Examples of org.structr.core.entity.ResourceAccess

• org.structr.core.entity.ResourceAccess
  Controls access to REST resources. Objects of this class act as a doorkeeper for REST resources that match the signature string in the 'signature' field.

  A ResourceAccess object defines access granted

  • to everyone (public)
  • to authenticated principals
  • to invidual principals (when connected to a {link @Principal} node

  'flags' is a sum of any of the following values: FORBIDDEN = 0 AUTH_USER_GET = 1 AUTH_USER_PUT = 2 AUTH_USER_POST = 4 AUTH_USER_DELETE = 8 NON_AUTH_USER_GET = 16 NON_AUTH_USER_PUT = 32 NON_AUTH_USER_POST = 64 NON_AUTH_USER_DELETE = 128 AUTH_USER_OPTIONS = 256 NON_AUTH_USER_OPTIONS = 512 @author Christian Morgner @author Axel Morgner

    final long initialFlagsValue             = 0;

    final App app = StructrApp.getInstance();
    try {

      ResourceAccess grant = app.nodeQuery(ResourceAccess.class).and(ResourceAccess.signature, signature).getFirst();
      if (grant == null) {

        // create new grant
        grants.add(app.create(DynamicResourceAccess.class,
          new NodeAttribute(DynamicResourceAccess.signature, signature),

  @Override
  public void checkResourceAccess(final HttpServletRequest request, final String rawResourceSignature, final String propertyView)
    throws FrameworkException {

    ResourceAccess resourceAccess = ResourceAccess.findGrant(rawResourceSignature);

    Method method       = methods.get(request.getMethod());

    Principal user = getUser(request, true);
    boolean validUser = (user != null);

    // super user is always authenticated
    if (validUser && (user instanceof SuperUser || user.getProperty(Principal.isAdmin))) {
      return;
    }

    // no grants => no access rights
    if (resourceAccess == null) {

      throw new UnauthorizedException("Forbidden");

    } else {

      switch (method) {

        case GET :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {

            return;

          }

          break;

        case PUT :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {

            return;

          }

          break;

        case POST :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {

            return;

          }

          break;

        case DELETE :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {

            return;

          }

          break;

        case OPTIONS :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {

            return;

          }

          break;

        case HEAD :

          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {

            return;

          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {

            return;

          }