RestApiServlet: Check for RequiresCapability annotation on superclasses
If a class extends a REST view that requires a capability, this required capability is ignored when this class is registered as REST view. Change the check for the RequiresCapability annotation in RestApiServlet so that it also searches for this annotation in superclasses. If a subclass requires a capability, capabilities required by the superclasses are still ignored. Change-Id: Ic6329f45463224a5a8078977ce6dcb2b5462018a Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
Edwin Kempin
@@ -876,7 +876,7 @@ public class RestApiServlet extends HttpServlet {
|
|||||||
|
|
||||||
private void checkAccessAnnotations(String pluginName, Class<?> clazz)
|
private void checkAccessAnnotations(String pluginName, Class<?> clazz)
|
||||||
throws AuthException {
|
throws AuthException {
|
||||||
RequiresCapability rc = clazz.getAnnotation(RequiresCapability.class);
|
RequiresCapability rc = getRequiresCapability(clazz);
|
||||||
if (rc != null) {
|
if (rc != null) {
|
||||||
CurrentUser user = globals.currentUser.get();
|
CurrentUser user = globals.currentUser.get();
|
||||||
CapabilityControl ctl = user.getCapabilities();
|
CapabilityControl ctl = user.getCapabilities();
|
||||||
@@ -903,6 +903,19 @@ public class RestApiServlet extends HttpServlet {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static RequiresCapability getRequiresCapability(Class<?> clazz) {
|
||||||
|
RequiresCapability rc = clazz.getAnnotation(RequiresCapability.class);
|
||||||
|
if (rc != null) {
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (clazz.getSuperclass() != null) {
|
||||||
|
return getRequiresCapability(clazz.getSuperclass());
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
private static void handleException(Throwable err, HttpServletRequest req,
|
private static void handleException(Throwable err, HttpServletRequest req,
|
||||||
HttpServletResponse res) throws IOException {
|
HttpServletResponse res) throws IOException {
|
||||||
String uri = req.getRequestURI();
|
String uri = req.getRequestURI();
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ final class DispatchCommand extends BaseCommand {
|
|||||||
|
|
||||||
private void checkRequiresCapability(Command cmd)
|
private void checkRequiresCapability(Command cmd)
|
||||||
throws UnloggedFailure {
|
throws UnloggedFailure {
|
||||||
RequiresCapability rc = cmd.getClass().getAnnotation(RequiresCapability.class);
|
RequiresCapability rc = getRequiresCapability(cmd.getClass());
|
||||||
if (rc != null) {
|
if (rc != null) {
|
||||||
CurrentUser user = currentUser.get();
|
CurrentUser user = currentUser.get();
|
||||||
CapabilityControl ctl = user.getCapabilities();
|
CapabilityControl ctl = user.getCapabilities();
|
||||||
@@ -154,6 +154,19 @@ final class DispatchCommand extends BaseCommand {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static RequiresCapability getRequiresCapability(Class<?> clazz) {
|
||||||
|
RequiresCapability rc = clazz.getAnnotation(RequiresCapability.class);
|
||||||
|
if (rc != null) {
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (clazz.getSuperclass() != null) {
|
||||||
|
return getRequiresCapability(clazz.getSuperclass());
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void destroy() {
|
public void destroy() {
|
||||||
Command cmd = atomicCmd.getAndSet(null);
|
Command cmd = atomicCmd.getAndSet(null);
|
||||||
|
|||||||
Reference in New Issue
Block a user