public ITypePrivilegeResult GetPrivilegesByType(IList <Type> entityTypes, params ISecurityScope[] securityScopes)
{
ISecurityContext context = SecurityContextHolder.Context;
IAuthorization authorization = context != null ? context.Authorization : null;
if (authorization == null)
{
throw new SecurityException("User must be authorized to be able to check for privileges");
}
if (securityScopes.Length == 0)
{
throw new ArgumentException("No " + typeof(ISecurityScope).Name + " provided to check privileges against");
}
List <Type> missingEntityTypes = new List <Type>();
Object writeLock = this.writeLock;
lock (writeLock)
{
ITypePrivilegeResult result = CreateResultByType(entityTypes, securityScopes, missingEntityTypes, authorization);
if (missingEntityTypes.Count == 0)
{
return(result);
}
}
if (PrivilegeService == null)
{
throw new SecurityException("No bean of type " + typeof(IPrivilegeService).FullName
+ " could be injected. Privilege functionality is deactivated. The current operation is not supported");
}
String userSID = authorization.SID;
IList <ITypePrivilegeOfService> privilegeResults = PrivilegeService.GetPrivilegesOfTypes(missingEntityTypes.ToArray(), securityScopes);
lock (writeLock)
{
for (int a = 0, size = privilegeResults.Count; a < size; a++)
{
ITypePrivilegeOfService privilegeResult = privilegeResults[a];
Type entityType = privilegeResult.EntityType;
String securityScope = InterningFeature.Intern(privilegeResult.SecurityScope.Name);
ITypePrivilege pi = CreateTypePrivilegeFromServiceResult(entityType, privilegeResult);
entityTypePrivilegeCache.Put(entityType, securityScope, userSID, pi);
}
return(CreateResultByType(entityTypes, securityScopes, null, authorization));
}
}
protected ITypePrivilegeResult CreateResultByType(IList <Type> entityTypes, ISecurityScope[] securityScopes, IList <Type> missingEntityTypes,
IAuthorization authorization)
{
ITypePrivilege[] result = new ITypePrivilege[entityTypes.Count];
String userSID = authorization.SID;
for (int index = entityTypes.Count; index-- > 0;)
{
Type entityType = entityTypes[index];
if (entityType == null)
{
continue;
}
ITypePrivilege mergedTypePrivilege = null;
for (int a = securityScopes.Length; a-- > 0;)
{
ITypePrivilege existingTypePrivilege = entityTypePrivilegeCache.Get(entityType, securityScopes[a].Name, userSID);
if (existingTypePrivilege == null)
{
mergedTypePrivilege = null;
break;
}
if (mergedTypePrivilege == null)
{
// Take first existing privilege as a start
mergedTypePrivilege = existingTypePrivilege;
}
else
{
// Merge all other existing privileges by boolean OR
throw new NotSupportedException("Not yet implemented");
}
}
if (mergedTypePrivilege == null)
{
if (missingEntityTypes != null)
{
missingEntityTypes.Add(entityType);
continue;
}
mergedTypePrivilege = SkipAllTypePrivilege.INSTANCE;
}
result[index] = mergedTypePrivilege;
}
return(new TypePrivilegeResult(authorization.SID, result));
}
public static ITypePropertyPrivilege CreateFrom(ITypePrivilege privilegeAsTemplate)
{
return(Create(privilegeAsTemplate.CreateAllowed, privilegeAsTemplate.ReadAllowed, privilegeAsTemplate.UpdateAllowed,
privilegeAsTemplate.DeleteAllowed));
}
