• Home
• org.picketlink
• picketlink-idm-api
• 2.5.4.SP1
• source code
• PersistentPermissionVoter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.picketlink.idm.permission.acl.spi.PersistentPermissionVoter Maven / Gradle / Ivy

package org.picketlink.idm.permission.acl.spi;

import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.PermissionManager;
import org.picketlink.idm.RelationshipManager;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.permission.IdentityPermission;
import org.picketlink.idm.permission.Permission;
import org.picketlink.idm.permission.spi.PermissionVoter;

import java.io.Serializable;
import java.util.List;

/**
 *
 * @author Shane Bryzak
 */
public class PersistentPermissionVoter implements PermissionVoter {

    private final PartitionManager partitionManager;

    public PersistentPermissionVoter(PartitionManager partitionManager) {
        this.partitionManager = partitionManager;
    }

    public VotingResult hasPermission(IdentityType recipient, Object resource, String operation) {
        if (recipient == null) {
            throw new IllegalArgumentException("recipient must not be null");
        }


        List permissions = getPermissionManager(recipient).listPermissions(resource, operation);

        return checkPermission(recipient, permissions);
    }

    public VotingResult hasPermission(IdentityType recipient, Class resourceClass, Serializable identifier, String operation) {
        if (recipient == null) {
            throw new IllegalArgumentException("recipient must not be null");
        }

        List permissions = getPermissionManager(recipient).listPermissions(resourceClass, identifier, operation);

        return checkPermission(recipient, permissions);
    }

    private PermissionManager getPermissionManager(IdentityType recipient) {
        return partitionManager.createPermissionManager(recipient.getPartition());
    }

    private VotingResult checkPermission(IdentityType recipient, List permissions) {
        RelationshipManager relationshipManager = partitionManager.createRelationshipManager();

        for (Permission permission : permissions) {
            if (permission instanceof IdentityPermission) {
                IdentityPermission idPermission = (IdentityPermission) permission;

                if (relationshipManager.inheritsPrivileges(recipient, idPermission.getAssignee())) {
                    return VotingResult.ALLOW;
                }
            }
        }

        return VotingResult.NOT_APPLICABLE;
    }
}