RestrictCombineAction.java

package security;

import java.util.List;

import play.Logger;
import play.Logger.ALogger;
import play.libs.F.Promise;
import play.mvc.Http.Context;
import play.mvc.Http.Request;
import play.mvc.SimpleResult;
import be.objectify.deadbolt.java.DeadboltHandler;
import be.objectify.deadbolt.java.actions.AbstractRestrictiveAction;
import be.objectify.deadbolt.core.models.Permission;
import be.objectify.deadbolt.core.models.Subject;

public class RestrictCombineAction extends
		AbstractRestrictiveAction<RestrictCombine> {

	private static ALogger log = Logger.of(RestrictCombineAction.class);

	private boolean isAllowed(Context ctx, DeadboltHandler deadboltHandler) {
		if (log.isDebugEnabled())
			log.debug("isAllowed() <-");

		Subject roleHolder = getSubject(ctx, deadboltHandler);

		boolean roleOk = false;
		if (roleHolder != null) {
			roleOk = checkRole(roleHolder, configuration.roles());
		}

		if (!roleOk) {
			roleOk = checkPermission(roleHolder, configuration.with(), ctx);
		}

		return roleOk;
	}

	private boolean checkPermission(Subject roleHolder, Class<? extends RequestPermission> permissionClass,
			Context ctx) {
		if (log.isDebugEnabled())
			log.debug("checkPermission() <-");
		
		RequestPermission permission = null;
		try {
			permission = permissionClass.newInstance();
		} catch (Exception e) {
			log.error("cannot create permission", e);
			return false;
		}
		
		List<? extends Permission> permissions = roleHolder.getPermissions();
		
		Request request = ctx.request();
		if (log.isDebugEnabled())
			log.debug("request : " + request);
		String path = request.path();
		if (log.isDebugEnabled())
			log.debug("path : " + path);
		return permission.isAllowed(request, permissions);
	}

	@Override
	public Class<? extends DeadboltHandler> getDeadboltHandlerClass() {
		return configuration.handler();
	}

	@Override
	public Promise<SimpleResult> applyRestriction(Context ctx,
			DeadboltHandler deadboltHandler) throws Throwable {
		
		Promise<SimpleResult> result;
		
		if (isAllowed(ctx, deadboltHandler)) {
			markActionAsAuthorised(ctx);
			result = delegate.call(ctx);
		} else {
			markActionAsUnauthorised(ctx);
			result = onAuthFailure(deadboltHandler, configuration.content(),
					ctx);
		}

		return result;
	}

	@Override
	public String getHandlerKey() {
		return null;
	}

}