OnlyGroupStudentsPermissionFeature.java example

Explorer
pyramus-master
package fi.otavanopisto.pyramus.rest.controller.permissions;

import java.util.logging.Level;
import java.util.logging.Logger;

import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;

import fi.otavanopisto.pyramus.dao.students.StudentDAO;
import fi.otavanopisto.pyramus.domainmodel.students.Student;
import fi.otavanopisto.pyramus.domainmodel.users.StaffMember;
import fi.otavanopisto.pyramus.domainmodel.users.User;
import fi.otavanopisto.pyramus.security.impl.SessionController;
import fi.otavanopisto.pyramus.security.impl.UserContextResolver;
import fi.otavanopisto.security.ContextReference;
import fi.otavanopisto.security.PermissionFeature;
import fi.otavanopisto.security.PermissionFeatureHandler;

/**
 * Restricts featured permissions to guidance group students (implied by contextRefenrce) 
 * if the user has role feature FEATURE_OWNED_GROUP_STUDENTS_RESTRICTION_TEST. If the 
 * user doesn't have the feature, returns the default permission.
 */
@PermissionFeature(PyramusPermissionFeatures.ONLY_GROUP_STUDENTS)
public class OnlyGroupStudentsPermissionFeature implements PermissionFeatureHandler {

  @Inject
  private Logger logger;
  
  @Inject
  @Any
  private Instance<UserContextResolver> userContextResolvers;
  
  @Inject
  private StudentDAO studentDAO;

  @Inject
  private SessionController sessionController;
  
  @Override
  public boolean hasPermission(String permission, fi.otavanopisto.security.User user, ContextReference contextReference, boolean allowed) {
    // By default the permission needs to be allowed. This feature only disallows permission.
    if (!allowed)
      return allowed;
    
    User maybeStudent = resolveUser(contextReference);
    
    boolean hf = sessionController.hasEnvironmentPermission(StudentPermissions.FEATURE_OWNED_GROUP_STUDENTS_RESTRICTION);
    
    if (maybeStudent instanceof Student) {
      if (hf && user instanceof StaffMember)
        return studentDAO.isStudyGuider((StaffMember) user, (Student) maybeStudent);
      else
        return allowed;
    } else
      logger.log(Level.WARNING, "ContextReference was not student, ignoring and returning default permission.");
    
    return allowed;
  }
  
  /**
   * Uses ContextResolvers to resolve user from ContextReference
   * 
   * @param contextReference
   * @return user if found, else null
   */
  protected User resolveUser(ContextReference contextReference) {
    for (UserContextResolver resolver : userContextResolvers) {
      if (resolver.handlesContextReference(contextReference))
        return resolver.resolveUser(contextReference);
    }
    
    return null;
  }
  
}