From 96a03e8768daa021bed0abcf1f922ee53c457589 Mon Sep 17 00:00:00 2001
From: "lucio.lelii" <lucio.lelii@isti.cnr.it>
Date: Thu, 29 Nov 2018 18:17:29 +0000
Subject: [PATCH] git-svn-id:
 http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@174481
 82a268e6-3cf1-43bd-a215-b396298e98cf

---
 .classpath                                               | 2 +-
 .settings/org.eclipse.jdt.core.prefs                     | 6 +++---
 pom.xml                                                  | 2 +-
 .../library/annotations/AuthorizationControl.java        | 3 ++-
 .../library/aspect/AuthorizationAspect.java              | 9 +++++++--
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/.classpath b/.classpath
index e43402f..fae1a2b 100644
--- a/.classpath
+++ b/.classpath
@@ -22,7 +22,7 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 6249222..672496e 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,12 +1,12 @@
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.debug.lineNumber=generate
 org.eclipse.jdt.core.compiler.debug.localVariable=generate
 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/pom.xml b/pom.xml
index 8db2f29..480d2be 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.gcube.common</groupId>
 	<artifactId>common-authorization</artifactId>
-	<version>2.1.1-SNAPSHOT</version>
+	<version>2.1.3-SNAPSHOT</version>
 	<name>authorization service common library</name>
 
 	<parent>
diff --git a/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java b/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
index f9cfeb2..6f35b31 100644
--- a/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
+++ b/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
@@ -13,5 +13,6 @@ import org.gcube.common.authorization.library.policies.Action;
 @Target(ElementType.METHOD)
 public @interface AuthorizationControl {
 	
-	Action[] check() default {Action.ALL}; 
+	Action[] actions() default {Action.ALL}; 
+	String[] allowed() default {}; 
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java b/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
index 018b6ea..738e0d8 100644
--- a/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
+++ b/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
@@ -2,6 +2,7 @@
 package org.gcube.common.authorization.library.aspect;
 
 import java.lang.reflect.Method;
+import java.util.Arrays;
 
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@@ -9,6 +10,7 @@ import org.aspectj.lang.annotation.Before;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.gcube.common.authorization.library.annotations.AuthorizationControl;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -16,7 +18,7 @@ import org.slf4j.LoggerFactory;
 public class AuthorizationAspect {
 
 	Logger log = LoggerFactory.getLogger(AuthorizationAspect.class);
-	
+		
 	@Pointcut("@annotation(org.gcube.common.authorization.library.annotations.AuthorizationControl)")
 	public void authorizationEntyPoint() {
 	}
@@ -30,7 +32,10 @@ public class AuthorizationAspect {
 		MethodSignature signature = (MethodSignature) joinPoint.getSignature();
 	    Method method = signature.getMethod();
 		AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
-		log.info("aspect before with annotation {} and value {} in method {}", authAnn.annotationType(), authAnn.check(), method.getName());
+		log.info("aspect before with annotation {} and value {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowed(), method.getName());
+		String userId = AuthorizationProvider.instance.get().getClient().getId();
+		if (authAnn.allowed().length!=0 && !Arrays.asList(authAnn.allowed()).contains(userId))
+				throw new RuntimeException("user not allowed to call method "+method.getName());
 	}
 	
 }