Package com.onec.ui

Class UiAccessService

java.lang.Object

com.onec.ui.UiAccessService

public class UiAccessService
extends Object

Constructor Summary

Constructors

Constructor	Description
UiAccessService(MetadataRegistry registry)

Method Summary

Modifier and Type	Method	Description
boolean	canRead(Principal principal, AccumulationRegisterDescriptor descriptor)
boolean	canRead(Principal principal, CatalogDescriptor descriptor)
boolean	canRead(Principal principal, DocumentDescriptor descriptor)
boolean	canRead(Principal principal, InformationRegisterDescriptor descriptor)
boolean	canRead(Principal principal, String type, String name)
boolean	canWrite(Principal principal, AccumulationRegisterDescriptor descriptor)
boolean	canWrite(Principal principal, CatalogDescriptor descriptor)
boolean	canWrite(Principal principal, DocumentDescriptor descriptor)
void	requireRead(Principal principal, AccumulationRegisterDescriptor descriptor)
void	requireRead(Principal principal, CatalogDescriptor descriptor)
void	requireRead(Principal principal, DocumentDescriptor descriptor)
void	requireRead(Principal principal, InformationRegisterDescriptor descriptor)
void	requireWrite(Principal principal, CatalogDescriptor descriptor)
void	requireWrite(Principal principal, DocumentDescriptor descriptor)
Set<String>	roles(Principal principal)	The normalized roles granted to the caller.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

UiAccessService

public UiAccessService(MetadataRegistry registry)

Method Details

canRead

public boolean canRead(Principal principal,
 CatalogDescriptor descriptor)

canWrite

public boolean canWrite(Principal principal,
 CatalogDescriptor descriptor)

canRead

public boolean canRead(Principal principal,
 DocumentDescriptor descriptor)

canWrite

public boolean canWrite(Principal principal,
 DocumentDescriptor descriptor)

canRead

public boolean canRead(Principal principal,
 AccumulationRegisterDescriptor descriptor)

canWrite

public boolean canWrite(Principal principal,
 AccumulationRegisterDescriptor descriptor)

canRead

public boolean canRead(Principal principal,
 InformationRegisterDescriptor descriptor)

requireRead

public void requireRead(Principal principal,
 CatalogDescriptor descriptor)

requireWrite

public void requireWrite(Principal principal,
 CatalogDescriptor descriptor)

requireRead

public void requireRead(Principal principal,
 DocumentDescriptor descriptor)

requireWrite

public void requireWrite(Principal principal,
 DocumentDescriptor descriptor)

requireRead

public void requireRead(Principal principal,
 AccumulationRegisterDescriptor descriptor)

requireRead

public void requireRead(Principal principal,
 InformationRegisterDescriptor descriptor)

canRead

public boolean canRead(Principal principal,
 String type,
 String name)

roles

public Set<String> roles(Principal principal)

The normalized roles granted to the caller. Authorities are read off the request's Authentication reflectively, because this module deliberately does not depend on Spring Security — only its runtime presence.

The Principal that Spring injects into a controller is not guaranteed to be the authority-bearing Authentication: depending on the auth backend it can be a bare Principal, a UserDetails/OidcUser, or otherwise expose no readable getAuthorities(). When the injected principal yields nothing we fall back to the authenticated token held in the SecurityContext, which is the canonical source of authorities for the in-flight request. Without this fallback, write checks (the only callers of requireWrite) 403 even privileged users, including ADMIN. See issue #54.