57 lines
2.3 KiB
Java
57 lines
2.3 KiB
Java
package gr.cite.annotation.web.authorization;
|
|
|
|
import gr.cite.annotation.authorization.AffiliatedAuthorizationRequirement;
|
|
import gr.cite.annotation.authorization.AffiliatedResource;
|
|
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
|
|
import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext;
|
|
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
|
|
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.stereotype.Component;
|
|
|
|
@Component("affiliatedAuthorizationHandler")
|
|
public class AffiliatedAuthorizationHandler extends AuthorizationHandler<AffiliatedAuthorizationRequirement> {
|
|
|
|
private final CustomPermissionAttributesConfiguration myConfiguration;
|
|
|
|
@Autowired
|
|
public AffiliatedAuthorizationHandler(CustomPermissionAttributesConfiguration myConfiguration) {
|
|
this.myConfiguration = myConfiguration;
|
|
}
|
|
|
|
@Override
|
|
public int handleRequirement(AuthorizationHandlerContext context, Object resource, AuthorizationRequirement requirement) {
|
|
AffiliatedAuthorizationRequirement req = (AffiliatedAuthorizationRequirement) requirement;
|
|
if (req.getRequiredPermissions() == null)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
AffiliatedResource rs = (AffiliatedResource) resource;
|
|
|
|
boolean isAuthenticated = ((MyPrincipal) context.getPrincipal()).isAuthenticated();
|
|
if (!isAuthenticated)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
if (myConfiguration.getMyPolicies() == null)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
int hits = 0;
|
|
Boolean entityAffiliated = rs != null && rs.getAffiliated() != null ? rs.getAffiliated() : null;
|
|
|
|
for (String permission : req.getRequiredPermissions()) {
|
|
CustomPermissionAttributesProperties.MyPermission policy = myConfiguration.getMyPolicies().get(permission);
|
|
boolean hasPermission = policy != null && policy.getEntityAffiliated() != null && policy.getEntityAffiliated() && entityAffiliated != null && entityAffiliated;
|
|
if (hasPermission) hits += 1;
|
|
}
|
|
if ((req.getMatchAll() && req.getRequiredPermissions().size() == hits) || (!req.getMatchAll() && hits > 0))
|
|
return ACCESS_GRANTED;
|
|
|
|
return ACCESS_NOT_DETERMINED;
|
|
}
|
|
|
|
@Override
|
|
public Class<? extends AuthorizationRequirement> supporting() {
|
|
return AffiliatedAuthorizationRequirement.class;
|
|
}
|
|
|
|
}
|