@Override
protected void checkPermission(InvocationContext invocationContext, Set<SecurityViolation> violations) {
checkMethodHasParameterTypes(violations, invocationContext, Employee.class);
if (violations.isEmpty()) {
Employee parameter = methodParameterCheckUtil.getAssignableParameter(invocationContext, Employee.class);
boolean result = permissionSalaryAll.verifyPermission();
if (!result) {
result = userPrincipal.getUserInfo(UserInfo.EMPLOYEE_ID).equals(parameter.getId());
}
if (!result && parameter.getManager() != null) {
result = userPrincipal.getUserInfo(UserInfo.EMPLOYEE_ID).equals(parameter.getManager().getId());
}
if (!result) {
violations.add(newSecurityViolation("Employee Salary not visible"));
}