View Javadoc
1   package fr.ifremer.reefdb.security;
2   
3   /*
4    * #%L
5    * Reef DB :: Core
6    * $Id:$
7    * $HeadURL:$
8    * %%
9    * Copyright (C) 2014 - 2015 Ifremer
10   * %%
11   * This program is free software: you can redistribute it and/or modify
12   * it under the terms of the GNU Affero General Public License as published by
13   * the Free Software Foundation, either version 3 of the License, or
14   * (at your option) any later version.
15   * 
16   * This program is distributed in the hope that it will be useful,
17   * but WITHOUT ANY WARRANTY; without even the implied warranty of
18   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19   * GNU General Public License for more details.
20   * 
21   * You should have received a copy of the GNU Affero General Public License
22   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
23   * #L%
24   */
25  
26  import fr.ifremer.quadrige3.core.security.SecurityContextHelper;
27  import org.springframework.security.access.PermissionEvaluator;
28  import org.springframework.security.core.Authentication;
29  import org.springframework.stereotype.Service;
30  
31  import java.io.Serializable;
32  
33  /**
34   * <p>ReefDbPermissionEvaluator class.</p>
35   *
36   * @author Ludovic Pecquot <ludovic.pecquot@e-is.pro>
37   */
38  @Service("reefDbPermissionEvaluator")
39  public class ReefDbPermissionEvaluator implements PermissionEvaluator {
40  
41  //    @Autowired
42  //    @Lazy
43  //    LandingService landingService;
44  
45      /** {@inheritDoc} */
46      @Override
47      public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
48          return hasPermission(authentication, targetDomainObject instanceof Serializable ? (Serializable) targetDomainObject : null, null, permission);
49      }
50  
51      /** {@inheritDoc} */
52      @Override
53      public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
54  
55          // basic permission
56          if (!SecurityContextHelper.hasAuthority(authentication, permission)) {
57              return false;
58          }
59  
60          // specific permission
61          // TODO mieux gérer ce test en fonction des cas spécifiques
62  /*        if (StringUtils.isNotBlank(targetType) && targetId != null) {
63  
64              boolean result = false;
65  
66              switch (targetType) {
67                  case ReefDbPermissionType.DELETE_OBSERVED_LOCATION: {
68                      // no specific restriction because authenticated user has passed the basic permission evaluator
69                      result = true;
70                  }
71                  break;
72  
73                  case ReefDbPermissionType.DELETE_LANDING:
74                  case ReefDbPermissionType.REMOVE_LANDING_LINK_TO_FISHING_TRIP: {
75  
76  //                if (SecurityContextHelper.hasAuthority(authentication, ReefDbAuthority.SUPERUSER)
77  //                    || (SecurityContextHelper.hasAuthority(authentication, ReefDbAuthority.USER)
78  //                    && !landingService.isLandingHasData((Integer) targetId))) {
79  //                    result = true;
80  //                }
81  
82                  }
83                  break;
84  
85              }
86  
87              return result;
88          }*/
89  
90          return true;
91      }
92  
93  }