SelfServiceUserAccessVote.java example

Explorer
MIFOSX-master
- mifosng-provider
  - src
/**
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/.
 */
package org.mifosplatform.infrastructure.security.vote;

import java.util.Collection;

import org.mifosplatform.useradministration.domain.AppUser;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;

public class SelfServiceUserAccessVote implements AccessDecisionVoter<FilterInvocation> {

	@Override
	public boolean supports(@SuppressWarnings("unused") ConfigAttribute attribute) {
		// This implementation supports any attribute, because it does not rely on it.
		return true;
	}

	@Override
	public boolean supports(Class<?> clazz) {
		return FilterInvocation.class.isAssignableFrom(clazz);
	}

	@Override
	public int vote(final Authentication authentication, final FilterInvocation fi,
			@SuppressWarnings("unused") final Collection<ConfigAttribute> attributes) {
		if(!"OPTIONS".equalsIgnoreCase(fi.getHttpRequest().getMethod())){
			AppUser user = (AppUser) authentication.getPrincipal();
			
			String pathURL = fi.getRequestUrl();
			boolean isSelfServiceRequest = (pathURL != null && pathURL.contains("/self/"));

			boolean notAllowed = ((isSelfServiceRequest && !user.isSelfServiceUser())
					||(!isSelfServiceRequest && user.isSelfServiceUser()));
			
			if(notAllowed){
				return ACCESS_DENIED;
			}
		}
		return ACCESS_GRANTED;
	}

}