try {
checkAccess(operation, request, null);
return;
} catch(FeedServerAdapterException e) {
logger.info("checkAccess: access denied");
throw new FeedServerAdapterException(
FeedServerAdapterException.Reason.NOT_AUTHORIZED, "No ACL defined for '" +
operation + "," + resourcePath + "'; " + e.getMessage());
}
}
Set<String> principals = operationPrincipalsMap.get(operation);
logger.info("checkAccess: principals=" + principals);
if (principals == null) {
logger.info("checkAccess: access denied");
throw new FeedServerAdapterException(
FeedServerAdapterException.Reason.NOT_AUTHORIZED, "No ACL defined for '" +
operation + "," + resourcePath + "'");
}
String userEmail = getUserEmailForRequest(request);
logger.info("checkAccess: userEmail=" + userEmail);
if (userEmail == null) {
// user unauthenticated
if (!principals.contains(ANYONE)) {
throw new FeedServerAdapterException(
FeedServerAdapterException.Reason.NOT_AUTHORIZED, "viewer unauthenticated and " +
ANYONE + " not allowed for '" + operation + "," + resourcePath + "'");
}
} else {
// user authenticated
if (!principals.contains(userEmail) &&
!(principals.contains(DOMAIN_USERS) && userEmail.endsWith(getNameSpace()))) {
logger.info("checkAccess: access denied");
throw new FeedServerAdapterException(
FeedServerAdapterException.Reason.NOT_AUTHORIZED, "viewer '" + userEmail +
"' not on list of principals for '" + operation + "," + resourcePath + "'");
}
}