Announcement Announcement Module
Collapse
No announcement yet.
programmaticly check is principial role against RoleHierarchyVoter voter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • programmaticly check is principial role against RoleHierarchyVoter voter

    i'm using RoleHierarchyVoter and would like to programmaticly check if an user role has rights to any give role after they log in.

    i'm working on some user managerment stuff and would like to prevent a user setting his or somebody else's role greater than their own.

  • #2
    my solution

    here's the method i came up with;

    Code:
        
    public void changeUserRole(User user, UserRole role) throws UserManagerException {
            boolean hasAuth = false;
            GrantedAuthority[] grantedAuthorities = _roleHierrarchy.getReachableGrantedAuthorities(CurrentUserManagerImpl.getUserFromSecurityContext().getAuthorities());
            for(GrantedAuthority ga : grantedAuthorities) {
                if(ga.toString().equalsIgnoreCase(role.toString())) hasAuth = true;
            }
    
            try {
                if(hasAuth) {
                    _userDao.setRole(user, role);
                } else {
                    String adminUser = CurrentUserManagerImpl.getUserFromSecurityContext().getUsername();
                    LOG.error(adminUser + " doesn't have rights to set: " + user.getUsername() + " to role: " + role.toString());
                    throw new UserManagerException(adminUser + " doesn't have rights to set: " + user.getUsername() + " to role: " + role.toString());
                }
            } catch (UserDaoExpection userDaoExpection) {
                throw new UserManagerException(userDaoExpection.getMessage());
            }
        }
    i'm injecting the roleHierrarchy bean from my security context config.

    Comment

    Working...
    X