package com.getperka.flatpack.visitors;
/*
* #%L
* FlatPack serialization code
* %%
* Copyright (C) 2012 - 2013 Perka Inc.
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.security.Principal;
import java.util.concurrent.Callable;
import javax.inject.Inject;
import com.getperka.flatpack.HasUuid;
import com.getperka.flatpack.ext.PostWorkOrder;
import com.getperka.flatpack.ext.Property;
import com.getperka.flatpack.security.Security;
import com.getperka.flatpack.security.SecurityAction;
import com.getperka.flatpack.security.SecurityTarget;
import com.getperka.flatpack.util.FlatPackTypes;
/**
* Verifies security constraints on properties for newly-created entities. Because a property's
* security constraints may depend on other properties in the entity that have not yet been
* configured, this class will defer the property evaluation until after all properties have been
* set. If the principal does not have some particular permission on the entity, the value of the
* property will be nullified.
*/
@PostWorkOrder(150)
class CreatedPropertyVerifier implements Callable<Void> {
private SecurityAction action;
private Principal principal;
private HasUuid entity;
private Property property;
@Inject
private Security security;
/**
* Requires injection.
*/
CreatedPropertyVerifier() {}
@Override
public Void call() throws Exception {
if (!security.may(principal, SecurityTarget.of(entity, property), action)) {
Object originalValue = FlatPackTypes.getDefaultValue(
property.getSetter().getParameterTypes()[0]);
property.getSetter().invoke(entity, originalValue);
}
return null;
}
public void configure(Principal principal, HasUuid entity, Property property,
SecurityAction action) {
this.action = action;
this.entity = entity;
this.principal = principal;
this.property = property;
}
}