/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.uberfire.security.processors;
import org.jboss.errai.codegen.Statement;
import org.jboss.errai.codegen.meta.MetaMethod;
import org.jboss.errai.codegen.util.Stmt;
import org.jboss.errai.ioc.client.api.CodeDecorator;
import org.jboss.errai.ioc.rebind.ioc.extension.IOCDecoratorExtension;
import org.jboss.errai.ioc.rebind.ioc.injector.api.Decorable;
import org.jboss.errai.ioc.rebind.ioc.injector.api.FactoryController;
import org.uberfire.security.annotations.PermissionCheck;
import org.uberfire.security.client.authz.AuthorizationManagerHelper;
/**
* <p>Given a method where a specific permission is required like, for instance:</p>
* <p>
* <pre>
* {@code @PermissionCheck("featureX")
* private void enableFeatureX() {
* ...
* }
* }
* </pre>
* <p>
* <p>This processor will append the required security check code to ensure the method body
* is only executed when the user is granted with the proper permission rights.</p>
* </pre>
*/
@CodeDecorator
public class PermissionCheckProcessor extends IOCDecoratorExtension<PermissionCheck> {
public PermissionCheckProcessor(Class<PermissionCheck> decoratesWith) {
super(decoratesWith);
}
@Override
public void generateDecorator(final Decorable decorable,
final FactoryController controller) {
MetaMethod metaMethod = decorable.getAsMethod();
PermissionCheck securedResource = metaMethod.getAnnotation(PermissionCheck.class);
String permission = securedResource.value();
String onGranted = securedResource.onGranted();
String onDenied = securedResource.onDenied();
String declaringClass = metaMethod.getDeclaringClassName();
// The method must return void
if (!metaMethod.getReturnType().getName().equals("void")) {
throw new RuntimeException("The @PermissionCheck annotated method \"" +
declaringClass + "#" + metaMethod.getName() + "\" must return void");
}
// Permission check
if (permission == null || permission.trim().length() == 0) {
Statement stmt = createPermissionCheck(permission,
onGranted,
onDenied);
controller.addInvokeBefore(metaMethod,
stmt);
}
}
public Statement createPermissionCheck(String permission,
String onGranted,
String onDenied) {
return ResourceCheckProcessor.buildCheckStatement(
Stmt.invokeStatic(AuthorizationManagerHelper.class,
"authorize",
permission),
onGranted,
onDenied);
}
}