Allowing to pass RestxRequestMatcher to Permission implementations [breaking].

If you provided your own Permission implementation(s), you will have to update your has() prototype method to include the RestxRequestMatcher

Author: fcamblor

restx-admin/src/main/java/restx/admin/AdminModule.java

@@ -86,7 +86,7 @@ public Optional<RestxHandlerMatch> match(RestxRequest req) {
                                 public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
                                     final RestxSession current = RestxSession.current();
                                     if (current.getPrincipal().isPresent() &&
-                                            Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
+                                            Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req, match).isPresent()) {
                                         ctx.nextHandlerMatch().handle(req, resp, ctx);
                                     } else {
                                         throw new WebException(HttpStatus.UNAUTHORIZED);

restx-core/src/main/java/restx/security/Permission.java

@@ -2,6 +2,7 @@
 
 import com.google.common.base.Optional;
 import restx.RestxRequest;
+import restx.RestxRequestMatch;
 
 /**
  * A permission is a generic security concept, used to check if a principal is allowed to access a resource.
@@ -15,7 +16,8 @@ public interface Permission {
      *
      * @param principal the principal to check
      * @param request the request to check
+     * @param match the request matcher to check
      * @return absent if not matched, the matching permission otherwise.
      */
-    Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request);
+    Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match);
 }

restx-core/src/main/java/restx/security/Permissions.java

@@ -2,6 +2,7 @@
 
 import com.google.common.base.Optional;
 import restx.RestxRequest;
+import restx.RestxRequestMatch;
 
 import java.util.Arrays;
 
@@ -12,7 +13,7 @@
 public class Permissions {
     private static final Permission OPEN = new Permission() {
         @Override
-        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
             return Optional.of(this);
         }
 
@@ -23,7 +24,7 @@ public String toString() {
     };
     private static final Permission IS_AUTHENTICATED = new Permission() {
         @Override
-        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
             return Optional.of(this);
         }
 
@@ -57,7 +58,7 @@ public static Permission hasRole(final String role) {
             public final String TO_STRING = "HAS_ROLE[" + role + "]";
 
             @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                 return principal.getPrincipalRoles().contains(role) || principal.getPrincipalRoles().contains("*")
                         ? Optional.of(this) : Optional.<Permission>absent();
             }
@@ -75,9 +76,9 @@ public String toString() {
     public static Permission anyOf(final Permission... permissions) {
         return new Permission() {
             @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                 for (Permission permission : permissions) {
-                    Optional<? extends Permission> p = permission.has(principal, request);
+                    Optional<? extends Permission> p = permission.has(principal, request, match);
                     if (p.isPresent()) {
                         return p;
                     }
@@ -99,9 +100,9 @@ public String toString() {
     public static Permission allOf(final Permission... permissions) {
         return new Permission() {
             @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                 for (Permission permission : permissions) {
-                    Optional<? extends Permission> p = permission.has(principal, request);
+                    Optional<? extends Permission> p = permission.has(principal, request, match);
                     if (!p.isPresent()) {
                         return Optional.absent();
                     }

restx-core/src/main/java/restx/security/RestxSessionCookieFilter.java

@@ -124,7 +124,7 @@ public RestxSession buildContextFromRequest(RestxRequest req) throws IOException
             Optional<RestxPrincipal> principalOptional = RestxSession.getValue(
                     sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, principalName);
             if (principalOptional.isPresent()
-                    && Permissions.hasRole("restx-admin").has(principalOptional.get(), null).isPresent()) {
+                    && Permissions.hasRole("restx-admin").has(principalOptional.get(), null, null).isPresent()) {
                 Optional<String> su = req.getHeader("RestxSu");
                 if (su.isPresent() && !Strings.isNullOrEmpty(su.get())) {
                     try {

restx-core/src/main/java/restx/security/StdRestxSecurityManager.java

@@ -30,7 +30,7 @@ public void check(RestxRequest request, RestxRequestMatch requestMatch, Permissi
             throw new WebException(HttpStatus.UNAUTHORIZED);
         }
 
-        Optional<? extends Permission> match = permission.has(principal.get(), request);
+        Optional<? extends Permission> match = permission.has(principal.get(), request, requestMatch);
         if (match.isPresent()) {
             logger.debug("permission matched: request={} principal={} perm={}", request, principal.get(), match.get());
             return;