Package org.dspace.app.rest.security

Class DSpacePermissionEvaluator

java.lang.Object

org.dspace.app.rest.security.DSpacePermissionEvaluator

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.security.access.PermissionEvaluator

@Component
public class DSpacePermissionEvaluator
extends Object
implements org.springframework.security.access.PermissionEvaluator

DSpace permission evaluator. To check if a user has permission to a target object, a list of permissionEvaluatorPlugins will be checked. The following list of plugins exists: EPersonRestPermissionEvaluatorPlugin, AdminRestPermissionEvaluatorPlugin, AuthorizeServicePermissionEvaluatorPlugin, GroupRestPermissionEvaluatorPlugin

Constructor Summary

Constructors

Constructor	Description
DSpacePermissionEvaluator()

Method Summary

Modifier and Type	Method	Description
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Serializable targetId, String targetType, Object permission)	Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Object targetDomainObject, Object permission)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DSpacePermissionEvaluator

public DSpacePermissionEvaluator()

Method Detail

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
                             Object targetDomainObject,
                             Object permission)

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

Parameters:

authentication - represents the user in question. Should not be null.

targetDomainObject - the DSpace object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.

permission - a representation of the DSpace action as supplied by the expression system. This corresponds to the DSpace action. Not null.

Returns:

true if the permission is granted by one of the plugins, false otherwise

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
                             Serializable targetId,
                             String targetType,
                             Object permission)

Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

Parameters:

authentication - represents the user in question. Should not be null.

targetId - the UUID for the DSpace object

targetType - represents the DSpace object type of the target object. Not null.

permission - a representation of the permission object as supplied by the expression system. This corresponds to the DSpace action. Not null.

Returns:

true if the permission is granted by one of the plugins, false otherwise