protected IPrivilege CreatePrivilegeFromServiceResult(IObjRef objRef, IPrivilegeOfService privilegeOfService) { IPropertyPrivilegeOfService[] propertyPrivilegesOfService = privilegeOfService.PropertyPrivileges; if (propertyPrivilegesOfService == null || propertyPrivilegesOfService.Length == 0) { return(SimplePrivilegeImpl.CreateFrom(privilegeOfService)); } String[] propertyPrivilegeNames = privilegeOfService.PropertyPrivilegeNames; IEntityMetaData metaData = EntityMetaDataProvider.GetMetaData(objRef.RealType); IPropertyPrivilege[] primitivePropertyPrivileges = new IPropertyPrivilege[metaData.PrimitiveMembers.Length]; IPropertyPrivilege[] relationPropertyPrivileges = new IPropertyPrivilege[metaData.RelationMembers.Length]; IPropertyPrivilege defaultPropertyPrivilege = PropertyPrivilegeImpl.CreateFrom(privilegeOfService); Arrays.Fill(primitivePropertyPrivileges, defaultPropertyPrivilege); Arrays.Fill(relationPropertyPrivileges, defaultPropertyPrivilege); for (int b = propertyPrivilegesOfService.Length; b-- > 0;) { IPropertyPrivilegeOfService propertyPrivilegeOfService = propertyPrivilegesOfService[b]; String propertyName = InterningFeature.Intern(propertyPrivilegeNames[b]); IPropertyPrivilege propertyPrivilege = PropertyPrivilegeImpl.Create(propertyPrivilegeOfService.CreateAllowed, propertyPrivilegeOfService.ReadAllowed, propertyPrivilegeOfService.UpdateAllowed, propertyPrivilegeOfService.DeleteAllowed); if (metaData.IsRelationMember(propertyName)) { relationPropertyPrivileges[metaData.GetIndexByRelationName(propertyName)] = propertyPrivilege; } if (metaData.IsPrimitiveMember(propertyName)) { primitivePropertyPrivileges[metaData.GetIndexByPrimitiveName(propertyName)] = propertyPrivilege; } } return(EntityPrivilegeFactoryProvider.GetEntityPrivilegeFactory(metaData.EntityType, privilegeOfService.CreateAllowed, privilegeOfService.ReadAllowed, privilegeOfService.UpdateAllowed, privilegeOfService.DeleteAllowed, privilegeOfService.ExecuteAllowed).CreatePrivilege(privilegeOfService.CreateAllowed, privilegeOfService.ReadAllowed, privilegeOfService.UpdateAllowed, privilegeOfService.DeleteAllowed, privilegeOfService.ExecuteAllowed, primitivePropertyPrivileges, relationPropertyPrivileges)); }
public static IPrivilege CreateFrom(IPrivilegeOfService privilegeOfService) { return(Create(privilegeOfService.CreateAllowed, privilegeOfService.ReadAllowed, privilegeOfService.UpdateAllowed, privilegeOfService.DeleteAllowed, privilegeOfService.ExecuteAllowed)); }
public IPrivilegeResult GetPrivilegesByObjRef <V>(IList <V> objRefs, params ISecurityScope[] securityScopes) where V : IObjRef { ISecurityContext context = SecurityContextHolder.Context; IAuthorization authorization = context != null ? context.Authorization : null; if (authorization == null) { throw new SecurityException("User must be authenticated to be able to check for privileges"); } if (securityScopes.Length == 0) { throw new ArgumentException("No " + typeof(ISecurityScope).Name + " provided to check privileges against"); } List <IObjRef> missingObjRefs = new List <IObjRef>(); lock (writeLock) { IPrivilegeResult result = CreateResult(objRefs, securityScopes, missingObjRefs, authorization, null); if (missingObjRefs.Count == 0) { return(result); } } if (PrivilegeService == null) { throw new SecurityException("No bean of type " + typeof(IPrivilegeService).FullName + " could be injected. Privilege functionality is deactivated. The current operation is not supported"); } String userSID = authorization.SID; IList <IPrivilegeOfService> privilegeResults = PrivilegeService.GetPrivileges(missingObjRefs.ToArray(), securityScopes); lock (writeLock) { HashMap <PrivilegeKey, IPrivilege> privilegeResultOfNewEntities = null; for (int a = 0, size = privilegeResults.Count; a < size; a++) { IPrivilegeOfService privilegeResult = privilegeResults[a]; IObjRef reference = privilegeResult.Reference; PrivilegeKey privilegeKey = new PrivilegeKey(reference.RealType, reference.IdNameIndex, reference.Id, userSID); bool useCache = true; if (privilegeKey.Id == null) { useCache = false; privilegeKey.Id = reference; } privilegeKey.SecurityScope = InterningFeature.Intern(privilegeResult.SecurityScope.Name); IPrivilege privilege = CreatePrivilegeFromServiceResult(reference, privilegeResult); if (useCache) { privilegeCache.Put(privilegeKey, privilege); } else { if (privilegeResultOfNewEntities == null) { privilegeResultOfNewEntities = new HashMap <PrivilegeKey, IPrivilege>(); } privilegeResultOfNewEntities.Put(privilegeKey, privilege); } } return(CreateResult(objRefs, securityScopes, null, authorization, privilegeResultOfNewEntities)); } }