentication authentication, Serializable resource, String resourceType,
                                 Object privilege) {
        return withStrategy(authentication).hasPermission(authentication, resource, resourceType, privilege);
    }

    /**
     * Create condition with replaced subject variables.
     *
     * 

SpEL condition translated to SQL condition with replacing #returnObject to returnObject * and enriching #subject.* from Subject object (see {@link Subject}). * *

As an option, SpEL could be translated to SQL * via {@link SpelExpression} method {@code getAST()} with traversing through {@link SpelNode} nodes and building SQL * expression. * * @param authentication the authentication * @param privilegeKey the privilege key * @param translator the spel translator * @return condition if permitted, or null */ public String createCondition(Authentication authentication, Object privilegeKey, SpelTranslator translator) { return withStrategy(authentication).createCondition(authentication, privilegeKey, translator); } private RoleStrategy withStrategy(Authentication authentication) { return isMultiRoleEnabled(authentication) ? multiRoleStrategy : singleRoleStrategy; } boolean isMultiRoleEnabled(final Authentication authentication) { try { return SecurityUtils.getAdditionalDetailsValueBoolean(authentication, MULTIROLE_FLAG_FIELD_NAME); } catch (Exception e) { log.error("Multi-role check failed, set multi-role as false, error: {}", e.getMessage(), e); return false; } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy