|
|
|
@ -107,10 +107,11 @@ public class Util {
|
|
|
|
|
public static <T, R extends Identifiable> R getUserAuthorizedObject(
|
|
|
|
|
T id, Class<R> objectClass, EntityManager entityManager) throws NoSuchObjectException, InternalSecurityException{
|
|
|
|
|
String caller = AuthorizationProvider.instance.get().getClient().getId();
|
|
|
|
|
String scope = ScopeProvider.instance.get();
|
|
|
|
|
R sTr = entityManager.find(objectClass, id);
|
|
|
|
|
if (sTr==null || !sTr.getScopes().contains(ScopeProvider.instance.get())) throw new NoSuchObjectException();
|
|
|
|
|
if (!sTr.getOwner().equals(caller) && !sTr.getSharedWith().contains(String.format("u(%s)", caller)) &&
|
|
|
|
|
!sTr.getSharedWith().contains(String.format("g(%s)", caller)))
|
|
|
|
|
!sTr.getSharedWith().contains(String.format("g(%s)", scope)))
|
|
|
|
|
throw new InternalSecurityException(caller+" is not authorized to use "+objectClass.getName()+" with id "+id.toString());
|
|
|
|
|
return sTr;
|
|
|
|
|
}
|
|
|
|
|