package security;
import java.util.List;
import play.Logger;
import play.Logger.ALogger;
import play.libs.F.Promise;
import play.mvc.Http.Context;
import play.mvc.Http.Request;
import play.mvc.SimpleResult;
import be.objectify.deadbolt.java.DeadboltHandler;
import be.objectify.deadbolt.java.actions.AbstractRestrictiveAction;
import be.objectify.deadbolt.core.models.Permission;
import be.objectify.deadbolt.core.models.Subject;
public class RestrictCombineAction extends
AbstractRestrictiveAction<RestrictCombine> {
private static ALogger log = Logger.of(RestrictCombineAction.class);
private boolean isAllowed(Context ctx, DeadboltHandler deadboltHandler) {
if (log.isDebugEnabled())
log.debug("isAllowed() <-");
Subject roleHolder = getSubject(ctx, deadboltHandler);
boolean roleOk = false;
if (roleHolder != null) {
roleOk = checkRole(roleHolder, configuration.roles());
}
if (!roleOk) {
roleOk = checkPermission(roleHolder, configuration.with(), ctx);
}
return roleOk;
}
private boolean checkPermission(Subject roleHolder, Class<? extends RequestPermission> permissionClass,
Context ctx) {
if (log.isDebugEnabled())
log.debug("checkPermission() <-");
RequestPermission permission = null;
try {
permission = permissionClass.newInstance();
} catch (Exception e) {
log.error("cannot create permission", e);
return false;
}
List<? extends Permission> permissions = roleHolder.getPermissions();
Request request = ctx.request();
if (log.isDebugEnabled())
log.debug("request : " + request);
String path = request.path();
if (log.isDebugEnabled())
log.debug("path : " + path);
return permission.isAllowed(request, permissions);
}
@Override
public Class<? extends DeadboltHandler> getDeadboltHandlerClass() {
return configuration.handler();
}
@Override
public Promise<SimpleResult> applyRestriction(Context ctx,
DeadboltHandler deadboltHandler) throws Throwable {
Promise<SimpleResult> result;
if (isAllowed(ctx, deadboltHandler)) {
markActionAsAuthorised(ctx);
result = delegate.call(ctx);
} else {
markActionAsUnauthorised(ctx);
result = onAuthFailure(deadboltHandler, configuration.content(),
ctx);
}
return result;
}
@Override
public String getHandlerKey() {
return null;
}
}