GGCEPermissionsWriter.java

/*
 * Copyright 2021 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.gringlobal.spring;

import lombok.extern.slf4j.Slf4j;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.serialization.Permissions;
import org.gringlobal.model.CooperatorOwnedModel;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.cfg.MapperConfig;
import com.fasterxml.jackson.databind.introspect.AnnotatedClass;
import com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition;
import com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter;
import com.fasterxml.jackson.databind.util.Annotations;

/**
 * Adds `_permissions` JSON to {@link CooperatorOwnedModel} entities.
 */
@Slf4j
public class GGCEPermissionsWriter extends VirtualBeanPropertyWriter {

	/** The Constant serialVersionUID. */
	private static final long serialVersionUID = 1L;


	private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();

	/**
	 * Instantiates a new current permissions writer.
	 */
	public GGCEPermissionsWriter() {
		log.trace("GGCEPermissionsWriter");
	}

	/**
	 * Instantiates a new current permissions writer.
	 *
	 * @param propDef the prop def
	 * @param annotations the annotations
	 * @param type the type
	 */
	public GGCEPermissionsWriter(BeanPropertyDefinition propDef, Annotations annotations, JavaType type) {
		super(propDef, annotations, type);
		log.trace("GGCEPermissionsWriter");
	}

	/**
	 * Value.
	 *
	 * @param bean the bean
	 * @param gen the gen
	 * @param prov the prov
	 * @return the object
	 * @throws Exception the exception
	 */
	/*
	 * (non-Javadoc)
	 * @see
	 * com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#value(java.lang.
	 * Object, com.fasterxml.jackson.core.JsonGenerator,
	 * com.fasterxml.jackson.databind.SerializerProvider)
	 */
	@Override
	protected Object value(Object bean, JsonGenerator gen, SerializerProvider prov) throws Exception {
		if (bean == null || !(bean instanceof CooperatorOwnedModel)) {
			// Skip nulls
			return null;
		}
		
		CooperatorOwnedModel ggceModel = (CooperatorOwnedModel) bean;

		if (ggceModel.getId() == null) {
			// Don't write permissions for non-persisted objects
			return null;
		}
		
		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		if (authentication == null) {
			return NO_PERMISSIONS;
		}
		
		Permissions perms = new Permissions();
		try {
			perms.isPublic = SecurityContextUtil.anyoneHasPermission(ggceModel, "READ");
		} catch (Throwable e) {
			log.warn("Could not read public permissions {}", e.getMessage(), e);
			perms.isPublic = false;
		}

		if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
			perms.grantAll();
		} else {
			try {
				perms.create = SecurityContextUtil.hasPermission(ggceModel, BasePermission.CREATE);
				perms.read = SecurityContextUtil.hasPermission(ggceModel, BasePermission.READ);
				perms.write = SecurityContextUtil.hasPermission(ggceModel, BasePermission.WRITE);
				perms.delete = SecurityContextUtil.hasPermission(ggceModel, BasePermission.DELETE);
				perms.manage = SecurityContextUtil.hasPermission(ggceModel, BasePermission.ADMINISTRATION);
			} catch (Throwable e) {
				log.warn("Could not read current permissions {}", e.getMessage(), e);
			}
		}
		return perms;
	}

	/**
	 * With config.
	 *
	 * @param config the config
	 * @param declaringClass the declaring class
	 * @param propDef the prop def
	 * @param type the type
	 * @return the virtual bean property writer
	 */
	/*
	 * (non-Javadoc)
	 * @see
	 * com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#withConfig(com.
	 * fasterxml.jackson.databind.cfg.MapperConfig,
	 * com.fasterxml.jackson.databind.introspect.AnnotatedClass,
	 * com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition,
	 * com.fasterxml.jackson.databind.JavaType)
	 */
	@Override
	public VirtualBeanPropertyWriter withConfig(MapperConfig<?> config, AnnotatedClass declaringClass, BeanPropertyDefinition propDef, JavaType type) {
		return new GGCEPermissionsWriter(propDef, declaringClass.getAnnotations(), type);
	}

}