70 lines
2.4 KiB
Java
70 lines
2.4 KiB
Java
package eu.eudat.authorization;
|
|
|
|
import eu.eudat.commons.enums.DmpUserRole;
|
|
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
|
|
import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext;
|
|
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
|
|
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.stereotype.Component;
|
|
|
|
import java.util.HashSet;
|
|
|
|
@Component("affiliatedAuthorizationHandler")
|
|
public class AffiliatedAuthorizationHandler extends AuthorizationHandler<AffiliatedAuthorizationRequirement> {
|
|
|
|
private final CustomPermissionAttributesConfiguration myConfiguration;
|
|
|
|
@Autowired
|
|
public AffiliatedAuthorizationHandler(CustomPermissionAttributesConfiguration myConfiguration) {
|
|
this.myConfiguration = myConfiguration;
|
|
}
|
|
|
|
@Override
|
|
public int handleRequirement(AuthorizationHandlerContext context, Object resource, AuthorizationRequirement requirement) {
|
|
AffiliatedAuthorizationRequirement req = (AffiliatedAuthorizationRequirement) requirement;
|
|
if (req.getRequiredPermissions() == null)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
AffiliatedResource rs = (AffiliatedResource) resource;
|
|
|
|
boolean isAuthenticated = ((MyPrincipal) context.getPrincipal()).isAuthenticated();
|
|
if (!isAuthenticated)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
if (myConfiguration.getMyPolicies() == null)
|
|
return ACCESS_NOT_DETERMINED;
|
|
|
|
int hits = 0;
|
|
HashSet<DmpUserRole> roles = rs != null && rs.getDmpUserRoles() != null ? rs.getDmpUserRoles() : null;
|
|
|
|
for (String permission : req.getRequiredPermissions()) {
|
|
CustomPermissionAttributesProperties.MyPermission policy = myConfiguration.getMyPolicies().get(permission);
|
|
boolean hasPermission = policy != null && hasPermission(policy.getDmp(), roles);
|
|
if (hasPermission) hits += 1;
|
|
}
|
|
if ((req.getMatchAll() && req.getRequiredPermissions().size() == hits) || (!req.getMatchAll() && hits > 0))
|
|
return ACCESS_GRANTED;
|
|
|
|
return ACCESS_NOT_DETERMINED;
|
|
}
|
|
|
|
private Boolean hasPermission(DmpRole dmpRole, HashSet<DmpUserRole> roles) {
|
|
if (roles == null)
|
|
return Boolean.FALSE;
|
|
if (dmpRole == null || dmpRole.getRoles() == null)
|
|
return Boolean.FALSE;
|
|
for (DmpUserRole role : dmpRole.getRoles()) {
|
|
if (roles.contains(role))
|
|
return Boolean.TRUE;
|
|
}
|
|
return Boolean.FALSE;
|
|
}
|
|
|
|
@Override
|
|
public Class<? extends AuthorizationRequirement> supporting() {
|
|
return AffiliatedAuthorizationRequirement.class;
|
|
}
|
|
|
|
}
|