Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Minor] Allow RoleAccessPrivilege to use String parameter

This commit is contained in:
Robert von Burg 2024-03-04 16:10:14 +01:00
parent 15b2788b9a
commit abe089f95c
Signed by: eitch
GPG Key ID: 75DB9C85C74331F7
1 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
privilege/src/main/java/li/strolch/privilege/policy/RoleAccessPrivilege.java
View File

@ -15,11 +15,6 @@
*/ */
package li.strolch.privilege.policy; package li.strolch.privilege.policy;
import static li.strolch.privilege.policy.PrivilegePolicyHelper.checkByAllowDenyValues;
import static li.strolch.privilege.policy.PrivilegePolicyHelper.preValidate;
import java.text.MessageFormat;
import li.strolch.privilege.base.AccessDeniedException; import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.PrivilegeException; import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.handler.PrivilegeHandler; import li.strolch.privilege.handler.PrivilegeHandler;
@ -31,6 +26,11 @@ import li.strolch.privilege.model.internal.Role;
import li.strolch.utils.collections.Tuple; import li.strolch.utils.collections.Tuple;
import li.strolch.utils.dbc.DBC; import li.strolch.utils.dbc.DBC;
import java.text.MessageFormat;
import static li.strolch.privilege.policy.PrivilegePolicyHelper.checkByAllowDenyValues;
import static li.strolch.privilege.policy.PrivilegePolicyHelper.preValidate;
/** /**
* This {@link PrivilegePolicy} expects a {@link Tuple} as {@link Restrictable#getPrivilegeValue()}. The Tuple must * This {@link PrivilegePolicy} expects a {@link Tuple} as {@link Restrictable#getPrivilegeValue()}. The Tuple must
* contain {@link Role} as first and second value. Then the policy decides depending on the user specific privileges * contain {@link Role} as first and second value. Then the policy decides depending on the user specific privileges
@ -67,8 +67,8 @@ public class RoleAccessPrivilege implements PrivilegePolicy {
// RoleAccessPrivilege policy expects the privilege value to be a role // RoleAccessPrivilege policy expects the privilege value to be a role
if (!(object instanceof Tuple tuple)) { if (!(object instanceof Tuple tuple)) {
String msg = Restrictable.class.getName() + PrivilegeMessages String msg = Restrictable.class.getName() + PrivilegeMessages.getString(
.getString("Privilege.illegalArgument.nontuple"); "Privilege.illegalArgument.nontuple");
msg = MessageFormat.format(msg, restrictable.getClass().getSimpleName()); msg = MessageFormat.format(msg, restrictable.getClass().getSimpleName());
throw new PrivilegeException(msg); throw new PrivilegeException(msg);
} }
@ -78,32 +78,30 @@ public class RoleAccessPrivilege implements PrivilegePolicy {
return true; return true;
// get role name as privilege value // get role name as privilege value
Role oldRole = tuple.getFirst(); String oldRole = tuple.getFirst() instanceof Role r ? r.getName() : tuple.getFirst();
Role newRole = tuple.getSecond(); String newRole = tuple.getSecond() instanceof Role r ? r.getName() : tuple.getSecond();
switch (privilegeName) { switch (privilegeName) {
case PrivilegeHandler.PRIVILEGE_GET_ROLE, PrivilegeHandler.PRIVILEGE_ADD_ROLE, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE -> { case PrivilegeHandler.PRIVILEGE_GET_ROLE, PrivilegeHandler.PRIVILEGE_ADD_ROLE, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE -> {
DBC.INTERIM.assertNull("For " + privilegeName + " first must be null!", oldRole); DBC.INTERIM.assertNull("For " + privilegeName + " first must be null!", oldRole);
DBC.INTERIM.assertNotNull("For " + privilegeName + " second must not be null!", newRole); DBC.INTERIM.assertNotNull("For " + privilegeName + " second must not be null!", newRole);
String privilegeValue = newRole.getName(); return checkByAllowDenyValues(ctx, privilege, restrictable, newRole, assertHasPrivilege);
return checkByAllowDenyValues(ctx, privilege, restrictable, privilegeValue, assertHasPrivilege); }
} case PrivilegeHandler.PRIVILEGE_MODIFY_ROLE -> {
case PrivilegeHandler.PRIVILEGE_MODIFY_ROLE -> { DBC.INTERIM.assertNotNull("For " + privilegeName + " first must not be null!", oldRole);
DBC.INTERIM.assertNotNull("For " + privilegeName + " first must not be null!", oldRole); DBC.INTERIM.assertNotNull("For " + privilegeName + " second must not be null!", newRole);
DBC.INTERIM.assertNotNull("For " + privilegeName + " second must not be null!", newRole);
String privilegeValue = newRole.getName(); DBC.INTERIM.assertEquals("oldRole and newRole names must be the same", oldRole, newRole);
DBC.INTERIM.assertEquals("oldRole and newRole names must be the same", oldRole.getName(), privilegeValue);
return checkByAllowDenyValues(ctx, privilege, restrictable, privilegeValue, assertHasPrivilege); return checkByAllowDenyValues(ctx, privilege, restrictable, newRole, assertHasPrivilege);
} }
default -> { default -> {
String msg = Restrictable.class.getName() + PrivilegeMessages.getString( String msg = Restrictable.class.getName() + PrivilegeMessages.getString(
"Privilege.roleAccessPrivilege.unknownPrivilege"); "Privilege.roleAccessPrivilege.unknownPrivilege");
msg = MessageFormat.format(msg, privilegeName); msg = MessageFormat.format(msg, privilegeName);
throw new PrivilegeException(msg); throw new PrivilegeException(msg);
} }
} }
} }
} }