package br.com.triadworks.issuetracker.security;
import java.io.Serializable;
import javax.inject.Inject;
import javax.interceptor.Interceptor;
import org.conventionsframework.qualifier.SecurityMethod;
import org.conventionsframework.security.BaseSecurityInterceptor;
import br.com.triadworks.issuetracker.qualifier.UserRole;
@Interceptor
@SecurityMethod
public class SecurityInterceptor extends BaseSecurityInterceptor implements Serializable{
private static final long serialVersionUID = 1L;
/**
*
* @param list of roles allowed to execute the method
* @return true if user has permission to execute the method and false otherwise
*/
@Inject
@UserRole
private String currentRole;
public boolean checkUserPermissions(String[] rolesAllowed) {
// user role(s) should be extracted from current logged user
if (currentRole == null || "".endsWith(currentRole)) {
return false;
}
for (String role : rolesAllowed) {
if (currentRole.equals(role)) {
return true;
}
}
return false;
}
}