{
return Access.GRANT;
}
// find the permission for this principal
Permission perm = getPermission(p, action);
if (perm != null) {
// now check if the permission is a user permission. If
// it is, it means it was a permission specifically for
// this user, and therefore should be applied directly
// and not combined with any other permissions.
if (perm.getPrincipal().getType() == Principal.Type.USER) {
return perm.getAccess();
}
// if the permission is a group or everybody permission,
// put it on the list to combine later
myPerms.add(perm);
}
}
// now go through all the group permissions. If there are any
// positive group permissions, this means that at least one of
// the groups this user is a member of has access to the content,
// so access should be granted
boolean hasGroupPerm = false;
for (Iterator<Permission> i = myPerms.iterator(); i.hasNext();) {
Permission perm = i.next();
if (perm.getPrincipal().getType() == Principal.Type.GROUP) {
hasGroupPerm = true;
i.remove();
if (perm.getAccess() == Access.GRANT) {
return Access.GRANT;
}
}
}
// at this point, if there was a group permission defined, we know
// that it was a DENY because otherwise we would have returned
// above. That means that the user wasn't part of any groups
// that had permission, but was part of at least one group that
// was denied permission. In this case, we should deny access.
if (hasGroupPerm) {
return Access.DENY;
}
// last, we check for any remaining permissionm, which must
// be everyone permissions. There is no way to combine these, so
// just go with whatever the first one says (hopefully there is
// only one)
for (Permission perm : myPerms) {
return perm.getAccess();
}
// if we get here, it means that there were no permissions for
// this user, any of the user's groups or everybody. In that case,
// return undefined (null).