4
4
5
5
import java .util .Arrays ;
6
6
import java .util .Map ;
7
+ import java .util .regex .Matcher ;
8
+ import java .util .regex .Pattern ;
7
9
8
10
/**
9
11
* Provides a set of useful permissions, including the OPEN permission which is the only one that can allow access
10
12
* to a resource without being authenticated.
11
13
*/
12
14
public class Permissions {
15
+ private static final Pattern ROLE_PARAM_INTERPOLATOR_REGEX = Pattern .compile ("\\ {([^}]+)\\ }" );
16
+
13
17
private static final Permission OPEN = new Permission () {
14
18
@ Override
15
19
public Optional <? extends Permission > has (RestxPrincipal principal , Map <String , String > roleInterpolationMap ) {
@@ -58,8 +62,16 @@ public static Permission hasRole(final String role) {
58
62
59
63
@ Override
60
64
public Optional <? extends Permission > has (RestxPrincipal principal , Map <String , String > roleInterpolationMap ) {
61
- return principal .getPrincipalRoles ().contains (role ) || principal .getPrincipalRoles ().contains ("*" )
62
- ? Optional .of (this ) : Optional .<Permission >absent ();
65
+ if (principal .getPrincipalRoles ().contains ("*" )) {
66
+ return Optional .of (this );
67
+ }
68
+
69
+ String interpolatedRole = interpolateRole (role , roleInterpolationMap );
70
+ if (principal .getPrincipalRoles ().contains (interpolatedRole )) {
71
+ return Optional .of (this );
72
+ }
73
+
74
+ return Optional .absent ();
63
75
}
64
76
65
77
@ Override
@@ -69,6 +81,16 @@ public String toString() {
69
81
};
70
82
}
71
83
84
+ protected static String interpolateRole (String role , Map <String , String > roleInterpolationMap ) {
85
+ Matcher matcher = ROLE_PARAM_INTERPOLATOR_REGEX .matcher (role );
86
+ StringBuffer interpolatedRole = new StringBuffer ();
87
+ while (matcher .find ()){
88
+ matcher .appendReplacement (interpolatedRole , roleInterpolationMap .get (matcher .group (1 )));
89
+ }
90
+ matcher .appendTail (interpolatedRole );
91
+ return interpolatedRole .toString ();
92
+ }
93
+
72
94
/**
73
95
* A compound permission which is true if any of the underlying permissions is true
74
96
*/
0 commit comments