diff options
author | vlad <vlad@driver.xyz> | 2017-11-03 13:26:38 -0700 |
---|---|---|
committer | vlad <vlad@driver.xyz> | 2017-11-03 13:26:38 -0700 |
commit | 5a6cb5737b524dc063e7a30921f8f847313690b0 (patch) | |
tree | 90ed6ddf37dc85460e8957b92448c09b49e1c206 /src | |
parent | aedb5274932db81a32f9d89938636df114dc9a44 (diff) | |
download | rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.gz rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.bz2 rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.zip |
Allowing AdministratorRole to do everythingv0.13.2
Diffstat (limited to 'src')
-rw-r--r-- | src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala index c1907cd..1a1a933 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala @@ -258,25 +258,21 @@ object ACL extends PhiLogging { update: AclCheck = Forbid, delete: AclCheck = Forbid) { - def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = { + def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = check("create", create)(requestContext.authenticatedUser.roles) - } - def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = { + def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = check("read", read)(requestContext.authenticatedUser.roles) - } - def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = { + def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = check("update", update)(requestContext.authenticatedUser.roles) - } - def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = { + def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = check("delete", delete)(requestContext.authenticatedUser.roles) - } private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = { loggedError( - executorRoles.exists(isAllowed), + executorRoles.exists(isAllowed) || executorRoles.contains(AdministratorRole), phi"${Unsafe(executorRoles.mkString(", "))} has no access to ${Unsafe(action)} a ${Unsafe(label)}" ) } |