Class CurrentAuthorityService

java.lang.Object

de.gustavblass.fsu.fmi.roombooking.service.CurrentAuthorityService

public class CurrentAuthorityService
extends Object

Serves the sole purpose of determining the ActorAuthority of the Actor who made the current web request.

See Also:

• getHighestAuthority()

Constructor Summary

Constructors

Constructor	Description
CurrentAuthorityService()

Method Summary

Modifier and Type	Method	Description
static void	checkAuthorisationForActorAccess(@NonNull ActorAuthority subjectAuthority, @NonNull String errorMessage)	Verifies that the current end-user has sufficient privilege to create, modify or delete an Actor with the given ActorAuthority.
static @NonNull Optional<Actor>	getActor()	Determines the Actor that makes the current request.
static @NonNull Optional<ActorAuthority>	getHighestAuthority()	Determines the ActorAuthority of the Actor who made the current web request.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CurrentAuthorityService

public CurrentAuthorityService()

Method Details

getActor

@NonNull
public static @NonNull Optional<Actor> getActor()

Determines the Actor that makes the current request.

Returns:

The user in whose name the current request was made. Empty if the user is not logged in.

getHighestAuthority

@NonNull
public static @NonNull Optional<ActorAuthority> getHighestAuthority()

Determines the ActorAuthority of the Actor who made the current web request.

Returns:

The ActorAuthority of the current request's Actor. If the Actor has multiple authorities, the most important one will be returned, if present. Empty if none of the GrantedAuthorities matches any ActorAuthority.

checkAuthorisationForActorAccess

public static void checkAuthorisationForActorAccess(@NonNull
 @NonNull ActorAuthority subjectAuthority,
 @NonNull
 @NonNull String errorMessage)
                                             throws UnauthorisedException

Verifies that the current end-user has sufficient privilege to create, modify or delete an Actor with the given ActorAuthority.

subjectAuthority	Required ActorAuthority
ActorAuthority.IT_ADMINISTRATION	ActorAuthority.IT_ADMINISTRATION
ActorAuthority.FACULTY_ADMINISTRATION	ActorAuthority.IT_ADMINISTRATION
everything else	ActorAuthority.FACULTY_ADMINISTRATION

Parameters:

subjectAuthority - The ActorAuthority of the user who shall be created, modified or deleted.

errorMessage - Shall be used as the Throwable.getMessage().

Throws:

UnauthorisedException - If the end user making the request does not have the necessary authority to create, modify or delete any user with the given authority.