@PreAuthorize("isAuthenticated()")
@RequestMapping(method = RequestMethod.GET, value = "/selfRead/{roleId}")
@Transactional(readOnly = true)
public RoleTO selfRead(@PathVariable("roleId") final Long roleId) {
// Explicit search instead of using binder.getRoleFromId() in order to bypass auth checks - will do here
SyncopeRole role = roleDAO.find(roleId);
if (role == null) {
throw new NotFoundException("Role " + roleId);
}
Set<Long> ownedRoleIds;
SyncopeUser authUser = userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
if (authUser == null) {
ownedRoleIds = Collections.<Long>emptySet();
} else {
ownedRoleIds = authUser.getRoleIds();
}
Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
allowedRoleIds.addAll(ownedRoleIds);
if (!allowedRoleIds.contains(role.getId())) {
throw new UnauthorizedRoleException(role.getId());
}
auditManager.audit(Category.role, RoleSubCategory.selfRead, Result.success,
"Successfully read own role: " + role.getId());
return binder.getRoleTO(role);
}