Clover icon

sunshower-core

  1. Project Clover database Fri Apr 6 2018 03:27:42 UTC
  2. Package io.sunshower.service.security

File SpringPermissionsService.java

 

Coverage histogram

../../../../img/srcFileCovDistChart2.png
54% of files have more coverage

Code metrics

2
22
5
1
85
74
7
0.32
4.4
5
1.4

Classes

Class Line # Actions
SpringPermissionsService 22 22 7
0.2068965620.7%
 

Contributing tests

This file is covered by 4 tests. .

Source view

1    package io.sunshower.service.security;
2   
3    import io.sunshower.model.core.auth.*;
4    import io.sunshower.persistence.core.Persistable;
5    import java.util.Objects;
6    import javax.inject.Inject;
7    import javax.persistence.EntityManager;
8    import javax.persistence.PersistenceContext;
9    import org.springframework.security.access.AccessDeniedException;
10    import org.springframework.security.access.PermissionEvaluator;
11    import org.springframework.security.acls.domain.ObjectIdentityImpl;
12    import org.springframework.security.acls.domain.PrincipalSid;
13    import org.springframework.security.acls.model.*;
14    import org.springframework.security.acls.model.ObjectIdentity;
15    import org.springframework.security.acls.model.Permission;
16    import org.springframework.security.core.Authentication;
17    import org.springframework.security.core.GrantedAuthority;
18    import org.springframework.security.core.context.SecurityContextHolder;
19    import org.springframework.transaction.annotation.Transactional;
20   
21    @Transactional
 
22    public class SpringPermissionsService implements PermissionsService<Permission> {
23   
24    @Inject private AuthenticationSession session;
25   
26    @Inject private AclService aclService;
27   
28    @PersistenceContext private EntityManager entityManager;
29   
30    @Inject private PermissionEvaluator permissionEvaluator;
31   
 
32  4 toggle public void impersonate(Action action, GrantedAuthority... roles) {
33  4 final Authentication impersonatedAuthentication = new Impersonation(roles);
34  4 try {
35  4 SecurityContextHolder.getContext().setAuthentication(impersonatedAuthentication);
36  4 action.apply();
37    } finally {
38  4 SecurityContextHolder.getContext().setAuthentication(session);
39    }
40    }
41   
 
42  0 toggle @Override
43    public <T extends Persistable> void grantWithCurrentSession(
44    Class<T> type, T instance, Permission... permissions) {
45  0 final ObjectIdentity oid = new ObjectIdentityImpl(type, instance.getId());
46  0 Sid sid = new PrincipalSid(session.getUsername());
47  0 MutableAcl acl;
48  0 try {
49  0 acl = (MutableAcl) aclService.readAclById(oid);
50    } catch (NotFoundException ex) {
51  0 acl = ((MutableAclService) aclService).createAcl(oid);
52    }
53  0 for (Permission permission : permissions) {
54  0 acl.insertAce(acl.getEntries().size(), permission, sid, true);
55    }
56  0 ((MutableAclService) aclService).updateAcl(acl);
57    }
58   
 
59  0 toggle @Override
60    public <T extends ProtectedDistributableEntity> void checkPermission(
61    T instance, Permission... permissions) {
62  0 Objects.requireNonNull(instance, "Cannot check permissions on null object");
63  0 org.springframework.security.core.Authentication authentication =
64    SecurityContextHolder.getContext().getAuthentication();
65  0 for (Permission permission : permissions) {
66  0 boolean b = permissionEvaluator.hasPermission(authentication, instance, permission);
67  0 if (!b) {
68  0 throw new AccessDeniedException(
69    String.format(
70    "Authentication %s does not have permission %s on object %s",
71    authentication, permission, instance));
72    }
73    }
74    }
75   
 
76  0 toggle @Override
77    public <T extends Persistable> void revokeOnCurrentSession(
78    Class<T> type, T instance, Permission... permissions) {}
79   
 
80  0 toggle @Override
81    public <T extends Persistable> void delete(Class<T> type, T instance) {
82  0 final ObjectIdentity oid = new ObjectIdentityImpl(type, instance.getId());
83  0 ((MutableAclService) aclService).deleteAcl(oid, true);
84    }
85    }