Java Code Examples for org.alfresco.service.cmr.security.AccessStatus#DENIED
The following examples show how to use
org.alfresco.service.cmr.security.AccessStatus#DENIED .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: VirtualUserPermissions.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
public AccessStatus hasVirtualNodePermission(String permission, boolean readonly)
{
if (readonly)
{
if (denyReadonlySmartNodesFull.contains(permission) || denyReadonlySmartNodes.contains(permission))
{
return AccessStatus.DENIED;
}
}
if (denySmartNodesFull.contains(permission) || denySmartNodes.contains(permission))
{
return AccessStatus.DENIED;
}
else if (allowSmartNodesFull.contains(permission) || allowSmartNodes.contains(permission))
{
return AccessStatus.ALLOWED;
}
else
{
return AccessStatus.UNDETERMINED;
}
}
Example 2
| Source File: HasPermissionMethod.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
public AccessStatus execute(VirtualProtocol virtualProtocol, Reference reference) throws ProtocolMethodException
{
VirtualFolderDefinition definition = resolver.resolveVirtualFolderDefinition(reference);
FilingRule filingRule = definition.getFilingRule();
boolean readonly = filingRule.isNullFilingRule()
|| filingRule.filingNodeRefFor(new FilingParameters(reference)) == null;
if (readonly)
{
Set<String> deniedPermissions = userPermissions.getDenyReadonlySmartNodes();
if (deniedPermissions.contains(permissionToCheck))
{
return AccessStatus.DENIED;
}
if (PermissionService.READ.equals(permissionToCheck))
{
return AccessStatus.ALLOWED;
}
}
return userPermissions.hasVirtualNodePermission(permissionToCheck,
readonly);
}
Example 3
| Source File: ScriptNode.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
/**
* @return Sorted list of <code>AccessPermission</code> based on <code>CMISConnector.AccessPermissionComparator</code>
* and <code>AccessStatus</code> of the permission for an authority.
*/
public static List<AccessPermission> getSortedACLs(Set<AccessPermission> acls)
{
ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>(acls);
Map<String, AccessPermission> deDuplicatedPermissions = new HashMap<String, AccessPermission>(acls.size());
Collections.sort(ordered, new CMISConnector.AccessPermissionComparator());
for (AccessPermission current : ordered)
{
String composedKey = current.getAuthority() + current.getPermission();
if (current.getAccessStatus() == AccessStatus.ALLOWED)
{
deDuplicatedPermissions.put(composedKey, current);
}
else if (current.getAccessStatus() == AccessStatus.DENIED)
{
deDuplicatedPermissions.remove(composedKey);
}
}
return new ArrayList<AccessPermission>(deDuplicatedPermissions.values());
}
Example 4
| Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
protected AccessStatus ownerRead(String username, NodeRef nodeRef)
{
// Reviewed the behaviour of deny and ownership with Mike F
// ATM ownership takes precendence over READ deny
// TODO: check that global owner rights are set
AccessStatus result = AccessStatus.DENIED;
String owner = ownableService.getOwner(nodeRef);
if(owner == null)
{
// TODO node may not have auditable aspect and hence creator property
result = AccessStatus.DENIED;
}
// is the user the owner of the node?
if(EqualsHelper.nullSafeEquals(username, owner))
{
// ROLE_OWNER authority has FULL_CONTROL in permissionDefinitions
// so we don't need to check node requirements
return AccessStatus.ALLOWED;
}
return result;
}
Example 5
| Source File: SimpleAccessControlEntry.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
public int compareTo(AccessControlEntry other)
{
int diff = this.getPosition() - other.getPosition();
if(diff == 0)
{
diff = (this.getAccessStatus()== AccessStatus.DENIED ? 0 : 1) - (other.getAccessStatus()== AccessStatus.DENIED ? 0 : 1);
if(diff == 0)
{
return getAuthorityType().getOrderPosition() - other.getAuthorityType().getOrderPosition();
}
else
{
return diff;
}
}
else
{
return diff;
}
}
Example 6
| Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
protected AccessStatus adminRead()
{
AccessStatus result = AccessStatus.DENIED;
Set<String> authorisations = getAuthorisations();
if(authorisations.contains(AuthenticationUtil.getAdminRoleName()))
{
result = AccessStatus.ALLOWED;
}
// ROLE_ADMINISTRATOR authority has FULL_CONTROL in permissionDefinitions
// so we don't need to check node requirements
return result;
}
Example 7
| Source File: AlfrescoImapFolder.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* Whether the folder is read-only for user.
*
* @return {@code boolean}
*/
@Override
protected boolean isReadOnly()
{
AccessStatus status = serviceRegistry.getPublicServiceAccessService().hasAccess(ServiceRegistry.NODE_SERVICE.getLocalName(), "createNode", folderInfo.getNodeRef(), null, null, null);
//serviceRegistry.getPermissionService().hasPermission(folderInfo.getNodeRef(), PermissionService.WRITE);
return status == AccessStatus.DENIED;
}
Example 8
| Source File: VirtualUserPermissions.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
public AccessStatus hasQueryNodePermission(String permission)
{
if (denyQueryNodesFull.contains(permission) || denyQueryNodes.contains(permission))
{
return AccessStatus.DENIED;
}
else if (allowQueryNodesFull.contains(permission) || allowQueryNodes.contains(permission))
{
return AccessStatus.ALLOWED;
}
else
{
return AccessStatus.UNDETERMINED;
}
}
Example 9
| Source File: ModelPermissionEntry.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
public void initialise(Element element, NamespacePrefixResolver nspr, PermissionModel permissionModel)
{
Attribute recipientAttribute = element.attribute(RECIPIENT);
if (recipientAttribute != null)
{
recipient = recipientAttribute.getStringValue();
}
else
{
recipient = null;
}
Attribute accessAttribute = element.attribute(ACCESS);
if (accessAttribute != null)
{
if (accessAttribute.getStringValue().equalsIgnoreCase(ALLOW))
{
access = AccessStatus.ALLOWED;
}
else if (accessAttribute.getStringValue().equalsIgnoreCase(DENY))
{
access = AccessStatus.DENIED;
}
else
{
throw new PermissionModelException("The default permission must be deny or allow");
}
}
else
{
access = AccessStatus.DENIED;
}
Element permissionReferenceElement = element.element(PERMISSION_REFERENCE);
QName typeQName = QName.createQName(permissionReferenceElement.attributeValue(TYPE), nspr);
String name = permissionReferenceElement.attributeValue(NAME);
permissionReference = PermissionReferenceImpl.getPermissionReference(typeQName, name);
}
Example 10
| Source File: Permission.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
public void initialise(Element element, NamespacePrefixResolver nspr, PermissionModel permissionModel)
{
super.initialise(element, nspr, permissionModel);
Attribute att = element.attribute(EXPOSE);
if (att != null)
{
isExposed = Boolean.parseBoolean(att.getStringValue());
}
else
{
isExposed = true;
}
att = element.attribute(REQUIRES_TYPE);
if (att != null)
{
requiresType = Boolean.parseBoolean(att.getStringValue());
}
else
{
requiresType = true;
}
Attribute defaultPermissionAttribute = element.attribute(DEFAULT_PERMISSION);
if(defaultPermissionAttribute != null)
{
if(defaultPermissionAttribute.getStringValue().equalsIgnoreCase(ALLOW))
{
defaultPermission = AccessStatus.ALLOWED;
}
else if(defaultPermissionAttribute.getStringValue().equalsIgnoreCase(DENY))
{
defaultPermission = AccessStatus.DENIED;
}
else
{
throw new PermissionModelException("The default permission must be deny or allow");
}
}
else
{
defaultPermission = AccessStatus.DENIED;
}
for (Iterator gtgit = element.elementIterator(GRANTED_TO_GROUP); gtgit.hasNext(); /**/)
{
QName qName;
Element grantedToGroupsElement = (Element) gtgit.next();
Attribute typeAttribute = grantedToGroupsElement.attribute(GTG_TYPE);
if (typeAttribute != null)
{
qName = QName.createQName(typeAttribute.getStringValue(), nspr);
}
else
{
qName = getTypeQName();
}
String grantedName = grantedToGroupsElement.attributeValue(GTG_NAME);
grantedToGroups.add(PermissionReferenceImpl.getPermissionReference(qName, grantedName));
}
}
Example 11
| Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* Optimised read permission evaluation
* caveats:
* doesn't take into account dynamic authorities/groups
* doesn't take into account node types/aspects for permissions
*
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public AccessStatus hasReadPermission(NodeRef nodeRef)
{
AccessStatus status = AccessStatus.DENIED;
// If the node ref is null there is no sensible test to do - and there
// must be no permissions
// - so we allow it
if (nodeRef == null)
{
return AccessStatus.ALLOWED;
}
// Allow permissions for nodes that do not exist
if (!nodeService.exists(nodeRef))
{
return AccessStatus.ALLOWED;
}
String runAsUser = AuthenticationUtil.getRunAsUser();
if (runAsUser == null)
{
return AccessStatus.DENIED;
}
if (AuthenticationUtil.isRunAsUserTheSystemUser())
{
return AccessStatus.ALLOWED;
}
// any dynamic authorities other than those defined in the default permissions model with full
// control or read permission force hasPermission check
Boolean forceHasPermission = (Boolean)AlfrescoTransactionSupport.getResource("forceHasPermission");
if(forceHasPermission == null)
{
for(DynamicAuthority dynamicAuthority : dynamicAuthorities)
{
String authority = dynamicAuthority.getAuthority();
Set<PermissionReference> requiredFor = dynamicAuthority.requiredFor();
if(authority != PermissionService.OWNER_AUTHORITY &&
authority != PermissionService.ADMINISTRATOR_AUTHORITY &&
authority != PermissionService.LOCK_OWNER_AUTHORITY &&
(requiredFor == null ||
requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.FULL_CONTROL)) ||
requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.READ))))
{
forceHasPermission = Boolean.TRUE;
break;
}
}
AlfrescoTransactionSupport.bindResource("forceHasPermission", forceHasPermission);
}
if(forceHasPermission == Boolean.TRUE)
{
return hasPermission(nodeRef, PermissionService.READ);
}
Long aclID = nodeService.getNodeAclId(nodeRef);
if(aclID == null)
{
// ACLID is null - need to call default permissions evaluation
// This will end up calling the old-style ACL code that walks up the ACL tree
status = hasPermission(nodeRef, getPermissionReference(null, PermissionService.READ));
}
else
{
status = (canRead(aclID) == AccessStatus.ALLOWED ||
adminRead() == AccessStatus.ALLOWED ||
ownerRead(runAsUser, nodeRef) == AccessStatus.ALLOWED) ? AccessStatus.ALLOWED : AccessStatus.DENIED;
}
return status;
}
Example 12
| Source File: PermissionModel.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* Adds a permission model
*
* @param model
* path to the permission model to add
*/
public void addPermissionModel(String model)
{
Document document = createDocument(model);
Element root = document.getRootElement();
mutableState.lock.writeLock().lock();
try
{
Attribute defaultPermissionAttribute = root.attribute(DEFAULT_PERMISSION);
if (defaultPermissionAttribute != null)
{
if (defaultPermissionAttribute.getStringValue().equalsIgnoreCase(ALLOW))
{
mutableState.defaultPermission = AccessStatus.ALLOWED;
}
else if (defaultPermissionAttribute.getStringValue().equalsIgnoreCase(DENY))
{
mutableState.defaultPermission = AccessStatus.DENIED;
}
else
{
throw new PermissionModelException("The default permission must be deny or allow");
}
}
else
{
mutableState.defaultPermission = AccessStatus.DENIED;
}
DynamicNamespacePrefixResolver nspr = new DynamicNamespacePrefixResolver();
// Namespaces
for (Iterator<Element> nsit = root.elementIterator(NAMESPACES); nsit.hasNext(); /**/)
{
Element namespacesElement = (Element) nsit.next();
for (Iterator<Element> it = namespacesElement.elementIterator(NAMESPACE); it.hasNext(); /**/)
{
Element nameSpaceElement = (Element) it.next();
nspr.registerNamespace(nameSpaceElement.attributeValue(NAMESPACE_PREFIX), nameSpaceElement.attributeValue(NAMESPACE_URI));
}
}
// Permission Sets
for (Iterator<Element> psit = root.elementIterator(PERMISSION_SET); psit.hasNext(); /**/)
{
Element permissionSetElement = (Element) psit.next();
PermissionSet permissionSet = new PermissionSet();
permissionSet.initialise(permissionSetElement, nspr, this);
mutableState.permissionSets.put(permissionSet.getQName(), permissionSet);
}
mutableState.buildUniquePermissionMap();
// NodePermissions
for (Iterator<Element> npit = root.elementIterator(GLOBAL_PERMISSION); npit.hasNext(); /**/)
{
Element globalPermissionElement = (Element) npit.next();
GlobalPermissionEntry globalPermission = new GlobalPermissionEntry();
globalPermission.initialise(globalPermissionElement, nspr, this);
mutableState.globalPermissions.add(globalPermission);
}
// Cache all aspect list
mutableState.allAspects = dictionaryService.getAllAspects();
}
finally
{
mutableState.lock.writeLock().unlock();
}
}
Example 13
| Source File: FavouritesServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private Map<PersonFavouriteKey, PersonFavourite> extractFavouriteNodes(String userName, Type type, String nodes)
{
PrefKeys prefKeys = getPrefKeys(type);
Map<PersonFavouriteKey, PersonFavourite> favouriteNodes = new HashMap<PersonFavouriteKey, PersonFavourite>();
StringTokenizer st = new StringTokenizer(nodes, ",");
while(st.hasMoreTokens())
{
String nodeRefStr = st.nextToken();
nodeRefStr = nodeRefStr.trim();
if(!NodeRef.isNodeRef((String)nodeRefStr))
{
continue;
}
NodeRef nodeRef = new NodeRef((String)nodeRefStr);
if(!nodeService.exists(nodeRef))
{
continue;
}
if(permissionService.hasPermission(nodeRef, PermissionService.READ_PROPERTIES) == AccessStatus.DENIED)
{
continue;
}
// get createdAt for this favourited node
// use ISO8601
StringBuilder builder = new StringBuilder(prefKeys.getAlfrescoPrefKey());
builder.append(nodeRef.toString());
builder.append(".createdAt");
String prefKey = builder.toString();
String createdAtStr = (String)preferenceService.getPreference(userName, prefKey);
Date createdAt = (createdAtStr != null ? ISO8601DateFormat.parse(createdAtStr): null);
String name = (String)nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
PersonFavourite personFavourite = new PersonFavourite(userName, nodeRef, type, name, createdAt);
PersonFavouriteKey key = personFavourite.getKey();
favouriteNodes.put(key, personFavourite);
}
return favouriteNodes;
}
Example 14
| Source File: ModelPermissionEntry.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
public boolean isDenied()
{
return access == AccessStatus.DENIED;
}
Example 15
| Source File: ImapServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private void setFlag(NodeRef nodeRef, Flag flag, boolean value)
{
String permission = (flag == Flag.DELETED ? PermissionService.DELETE_NODE : PermissionService.WRITE_PROPERTIES);
AccessStatus status = permissionService.hasPermission(nodeRef, permission);
if (status == AccessStatus.DENIED)
{
if(flag == Flag.DELETED)
{
logger.debug("[setFlag] Access denied to set DELETED FLAG:" + nodeRef);
throw new AccessDeniedException("No permission to set DELETED flag");
}
if(flag == Flag.SEEN)
{
logger.debug("[setFlag] Access denied to set SEEN FLAG:" + nodeRef);
//TODO - should we throw an exception here?
//throw new AccessDeniedException("No permission to set DELETED flag");
}
else
{
logger.debug("[setFlag] Access denied to set flag:" + nodeRef);
throw new AccessDeniedException("No permission to set flag:" + flag.toString());
}
}
else
{
checkForFlaggableAspect(nodeRef);
policyBehaviourFilter.disableBehaviour(ContentModel.ASPECT_AUDITABLE);
policyBehaviourFilter.disableBehaviour(ContentModel.ASPECT_VERSIONABLE);
try
{
if(logger.isDebugEnabled())
{
logger.debug("set flag nodeRef:" + nodeRef + ",flag:" + flagToQname.get(flag) + ", value:" + value);
}
nodeService.setProperty(nodeRef, flagToQname.get(flag), value);
messageCache.remove(nodeRef);
}
finally
{
policyBehaviourFilter.enableBehaviour(ContentModel.ASPECT_AUDITABLE);
policyBehaviourFilter.enableBehaviour(ContentModel.ASPECT_VERSIONABLE);
}
}
}
Example 16
| Source File: ACLEntryAfterInvocationProvider.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private ChildAssociationRef decide(Authentication authentication, Object object, ConfigAttributeDefinition config, ChildAssociationRef returnedObject)
throws AccessDeniedException
{
if (returnedObject == null)
{
return null;
}
List<ConfigAttributeDefintion> supportedDefinitions = extractSupportedDefinitions(config);
if (supportedDefinitions.size() == 0)
{
return returnedObject;
}
for (ConfigAttributeDefintion cad : supportedDefinitions)
{
NodeRef testNodeRef = null;
if (cad.typeString.equals(AFTER_ACL_NODE))
{
testNodeRef = ((ChildAssociationRef) returnedObject).getChildRef();
}
else if (cad.typeString.equals(AFTER_ACL_PARENT))
{
testNodeRef = ((ChildAssociationRef) returnedObject).getParentRef();
}
if(isUnfiltered(testNodeRef))
{
continue;
}
if ((testNodeRef != null) && (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
{
throw new AccessDeniedException("Access Denied");
}
}
return returnedObject;
}
Example 17
| Source File: ACLEntryAfterInvocationProvider.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private NodeRef decide(Authentication authentication, Object object, ConfigAttributeDefinition config, NodeRef returnedObject) throws AccessDeniedException
{
if (returnedObject == null)
{
return null;
}
if(isUnfiltered(returnedObject))
{
return returnedObject;
}
List<ConfigAttributeDefintion> supportedDefinitions = extractSupportedDefinitions(config);
if (supportedDefinitions.size() == 0)
{
return returnedObject;
}
for (ConfigAttributeDefintion cad : supportedDefinitions)
{
NodeRef testNodeRef = null;
if (cad.typeString.equals(AFTER_ACL_NODE))
{
testNodeRef = returnedObject;
}
else if (cad.typeString.equals(AFTER_ACL_PARENT))
{
testNodeRef = nodeService.getPrimaryParent(returnedObject).getParentRef();
}
if ((testNodeRef != null) && (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
{
throw new AccessDeniedException("Access Denied");
}
}
return returnedObject;
}
Example 18
| Source File: DocumentLinkServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
@Override
public DeleteLinksStatusReport deleteLinksToDocument(NodeRef document)
{
if (logger.isDebugEnabled())
{
logger.debug("Deleting links of a document. document: " + document);
}
/* Validate input */
PropertyCheck.mandatory(this, "document", document);
DeleteLinksStatusReport report = new DeleteLinksStatusReport();
List<Long> linkNodeIds = getNodeLinksIds(document);
report.addTotalLinksFoundCount(linkNodeIds.size());
for (Long linkId : linkNodeIds)
{
NodeRef linkNodeRef = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
{
public NodeRef doWork() throws Exception
{
NodeRef nodeRef = nodeService.getNodeRef(linkId);
isNodePendingDelete = nodeService.hasAspect(nodeRef, ContentModel.ASPECT_PENDING_DELETE);
return nodeRef;
}
}, AuthenticationUtil.getSystemUserName());
if (!isNodePendingDelete)
{
if (permissionService.hasPermission(linkNodeRef, PermissionService.DELETE_NODE) == AccessStatus.DENIED)
{
report.addErrorDetail(linkNodeRef,
new AccessDeniedException("User '" + AuthenticationUtil.getFullyAuthenticatedUser() + "' doesn't have permission to create discussion on node '" + linkNodeRef + "'"));
}
else
{
nodeService.deleteNode(linkNodeRef);
// if the node was successfully deleted increment the count
report.incrementDeletedLinksCount();
}
}
}
// remove also the aspect app:linked if all links were deleted with success
if (report.getTotalLinksFoundCount() == report.getDeletedLinksCount())
{
behaviourFilter.disableBehaviour(document, ContentModel.ASPECT_AUDITABLE);
behaviourFilter.disableBehaviour(document, ContentModel.ASPECT_LOCKABLE);
try
{
nodeService.removeAspect(document, ApplicationModel.ASPECT_LINKED);
}
finally
{
behaviourFilter.enableBehaviour(document, ContentModel.ASPECT_AUDITABLE);
behaviourFilter.enableBehaviour(document, ContentModel.ASPECT_LOCKABLE);
}
}
return report;
}
Example 19
| Source File: AffirmativeBasedAccessDecisionManger.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
public AccessStatus pre(Object object, ConfigAttributeDefinition attr)
{
Iterator iter = this.getDecisionVoters().iterator();
int deny = 0;
while (iter.hasNext())
{
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
int result = voter.vote(AuthenticationUtil.getFullAuthentication(), object, attr);
switch (result)
{
case AccessDecisionVoter.ACCESS_GRANTED:
return AccessStatus.ALLOWED;
case AccessDecisionVoter.ACCESS_DENIED:
deny++;
break;
default:
break;
}
}
if (deny > 0)
{
return AccessStatus.DENIED;
}
// To get this far, every AccessDecisionVoter abstained
if (this.isAllowIfAllAbstainDecisions())
{
return AccessStatus.ALLOWED;
}
else
{
return AccessStatus.DENIED;
}
}
Example 20
| Source File: AclDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private boolean checkPattern(AclCrudDAO aclCrudDAO, Map<String, Object> result, int position, AccessControlEntry pattern)
{
Boolean result_aceIsAllowed = (Boolean) result.get("allowed");
Integer result_aceType = (Integer) result.get("applies");
String result_authority = (String) result.get("authority");
Long result_permissionId = (Long) result.get("permissionId");
Integer result_position = (Integer) result.get("pos");
//Long result_aclmemId = (Long) result.get("aclmemId"); // not used
if (pattern.getAccessStatus() != null)
{
if (pattern.getAccessStatus() != (result_aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED))
{
return false;
}
}
if (pattern.getAceType() != null)
{
if (pattern.getAceType() != ACEType.getACETypeFromId(result_aceType))
{
return false;
}
}
if (pattern.getAuthority() != null)
{
if ((pattern.getAuthorityType() != AuthorityType.WILDCARD) && !pattern.getAuthority().equals(result_authority))
{
return false;
}
}
if (pattern.getContext() != null)
{
throw new IllegalArgumentException("Context not yet supported");
}
if (pattern.getPermission() != null)
{
Long permId = aclCrudDAO.getPermission(pattern.getPermission()).getId();
if (!permId.equals(result_permissionId))
{
return false;
}
}
if (pattern.getPosition() != null)
{
if (pattern.getPosition().intValue() >= 0)
{
if (result_position != position)
{
return false;
}
}
else if (pattern.getPosition().intValue() == -1)
{
if (result_position <= position)
{
return false;
}
}
}
return true;
}
