Examples of be.c4j.demo.security.demo.model.Employee

• be.c4j.demo.security.demo.model.Employee
  This is an entity object in production type application

    @Override
    protected void checkPermission(InvocationContext invocationContext, Set<SecurityViolation> violations) {
        checkMethodHasParameterTypes(violations, invocationContext, Employee.class);

        if (violations.isEmpty()) {
            Employee parameter = methodParameterCheckUtil.getAssignableParameter(invocationContext, Employee.class);
            boolean result = permissionSalaryAll.verifyPermission();
            if (!result) {
                result = userPrincipal.getUserInfo(UserInfo.EMPLOYEE_ID).equals(parameter.getId());
            }
            if (!result && parameter.getManager() != null) {
                result = userPrincipal.getUserInfo(UserInfo.EMPLOYEE_ID).equals(parameter.getManager().getId());
            }

            if (!result) {
                violations.add(newSecurityViolation("Employee Salary not visible"));
            }

            Long employeeId = methodParameterCheckUtil.getAssignableParameter(invocationContext, Long.class);
            allowed = checkSalaryUpdateAllowed(employeeId);
        }

        if (!allowed && verifyMethodHasParameterTypes(invocationContext, Employee.class)) {
            Employee employee = methodParameterCheckUtil.getAssignableParameter(invocationContext, Employee.class);
            allowed = checkSalaryUpdateAllowed(employee.getId());
        }

        if (!allowed) {
            violations.add(newSecurityViolation("You are not allowed to update your own salary"));
        }

            e.printStackTrace();
        }
    }

    private void addEmployee(Long id, String name, String hireDate, double salary, Long departmentId) throws ParseException {
        Employee employee = new Employee();
        employee.setId(id);
        employee.setName(name);
        employee.setHireDate(fmt.parse(hireDate));
        employee.setSalary(salary);
        employee.setDepartment(departments.get(departmentId));
        employees.put(id, employee);
    }

        }
        return result;
    }

    public Employee findEmployeeById(Long employeeId) {
        Employee result = employees.get(employeeId);
        // We need to clone because otherwise changes made in the screen are directly propagated to the 'DB'
        return cloneEmployee(result);
    }

        // We need to clone because otherwise changes made in the screen are directly propagated to the 'DB'
        return cloneEmployee(result);
    }

    private Employee cloneEmployee(Employee data) {
        Employee result = new Employee();
        result.setId(data.getId());
        result.setName(data.getName());
        result.setManager(data.getManager());
        result.setSalary(data.getSalary());
        result.setDepartment(cloneDepartment(data.getDepartment()));

        return result;
    }

        return result;
    }

    public Long getManagerIdOfEmployee(Long employeeId) {
        Long result = null;
        Employee employee = employees.get(employeeId);
        if (employee != null && employee.getManager() != null) {
            result = employee.getManager().getId();
        }
        return result;
    }

    }


    @CustomVoterCheck(EmployeeSalaryUpdateVoter.class)
    public void updateSalary(Employee employee) {
        Employee dataEmployee = data.getEmployee(employee.getId());
        if (dataEmployee.getSalary() > employee.getSalary()) {
           throw new EmployeeLowerSalaryException();
        }
        dataEmployee.setSalary(employee.getSalary());
        data.updateEmployee(dataEmployee);
    }